Large language models (“LLMs”) connected with DeepSeek, OpenAI’s ChatGPT, and xAI’s Grok, have faced significant regulatory attention in recent times. In particular, DeepSeek’s LLMs and artificial intelligence (“AI”)-based chatbots have been prohibited, restricted, and/or extensively reviewed by several countries, including because of concerns related to privacy and national security.
While the Government of India (“Government”) is currently monitoring the use of DeepSeek by Indian users, it may adopt regulatory measures under existing provisions of the Information Technology Act, 2000 (“IT Act”) and its rules, as necessary. Such provisions include those related to: (i) blocking public access on account of risks to the security or sovereignty of India (under section 69A of the IT Act), subject to specified procedures and safeguards; and (ii) ‘safe harbor’ and intermediary liability (under section 79 of the IT Act), subject to due diligence and other obligations in respect of hosting third-party information.
Further, the Government has certain powers under the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and its rules, the provisions of which are yet to be notified but are expected to come into force soon. Such powers include restricting cross-border data flows/ transfers and requiring data localization in certain circumstances.