India’s AI Regulatory Framework Draft Sets 90-Day Compliance Window for Global Tech Firms

The world’s most populous democracy is no longer waiting for Silicon Valley to self-regulate. India’s Ministry of Electronics and Information Technology (MEITY) has circulated a draft AI governance framework giving global technology companies a strict 90-day window to register their AI models, disclose training data sources, and appoint locally accountable compliance officers — or risk losing access to one of the fastest-growing digital markets on the planet.

For OpenAI, Google, and Meta, this is not an abstract policy debate. It is a direct challenge to how they operate at scale in a market of more than a billion users.

—

What the Draft Framework Actually Requires

The MEITY draft lays out three core obligations for any AI platform operating within Indian jurisdiction.

First, companies must formally register their AI models with a designated government authority, submitting technical documentation covering model architecture, intended use cases, and known limitations.

Second, and more controversially, firms must disclose their training data sources. This requirement cuts to the heart of how large language models and generative AI systems are built, raising immediate questions about proprietary data pipelines, third-party licensing arrangements, and whether data sourced from Indian users was used to train models without explicit consent.

Third, each company must appoint a local compliance officer — a named individual physically present in India who can be held legally accountable for the platform’s adherence to the framework. This approach mirrors that of India’s Digital Personal Data Protection Act and signals that MEITY intends to enforce these rules through identifiable human accountability, not corporate filings alone.

—

Why the 90-Day Window Matters

Ninety days is an aggressive timeline by any regulatory standard. For context, the European Union’s AI Act provides phased implementation periods spanning multiple years, with the most demanding requirements for high-risk systems not taking full effect until well after the legislation’s initial passage.

India’s compressed window reflects a deliberate policy posture. MEITY appears to be signaling that it will not extend the grace periods that allowed global platforms to delay compliance in other jurisdictions. For companies that have already navigated GDPR timelines in Europe or content moderation mandates elsewhere, the 90-day clock demands immediate internal mobilization — legal review, infrastructure adjustments, and executive-level decisions about market commitment.

The draft also arrives at a moment when the Indian government has been publicly critical of AI platforms generating content deemed harmful or culturally inappropriate for Indian audiences, adding a political dimension to what might otherwise appear to be a technical compliance exercise.

—

The Stakes for Global Tech Firms

India is not a market any major AI company can afford to treat as secondary. With a rapidly expanding middle class, one of the world’s youngest demographic profiles, and aggressive smartphone and internet penetration, India represents a critical growth frontier for AI-powered products — spanning consumer applications, enterprise software, healthcare, and financial services.

Enacted in its current form, the framework would require companies such as OpenAI to make structural commitments they have not yet made in comparable markets. Appointing a local compliance officer creates legal exposure that extends well beyond what a standard terms-of-service agreement provides. Training data disclosure could compel companies to defend their sourcing decisions before Indian regulators who may apply standards that differ significantly from those in the United States or Europe.

For investors in global tech firms with meaningful India exposure, the draft introduces a new category of regulatory risk that will need to be factored into market access assumptions. For Indian tech professionals and domestic AI startups, the framework cuts both ways: it imposes a compliance burden while opening a potential competitive opportunity — if international players stumble, locally compliant alternatives stand to gain ground.

—

A Precedent Other Emerging Markets Are Watching

India rarely acts in regulatory isolation. When it moved on data localization requirements, other emerging markets across Southeast Asia and Africa took note. When it restructured its approach to platform intermediary liability, similar conversations accelerated in neighboring jurisdictions.

The AI governance framework is already drawing close attention from policymakers in Brazil, Indonesia, Nigeria, and other large emerging economies grappling with the same fundamental question: how do you capture the economic benefits of AI adoption while maintaining meaningful sovereignty over how these systems operate within your borders?

India’s approach — registration, disclosure, and local accountability — offers a replicable template that does not require the deep institutional infrastructure underpinning the EU’s regulatory apparatus. It is a framework designed for speed and enforceability rather than comprehensiveness. That combination may prove highly exportable.

—

What Comes Next

The draft is currently open for stakeholder feedback, meaning the final text could shift before formal notification. Industry groups representing global tech firms are expected to challenge the training data disclosure requirements as overly broad and potentially incompatible with existing intellectual property protections. The local compliance officer mandate will likely draw scrutiny over the scope of personal liability it implies.

MEITY has demonstrated in previous regulatory processes a willingness to negotiate on implementation details while holding firm on core principles. That pattern suggests the 90-day window and the three primary obligations are unlikely to be dropped, even if their precise definitions are refined through consultation.

—

The Regulatory Moment Has Arrived

India’s draft AI governance framework is not a warning shot. It is a structured demand for accountability from companies that have built significant commercial value on Indian users and Indian data while operating largely beyond the reach of Indian law.

For global tech firms, the calculation is straightforward: engage seriously with MEITY’s requirements now, or risk being on the wrong side of a regulatory determination in a market too large to exit. For the broader AI industry, India has just demonstrated that emerging markets are done waiting for governance frameworks to be handed down from Washington or Brussels. They are writing their own — and the 90-day clock is already running.