India's AI Catch-Up: Innovation-First Governance, from the IndiaAI Mission to Draft Rules for the Courts
By Jean-Hugues Migeon
India has a paradox at the heart of its AI story. It is one of the world's great pools of engineering talent and a genuine powerhouse for building AI applications, yet it is widely seen as lagging in foundational AI: the large, frontier models that set the pace of the field. The gap is not about ability. It comes from a stack of structural constraints, and India's government has spent the past two years responding with an unusually deliberate, pro-innovation policy push. The Supreme Court's draft Regulations for Use of Artificial Intelligence (AI) in Courts, 2026, open for public comment until July 15, are the newest piece of that push.
For risk, compliance and audit professionals, India is becoming a live case study in a specific bet: that a country can accelerate AI adoption and home-grown innovation while writing targeted, principle-based guardrails rather than one heavy horizontal law. This piece walks through why India is playing catch-up, the policy timeline it has built in response, and the control set inside the draft court rules, then draws out what AI-risk teams can take from the whole approach.
Why India is playing catch-up in foundational AI
Several compounding factors sit behind India's foundational-AI gap, and the government's own strategy documents acknowledge most of them:
- Compute scarcity. Training frontier models needs thousands of high-end GPUs running for months, and global compute is concentrating in a handful of regions that combine abundant energy, deep capital and control over the underlying IP. As the Observer Research Foundation observes in its analysis of India's sovereign AI stack, this is opening a computing divide that forces countries without domestic capacity to depend on foreign infrastructure under restricted-use regimes they cannot easily escape. Closing that gap is why the IndiaAI Mission is standing up a shared national compute platform of subsidised GPUs.
- Scarce patient capital. Foundation models demand billions in up-front spend with no near-term return, and the deep capital pools that fund them sit largely in the United States and China. Indian investors have historically favoured application-layer startups with faster, lower-risk payback, leaving frontier model training under-funded. ORF argues India must now crowd in private money at speed, pointing to instruments such as the proposed one lakh crore rupee Research, Development and Innovation corpus.
- A localised-data deficit. Globally competitive models need vast, high-quality data. Much of the web's foundational data is English and Western in context, while building datasets that reflect India's hundreds of languages and cultural contexts is complex and still in progress.
- A deployment-over-R&D focus. India's strategy has historically aimed at being the world's AI use-case capital, applying existing models to governance, healthcare and public services rather than building frontier models from scratch. Practical, but it leaves the underlying intelligence layer dependent on foreign technology.
- Talent outflow. India produces millions of STEM graduates, but many top researchers emigrate for better compute, pay and well-funded labs. Retaining frontier-research talent at home remains a challenge.
ORF's assessment is blunt: India has entered the race too late to anchor its strategy on frontier models alone, and its comparative advantage now lies in assembling a resilient, end to end stack across energy, chips, compute, models and applications. That reframing explains why India's policy tone is so consistently pro-innovation. The strategic goal is not to slow AI down; it is to stimulate an ecosystem that is trying to move up the value chain from deploying AI to building it.
Two years of building: India's AI policy timeline
The court rules do not appear in a vacuum. They are the latest step in a sequence of moves that together sketch India's approach:
- IndiaAI Mission (March 2024). A national programme backed by over 10,300 crore rupees across five years, aimed at building compute capacity (a target of roughly 38,000 GPUs), developing indigenous foundation models, widening access to datasets, funding skilling and fellowships, and advancing a Safe and Trusted AI pillar. Its explicit aim is to reduce dependence on foreign foundational models.
- Digital Personal Data Protection Act (2023), rules in 2025. India's data-protection statute, with implementing rules following in 2025, applies squarely to AI processing of personal data and forms the privacy backbone under everything else.
- India AI Governance Guidelines (November 2025). Released by the Ministry of Electronics and Information Technology under the IndiaAI Mission, this is a principle-based, deliberately non-binding framework built on seven guiding principles (its "Sutras") and six pillars, with an action plan across short, medium and long-term timelines. Its stated posture is innovation over restraint, positioning governance as an enabler of competitiveness rather than a brake.
- The Artificial Intelligence (Ethics and Accountability) Bill, 2025. A proposed statute that would create a statutory Ethics Committee, mandatory ethical reviews for high-risk AI in areas like surveillance, law enforcement and employment, documented bias audits, and penalties for non-compliance. It signals where binding obligations could eventually land.
- No standalone horizontal AI law (Digital India Act). India has, for now, stepped back from a single omnibus AI statute, choosing instead a mix of sector-specific rules, guidelines and existing laws. That choice is itself a statement: keep the regime flexible and innovation-friendly rather than locking in one rigid framework early.
The pattern is clear. India is layering targeted, mostly light-touch instruments around a large public investment in capability, rather than leading with prohibition. The Supreme Court's draft rules fit that mould exactly: precise where the stakes are highest, permissive where AI can add value.
The court rules up close: assistive, never determinative
The draft does not ban AI from the courtroom. It encourages courts to "actively seek" AI that demonstrably improves access to justice, reduces delays or lifts administrative efficiency. AI is permitted for administrative and assistive functions such as case management, transcription, translation, legal research, document summarisation, accessibility and court administration. Each use requires written approval from an apex body or a court-level AI committee, plus supervision and verification by nominated officers.
The hard line is decision-making. No judicial outcome may be reached through algorithmic decision-making alone, or solely on the basis of AI-generated information. Human judicial authority stays determinative in every adjudicative decision, and any AI involvement in the decision process is advisory only, subject to independent human evaluation. This is the same principle at the heart of most modern AI governance frameworks: keep a human accountable for consequential decisions, and treat the model as an input rather than an authority.
The prohibited-use list: absolute and non-derogable
The most instructive part of the draft is what it forbids outright. Several uses are barred in "absolute and non-derogable" terms, meaning no authority can later authorise them. They include:
- Risk scoring to assess flight risk.
- Predicting recidivism.
- Evaluating bail eligibility.
- Determining the credibility of witnesses.
- Predicting, profiling or inferring the future conduct of parties, accused persons, witnesses or legal representatives.
- Submitting AI-generated output as independent evidence without full disclosure of its AI-generated nature.
- Using black-box (unexplainable) AI systems in any matter affecting personal liberty.
The through-line is a refusal to let opaque, predictive systems touch decisions about a person's liberty. For AI-risk teams, the lesson is not the specific list but the method: define the use cases that are simply off the table for your organisation, write them down as non-negotiable, and make sure your controls can prove those lines are not being crossed.
Transparency, governance and vendor controls
Where an AI tool "materially assists" a court in case management, document analysis or judicial administration, the court must tell the parties in a timely and accessible way. The materiality threshold is a practical model for any organisation trying to design disclosure that is meaningful without becoming noise.
Oversight is not left to good intentions. An Apex Body at the Supreme Court, made up of sitting judges, an official from the Ministry of Electronics and Information Technology, and finance and cybersecurity experts, sets the minimum mandatory standards, approves systems and issues guidance through five specialised committees. Each court forms its own AI committee, backed by an AI Secretariat, with a research centre (CoRE-AI) evaluating tools. Private vendors can be involved, but only with written approval and mandatory contract terms covering data ownership and access, a bar on using sensitive judicial data, a prohibition on retaining or fine-tuning models on court data without approval, and a rule that vendors cannot claim exclusive IP over tools built substantially on judicial data. For anyone managing third-party AI risk, that is a ready-made checklist.
Lifecycle assurance: assessments, testing, audits and registers
The safety model runs across the whole lifecycle: before, during and after deployment. A Technical and Ethical Impact Assessment is required, covering architecture, training data, bias, hallucination risk and cybersecurity posture. Some systems must first pass "Controlled Environment Testing" in an isolated setup. Once live, systems face recurring technical, legal and ethical audits plus separate cybersecurity audits, all conducted in-house because source code and training data cannot be shared with third parties for audit.
Two record-keeping duties stand out. Each court maintains an AI Register documenting approved systems and audit outcomes, and each AI Secretariat maintains an AI Incident Database logging malfunctions, errors and biases, with a mandatory 24-hour notification if a tool fails or is suspended. Every high court must also keep an emergency fall-back protocol so proceedings can continue manually if a system goes down. Read as a whole, this is a continuous-governance blueprint: know every system you run, assess it before it ships, audit it on a cycle, log what goes wrong quickly, and keep the evidence current.
Why this matters for AI-risk and audit teams
India's approach is a preview of a model many jurisdictions are converging on: accelerate innovation, avoid one rigid horizontal law, and manage risk through principle-based guidance plus sharp, sector-specific guardrails where the stakes are highest. That model is attractive to governments trying to compete, but it quietly shifts the burden onto organisations. When the state chooses light-touch and flexible over prescriptive, the responsibility to self-govern with credible, documented evidence lands on the companies and institutions deploying AI.
Strip away the judicial setting and the court draft describes exactly the operating model AI-risk and audit functions are being asked to build everywhere: a live inventory of AI systems, a documented risk assessment for each, prohibited-use boundaries you can enforce, disclosure tied to materiality, contractual control over vendors and data, and audit evidence that is maintained rather than reconstructed under deadline. The organisations that struggle are the ones treating governance as an annual documentation exercise, with evidence scattered across teams and no continuous view of what AI they actually run. A quick way to sanity-check the tools you already use is ExplAIn, Anove's accessible guide to whether an AI tool would hold up to scrutiny.
This is the model Anove's insAIght platform is built around: a continuously updated, audit-ready view of your AI landscape, with each system mapped to the frameworks and regulations that apply to it, from the EU AI Act and ISO/IEC 42001 to the NIST AI RMF and emerging national rules like India's. Done well, governance is not the enemy of the innovation India is chasing; it is what lets an organisation adopt AI faster with confidence, because the evidence is already there when a regulator, auditor or board asks for it.
Sources and references
- Supreme Court draft Regulations for Use of AI in Courts, 2026, explained: The Indian Express, "Inside SC's proposed regulations for AI use in courts".
- IndiaAI Mission (approved March 2024, over 10,300 crore rupees): IndiaAI (MeitY).
- India AI Governance Guidelines (November 2025): IndiaAI; press release, MeitY / Digital India.
- Digital Personal Data Protection Act, 2023: India Code; Digital Personal Data Protection Rules, 2025: MeitY.
- The Artificial Intelligence (Ethics and Accountability) Bill, 2025, as introduced in Parliament (Sansad).
- On India's compute, capital and sovereignty gap: Nisha Holla, "Operationalising India's Sovereign AI Stack: From Intent to Capability", Observer Research Foundation.
Learn more
- insAIght: Anove's AI governance and risk platform for a continuous, audit-ready view of your AI landscape.
- Stop Flying Blind with AI: Why You Need an AI Management System: how a structured AIMS turns scattered governance into continuous assurance, the capability India's model quietly demands.
- ExplAIn: check whether the AI tools you already use would hold up to scrutiny.
Book a demo to see how insAIght keeps your AI governance audit-ready, across every framework and emerging rule on your radar.