IT Amendment Rules 2026: AI & Intermediary Guidelines & Compliance
Digital regulation in India just took a major step forward. On 20 February 2026, the Ministry of Electronics and Information Technology (MeitY) formally implemented the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, 2026; commonly known as IT Rules 2026. These amendments significantly expand how online platforms and intermediaries must manage AI-generated content and adhere to compliance obligations under the Information Technology Act, 2000.Below is a practical explanation of what has changed and why it matters from an Indian regulatory perspective.
1. AI-Generated Content Is Now Explicitly Regulated
The amendment introduces a definition of “Synthetically Generated Information” (SGI); meaning audio, visual or audiovisual content created, generated, modified or altered by a computer resource (including AI) that appears real or authentic. This can include:
Deepfakes (audio or video),
AI-generated impersonations,
AI-altered documents or electronic records.
This means that intermediaries and platforms cannot treat AI outputs the same way they treat ordinary user content; SGI has specific regulatory duties attached.
2. Mandatory Disclosure and Labelling Requirements
Under the new rules:
Platforms must require users to declare whether content is synthetically generated before upload.
If content is SGI and not declared, platforms must label it clearly (visibly on video or with an audio notice for sound).
These labels must be embedded using metadata or other identifiers and must not be removable or suppressible by users.
This move aims to improve transparency for end users and helps reduce the spread of misleading AI content.
3. Faster Takedown & Compliance Timelines
One of the most significant changes is the compression of takedown timelines:
Within 3 hours: Platforms must remove unlawful or harmful content after receiving a valid court or government order (down from 36 hours).
Within 2 hours: For the most sensitive categories such as non-consensual imagery or deepfakes involving privacy violations; removal must happen even faster.
General grievances: Platforms now must resolve complaints within 7 days (reduced from 15 days).
For corporates and intermediaries with significant digital footprints, meeting these rapid compliance windows requires operational readiness.
4. Safe Harbor Protection Is Conditional
Under Section 79 of the Information Technology Act, intermediaries (like social media platforms, marketplaces or hosting providers) traditionally enjoy “safe harbor” protection; meaning they are not liable for third-party content if they act in good faith and follow due diligence.
The 2026 Rules tie safe harbor eligibility directly to compliance. If a platform fails to:
Deploy reasonable technical measures to manage SGI;
Label handled content appropriately;
Act within required timelines; or
Verify user declarations;
Failure to comply with these obligations may result in the intermediary losing its safe harbor protection under Section 79 of the Information Technology Act, 2000, thereby exposing it to potential civil and criminal liability for unlawful or harmful third-party content hosted, transmitted, or enabled on its platform.
This is a significant compliance and risk-management issue for both domestic and global intermediaries operating in India.
What This Means for Corporate Compliance
The IT Rules 2026 are not just a change for big tech; they affect any business that:
Hosts user-generated content (UGC);
Provides tools that enable AI generation or editing (for example, enterprise AI services);
Acts as an intermediary between users and other content creators.
Key compliance imperatives include:
Policy updates - Terms of service and user agreements must reflect SGI labelling and disclosure policies.
Tech readiness - Automated detection and labelling systems may be necessary to comply with rapid timelines.
Operational governance - Rapid incident response teams, grievance redressal processes, and clear escalation paths are essential.
Audit trails - Documentation of takedowns, user declarations, and compliance actions must be maintained to demonstrate due diligence.
For tech providers, compliance team and legal counsel alike, this regulatory shift marks a step toward formalized AI governance in India.
Conclusion: Building a Culture of Transparency & Speed
The IT Rules 2026 mark a new chapter in India’s digital governance landscape. By explicitly regulating AI-generated content, requiring transparency through labelling and demanding faster compliance actions, the amendments are designed to combat misuse of synthetic content from impersonations and misinformation to privacy violations and harmful deepfakes.
For companies and intermediaries, the rules are both a compliance challenge and an opportunity. Those who build robust processes now, before enforcement actions begin; will not only mitigate regulatory risk but also strengthen trust with users and stakeholders.
If your organization uses AI technologies, publishes user content or operates as an intermediary, it’s time to assess your compliance posture and align with the new IT Rules 2026.
