Governing Synthetic Media: Deepfakes, AI-Generated Content, and India’s Evolving Cyberlaw and Legal Framework

Introduction

The rapid spread of sophisticated content manipulation, largely fueled by Artificial Intelligence (AI) and deep learning, has created an urgent need for new digital governance frameworks worldwide. The fundamental regulatory challenge is twofold: to effectively distinguish between harmless edited media and malicious deepfakes (realistic synthetic content created to deceive), and to balance the critical needs of public trust and digital authenticity with freedom of expression.

Globally, the response is varied. The United States maintains a “patchwork” of non-binding federal guidance and state-level laws, a decentralized approach largely constrained by the First Amendment’s protection of free speech. The European Union has adopted the comprehensive, risk-based AI Act. Demonstrating a proactive stance, India has proposed the far-reaching Draft IT Amendment Rules, 2025, which introduce stringent mandates for labelling, verification, and traceability aimed at addressing the spread of deceptive content. Understanding these developments is essential for any legal service India professional advising clients in the technology and digital media sectors.

Core Concepts Behind the Legislation

Synthetic Information

However, the understanding of synthetic information can be broader, particularly within the law enforcement and intelligence communities. In a practical sense, these communities generally define synthetic information to include all information that has been created through entirely digital or artificial means (such as computer-generated people). Furthermore, this definition also encompasses information that has been modified or otherwise manipulated through the use of any technology, whether it is an older analog method or a modern digital tool.

Deepfakes

The term deepfakes comes from the deep learning techniques used to create this sophisticated, manipulated content. Deep learning is a specialized area within machine learning, which is itself a part of Artificial Intelligence (AI). Deep learning is an advanced method within machine learning where the model automatically learns and discovers intricate representations of features within the data. This process occurs at a profound or “deeper” level than traditional methods, enabling the model to effectively classify or parse complex data. Deepfakes are a type of synthetic media, which is content created or modified using AI/ML, especially if automated.

Legal Framework in India

Information Technology Act, 2000

Section 79 of the Information Technology Act, more commonly referred to as the IT Act 2000, governs intermediary liability in India, offering social media platforms conditional legal protection from third-party content. This immunity depends on their adherence to the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. Specifically, the Rules mandate that platforms that host, store, publish or transmit content involving impersonation, including artificially morphed images (deepfakes), must take all reasonable steps to remove or disable access to such content. The intermediary shall implement a mechanism for the receipt of complaints, which may enable the individual or person to provide. For any tech law partner or cyberlaw practitioner advising intermediaries, Section 79 remains the most critical provision to understand and monitor.

Recent Government Advisories on Deepfake Regulation

November 2023: Mandated 36-hour deepfake removal, explicit prohibition in user agreements, and strict IT Rules 2021 compliance for liability protection.
December 26, 2023: Required clear prohibited content communication at registration, prompt unlawful content removal, and emphasized legal penalties under IT Act and BNS.
March 1, 2024: Mandated labelling of unreliable/under-tested AI models and warned against tools compromising electoral integrity.
March 15, 2024: Required permanent metadata/identifiers in AI content to track modifications and user changes, with IT Act 2000 penalties for non-compliance.

The Indian Amendment: AI Labelling Under IT Rules

The Ministry of Electronics and Information Technology (MeitY) introduced the draft IT Amendment Rules, 2025, as a decisive response to the global challenge of deepfakes and deceptive AI-generated content. At the center of this regulatory intervention is the introduction of a new legal term under Rule 2(1)(wa): “synthetically generated information.” This is broadly defined as any content that is “artificially or algorithmically created, generated, modified or altered using a computer resource, in a manner that it appears to be authentic or true.” The best tech law firms in Delhi and top tech law firms in delhi have already begun advising clients on the significant compliance implications of this newly introduced category.

Artificially Created Content

Artificially created content refers to any information, media, or data that is produced by a computer system, rather than being a genuine, human-made creation or a direct recording of reality. This content does not originate from a natural source but is instead fabricated or assembled by software. For example, a picture generated from text instructions is an artificial creation.

Algorithmically Created Content

Algorithmically created content refers to information generated following a specific set of rules or mathematical instructions, known as an algorithm. The computer uses this defined, step-by-step process to produce an output. For instance, a weather forecast by a computer uses complex algorithms to process past and present atmospheric data to predict future weather conditions.

In practice, both terms overlap, as AI systems that artificially generate content rely on complex algorithms to function.

Compliance Obligations

The proposed framework establishes a differentiated architecture of obligations based on the role and scale of the digital intermediary. Navigating these obligations requires the support of a qualified tech law partner or legal service india advisory capable of interpreting both the Information Technology Act and the emerging Rules framework.

Platforms that Provide AI Content Creation (Rule 3(3))

Mandatory Labelling: Platforms must impose comprehensive labelling obligations on all AI-generated content.
Permanent Identifier: Content must be permanently labelled or embedded with a “permanent unique metadata or identifier” that cannot be suppressed or removed.
Visibility Requirements: The permanent label must cover a specified area to ensure visibility. For visual content, the label must cover “at least ten percent of the surface area of the visual display.”
For audio content, the label must be present during the “initial ten percent of its duration.”

Significant Social Media Intermediaries (SSMIs) (Rule 4(1A))

Mandatory User Declaration: SSMIs (platforms like YouTube, Facebook, X, etc., that exceed specified user thresholds) must require users to explicitly declare at the point of upload whether their content contains synthetically generated elements.
Platform Verification: SSMIs are obligated to use “reasonable and appropriate technical measures,” including automated tools, to verify these user declarations.
Prominent Labelling on Publication: If content is identified as synthetic (either by the user or by platform verification), the SSMI must ensure it is prominently labelled as such before it is published.

Enforcement and Intermediary Liability

Risk of Liability: Intermediaries that knowingly permit (have “actual knowledge”) or fail to address the publication of misleading synthetic content risk forfeiting the safe harbour protections afforded under Section 79 of the IT Act. This is a matter of significant concern in cyberlaw, and both the best tech law firms in delhi and top tech law firms in delhi are closely tracking how enforcement will be structured.
Good Faith Protection: A legal shield is provided, clarifying that when an intermediary removes or disables access to synthetically generated information in “reasonable efforts” or in response to user grievances, this action will not be considered a violation of the conditions for exemption from liability under Section 79.

Concerns Regarding the Draft Information Technology Amendment Rules, 2025

Stakeholder Impact and Compliance Burden

Impact on Significant Social Media Intermediaries (SSMIs): The rules impose a proactive burden on SSMIs, shifting them from passive hosts to active regulators of content. They must implement mandatory user declarations and use “reasonable technical measures” to verify if content is synthetic. This lack of clear “bright-line standards” for technical measures creates uncertainty and high compliance costs, as platforms must invest heavily in automated detection and traceability tools to avoid liability.

Impact on Citizens and Content Creators: For the general public, the regulations are beneficial as they mandate clear and highly visible labelling (10% of display/duration), promoting transparency and combating deceptive deepfakes. However, content creators, including those making artistic or humorous AI content, may find the non-removable 10% label and permanent metadata requirements stifling to creative freedom, potentially leading to an “over-censorship” or “chilling effect” on free expression.

Technical and Legal Challenges

Technical Implementation Difficulties: SSMIs face significant technical hurdles. The requirement for permanent, unique metadata is hard to implement because metadata is easily stripped or manipulated through common digital processes like compression, cropping, resizing, or transcoding (e.g., converting a file from .mp4 to .gif). Furthermore, enforcing the prescriptive 10% visibility rule is challenging across different devices and screen sizes (like mobile phones), as it can be highly intrusive and requires complex, real-time rendering logic.

Scalability and Performance: Platforms like YouTube or Facebook ingest billions of pieces of content daily. Applying cryptographic signing and embedding unique, complex metadata to every single AI-generated upload, and then verifying its integrity upon every view, requires massive computational power and could introduce latency, slowing down the user experience.

Severe Legal Consequences (Loss of Safe Harbour): The most critical implication for non-compliant intermediaries is the forfeiture of Section 79 safe harbour immunity under the IT Act 2000. By hosting unlabelled or misleading synthetic content despite having “actual knowledge”, the platform risks being treated as the primary publisher, not just a conduit. Any tech law partner advising platforms in this space must prioritise Section 79 risk assessment as a first step.

Conclusion

India’s Draft IT Amendment Rules, 2025, represent a strong regulatory response to address the problem of fake digital content. By introducing the new category of “synthetically generated information” and requiring strict technical standards and verification processes, the government aims to make the digital space safer and increase public confidence.

However, these comprehensive Rules create significant challenges. The broad definition may lead to unnecessary removal of harmless user content, the requirement for permanent identifiers that cannot be removed faces serious technical difficulties, and the risk of losing legal protection encourages platforms to restrict content excessively. As these Rules are implemented, authorities must balance the need for authentic digital content with the constitutional requirement to protect free speech and ensure that technical requirements can actually be met. For businesses, platforms, and individuals seeking clarity at the intersection of cyberlaw and the Information Technology Act, partnering with a qualified legal service india provider or one of the top tech law firms in delhi remains the most reliable path to navigating this rapidly evolving regulatory landscape.

FAQs

1. What does the Information Technology Act and IT Act 2000 say about deepfakes and intermediary liability?

Section 79 of the Information Technology Act, more commonly referred to as the IT Act 2000, governs intermediary liability in India, offering social media platforms conditional legal protection from third-party content. This immunity depends on their adherence to the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. Specifically, the Rules mandate that platforms that host, store, publish, or transmit content involving impersonation, including artificially morphed images (deepfakes), must take all reasonable steps to remove or disable access to such content. Intermediaries that knowingly permit or fail to address the publication of misleading synthetic content risk forfeiting the safe harbour protections afforded under Section 79 of the IT Act. Any tech law partner or cyberlaw practitioner advising intermediaries must treat Section 79 risk assessment as the first and most critical step in their compliance advisory process.

2. What is "synthetically generated information" under India's Draft IT Amendment Rules, 2025, and why should businesses consult a legal service India provider?

The Ministry of Electronics and Information Technology (MeitY) introduced the Draft IT Amendment Rules, 2025, as a decisive response to the global challenge of deepfakes and deceptive AI-generated content. At the center of this regulatory intervention is the introduction of a new legal term under Rule 2(1)(wa): “synthetically generated information.” This is broadly defined as any content that is “artificially or algorithmically created, generated, modified or altered using a computer resource, in a manner that it appears to be authentic or true.” The best tech law firms in delhi and top tech law firms in delhi have already begun advising clients on the significant compliance implications of this newly introduced category. Given the breadth of this definition and the serious legal consequences attached to it, consulting a qualified legal service india provider at the earliest opportunity is the most prudent course of action for any business handling AI-generated content.

3. What are the mandatory labelling obligations for platforms under the Draft IT Amendment Rules, 2025, and how can a tech law partner help with compliance?

The proposed framework establishes a differentiated architecture of obligations based on the role and scale of the digital intermediary. Platforms that provide AI content creation (Rule 3(3)) must impose comprehensive labelling obligations on all AI-generated content and permanently embed a “permanent unique metadata or identifier” that cannot be suppressed or removed. For visual content, the label must cover “at least ten percent of the surface area of the visual display,” and for audio content, the label must be present during the “initial ten percent of its duration.” Significant Social Media Intermediaries (SSMIs) must additionally require users to explicitly declare at the point of upload whether their content contains synthetically generated elements, and use “reasonable and appropriate technical measures,” including automated tools, to verify these declarations. The technical precision required by these rules makes working with a dedicated tech law partner — particularly one from among the top tech law firms in delhi — essential for building compliant content workflows.

4. What are the core concepts behind cyberlaw regulation of deepfakes — what is synthetic information and how is it different from general AI content?

Synthetic information is formally defined as any information or content (like images, text, sound, etc.) that has been created or modified through the use of Artificial Intelligence or Machine Learning (AI/ML), especially when this process is conducted in an automated fashion. The law enforcement and intelligence communities define it even more broadly, to include all information created through entirely digital or artificial means, as well as information modified using any technology — whether analog or digital. Deepfakes are a specific type of synthetic media where deep learning techniques are used to create realistic, manipulated content designed to deceive. Algorithmically created content refers to information generated following a specific set of rules or mathematical instructions, while artificially created content refers to content produced by a computer system rather than a genuine human-made source. In practice, both terms overlap, as AI systems that artificially generate content rely on complex algorithms to function. Understanding these distinctions is foundational to any cyberlaw or Information Technology Act compliance analysis, and the best tech law firms in delhi consistently rely on these definitions when advising clients on content moderation obligations.

5: What technical and legal challenges do platforms face under the Draft IT Amendment Rules, 2025, and why are top tech law firms in delhi closely monitoring enforcement?

SSMIs face significant technical hurdles under the proposed rules. The requirement for permanent, unique metadata is hard to implement because metadata is easily stripped or manipulated through common digital processes like compression, cropping, resizing, or transcoding (e.g., converting a file from .mp4 to .gif). Furthermore, enforcing the prescriptive 10% visibility rule is challenging across different devices and screen sizes (like mobile phones), as it can be highly intrusive and requires complex, real-time rendering logic. On the legal side, the most critical implication for non-compliant intermediaries is the forfeiture of Section 79 safe harbour immunity under the IT Act 2000 — by hosting unlabelled or misleading synthetic content despite having “actual knowledge,” the platform risks being treated as the primary publisher, not just a conduit. The top tech law firms in delhi and best tech law firms in delhi are closely tracking enforcement developments because the absence of clear “bright-line standards” for technical measures creates uncertainty and high compliance costs that their clients urgently need guidance on navigating.

6: How does India's cyberlaw approach to deepfakes compare globally, and what does this mean for legal service India professionals advising international clients?

Globally, the response to deepfakes is varied. The United States maintains a “patchwork” of non-binding federal guidance and state-level laws, a decentralized approach largely constrained by the First Amendment’s protection of free speech. The European Union has adopted the comprehensive, risk-based AI Act. Demonstrating a proactive stance, India has proposed the far-reaching Draft IT Amendment Rules, 2025, which introduce stringent mandates for labelling, verification, and traceability aimed at addressing the spread of deceptive content. The government issued a series of advisories between November 2023 and March 2024 — mandating 36-hour deepfake removal, permanent metadata/identifiers in AI content, and labelling of unreliable AI models — backed by IT Act 2000 penalties for non-compliance. For any legal service india provider advising international platforms or cross-border digital businesses, this comparative landscape is essential context: India’s framework is among the most prescriptive in the world, and the consequences of non-compliance under the Information Technology Act are severe and immediate.