Part 1 of 8

Introduction to AI & Legal Framework

Build foundational understanding of Artificial Intelligence and Machine Learning technologies, explore the global regulatory landscape, and understand India's evolving approach to AI governance.

~90 minutes 6 Sections 3 Case Studies

1.1 Understanding AI & Machine Learning

Before advising clients on AI law, practitioners must develop sufficient technical understanding of what AI and ML systems actually are, how they work, and their current capabilities and limitations.

Defining Artificial Intelligence

There is no universally accepted legal definition of AI. Different jurisdictions and organizations have adopted varying definitions, creating challenges for cross-border regulation.

OECD Definition (2019)
"An AI system is a machine-based system that can, for a given set of human-defined objectives, make predictions, recommendations, or decisions influencing real or virtual environments."
EU AI Act Definition (2024)
"AI system means a machine-based system designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments."
💡 Key Legal Insight

India currently lacks a statutory definition of AI. The IT Act 2000 and IT Rules 2021/2025 do not define "artificial intelligence." This creates ambiguity for regulatory compliance and liability determination.

Types of AI Systems

Type Description Examples Legal Relevance
Narrow AI (ANI) Task-specific intelligence ChatGPT, Image Recognition, Recommendation Systems Current regulatory focus; most commercial applications
General AI (AGI) Human-level cognitive abilities Theoretical; not yet achieved Future regulatory consideration
Generative AI Creates new content (text, images, code) GPT-4, DALL-E, Midjourney, Stable Diffusion IPR, deepfakes, content liability
Autonomous Systems Operates without human intervention Self-driving cars, drones, trading algorithms Liability allocation, safety regulations

Machine Learning: The Engine of Modern AI

Machine Learning (ML) is a subset of AI where systems learn from data rather than being explicitly programmed. Understanding ML is essential for AI law practitioners.

Supervised Learning

Trained on labeled data with known outcomes. Used for classification, prediction.

Legal Issue: Training data bias, data protection compliance

Unsupervised Learning

Finds patterns in unlabeled data. Used for clustering, anomaly detection.

Legal Issue: Explainability challenges, audit difficulties

Reinforcement Learning

Learns through trial and error with rewards/penalties.

Legal Issue: Unpredictable behavior, safety concerns

⚖️ Practice Tip

When advising AI clients, always ask: "What type of AI/ML is being used?" and "What data is it trained on?" These questions determine applicable regulations (DPDPA for personal data), IPR concerns (training data rights), and liability frameworks.

1.2 Global AI Regulatory Landscape

AI regulation is evolving rapidly worldwide. Understanding global frameworks helps Indian practitioners advise multinational clients and anticipate India's regulatory direction.

European Union: AI Act (2024)

The EU AI Act is the world's first comprehensive AI legislation, adopting a risk-based approach.

Risk Level Examples Requirements
Unacceptable Risk Social scoring, subliminal manipulation, real-time biometric surveillance Prohibited
High Risk Medical devices, credit scoring, employment decisions, law enforcement Conformity assessment, human oversight, transparency
Limited Risk Chatbots, emotion recognition, deepfakes Transparency obligations
Minimal Risk Spam filters, video games No specific requirements

United States: Sector-Specific Approach

The US has no comprehensive federal AI law. Instead, it relies on:

  • Executive Order on AI Safety (Oct 2023): Safety testing, red-teaming requirements for powerful models
  • NIST AI Risk Management Framework: Voluntary guidelines for AI risk management
  • State Laws: California, Colorado, Illinois with varying AI regulations
  • Sector Regulators: FDA (medical AI), SEC (algorithmic trading), FTC (unfair practices)

China: State-Centric Regulation

  • Algorithmic Recommendation Regulation (2022): Transparency, user control over recommendations
  • Deep Synthesis (Deepfake) Regulation (2023): Mandatory labeling, content review
  • Generative AI Measures (2023): Content compliance, training data requirements
⚠️ Compliance Alert

Indian AI companies serving EU customers must comply with the EU AI Act. This has extraterritorial application similar to GDPR. Similarly, US sector-specific rules may apply to Indian companies listed on US exchanges or offering services to US customers.

1.3 India's Approach to AI Governance

India has adopted a "light-touch" regulatory approach to AI, prioritizing innovation while developing sector-specific guidelines. However, this is rapidly evolving.

NITI Aayog's Role

NITI Aayog has been the primary government body shaping India's AI strategy through key documents:

  1. National Strategy for AI (2018): Identified focus sectors - healthcare, agriculture, education, smart cities, mobility
  2. Responsible AI for All (2021): Principles-based approach emphasizing safety, inclusion, equality, privacy, transparency, accountability, positive human values
  3. AI for All (2022): Framework for democratizing AI benefits across society

Seven Principles of Responsible AI (NITI Aayog)

1. Safety & Reliability

AI systems must be safe, robust, and reliable throughout their lifecycle

2. Equality

AI must promote equality and not discriminate against any group

3. Inclusivity

AI development should include diverse stakeholders and benefit all

4. Privacy & Security

AI must protect privacy and ensure data security

5. Transparency

AI operations should be transparent and explainable

6. Accountability

Clear accountability mechanisms for AI outcomes

7. Positive Human Values

AI should reinforce positive human values and societal well-being

IndiaAI Mission (2024)

The Union Cabinet approved the IndiaAI Mission in March 2024 with Rs. 10,372 crore allocation covering:

  • IndiaAI Compute Capacity: Building AI computing infrastructure (10,000+ GPUs)
  • IndiaAI Innovation Centre: Research in foundational models and AI applications
  • IndiaAI Datasets Platform: Non-personal data for AI training
  • IndiaAI Application Development: Sector-specific AI solutions
  • IndiaAI FutureSkills: AI workforce development
  • IndiaAI Startup Financing: Supporting AI entrepreneurship
  • Safe & Trusted AI: Frameworks for responsible AI
"India's approach to AI regulation must balance innovation enablement with risk mitigation. We seek to be a leader in responsible AI development." NITI Aayog, Responsible AI for All (2021)

1.4 Current Legal Framework Applicable to AI

While India lacks dedicated AI legislation, multiple existing laws apply to AI systems. Practitioners must navigate this complex regulatory mesh.

IT Act, 2000 & IT Rules

Provision AI Relevance
Section 43 (Civil Contraventions) Unauthorized AI system access, data extraction
Section 66 (Hacking) AI-assisted cyberattacks, adversarial AI
Section 69A (Blocking) AI-generated harmful content blocking
Section 79 (Safe Harbour) Intermediary liability for AI-generated content
IT Rules 2021/2025 AI content labeling, deepfake regulations

Digital Personal Data Protection Act, 2023

  • Consent for Processing: AI systems using personal data require valid consent
  • Purpose Limitation: AI cannot use data beyond specified purposes
  • Data Minimization: AI should process only necessary personal data
  • Automated Decision Making: DPDPA provisions on automated decisions (Section 11)
  • Cross-Border Transfer: AI training data transfers to restricted jurisdictions

Consumer Protection Act, 2019

  • Product Liability (Chapter VI): AI as defective product
  • Unfair Trade Practices: Deceptive AI marketing claims
  • E-Commerce Rules 2020: AI in e-commerce platforms

Sector-Specific Regulations

Sector Regulator AI-Relevant Regulations
Healthcare CDSCO Medical Device Rules 2017, SaMD guidance
Banking RBI IT Guidelines 2011, Outsourcing Guidelines, Digital Lending Guidelines
Securities SEBI Algo Trading Framework, Investment Adviser Regulations
Insurance IRDAI Sandbox Guidelines, Underwriting regulations
Telecom TRAI/DoT Telecom Bill 2023, OTT regulations
Compliance Strategy

When advising AI companies, conduct a regulatory mapping exercise: identify all applicable laws based on (1) nature of AI system, (2) data processed, (3) sector of deployment, (4) geographic reach. This is the foundation for any AI compliance program.

1.5 Emerging Legal Issues in AI

Beyond existing regulatory frameworks, several novel legal questions are emerging that practitioners must anticipate.

AI Legal Personality

Can AI systems have legal rights or obligations? Current Indian law treats AI as a tool, not a legal person. However, debates continue on:

  • AI as Author/Inventor: Can AI hold copyright or patent rights? (See Thaler cases)
  • AI as Agent: Can AI bind principals in contracts?
  • AI Testimony: Admissibility of AI-generated evidence

Algorithmic Accountability

When AI makes decisions affecting individuals, accountability mechanisms are crucial:

  • Right to Explanation: Should affected individuals have right to understand AI decisions?
  • Appeal Mechanisms: How to challenge automated decisions?
  • Human Oversight: When is human-in-the-loop mandatory?

AI and Fundamental Rights

⚖️ Constitutional Dimension

AI systems engaging in surveillance, profiling, or automated decision-making must be evaluated against constitutional guarantees:

  • Article 14: Algorithmic discrimination violates equality
  • Article 19: AI content moderation affects free speech
  • Article 21: AI surveillance implicates privacy (Puttaswamy)

1.6 Case Studies

Case Study 1: AI Recruitment Tool Bias

Scenario
A major IT company uses an AI-powered resume screening tool. Analysis reveals the tool systematically downgrades resumes from women and candidates from certain regions. A rejected candidate files a complaint with the CCPA under the Consumer Protection Act.

Legal Issues:

  • Unfair trade practice under Consumer Protection Act?
  • Violation of Article 14 (equality) if discriminatory outcomes proven?
  • DPDPA compliance if personal data used for automated decisions?
  • Labour law implications for discriminatory hiring?

Case Study 2: AI Medical Misdiagnosis

Scenario
An AI diagnostic tool used in a hospital fails to detect cancer, leading to delayed treatment and patient harm. The patient sues the hospital, the AI vendor, and the doctor who relied on the AI recommendation.

Legal Issues:

  • Product liability under Consumer Protection Act for AI as medical device?
  • Professional negligence by doctor for blind reliance on AI?
  • Regulatory compliance under Medical Device Rules 2017?
  • Liability allocation in AI-human decision chain?

Case Study 3: Generative AI Content Dispute

Scenario
An AI image generator creates artwork strikingly similar to a registered Indian artist's copyrighted work. The artist discovers the AI was trained on scraped images including her portfolio without permission.

Legal Issues:

  • Copyright infringement in training data use?
  • Copyright in AI-generated output?
  • Fair use/fair dealing defence applicability?
  • Rights of the human artist vs. AI developer?

Key Takeaways

  • AI lacks a statutory definition in India - practitioners must understand technical distinctions
  • EU AI Act (risk-based), US (sector-specific), China (state-centric) offer different regulatory models
  • India follows principles-based approach via NITI Aayog; IndiaAI Mission signals increased focus
  • Multiple existing laws apply: IT Act, DPDPA, Consumer Protection, sector regulations
  • Emerging issues include AI personality, algorithmic accountability, and fundamental rights
  • Regulatory mapping is essential for any AI compliance advisory