Original Pictures
India IT Rules 2021 deepfake compliance overview

India IT Rules 2021: Deepfake Advisory Compliance for Platforms

Definition: India's Information Technology (Intermediary Guidelines) Rules 2021, reinforced by MeitY advisories, require intermediaries to act on deepfakes and unlawful synthetic content or risk losing the Section 79 safe harbour.

TL;DR: Rule 3(1)(b)(v) bars intermediaries from hosting deceptive synthetic content, and MeitY advisories of 26 December 2023 and 15 March 2024 pressed platforms to label and remove deepfakes. Losing Section 79 safe harbour is the systemic risk; Section 66D adds up to three years and a fine for impersonation. Draft amendment rules appeared 22 October 2025.

The safe-harbour lever

India's enforcement runs through intermediary liability. If a platform fails to meet its diligence duties, it can lose the Section 79 safe harbour that shields it from liability for user content. That makes deepfake handling a business-critical obligation rather than a fine to budget for.

What the advisories pushed

The MeitY advisories of December 2023 and March 2024 told platforms to label synthetic content, prevent deepfakes that violate the rules, and respond quickly to takedown requests. Draft IT Amendment Rules of 22 October 2025 move toward codifying labelling expectations.

Provenance as diligence evidence

Verifying inbound media and labelling AI content gives a platform a documented diligence posture. A signed manifest distinguishes authentic from synthetic, and an audit trail shows regulators the platform acted, which supports the safe-harbour position.

The incident behind this

India's 2024 general election saw heavy use of AI-generated political content, with reporting of large party spending on synthetic media, sharpening MeitY's focus on platform deepfake duties.

Regulatory mapping

RegimeEffectiveBiteWhy it applies
IT Rules 2021, Rule 3(1)(b)(v)In forceLoss of Section 79 safe harbourHosting deceptive synthetic content
IT Act Section 66DIn forceUp to 3 years + Rs.1 lakhImpersonation by computer resource

FAQ

What is the biggest risk under the IT Rules?

Losing Section 79 safe harbour, which exposes the platform to liability for user content. That systemic risk outweighs any single fine.

Where Original Pictures stands today

Original Pictures ships three things today: a Sign API, a Verify API, and the SDKs that wrap them. One POST /v1/sign attaches a C2PA-format manifest, an invisible TrustMark watermark, and an OpenTimestamps anchor. The open-source verifier checks any of it without calling us.

Two things are on the near roadmap, and we name them as roadmap, not as shipped: C2PA Conformance Program recognition (target Q3 2026, until then our manifests use the published C2PA v2.2 format and any C2PA-aware validator can read them, but third-party validators will show our signer as not-yet-listed), and a consumer capture app (Q3 2026). We do not sell a capture SDK, and we do not claim Trust-List membership we do not yet hold.

Bottom line: India enforces deepfake duties through safe-harbour risk. Label AI content, verify inbound media, and keep a diligence trail to protect your Section 79 position.

Related


Original Pictures is progressing through the C2PA Conformance Program; our signing certificate is not yet on the official C2PA Trust List. Target: Q3 2026. We will not describe ourselves as "C2PA-certified" until it is true.

Original Pictures provides content-provenance infrastructure. It does not by itself constitute legal compliance with the EU AI Act or any other regime; compliance depends on how you deploy it, your disclosures, and your governance. Figures are drawn from public reporting, verify against primary sources before citing in regulated materials. Nothing here is legal advice.

Last verified 2026-05-25. Author: Mahdi Kazempour, Founder, Original Pictures.