India’s MeitY Releases Draft AI Accountability Framework — What It Means for Global Tech Firms

A single regulatory document circulating in New Delhi could reshape how artificial intelligence is deployed across one of the world’s largest digital markets — and compliance officers at companies from Mountain View to Mumbai are paying close attention.

India’s Ministry of Electronics and Information Technology (MeitY) has circulated a draft framework that would impose structured obligations on AI systems deployed at scale within the country. The proposal introduces algorithmic impact assessments, mandatory incident reporting, and compressed compliance timelines that leave little room for gradual adjustment. For global platforms and Indian startups alike, the clock may already be ticking.

—

What the Draft Framework Actually Proposes

At its core, the MeitY draft targets AI systems that reach more than one million users in India — a threshold that immediately captures global giants such as Google, Meta, and Amazon, alongside homegrown platforms including Meesho, Zomato, and Ola.

The framework centers on two primary obligations. First, covered entities would be required to conduct **algorithmic impact assessments** before deploying or significantly updating AI systems. These assessments would evaluate potential harms across dimensions including bias, data privacy, and systemic risk to users. Second, companies would face **mandatory incident reporting** requirements, obligating them to notify MeitY within a defined window whenever an AI system causes or contributes to a significant adverse outcome.

The compliance deadline embedded in the draft is notably aggressive: companies would have 90 days from official notification to demonstrate adherence to the framework’s core requirements. For organizations without established AI governance infrastructure, that timeline is not a runway — it is a sprint.

—

Why India’s AI Regulation Is Moving This Fast

India’s regulatory posture on AI has shifted considerably over the past two years. Earlier guidance from MeitY leaned toward voluntary principles and industry self-regulation. The current draft signals a harder turn toward enforceable obligations, reflecting both domestic political pressure and a broader global trend toward binding AI governance.

The scale of India’s AI exposure makes inaction increasingly difficult to justify. With hundreds of millions of users interacting daily with recommendation engines, credit-scoring algorithms, and content moderation systems, the downstream consequences of unchecked AI failures are not theoretical. Documented incidents involving algorithmic bias in lending platforms and misinformation amplification on social media have sharpened the ministry’s appetite for formal accountability structures.

India’s approach also appears informed by — though not directly modeled on — the European Union’s AI Act. Where the EU framework relies on risk-tiered classification, the MeitY draft uses scale as its primary trigger. That is a pragmatic choice for a market where user reach is both enormous and unevenly distributed.

—

The Compliance Challenge for Global Tech Firms

For multinational technology companies, the draft introduces a jurisdictional complexity that cannot be managed through existing EU or US compliance programs alone. India’s AI regulation operates on its own definitional and procedural logic, meaning that a company already compliant with the EU AI Act cannot assume equivalence.

The algorithmic accountability requirements, in particular, demand documentation and audit trails that many companies have not built for their India-specific deployments. Global platforms often treat regional markets as extensions of centralized systems, but MeitY’s framework implicitly requires localized governance — impact assessments calibrated to Indian user populations, incident reporting routed through India-based compliance contacts, and audit records accessible to Indian regulators.

Tech compliance in India has historically been managed through a relatively lean regulatory interface. The new framework, if finalized in its current form, would require a meaningful expansion of in-country legal and technical teams. For companies that have underinvested in India-specific AI governance, the 90-day window creates immediate resourcing pressure.

—

What It Means for Indian Startups and Investors

The framework’s implications for India’s domestic tech ecosystem are more nuanced. Startups such as Meesho and Zomato, which have scaled rapidly on AI-driven logistics, personalization, and pricing systems, now face compliance obligations that were previously the concern of large enterprises.

For early-stage founders, the draft raises a structural question: should AI governance be built into product architecture from the outset, or treated as a compliance layer added at scale? The 90-day deadline and the one-million-user threshold together suggest that governance cannot be deferred until a company reaches enterprise maturity. Investors evaluating Indian AI ventures would be prudent to treat regulatory readiness as a material due diligence factor, not a footnote.

There is, however, a potential upside for well-prepared domestic players. Indian startups that build robust algorithmic accountability practices early may find themselves better positioned in enterprise and government procurement contexts, where regulatory compliance is increasingly a baseline requirement rather than a point of differentiation.

—

Key Uncertainties Before Finalization

The draft remains open for stakeholder consultation, and several provisions are likely to evolve before any final notification. The definition of “significant adverse outcome” — which triggers mandatory incident reporting — is currently broad enough to generate interpretive uncertainty. Industry groups are expected to push for clearer thresholds and explicit safe harbor provisions.

The enforcement mechanism is also underdeveloped in the current text. Without clarity on penalties, audit rights, and the regulatory body responsible for oversight, companies face difficulty calibrating their compliance investments. MeitY will need to address these gaps to produce a framework that is both enforceable and practically workable.

—

The Regulatory Moment India Cannot Afford to Mishandle

India stands at a consequential inflection point in its AI governance trajectory. The MeitY framework, if finalized thoughtfully, could establish India as a credible standard-setter for AI accountability across the Global South — a counterweight to both the EU’s regulatory maximalism and the historically light-touch approach of the United States.

Handled poorly, an overly prescriptive or ambiguously drafted framework risks chilling AI investment in a market with genuine potential to lead in applied AI development. The 90-day compliance window, the one-million-user threshold, and the algorithmic impact assessment requirement are all defensible in principle. The test will be whether MeitY can translate those principles into implementation guidance that is precise enough to follow and proportionate enough to sustain.

For every stakeholder in India’s AI economy — from compliance officers in San Francisco to startup founders in Bengaluru — the consultation window is the moment to engage. The rules being written now will define the operating environment for years to come.