1. Legal Framework Governing Deepfakes in India

A. Information Technology Act, 2000 (IT Act)

This is the primary cyber law framework used to address deepfake-related offenses.

Key provisions:

• Section 66C – Identity theft
  → Using someone’s digital identity (photos, biometrics, voice) without consent (directly applicable to deepfakes)
• Section 66D – Cheating by personation using computer resources
  → Fake impersonation via AI-generated videos or voice
• Section 66E – Violation of privacy
  → Capturing or transmitting private images/videos without consent
• Section 67 / 67A / 67B
  • 67: Obscene content online
  • 67A: Sexually explicit material
  • 67B: Child sexual abuse material (CSAM)
    → Deepfake pornography is often prosecuted here

B. Bharatiya Nyaya Sanhita (BNS), 2023 (replacing IPC)

Deepfake-related offenses fall under:

• Defamation (equivalent to IPC 499–500)
• Forgery and false electronic records
• Cheating and impersonation
• Criminal intimidation (if used for harassment or extortion)

C. Digital Personal Data Protection Act, 2023 (DPDP Act)

Relevance:

• Protects personal data misuse (images, biometric data, voice)
• Requires consent for processing personal data
• Deepfakes often involve unauthorized processing of personal data

Limitations:

• Does not explicitly mention deepfakes yet
• Enforcement still evolving

D. IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021

These rules are crucial for regulating platforms like YouTube, Instagram, and X.

Key obligations:

• Platforms must remove unlawful content within 36 hours of complaint
• Must deploy automated tools to detect synthetic/manipulated media
• Must label “synthetically generated” or “deepfake” content
• Must ensure traceability of originators in some cases

E. Government Advisory on Deepfakes (MeitY, 2023–2024)

• Mandates clear labeling of AI-generated content
• Requires social media platforms to remove impersonation deepfakes quickly
• Warns of penalties for non-compliance under IT Act intermediary liability

2. Judicial Approach Toward Deepfake-Like Issues

India does not yet have a Supreme Court case directly on “deepfakes”, but courts have addressed privacy, identity misuse, and online harm, which form the legal foundation.

3. Important Case Laws (Highly Relevant to Deepfake Regulation)

1. Shreya Singhal v. Union of India (2015)

Key principle: Free speech vs online regulation

• Struck down Section 66A of IT Act (vague speech restriction)
• Established that content removal must meet clear legal standards
• Defined intermediary liability framework (actual knowledge + court order)

Relevance to deepfakes:
Platforms cannot remove content arbitrarily, but must act on lawful orders or clear notice.

2. K.S. Puttaswamy v. Union of India (2017)

Key principle: Right to Privacy is a fundamental right

• Recognized informational privacy and bodily autonomy
• Privacy includes control over personal identity and data

Relevance:
Deepfakes directly violate privacy by misusing face, voice, and biometric identity.

3. Avnish Bajaj v. State (NCT of Delhi) (Bazee.com case, 2008)

Key principle: Intermediary liability

• Online platform held liable for obscene content listing
• Clarified that intermediaries can be responsible if they knowingly facilitate illegal content

Relevance:
If platforms host deepfakes knowingly and fail to act, liability may arise.

4. Subramanian Swamy v. Union of India (2016)

Key principle: Criminal defamation is constitutional

• Upheld IPC defamation provisions
• Balanced reputation vs free speech

Relevance:
Deepfake videos damaging reputation can be prosecuted as defamation.

5. Anuradha Bhasin v. Union of India (2020)

Key principle: Internet freedom and proportionality

• Recognized internet access as essential for speech and trade
• Restrictions must be proportionate and justified

Relevance:
Any blocking of deepfake content must meet proportionality standards.

6. State of Tamil Nadu v. Suhas Katti (2004)

Key principle: Cyber harassment conviction

• First conviction under IT Act in India
• Involved online harassment and fake posts about a woman

Relevance:
Early precedent for punishing digital impersonation and harassment—core aspects of deepfakes.

7. Ritesh Sinha v. State of Uttar Pradesh (2019)

Key principle: Voice samples and privacy

• Supreme Court allowed voice samples in investigation
• Recognized voice as part of personal identity

Relevance:
Deepfake voice cloning directly affects identity rights recognized in this case.

4. How Deepfakes Are Prosecuted in India (Practical Reality)

Since no standalone law exists, authorities combine:

• IT Act (identity theft, obscenity)
• BNS/IPC (defamation, cheating, forgery)
• DPDP Act (data misuse)
• Court orders for takedown
• Intermediary Rules for platform liability

5. Key Legal Challenges

• No specific definition of deepfake in statute
• Difficulty in proving intent and origin of AI content
• Cross-border hosting issues
• Delayed takedown by platforms
• Lack of forensic AI detection infrastructure

6. Conclusion

India regulates deepfakes through a patchwork legal system rather than a dedicated law. The strongest legal tools currently are:

• IT Act provisions (identity theft + obscenity)
• Privacy jurisprudence (Puttaswamy case)
• Intermediary liability framework (Shreya Singhal line of cases)
• Criminal defamation and forgery laws

However, India is moving toward stricter AI governance, and future regulations are expected to explicitly define and criminalize malicious deepfakes.