Regulating Synthetic Content: Key Implications of the IT Rules Amendment, 2026

Regulating Synthetic Content: Key Implications of the IT Rules Amendment, 2026

by Anushree Rauta (Partner), Anisha Shetty (Partner), Raashi Vaishya (Senior Associate) and Ayushi Pathy (Associate)

I. Brief Overview

Generative AI, deepfake technology, and related synthetic media have grown rapidly, posing harms including deepfake impersonation, misinformation, and non-consensual violative imagery. Against this backdrop, and in first-of-its-kind regulatory development, the Ministry of Electronics and Information Technology (“MeitY“), in exercise of its powers under Sections 87(1),¹ 87(2)(z)² and (zg)³ of the Information Technology Act, 2000 (“IT Act“), has notified the amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“IT Rules“) (collectively, “Amendments“) to explicitly regulate synthetically generated information (including, inter alia, deepfakes and other Artificial Intelligence (“AI“) generated content) under the IT Rules. The Amendments, inter alia, impose enhanced compliance obligations on intermediaries, particularly social media platforms, to govern the creation, labelling, dissemination, and takedown of such content.

For context, in October 2025, MeitY had released a draft version of the Amendments for stakeholder consultation,⁴ with the objective of addressing emerging regulatory challenges arising from the rapid proliferation of artificial intelligence tools, deepfakes, and other forms of synthetically generated content.⁵ The draft invited comments from various industry participants, particularly on the feasibility of labelling requirements, traceability mechanisms, and intermediary due diligence obligations.

Following the stakeholder consultation process, MeitY has now notified the final Amendments which are slated to take effect on 20th February 2026, along with certain FAQs,⁶ thereby providing intermediaries and relevant platform operators with a compliance window of 10 days from the date of notification to undertake necessary technical, operational, and policy-level adjustments to align with the revised regulatory requirements.

II. Key Highlights

1. Definitions Introduced

(a) audio, visual or audio-visual information

A new definition of “audio, visual or audio-visual information” has been introduced under Rule 2(1)(ca) to mean, “any audio, image, photograph, graphic, video, moving visual recording, sound recording or any other audio, visual or audio-visual content, with or without accompanying audio, whether created, generated, modified or altered through any computer resource.”

The definition appears designed to expansively cover nearly all forms of media content (primarily excluding pure text-based/written output). Its breadth is notable for two reasons. First, it adopts a technology-neutral formulation, ensuring that all present and emerging forms of digital media fall within the regulatory scope, regardless of format or mode of creation.

Second, by expressly including content that is “modified or altered”, the rule extends beyond original media to encompass edited, manipulated and AI-assisted outputs.

Read together, Rule 2(1)(ca) functions as a foundational definitional layer that reduces interpretive ambiguity around what constitutes regulated content under the IT Rules. In effect, it establishes a broad base category of digital content on which enhanced due-diligence, labelling, takedown and traceability obligations apply under the IT Rules.

(b) synthetically generated information

The Amendments introduce a statutory definition of “synthetically generated information” (“SGI“) under Rule 2(1)(wa) covering, “audio, visual or audio-visual information which is artificially or algorithmically created, generated, modified or altered using a computer resource, in a manner that such information appears to be real, authentic or true and depicts or portrays any individual or event in a manner that is, or is likely to be perceived as indistinguishable from a natural person or real-world event.”

The focus signals a regulatory shift toward proactive governance of deepfakes and deceptive AI media. At the same time, the accompanying proviso carves out important exceptions for good-faith activities such as routine editing, formatting, technical enhancements, accessibility improvements, and legitimate creation of documents, educational materials, or research content, provided these do not materially distort the underlying information or result in false records.

While this helps protect ordinary creative and technical uses, the definition still relies on inherently subjective thresholds such as content that “appears real” or is “likely to be perceived” as authentic, leaving room for possible inconsistent interpretation. Its focus on media depicting real life individuals or events may also narrow the provision’s reach, potentially excluding other forms of misleading AI-generated content that do not fit squarely within these categories.

2. Extension of Due Diligence Obligations to SGI

Importantly, the Amendments clarify that references to “information” in the context of commission of unlawful acts under the IT Rules now expressly include SGI. This effectively integrates synthetic media into the existing compliance architecture, extending due diligence, takedown, and enforcement obligations under Rules 3 and 4 to such content.

3. Key Changes in Due Diligence Obligations for Intermediaries

(a) Periodic User Notifications

The amended Rule 3(1)(c) increases the frequency of user-facing compliance disclosures by requiring intermediaries to inform users of key obligations and consequences at least once every three months (i.e., quarterly), replacing the earlier requirement of at least once every year (i.e., annual). Such communication must be delivered in a simple and effective manner, through governing platform documents, and in English or any language recognised under the Eighth Schedule to the Constitution.

Such notifications must outline:

• The intermediary’s right to suspend or terminate user access, remove or disable access to unlawful content, or both, as applicable, in cases where users fail to comply with platform rules or applicable law;
• The users’ liability (i.e., penalty or punishments under provisions of the applicable law) for inter alia creating, generating, modifying, altering, hosting, or otherwise disseminating information in violation of any applicable law;
• The reporting of offences to appropriate authorities by intermediaries which are subject to compulsory reporting requirements as per the provisions of the applicable law.

(b) Additional User Disclosures for Synthetic Media Tools

The newly inserted Rule 3(1)(ca) imposes additional disclosure obligations on intermediaries that provide computer resources enabling inter alia the creation, generation, or dissemination of SGI. Such platforms must expressly inform users that directing, instructing or otherwise using such AI-enabled tools for creation, generation, publication, transmission, etc. of SGI or for any unlawful purposes may attract penalties under applicable laws, including the IT Act and various other criminal and protective statutes.⁷ The rule therefore places a clear responsibility on intermediaries to communicate the legal risks associated with misuse of synthetic media technologies.

The provision further requires intermediaries to notify users of the potential consequences of such violations, which may include the immediate removal or disabling of access to the offending content, suspension or termination of user accounts without compromising evidentiary value, identification of the offending user, and disclosure of their identity to victims where permitted by law. Additionally, where the violation constitutes a mandatorily reportable offence, intermediaries must report the matter to the appropriate authority in accordance with applicable legal requirements.

Overall, this clause reflects a regulatory intent to embed stronger deterrence at the user interface level by pairing access to AI-driven tools with explicit warnings of legal exposure and enforcement outcomes.

(c) Expedited Action on Violative Synthetic Content

Rule 3(1)(cb) introduces an express obligation for intermediaries to act swiftly upon becoming aware of violations involving SGI. Awareness may arise suo motu, through actual knowledge, or pursuant to grievances, complaints, or other information received under the IT Rules. Once notified, intermediaries are required to take “expeditious and appropriate” measures, drawing from the enforcement actions, as explained in sub-point (b) above.

While this provision reinforces proactive compliance by intermediaries, in practice, it may accelerate deployment of automated detection tools, internal escalation protocols, and structured grievance mechanisms.

(d) Deployment of Automated Safeguards

The newly inserted Rule 3(3)(a)(i) requires platforms to deploy reasonable and appropriate technical measures, including automated tools and other suitable mechanisms, to prohibit users from creating, generating, publishing, sharing, etc. synthetic content that violates any applicable law. This expressly covers material such as inter alia child sexual abuse content, non-consensual intimate imagery, obscene or sexually explicit content, deceptive impersonations, false electronic records, and content linked to the development of explosives or weapons.

(e) Labelling, Metadata and Identification Requirements

Beyond prohibiting unlawful SGI, Rule 3(3)(a)(ii) also mandates transparency for permissible synthetic media. Intermediaries must ensure that such content is prominently labelled in a manner that is easily noticeable so that users can immediately identify it as artificially generated. In case of audio content, there must be a prefixed audio disclosure identifying the same as SGI. Such content must also embed permanent metadata or comparable provenance mechanisms, including unique identifiers where technically feasible, to trace the originating computer resource of such SGI. Rule 3(3)(b) further bars intermediaries from permitting the alteration or removal of mandatory labels and embedded metadata, ensuring the integrity and traceability of synthetically generated content.

This requirement appears to soften the 2025 draft’s earlier requirement that the label must cover a specified quantifiable proportion of visual or audio content (e.g., 10% surface area for visuals), focusing instead on “clear and prominent” labelling. Hence, the provision places the onus on platforms to determine what constitutes a “prominent” disclosure. At the core, it appears the intent of these obligations is to enhance transparency for end users and reduce the likelihood of deception arising from hyper-realistic synthetic media.

4. Obligation of Significant Social Media Intermediaries to Verify User Disclosures

Rule 4(1A) introduces a pre-publication compliance obligation for significant social media intermediaries (“SSMIs“, i.e., intermediaries with over 50 lakh registered users) by requiring them to identify synthetically generated content before it is displayed or shared on their platforms. SSMIs must first require its users to declare whether their content is SGI, followed by deployment of appropriate technical measures, including automated tools, to verify the accuracy of such declarations.

Where content is confirmed to be synthetic, platforms must ensure that it is clearly and prominently labelled to enhance user awareness. Crucially, the provision states that intermediaries that knowingly permit, promote, or fail to act against non-compliant synthetic content may be deemed to have not exercised due diligence, potentially affecting their safe harbour protections.

Further, under Rule 4(4), the term, “endeavour to deploy technology-based measures, including automated tools or other mechanisms” has been substituted with, “deploy appropriate technical measures, including automated tools or other suitable mechanisms“. This change highlights what was previously framed as a best-efforts standard into a binding compliance obligation, signalling the regulator’s intent to move intermediaries toward more proactive detection and prevention of unlawful content.

5. Tighter Takedown and Response Timelines

One of the most significant changes in the Amendments is the tightening of the intermediary takedown and response timelines, signalling an increase in the operational expectations placed on intermediaries. Below is a snapshot of the revised timelines:

Provision	Earlier Timeline	Revised Timeline
Compliance with lawful takedown orders	36 hours	3 hours
User grievance redressal	15 days	7 days
Urgent complaints for removal of certain information under Rule 3(1)(b) as permissible	72 hours	36 hours
Removal of content which is sexually explicit, or is in the nature of digital impersonation	24 hours	2 hours

 

These revised deadlines represent a sharp tightening compared with the draft version of the Amendments, which had largely retained the 36-hour window for removals. These timelines may present notable technical and operational challenges for intermediaries, particularly those operating at scale. Implementing near-immediate compliance mechanisms would require continuous monitoring capabilities, advanced automation tools, and dedicated round-the-clock review teams, which infrastructure may not be available with all platforms.

Even for well-resourced intermediaries, assessing the legality of content, verifying the authenticity of removal requests, and ensuring proportionate action within such truncated windows could be straining. In this environment, intermediaries may increasingly resort to precautionary removals to mitigate liability exposure, which could inadvertently result in over-censorship and the suppression of lawful expression.

6. Safe Harbour Protection Clarified

The Amendments further introduce a clarificatory safe-harbour provision stating that an intermediary’s removal of, or disabling access to, information, expressly including synthetically generated content, in compliance with the IT Rules will not be treated as a breach of the conditions for intermediary liability protection under Section 79(2) of the IT Act.

This reassures platforms that proactive content moderation will not jeopardise intermediary liability protections, provided actions are compliant and in good faith. However, the emphasis on proactive content review may result in intermediaries adopting more risk-averse moderation practices to avoid liability.

III. Conclusion

The Amendment Rules significantly strengthen the intermediary compliance framework by expressly bringing synthetically generated information within the scope of the IT Rules and by imposing specific technical and operational obligations on platforms that enable AI-generated content. The changes move intermediaries beyond a passive hosting role and require them to actively prevent, identify, label and remove unlawful synthetic content through reasonable technical measures and automated tools.

From a practical perspective, intermediaries will need to undertake a range of governance, technical, and operational enhancements to meet these requirements. This includes, inter alia:

• Updating platform architecture and product design to incorporate synthetic content labelling and metadata provenance features;
• Revising terms of service, user agreements, and community guidelines to mandate accurate disclosures and clarify liability;
• Deploying or enhancing automated detection and classification tools to identify SGI and other unlawful content at scale;
• Strengthening audit trails, record-keeping, and compliance documentation to demonstrate compliance; and
• Restructuring workflows to align with stringent enforcement timelines, including but not limited to the 3-hour takedown obligation and expedited grievance resolution.

Smaller platforms, start-ups, and emerging AI tool providers are likely to face disproportionate compliance challenges, given the resource intensity of these requirements and the need for specialised technical capabilities. Accordingly, the practical efficacy of the Amendments will depend on the development of clear technical standards, capacity building across industry, and a balanced enforcement approach that takes into account differences in platform size, resources, and risk exposure.

Footnote

¹ Power of the Central Government to make rules.
² Power of the Central Government to make rules pertaining to the procedures and safeguards for blocking for access by the public under sub-section (3) of Section 69A of the IT Act.
³ Power of the Central Government to make rules pertaining to the guidelines to be observed by the intermediaries under sub-section (2) of Section 79 of the IT Act.
⁴ See: https://www.meity.gov.in/static/uploads/2025/10/9de47fb06522b9e40a61e4731bc7de51.pdf; https://www.meity.gov.in/static/uploads/2025/10/38be31bac9d39bbe22f24fc42442d5d1.pdf.
⁵ See: https://www.meity.gov.in/static/uploads/2025/10/8e40cdd134cd92dd783a37556428c370.pdf.
⁶ See: https://www.meity.gov.in/static/uploads/2025/10/065b6deb585441b5ccdf8be42502a49c.pdf.
⁷ The Bharatiya Nyaya Sanhita, 2023 (45 of 2023), the Protection of Children from Sexual Offences Act, 2012 (32 of 2012), the Representation of the People Act, 1951 (43 of 1951), the Indecent Representation of Women (Prohibition) Act, 1986 (60 of 1986), the Sexual Harassment of Women at Workplace (Prevention, Prohibition And Redressal) Act, 2013 (14 of 2013), and the Immoral Traffic (Prevention) Act, 1956 (104 of 1956).