India has incrementally advanced its AI governance journey onsetting with the DPDP Bill in 2022 to reinforce data protection and privacy. The launch of the INDIAai portal and IndiaAI Mission highlighted the government’s focus on AI infrastructure, skills, and ethical use in 2023. The NAITRA Bill, 2024, introduced in the Rajya Sabha, proposed a statutory authority to regulate AI systems and address ethical and societal risks. With the inception of 2025, efforts exemplified with plans for an AI Safety Institute and MeitY advisories on AI deployment, content labelling, and risk management, shaping India’s emerging AI regulatory framework.
The NAITRA BILL was proposed for the establishment of the National Artificial Intelligence Technology Regulatory Authority (NAITRA) as India’s central AI regulator to oversee ethical AI deployment, address risks like deepfakes and algorithmic bias, and ensure compliance across India. While it marks a significant legislative step, the Bill’s effectiveness will depend on timely implementation, clarity in rule-making, and adaptability to AI’s evolving challenges.
The Bill in Action : Powers & Purpose
Key structural features and functional powers can be summarised succinctly:
- Clause 3(2) & 3(3): To create NAITRA as a statutory Authority (seat in New Delhi) and such other regional offices as it may deem fi to regulate, monitor, and oversee AI and related technologies across sectors.
-
Clause 3(4) Structure & Powers: The Authority will be composed of:
- A Chairperson, appointed by the Central Government, with specialised knowledge and extensive experience in Artificial Intelligence.
- 2 Members, also nominated by the Central Government, chosen for their integrity and professional experience in areas such as: Managing risks linked to AI, Machine Learning, and Deep Learning, Ethical deployment of AI technologies, Developing responsible and innovative AI projects, Understanding State and Central IT policies and Assessing future threats of AI replacing human jobs.
The Chairperson and Members will serve for a term of up to 4 years. The Central Government will also appoint the required officers, staff, and experts to support the Authority’s work.
- Clause 5 Authority: has quasi-judicial powers, summons, document production, investigation, penalties, and orders so NAITRA can adjudicate complaints and direct compliance. The Bill contemplates sanctions and remedial directions.
- Clause 7 & 8 Funding & Accountability: The Bill requires the government to allocate funds (via parliamentary appropriation) to NAITRA. Also, audited accounts and annual reports must be submitted to Parliament.
-
Clause 9 Annual Reporting and Accountability: The Authority must prepare an annual report each year, detailing its activities and submit it to the Central Government within the prescribed time and format. The Central Government will then table this report before both Houses of Parliament, along with:
- Actions taken or proposed based on the Authority’s recommendations, and
- Reasons for not accepting any recommendations, if applicable within 1 year of receiving the report.
If any part of the report concerns a State Government, a copy will be sent to the State Governor, who will lay it before the State Legislature with an explanatory note on actions taken or proposed, and reasons for non-acceptance of recommendations, within 1 year of receipt.
Comparative Overview: DPDP Act vs. NAITRA Bill
While the bill presents a lot of strengths yet it comes with a set of challenges. Majorly there may arise an ambiguity while comparing it with the existing laws and regulations like the Digital Personal Data Protection Act, 2023 which may create confusion or duplication of effort. Alignment with the Digital Personal Data Protection Act, 2023 is crucial in avoiding the conflicting data standards. The Bill is also vague on implementation timelines and resourcing, which may delay its effectiveness.
| Aspect | DPDP ACT, 2023 | NAITRA Bill, 2024 |
|---|---|---|
| Objective / Focus | Protects personal data of individuals; ensures privacy, security, and responsible data processing. | Regulates Artificial Intelligence technologies; ensures ethical, safe, and accountable AI usage. |
| Regulatory Authority | Data Protection Board of India (DPBI) | National AI Technology Regulatory Authority (NAITRA) |
| Scope | Applies to personal data processed by government, companies, and intermediaries. | Applies to AI systems, high-risk AI applications, and organizations deploying AI in India. |
| Key Functions | Monitor compliance, handle grievances, impose penalties, approve cross-border data transfers. | Monitor AI deployment, regulate high-risk AI, ensure ethical standards, adjudicate violations. |
| Coverage | Individuals’ personal data and entities processing it. | AI systems, AI developers, and organizations using AI in India. |
| Compliance Requirements | Consent management, privacy by design, data security measures, data breach reporting. | Ethical deployment, risk assessment, compliance with AI regulations, and accountability for AI outputs. |
| Reporting & Accountability | Annual reporting to government; penalties for violations. | Annual report to Central Government; reports may also go to State Governments; quasi-judicial powers. |
| Enforcement & Penalties | Fines and penalties for non-compliance with data protection provisions. | Regulatory actions, prohibition of AI use, penalties for unethical or unsafe AI deployment. |
| Legal Status | Legally enforceable privacy and data protection law. | Legally enforceable AI regulatory framework. |
| Implementation Challenges | Data security enforcement, cross-border data flows, defining sensitive personal data. | Resource capacity, timeline for operationalization, overlap with existing laws, balancing innovation. |
Challenges & Open Questions
- Timeline & Implementation: The Bill does not define a specific timeline for NAITRA to become operational, which could delay the enforcement of AI regulations.
- Resources & Capacity: Effective functioning will require NAITRA to be well-staffed with experts in AI ethics, policy, and law, and equipped with adequate resources.
- Balancing Innovation and Regulation: Overregulation may hinder startups and experimental AI initiatives; the rules need to be clear, proportionate, and adaptable.
- Overlap and Legal Conflicts: The interaction between NAITRA’s authority and existing laws, such as data protection regulations, the IT Act, and sectoral regulators, remains to be clarified.
*The points outlined are broad interpretations of the Bill and expert analyses. For precise legal language, refer to the official Bill document.
Disclaimer
The information provided in this article is intended for general informational purposes only and should not be construed as legal advice. The content of this article is not intended to create and receipt of it does not constitute any relationship. Readers should not act upon this information without seeking professional legal counsel.
