AI Compliance for India — DPDP, RBI, SEBI, EU AI Act Basics

Manish Garg
Manish Garg Associate of (ISC)² · RingSafe
Apr 29, 2026
10 min read
Read as
India’s AI regulation in 2026 is fragmented but tightening: DPDP Act 2023 covers training data and inference, RBI has AI guidance for lending, SEBI regulates algo trading, MeitY signalled (then withdrew) prior-approval requirements. Plus EU AI Act applies to anyone serving EU users. This module covers the practical compliance posture for an Indian AI deployment in 2026.

AI compliance in 2026 India is a moving target. Regulations exist, are evolving, and overlap. This module gives you the practitioner perspective: what you must do today, what is coming, how to document it for an inevitable audit.

DPDP Act 2023 — what applies to AI

DPDP governs personal data processing in India. AI implications: (1) training data — using personal data to train models requires lawful basis (consent or legitimate interest under §7); document the basis per dataset. (2) inference — the trained model that retains knowledge of personal data is itself a processing activity; needs basis. (3) cross-border transfer — sending Indian user data to OpenAI/Anthropic for inference may trigger transfer restrictions; whitelist of permitted countries pending. (4) data subject rights — access, correction, erasure, grievance redressal. Erasure is genuinely hard for trained models; current regulator stance unclear. Notification: 72 hours to Data Protection Board on personal-data breaches; AI breaches (model leaks PII) count.

Need help with this?

Book a free 30-minute scoping call

Our senior consultants will review your stack and tell you honestly what to fix first. No slide deck. No obligation. Indian businesses only.

Book scoping call Replies in 4 working hrs · India-only · Senior consultants