The Two-Hour Challenge, India’s Deepfake Regulation, the Enforcement Conundrum, and the Unanswered Questions of AI Governance

On the eve of the AI Impact Summit in New Delhi, the Union government unveiled its most assertive regulatory intervention yet against the proliferating menace of synthetic content. The amended Information Technology Rules, 2026, mandate that online platforms remove non-consensual intimate imagery and deepfake content within two hours of receiving a complaint, and other unlawful content within three hours of a government or court order. AI-generated content must be clearly labelled. Platforms offering AI tools must actively prevent the creation or spread of child sexual abuse material (CSAM), explosives-related content, and fraudulent deepfakes. User complaints must be resolved within seven days.

These are, by any measure, the strictest takedown timelines of any major democracy. Germany’s NetzDG gives platforms 24 hours to remove ‘manifestly illegal’ content. Australia’s eSafety regime allows 24-hour notices in serious cases. The EU’s Digital Services Act demands expeditious action but specifies no clock countdown. India has chosen a two-hour standard—a regulatory sprint in a marathon of content moderation.

The intent is unimpeachable. Deepfakes are not theoretical harms; they are ruinous realities. Women have seen their faces morphed into pornographic imagery without consent. Political opponents have been impersonated to spread disinformation. Fraudsters have cloned voices to empty bank accounts. CSAM, whether AI-generated or real, is depraved. No government can stand idle.

Yet, as the accompanying analysis makes clear, the challenge lies not in the stringency of the rules but in the feasibility of their execution. India’s linguistic diversity, cultural complexity, and sheer content volume render contextual judgement of fraudulent posts extraordinarily difficult within a two-hour window. Labelling AI-generated content is technically fraught; metadata can be stripped, watermarks degraded, and open-source models trained to embed no detectable markers at all. The very mechanisms designed to catch fraudsters—traceability, provenance chains, platform monitoring—carry the risk of being repurposed as surveillance tools to expose whistleblowers, activists, and citizens sharing lawful but socially sensitive content.

The amended rules represent a necessary escalation in India’s approach to AI governance, moving from the calibrated restraint of the AI Governance Guidelines and the Digital Personal Data Protection Act to a firmer, more prescriptive stance. But necessity is not sufficiency. The success of these rules will depend less on the strictness of their clock timers and more on the clarity of their definitions, the transparency of their enforcement, the independence of their oversight, and the credibility of their false-alarm redressal. On all four counts, the framework remains substantially underspecified.

Part I: The Two-Hour Mandate—Speed as a Double-Edged Sword

The compression of takedown timelines from 36 hours (under the previous framework) to two hours for non-consensual intimate content and three hours for other unlawful content is the amendments’ most consequential and controversial feature.

The Case for Speed:
The digital ecosystem operates on viral epidemiology. Content that is not removed within the first hour of its appearance is already being screenshotted, downloaded, re-uploaded, and distributed across encrypted messaging platforms beyond any intermediary’s reach. Twenty-four hours is not merely insufficient; it is, in the context of a coordinated disinformation campaign or a non-consensual pornography attack, an eternity. The two-hour mandate reflects a sobering truth: that the window for effective content removal has narrowed to the point where traditional notice-and-takedown cycles are obsolete.

The Implementation Challenges:

1. Contextual Judgement Under Extreme Time Pressure:
India is not Germany. It is not Australia. It is a continent-scale democracy of 1.4 billion people, speaking dozens of languages, practising multiple religions, and operating within diverse cultural norms. What constitutes a “fraudulent deepfake” in one linguistic context may be legitimate satire in another. What is “unlawful content” in one jurisdiction may be constitutionally protected speech in another.

The rules require platforms to make these determinations within two hours. This is not adjudication; it is triage. Platforms will inevitably err on the side of removal—dropping content first and inspecting it later. False positives will rise. Legitimate speech will be suppressed. Restoration appeals, which the rules do not accelerate, will lag removals. The speed of censorship will outpace the speed of remedy.

2. Differential Capacity and the Burden on Indian Platforms:
A global platform with a sophisticated trust and safety infrastructure operating across multiple time zones can, with significant investment, comply with a two-hour mandate. A domestic Indian startup with a lean compliance team cannot. The rules apply uniformly to all intermediaries, regardless of size, resources, or risk profile. This is not neutral; it is structurally discriminatory against Indian innovation. It imposes compliance costs that global giants can absorb and domestic challengers cannot.

3. The Procedural Vacuum:
What constitutes “receipt” of a complaint? An email to a generic compliance address at 2 a.m. on a Sunday? A tweet tagging the platform’s official handle? A notice served on a subsidiary entity in Singapore? The rules are silent. What happens when a platform seeks clarification on an order within the three-hour window—is the clock paused? What constitutes compliance if the content is removed from the Indian version of the platform but remains accessible through a global URL? The procedural gaps are numerous and consequential.

Part II: The Labelling Mandate—Traceability’s Technical and Political Limits

The requirement to clearly label AI-generated content is, in principle, unobjectionable. Citizens have a right to know whether the video they are watching, the audio they are hearing, or the image they are viewing is authentic or synthetically manufactured.

The Technical Reality:

1. Metadata is Fragile:
Basic Exif data—time-stamps, device IDs, GPS coordinates—can be stripped with a single click. Advanced users can falsify metadata entirely. A labelling regime that relies on embedded metadata is a labelling regime that will be systematically evaded by the very actors it seeks to deter.

2. Watermarks are Degradable:
Visual watermarks can be cropped, compressed, overlaid, or pixel-edited out of existence. Audio watermarks can be filtered. Even cryptographic provenance chains, which embed tamper-evident signatures at the point of creation, are only effective if the entire distribution ecosystem honours them. A screenshot of a watermarked image, reposted without the watermark, is indistinguishable from an authentic photograph.

3. Open-Source Evasion:
The most sophisticated AI generators are no longer exclusively proprietary. Open-source models can be downloaded, fine-tuned, and deployed locally, with no obligation to embed any detectable markers. A regulator cannot mandate compliance from software that is not a service but a tool.

The Political Risk:

Traceability is a double-edged sword. The same mechanisms that enable platforms to identify fraudulent deepfakes also enable governments to identify legitimate dissent. A whistleblower exposing corporate malfeasance. An activist documenting police brutality. A citizen sharing a politically sensitive but lawful video. All become visible to authorities through the very provenance chains designed to catch fraudsters.

This is not a hypothetical concern. In democracies and authoritarian regimes alike, digital surveillance has consistently expanded beyond its original mandate. The rules contain no explicit prohibition on using traceability data for non-content-moderation purposes. They contain no independent oversight mechanism for auditing how platforms and governments use this data. They create a technical infrastructure of identification without a legal infrastructure of protection.

Part III: The Enforcement Deficit—Deterrence Without Credibility

The amendments impose binding obligations on platforms but retain the same anemic enforcement architecture that has rendered previous IT Rules largely ineffective.

The Safe Harbour Paradox:

The only substantive consequence for non-compliance remains the potential withdrawal of safe harbour protection under Section 79 of the IT Act. This provision immunises intermediaries from liability for third-party content. Its withdrawal would expose platforms to liability for all content on their networks—a commercially catastrophic outcome.

The problem is credibility. Safe harbour withdrawal has never been invoked against a major platform. It is a nuclear option that cannot be used without triggering systemic disruption. Platforms know this. They calculate that the risk of withdrawal is acceptable and calibrate their compliance investments accordingly.

What is missing is a graduated sanctions ladder:

  • Advisory notices for first-time, minor infractions.

  • Monetary penalties calibrated to platform revenue and offence gravity.

  • Temporary suspension of specific services for repeated non-compliance.

  • Executive accountability measures—fines on responsible individuals, disqualification from compliance officer roles.

  • Transparency reporting mandates requiring platforms to disclose enforcement metrics.

Without such a ladder, the two-hour mandate is not deterrence; it is theatre. Platforms will comply to the extent that compliance aligns with their operational convenience and commercial interests. When the two conflict, convenience will prevail.

Part IV: The Definitional Deficit—What Exactly Is “Unlawful”?

The rules require platforms to remove “unlawful content” within three hours of a government or court order. They do not, however, define “unlawful content” with the precision that such accelerated takedown powers demand.

The Ambiguity Problem:

The term “unlawful content” is a circular reference—it means content that is prohibited by law. But which law? The Indian Penal Code? The Information Technology Act? State-level legislation? The rules do not specify. A government order citing a rarely used colonial-era provision could mandate removal of content that no reasonable observer would consider unlawful. The platform, facing a three-hour deadline, has no time to challenge the order or seek judicial clarification.

The Overbreadth Risk:

The rules explicitly identify three categories of content that platforms must actively prevent: CSAM, explosives-related content, and fraudulent deepfakes. These are legitimate, narrowly tailored targets. But the rules also authorise government orders for removal of “other unlawful content”—an unbounded category that could, in principle, include:

  • Criticism of government policies classified as “patently false.”

  • Satirical content interpreted as “potentially harmful.”

  • Political speech deemed “disruptive of public order.”

The rules contain no independent oversight mechanism for government removal orders. They do not require prior judicial approval. They do not establish a transparent appeals process. They create a framework in which the executive is simultaneously the complainant, the adjudicator, and the enforcer of content removal.

Part V: The Structural Question—Can Delegated Legislation Govern AI?

The deepest inadequacy of the amended rules is not textual but structural. They are framed under the IT Act, 2000, a statute enacted when:

  • The internet was accessed primarily through desktop computers.

  • Social media platforms did not exist.

  • “Artificial intelligence” was a research field, not a mass-market product.

  • The term “deepfake” had not been coined.

The IT Act is a 20th-century legal instrument. It was designed to address e-commerce, digital signatures, and cybercrime. It was not designed to govern generative AI, algorithmic amplification, or synthetic content ecosystems. The amendments stretch the Act’s language and concepts beyond their intended limits.

Delegated legislation—rules framed by the executive under authority granted by primary legislation—can provide interim guardrails. It can respond rapidly to emerging challenges. It can be amended flexibly as technology evolves.

But delegated legislation cannot substitute a coherent, primary law on AI governance, debated and enacted by Parliament. Such a law would:

  • Establish definitions and categories of AI systems based on risk and function.

  • Assign clear liability frameworks for algorithmic harms.

  • Create a dedicated regulatory authority with technical expertise and enforcement powers.

  • Balance innovation incentives with fundamental rights protections.

  • Provide due process safeguards against arbitrary content takedown.

  • Enable cross-border cooperation on AI governance.

The amended rules are a step in the right direction. They acknowledge the systemic risks of generative AI. They correct structural lags in the previous framework. They adopt a more calibrated approach to content labelling.

But they are not a destination. They are a waypoint. The credibility of India’s AI governance regime will depend on whether the government recognises the limits of delegated legislation and moves, with urgency and deliberation, towards a dedicated, primary law on artificial intelligence.

Conclusion: Speed Is Not Strategy

The amended IT Rules represent a genuine, good-faith attempt to address a genuine, urgent problem. Deepfakes are not a future threat; they are a present menace. CSAM is not a theoretical harm; it is a depraved reality. The government’s decision to tighten oversight is not only justified but necessary.

Yet, speed is not strategy. A two-hour takedown mandate without a corresponding investment in contextual adjudication capacity is a recipe for over-removal and under-protection. A labelling requirement without technical standards and verification mechanisms is a compliance exercise, not a transparency regime. An enforcement architecture without graduated sanctions is a paper tiger. A removal power without independent oversight is an invitation to abuse.

The success of India’s deepfake regulation will not be measured by the stringency of its clock timers. It will be measured by:

  • The clarity of its definitions—whether platforms, users, and courts can reliably distinguish unlawful content from protected speech.

  • The transparency of its enforcement—whether removal orders are published, justified, and subject to independent audit.

  • The independence of its oversight—whether a dedicated regulator with technical expertise adjudicates disputes, rather than executive officials operating without judicial scrutiny.

  • The credibility of its redressal—whether users whose content is wrongly removed have access to swift, effective appeals.

On all four counts, the amended rules remain substantially underspecified. They provide a framework of obligations without a framework of accountability. They mandate speed without building capacity. They create new powers without establishing new safeguards.

The government has demonstrated that it understands the urgency of AI governance. It has yet to demonstrate that it understands its complexity. The two-hour clock is now ticking. The question is whether India’s regulatory infrastructure can keep pace with its regulatory ambition.

Q&A: India’s Deepfake Regulation—Strengths, Gaps, and Unanswered Questions

Q1: How do India’s new takedown timelines for deepfakes and unlawful content compare with those of other major democracies?

A1: India’s timelines are significantly stricter than comparable jurisdictions:

Jurisdiction Takedown Timeline Legal Instrument
India 2 hours (non-consensual intimate/deepfake) IT Rules, 2026
3 hours (other unlawful content)
Germany 24 hours (manifestly illegal) NetzDG
Australia 24 hours (serious cases) eSafety Regime
EU “Expeditious” (no fixed clock) Digital Services Act
UK “Without delay” (no fixed clock) Online Safety Bill

Significance: India’s two-hour mandate reflects an understanding that in the viral digital ecosystem, 24 hours is too late—content can be copied, amplified, and archived beyond recall. However, this speed comes at the cost of increased false positives, disproportionate burden on smaller platforms, and inadequate time for contextual adjudication.

Q2: What are the principal technical challenges in implementing the requirement to label AI-generated content?

A2: Four interconnected technical challenges:

1. Metadata fragility: Basic Exif data (time-stamps, device IDs, GPS) can be stripped with one click. Advanced users can falsify metadata entirely. A labelling regime reliant on embedded data is systematically evadable.

2. Watermark degradability: Visual watermarks can be cropped, compressed, overlaid, or pixel-edited. Audio watermarks can be filtered. Cryptographic provenance chains require ecosystem-wide adoption; a screenshot of a watermarked image reposted without the watermark is indistinguishable from an authentic photograph.

3. Open-source evasion: Leading-edge AI generators are increasingly open-source. Users can download, fine-tune, and deploy models locally with no obligation to embed detectable markers. Regulators cannot mandate compliance from tools, only from services.

4. Interoperability vacuum: No specified technical standards for metadata format, identifier schema, or verification protocols. Different platforms may implement incompatible systems, rendering cross-platform traceability impossible.

Q3: Why is the existing enforcement mechanism—safe harbour withdrawal under Section 79—considered inadequate?

A3: The credibility problem:

Feature Safe Harbour Withdrawal What’s Needed
Severity Catastrophic (platform liable for all content) Proportionate to offence
Frequency Never invoked against major platforms Regular, predictable enforcement
Predictability All-or-nothing Graduated sanctions
Deterrence Low (threat lacks credibility) High (credible, calibrated penalties)

The missing sanctions ladder:

  1. Advisory notices for minor, first-time infractions.

  2. Monetary penalties calibrated to platform revenue.

  3. Temporary suspension of specific services for repeated non-compliance.

  4. Executive accountability measures (fines on responsible individuals).

  5. Transparency reporting mandates on enforcement metrics.

Conclusion: A nuclear option that cannot be used is not deterrence; it is theatre.

Q4: What are the constitutional and political risks of the accelerated takedown powers granted to the executive?

A4: Three categories of risk:

1. Definitional ambiguity:

  • Rules mandate removal of “unlawful content” without defining the term.

  • Government orders can cite any law, including rarely used colonial-era provisions.

  • No independent verification that content is actually unlawful before removal.

2. Overbreadth and mission creep:

  • The same traceability mechanisms that identify fraudulent deepfakes can also identify legitimate dissent.

  • No explicit prohibition on using provenance data for non-content-moderation purposes.

  • No independent oversight of how platforms and governments use this data.

3. Due process deficit:

  • No prior judicial approval for removal orders.

  • No transparent appeals mechanism.

  • Three-hour window insufficient for platforms to seek legal advice or challenge orders.

  • Executive is simultaneously complainant, adjudicator, and enforcer.

The surveillance state risk: A technical infrastructure designed for content moderation can be repurposed for political surveillance. The rules create this infrastructure without establishing legal protections against its abuse.

Q5: Why does the analysis argue that delegated legislation under the IT Act is insufficient, and what should a dedicated AI law include?

A5: The structural argument:

The IT Act, 2000, is a 20th-century statute designed for:

  • E-commerce and digital signatures.

  • Cybercrime (hacking, viruses).

  • Intermediary liability for user-generated content.

It is not designed for:

  • Generative AI and synthetic content.

  • Algorithmic amplification and recommender systems.

  • Systemic risks from large-scale AI deployment.

What delegated legislation can do:

  • Provide interim guardrails for emerging challenges.

  • Respond rapidly to immediate threats.

  • Be amended flexibly.

What delegated legislation cannot do:

  • Establish a coherent, future-proof governance framework.

  • Balance competing values (innovation, safety, free speech, privacy) through deliberative legislative process.

  • Create dedicated institutions with technical expertise and enforcement powers.

Essential elements of a dedicated AI law:

  1. Risk-based classification of AI systems (unacceptable, high, limited, minimal risk).

  2. Clear liability frameworks for algorithmic harms (who is liable when an AI system causes harm?).

  3. Dedicated regulatory authority with technical expertise, enforcement powers, and independence.

  4. Fundamental rights impact assessments for high-risk AI deployments.

  5. Due process safeguards against arbitrary content removal.

  6. Transparency obligations for training data, model architecture, and performance metrics.

  7. Cross-border cooperation mechanisms for AI governance.

Conclusion: The amended rules are a “necessary step” but “not a destination.” Credible, sustainable AI governance requires primary legislation, not executive rule-making.

Your compare list

Compare
REMOVE ALL
COMPARE
0

Student Apply form