While the provisions of India’s Digital Personal Data Protection Act, 2023 (“DPDP Act”) and its rules are yet to be notified, organizations need to prepare for a new set of compliance obligations and plan ahead. In large part, the DPDP Act follows global regulatory templates like the EU’s GDPR and embodies similar overarching principles such as data minimization and purpose limitation. The procedural implications of such principles reflected in the DPDP Act will translate into specific obligations and practices related to data collection, processing, sharing, and storage, especially in the context of Big Data analytics – including through the use of artificial intelligence and machine learning techniques.
This note analyzes the principle of data minimization under the DPDP Act, its interface with other laws (including with respect to consumer protection), and discusses potential learnings from other jurisdictions, including for the purpose of implementing such principle at an operational level.
Tag: Technology; Media and Telecommunications
Fiber Opportunity in India: Regulatory Framework and Right-of-Way Management
With increasing demand for high-speed internet, 5G roll-out and data center growth, deployment of a robust and reliable optic fiber cable (“OFC”) infrastructure has become essential to support India’s expanding digital ecosystem. Fueled by this market opportunity, companies are focusing on expanding their OFC networks and investors are exploring potential opportunities for fiber investments in India. Several telecom operators have already consolidated their fiber assets in a path towards monetization of such assets.
This note explores the legal framework and recent developments regarding Right-of-Way for OFC in India.
Draft Digital Personal Data Protection Rules, 2025
A long-anticipated draft of the Digital Personal Data Protection Rules, 2025 (“Draft Rules”) was released by the Central Government (“Government”) on January 3, 2025 for public consultation and comments, along with an explanatory note on the contents on the Draft Rules. Once brought into effect, these rules will enable implementation of the Digital Personal Data Protection Act, 2023 (the “DPDP Act” or the “Act”), which was published in the Official Gazette on August 11, 2023, although not yet in force. The consultation process on the Draft Rules will continue until February 18, 2025. The rules under the DPDP Act are proposed to be implemented in a staggered manner.
To recap, the DPDP Act lays down the law for processing of digital personal data (any data in digital form about an individual who is identifiable by or in relation to such data) in a manner that recognizes both the rights of individuals to protect their personal data and the need to process such data for lawful purposes and for connected or incidental matters. For an overview of the provisions of the DPDP Act, please see our notes here and here.
This note analyzes certain key aspects introduced or further clarified under the draft rule.
Accessing Space for Commercial Activities and Satellite Spectrum Allocation in India
The Government of India has been actively working towards liberalizing the space sector and enhancing private sector participation. In this regard, given the stakes involved and the positions taken by various interested parties, the process for allocation of satellite spectrum remains a contentious point.
There has been a major debate among service providers regarding the appropriate way to allocate satellite spectrum.
While the Telecommunications Act, 2023 (“Telecom Act”) favors administrative allocation of satellite spectrum, the details of such process are yet to be finalized. This note considers the debate involving auctions and administrative allocation and provides an overview of past and recent developments with respect to Supreme Court judgements, digital communications policy, frequency allocation plan, space policy and the Telecom Act. It also discusses past consultation papers and recommendations of the Telecom Regulatory Authority of India on satellite spectrum allocation, as well as the recent provisional satellite spectrum allocation approved by the Department of Telecommunications.
Addressing Legal Challenges on AI Development and Use
The recent lawsuit by Asian News International against OpenAI in the Delhi High Court mirrors global trends involving allegations that large language models (“LLMs”) are being trained on copyrighted material without authorization or licenses, leading to copyright infringement. For the purpose of balancing innovation with compliance, artificial intelligence (“AI”) developers in India must take proactive measures to navigate the complex interplay of copyright, data protection and liability issues. By securing licensing agreements, clarifying the scope of ‘fair use’ under copyright law, offering indemnities to users, and preparing for court-directed compliance actions, AI developers can mitigate risks and build legally compliant AI systems.
Lessons from OpenAI: Boards and the Spin of Corporate Governance
Widely regarded as the most innovative AI organization in the world, OpenAI’s management model presents a unique approach to corporate governance involving a majority-independent board of directors as final decision makers. In 2023, OpenAI’s CEO was fired and immediately reinstated, within a short period of a week. Such events highlight the reality of independent corporate governance models and suggest that truly independent structures may struggle in modern business environments. This note also briefly considers removal of directors from an Indian perspective.
Investing in AI in India (Part 3): AI-related Advisories Under the Intermediary Guidelines
This note, the third of a multi-part series on investing in the Indian artificial intelligence (“AI”) sector, discusses a set of advisories (“AI Advisories”) with respect to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“Intermediary Guidelines”), focusing on intermediary liability.
The definition of ‘intermediaries’ under the Information Technology Act, 2000 (which is likely to be replaced soon by the “Digital India Act”) may include a wide variety of entities, including telecommunications and network service providers, search engines, online payment sites and marketplaces, as well as social media, online gaming and e-commerce platforms. The Indian government has been actively considering the advisability of issuing a dedicated regulation with respect to AI, including via specific provisions of the Digital India Act. Until the rollout of a bespoke legal framework, the Intermediary Guidelines may be further amended in connection with AI.
At present, the language of the AI Advisories is broad enough to cover all kinds of AI tools and AI-generated content. Such broad-based application could have significant consequences for all types of players in the AI space since the standards of due diligence that relevant intermediaries need to abide by with respect to AI technologies appear to be high.
Investing in AI in India (Part 2): Tracking the Regulatory Landscape
Prospective investors in Indian artificial intelligence (“AI”) companies should familiarize themselves with the Indian government’s initiatives in AI regulation and the direction of future regulation. This note, the second of a multi-part series on investing in the Indian AI sector, outlines some of the key developments in AI in the country. However, it is important to keep in mind that India’s approach to AI governance may change in the future, given the rapidly evolving nature of technology as well as the country’s dynamic regulatory trajectory, including with respect to data, intermediary liability, digital technologies, telecommunications and digital competition, as discussed in this note.
Climate Change and ESG Considerations in India’s AI-Driven Future
As AI continues to transform industries in crucial ways, the training of large AI models remains highly energy- and resource-intensive, resulting in significant emissions and waste.
For countries and companies which have ambitious net-zero goals, balancing AI ambitions with existing decarbonization strategies is important. As India accelerates its journey towards becoming a global economic powerhouse, it may want to address the environmental implications of increased AI deployment, including by regulating AI with the aim of making increased adoption sustainable. Where companies are concerned, investing in ‘green AI’ will not only benefit the environment but may also enhance their ESG profiles. Going forward, the integration of climate considerations into AI policy is likely to become an important element of responsible AI development.
Investing in AI in India (Part 1): Key Considerations
While investments in the AI sector in India present significant opportunities, they also present a unique set of risks within an evolving legal and regulatory landscape.
Before making an investment decision, investors should consider IP issues, data-related rights and compliance, any industry-specific concerns, the then-applicable regulatory framework as well as potential developments in AI regulation. In addition, investors should evaluate operational and contractual arrangements, undertake a technical due diligence, and assess potential liabilities and risks. Such risks include product and professional liability, algorithmic bias and discrimination, cybersecurity and data breaches, market and reputational risks, along with concerns related to transparency and explainability.