[Vrinda is a Third-Year Law student at the National Forensic Sciences University Gandhinagar. Thier areas of interest include Technology and Cyber Policy along with AI Governance.] INTRODUCTION The Ministry of Electronics and Information Technology (MeitY) constituted a drafting committee in July 2025 to develop an AI governance framework for India. The framework is guided by two objectives: first, to…
Author: Tech Law Forum NALSAR
Rights Without Courts: India’s Troubling DPDPA Model
[Adarsh Philip Roy is a PG student at West Bengal National University of Juridical Sciences (WBNUJS), Kolkata.] The Digital Personal Data Protection Act, 2023 (DPDPA) establishes a framework for the collection, storage, processing, and ultimately the protection of personal data. On closer examination, however, this seemingly progressive law carries a controversial twist. Unlike other global data protection laws,…
Where Does AI Training Infringe, and Do Model Weights Count? Lessons emerging from Getty Images v. Stability AI
[This piece is co-authored by Siddhant Singh and Gurmehar Bedi, who are third-year students pursuing a B.A.LLB at National Law University, Jodhpur. In this piece the authors analyse the decision of Getty Images vs. Stability AI to deal with aspects of copyright in a technological context vis-à-vis safeguarding creative labour, and determining what the ruling’s…
Zero Days and Zero Rights? Legal Vacuum In India’s Cyber Incident Reporting Regime
[This article has been co-authored by Aayushman Verma and Amal Singh Patel, who hold an MS in Cyber Law & Information Security from the National Law Institute University, Bhopal. It examines India’s cyber incident reporting regime under CERT-In’s 2022 Directions, arguing that while it imposes strict six-hour reporting deadlines on companies, it fails to create…
A Critical Analysis of the Publicly Available Data Exemption in the Digital Personal Data Protection Act
[This article has been co-authored by Arpanjot Kaur and Shubham Thakare, third-year students at the National Law School of India University (NLSIU), Bengaluru. It critically examines Section 3(c)(ii) of India’s Digital Personal Data Protection Act, which exempts “publicly available” personal data from protection, arguing that its vague language creates a massive loophole that undermines the…
The Cookie Consent Conundrum: Understanding EU’s Digital Privacy Law
[This article has been authored by Netraa Rathee, a 3rd-year student at NLIU, Bhopal. It traces the evolution of EU cookie regulation from the 2002 ePrivacy Directive’s opt-out model to today’s strict opt-in system, examining how consent requirements have tightened amid growing privacy concerns. The author explores enforcement challenges, consent fatigue, and the tension between…
Pixelated Perjury: Addressing India’s Regulatory Gaps in Tackling Deepfakes
[This article has been authored by Isha Katiyar, a fourth-year B.Com. LL.B. (Hons.) student at Gujarat National Law University, Gandhinagar. It examines India’s legal framework for addressing deepfakes, highlighting gaps in the IT Act, BNS, and DPDP Act that fail to define or effectively regulate AI-generated media. The author proposes a comprehensive policy roadmap including…
Between Tokens and Stakes: The Unintended Overreach of India’s Online Gaming Law
[This article has been authored by S.V. Ghopesh, a third-year B.A., LL.B. (Hons.) student at Tamil Nadu National Law University. It examines the unintended regulatory overreach embedded in India’s Promotion and Regulation of Online Gaming Act, 2025, particularly the Act’s rigid three-part classification of e-sports, social games, and online money games. The article argues that…
Gaps in Timeline and Consent Management in India’s Draft DPDP Rules 2025: A Critical Analysis
[This article has been authored by Mihir Singh and Tia Sikka, fourth-year B.A. LL.B. students at Christ University, Bangalore. It examines critical gaps in India’s Draft Digital Personal Data Protection Rules 2025, particularly the absence of clear timelines for notice, data deletion, and grievance redressal, as well as vague procedures for consent withdrawal. The authors argue…
U.S. Visa Surveillance: The New Panopticon and its Privacy Implications
[This article has been authored by Anvesha Singh and Preeshita Singh, fourth-year B.A. LL.B. students at Symbiosis Law School, Hyderabad. It examines the United States’ June 2025 policy requiring international student visa applicants to undergo social media vetting, arguing that it violates privacy rights and suppresses free speech. The authors highlight how India’s Digital Personal…