ASSESSING THE ADEQUACY OF INDIA’S LEGAL FRAMEWORK IN ADDRESSING DEEPFAKE TECHNOLOGY: A CYBERSECURITY AND DATA PROTECTION PERSPECTIVE

AUTHOR – SHASHANK B G, STUDENT AT CHRIST UNIVERSITY

BEST CITATION – SHASHANK B G, ASSESSING THE ADEQUACY OF INDIA’S LEGAL FRAMEWORK IN ADDRESSING DEEPFAKE TECHNOLOGY: A CYBERSECURITY AND DATA PROTECTION PERSPECTIVE, INDIAN JOURNAL OF LEGAL REVIEW (IJLR), 6 (2) OF 2026, PG. 283-297, APIS – 3920 – 0001 & ISSN – 2583-2344.

ABSTRACT

Deepfake technology, enabled by rapid advancements in artificial intelligence and machine learning, has emerged as a significant challenge to legal systems worldwide. By generating hyper-realistic synthetic audio-visual content, deepfakes undermine evidentiary reliability, individual dignity, informational privacy, and democratic integrity. In India, the misuse of deepfake technology has manifested in non-consensual intimate imagery, political misinformation, financial fraud, and identity impersonation. Despite the growing frequency and severity of these harms, India lacks a deepfake-specific regulatory framework. Instead, authorities rely on provisions of the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023—statutes enacted without contemplation of AI-driven synthetic media.

This article critically evaluates the adequacy of India’s existing legal framework in addressing deepfake-related harms from a cybersecurity and data protection perspective. Through doctrinal analysis, constitutional examination, and comparative evaluation of regulatory developments in the United States, the European Union, and China, the paper demonstrates that India’s approach remains fragmented, reactive, and structurally insufficient. The absence of statutory definitions, targeted offences, platform accountability obligations, and victim-centric safeguards results in regulatory ambiguity and enforcement challenges.

The article argues that deepfakes represent not merely a species of cybercrime but a convergence of identity manipulation, biometric misuse, and information disorder that existing statutes inadequately capture. It proposes a calibrated reform model grounded in definitional clarity, tiered harm-based criminalization, integration with data protection principles, and constitutionally compliant platform obligations. By situating deepfake regulation within India’s broader constitutional commitments to privacy, dignity, and freedom of expression, this study offers a balanced framework aimed at strengthening cybersecurity while preserving democratic values.

The regulation of deepfake technology, the article concludes, is not simply a technological necessity but a constitutional imperative in the digital age.

Keywords

Deepfakes; Artificial Intelligence; Cybersecurity; Data Protection; Information Technology Act, 2000; Digital Personal Data Protection Act, 2023; Synthetic Media; Privacy; Constitutional Law; Platform Liability; AI Regulation; India.