India’s data protection and AI governance landscape is facing heightened scrutiny as the Digital Personal Data Protection Act (DPDPA) is challenged in courts, regulators expand cybersecurity oversight, and organizations confront AI-driven risks.
A recent Public Interest Litigation before the Supreme Court raised concerns over provisions of the DPDPA that could limit press freedom, concentrate power in government hands, and fail to compensate victims of data breaches, prompting the Court to issue a Notice to the Government of India.
In parallel, the Kerala High Court addressed privacy issues related to biometric data collection at airports, questioning the oversight and role of the Data Protection Board.
The government has highlighted existing legal safeguards, including the IT Act, DPDPA, AI guidelines, and cybercrime measures, while new cybersecurity regulations are emerging, such as CERT-In’s guidelines for satellite communications and space systems.
Meanwhile, industry data shows that AI-driven transformation is considered the biggest security risk, with deepfake attacks and AI-generated misinformation affecting Indian organizations. Overall, India faces mounting challenges in balancing data protection, AI governance, and cybersecurity amid rapid technological adoption.
