This piece of the article is authored By:- Pragya Gupta a 5th year Law student at Rajiv Gandhi national university of law , and co author is Saakaar Butta 3 year law student at
Jindal Global Law School.
Introduction
The rapid integration of artificial intelligence into the administrative, judicial, financial, and social architecture of India has inaugurated a crisis of legal accountability that existing domestic frameworks are structurally unprepared to resolve. Across the length and breadth of the Indian governance ecosystem, algorithmic systems are being deployed with increasing intensity — from the Aadhaar-linked welfare delivery infrastructure that determines whether a citizen receives food rations, to AI-driven credit scoring platforms that adjudicate the financial inclusion of millions of small borrowers, to predictive policing tools piloted by state police forces in cities such as Hyderabad and Delhi, to judicial risk assessment tools that are beginning to appear in pretrial and bail proceedings. When a citizen is denied access to a subsidised food grain allocation because a biometric authentication algorithm fails to recognise her fingerprints eroded by agricultural labour, the question of legal accountability is not merely academic — it is a matter of constitutional consequence. India, as a constitutional democracy committed to the fundamental rights guaranteed under Part III of the Constitution, including the right to equality under Article 14, the right against arbitrary state action, and the right to life and personal liberty under Article 21 as expansively interpreted by the Supreme Court, cannot afford an indefinite posture of regulatory silence on the question of who bears legal responsibility when an algorithm causes harm. This article argues that the accountability gap in India’s emerging AI governance framework is a product of three compounding failures: the inadequacy of existing tort and statutory remedies to address algorithmic injury; the structural opacity of proprietary algorithmic systems that forecloses meaningful challenge; and the absence of a coherent, binding legislative framework that distributes liability across the multi-actor AI supply chain in a manner proportionate to control, benefit, and risk.
I. The Anatomy of Algorithmic Harm and the Failure of Classical Tort Doctrine
The classical law of torts in India, drawing upon its common law inheritance as refined by Indian courts over more than a century of jurisprudence, rests upon the foundational premise of traceable causation between an identifiable wrongdoer and a cognisable injury. The paradigmatic negligence action, as understood in Indian law following the principles articulated in Donoghue v. Stevenson and domesticated through decisions of the Hon’ble Supreme Court of India, requires the establishment of a duty of care, a breach of that duty through an act or omission, a causal nexus between the breach and the harm, and quantifiable damage. Each element of this framework encounters severe difficulty when applied to AI-generated harm. The duty of care question is particularly vexed in the Indian context, where the AI supply chain typically involves a foreign developer, a domestic system integrator, a government agency or private entity that deploys the tool, and a citizen or consumer who interacts with it at the point of delivery. The relational proximity that grounds the duty of care is diffused across this chain, rendering its allocation to any single actor legally uncertain.
The problem of causation is compounded by the opacity that characterises most commercially deployed AI systems. Unlike a pharmaceutical product whose chemical composition can be independently analysed, or a civil engineering structure whose failure can be physically investigated, an AI system’s decision emerges from weighted mathematical operations across millions of parameters a process that is, in practice, inscrutable not only to the affected citizen but frequently to the deploying organisation itself. Indian tort law has no established doctrine of probabilistic causation or market-share liability analogous to those developed in American jurisdictions to handle toxic tort cases where individual causation cannot be proven with certainty. The absence of such doctrine means that where an algorithm contributes to harm as one factor among several — say, a credit refusal algorithm that weighs caste-correlated socioeconomic proxies alongside legitimate financial variables — the precise causal contribution of the algorithm to the ultimate injury is legally unquantifiable, and the claim may fail entirely at the threshold of causation. This doctrinal incapacity is not a peripheral concern. It means that the millions of Indians who suffer concrete, material injury as a result of algorithmic decisions — denied loans, excluded from welfare, misidentified by facial recognition systems — are effectively rendered legally remediless by the architecture of a doctrine that was never designed to address the particular character of algorithmic harm.
II. Constitutional Dimensions: Articles 14, 19, and 21 in the Age of Algorithmic Governance
The accountability question acquires its most pressing dimension in India not in private law but in constitutional law, for it is the state and state-adjacent actors that deploy AI systems with the greatest transformative consequence. The Supreme Court of India’s landmark nine-judge bench decision in Justice K.S. Puttaswamy v. Union of India (2017) 10 SCC 1 established informational privacy as a fundamental right under Article 21 of the Constitution, grounding it in the constitutional right to life, dignity, and personal autonomy. The Puttaswamy judgment is not merely a ruling about data protection in the abstract it is a constitutional mandate that the collection, processing, and algorithmic use of personal data by the state must satisfy the threefold test of legality, necessity, and proportionality. When an AI system deployed by a government agency processes personal data to make determinations about citizens their welfare eligibility, their creditworthiness, their criminal risk — without a clear legal basis, a demonstrably necessary purpose, or proportionate safeguards, the deployment is constitutionally suspect under the Puttaswamy framework, irrespective of its administrative convenience.
Article 14’s guarantee of equality before the law and equal protection of the laws imposes an independent constitutional constraint on algorithmic governance. Where an AI system embeds, amplifies, or perpetuates discrimination on grounds of religion, race, caste, sex, or place of birth — whether through biased training data, proxy variables, or structurally discriminatory design — it violates the foundational anti-discrimination norm of Article 14 as interpreted through the doctrine of substantive equality developed by the Supreme Court in decisions such as Navtej Singh Johar v. Union of India (2018) and Secretary, Ministry of Defence v. Babita Puniya (2020). The constitutional problem is that Article 14 violations are actionable only against the state and its instrumentalities, leaving citizens exposed when algorithmically generated harm is inflicted by private actors such as fintech platforms, private insurers, or private employers whose AI systems replicate structural inequalities without the cloak of state action. The right to receive a reasoned administrative decision, grounded in the principles of natural justice and elaborated through cases such as Maneka Gandhi v. Union of India (1978) 1 SCC 248 and Olga Tellis v. Bombay Municipal Corporation (1985) 3 SCC 545, is further compromised when an administrative determination is rendered not by a reasoning human official but by an algorithm incapable of articulating the basis for its output in terms that are legally reviewable.
III. The Digital Personal Data Protection Act, 2023: Partial Architecture and Structural Limitations
India’s Digital Personal Data Protection Act, 2023 (hereinafter the “DPDP Act”) represents the most significant legislative intervention in the field of data governance since the Information Technology Act, 2000. Enacted against the backdrop of the Puttaswamy decision and a tortured decade-long legislative gestation, the DPDP Act establishes a framework of consent-based data processing, data principal rights, and obligations upon data fiduciaries. For the purposes of AI accountability, several provisions of the DPDP Act are materially relevant. Section 6 of the Act requires that personal data be processed only for a specific, clear, and lawful purpose, with the consent of the data principal, and Section 12 enumerates the rights of data principals, including the right to correction, completion, and erasure of personal data. These provisions carry direct implications for AI systems that process personal data to generate consequential outputs, since a data principal whose data is processed to train or operate a profiling or scoring model is, in principle, entitled to enforce accuracy, purpose limitation, and consent obligations against the relevant data fiduciary.
However, the DPDP Act is conspicuously silent on the question of automated decision-making and algorithmic accountability. The General Data Protection Regulation of the European Union, by contrast, provides under Article 22 an explicit right not to be subject to decisions based solely on automated processing, including profiling, that produce significant effects. No equivalent provision exists in the DPDP Act, leaving a critical lacuna in the legal protection of individuals against high-stakes algorithmic decisions. The Act’s enforcement architecture further constrains its practical utility as an accountability mechanism. The Data Protection Board established under the Act is empowered to adjudicate complaints and impose financial penalties, but the quantum of penalties prescribed — scaled by turnover and capped at amounts that are modest in relation to the economic benefit that AI systems generate for large platforms — may not be sufficient to create genuine deterrent incentives. Moreover, the DPDP Act does not establish a right to explanation, a right to contest automated decisions, or any mechanism for algorithmic audit, all of which are indispensable components of a functional AI accountability regime. The Act’s exemptions for processing by the state “in the interest of the sovereignty and integrity of India” or for purposes of national security are formulated in broad and unqualified terms, creating a structural carve-out that is precisely the space within which algorithmic governance by state actors is most consequential and most in need of accountability norms.
IV. Liability Across the AI Supply Chain: Developers, Deployers, and the State
A coherent Indian legal framework for AI liability must grapple with the reality that the actors who create harm through algorithmic systems are not co-extensive with the actors who bear legal responsibility under existing doctrine. The AI supply chain in India typically encompasses at least four categories of actors whose roles, incentives, and degrees of control are distinct but interrelated. First, there are AI developers — frequently foreign entities incorporated in the United States or the United Kingdom — who design, train, and supply the underlying algorithmic models. Second, there are system integrators, who adapt these models for specific use cases and deploy them within the Indian market. Third, there are deploying organisations, which may include government ministries, public sector undertakings, banks, insurance companies, fintech platforms, and private employers, who make the operational decision to use AI systems in contexts that affect citizens and consumers. Fourth, there are end users, who interact with AI systems without meaningful understanding of or control over their architecture.
Under the existing framework of the Information Technology Act, 2000, and the Consumer Protection Act, 2019, liability for defective goods or deficient services may in principle be invoked against deploying organisations, since the Consumer Protection Act defines “service” broadly and has been interpreted by the National Consumer Disputes Redressal Commission to encompass digitally delivered services. The Consumer Protection Act’s product liability provisions under Chapter VI impose liability on product manufacturers, product service providers, and product sellers for harm caused by defective products or deficient services, and there is a persuasive argument that AI-generated outputs constitute a “service” within this framework when provided for consideration. However, the fundamental limitation of this approach is that product liability under Indian consumer law continues to require proof of defect and causation, the very elements that are most difficult to establish in the context of algorithmic harm. A more architecturally sophisticated approach would distribute liability across the supply chain in proportion to the degree of control each actor exercises over the conditions that produce harm imposing primary liability on developers for design defects embedded at the level of model architecture, secondary liability on deploying organisations for contextually inappropriate or negligently unsupervised deployment, and residual regulatory liability on the state where AI systems are deployed within public governance contexts without adequate human oversight.
V. Towards a Coherent Indian AI Accountability Framework: Principles for Legislative Design
The analytical insufficiencies catalogued in the preceding sections converge upon a single normative conclusion: India requires a dedicated, comprehensive, and binding AI liability framework that goes materially beyond the data protection provisions of the DPDP Act and the general remedies available under tort law and consumer protection legislation. The drafting of such a framework demands engagement with at least five foundational principles that should inform its legislative architecture. First, the principle of graduated risk-based classification must form the structural spine of any Indian AI accountability regime, categorising AI applications by the severity and breadth of harm they are capable of causing and calibrating mandatory obligations — conformity assessments, transparency requirements, human oversight mandates, and audit mechanisms — accordingly. Systems deployed in criminal justice, welfare delivery, healthcare, and financial services must be designated high-risk and subjected to pre-deployment conformity assessment, mandatory human review of consequential decisions, and publicly accessible registers of deployment.
Second, the framework must establish a statutory right to explanation for individuals subject to algorithmic decisions that produce significant effects, operationalising the constitutional mandate of reasoned decision-making as applied to the algorithmic context. Third, the principle of liability transference along the supply chain must be enacted in statutory form, ensuring that where a deploying organisation materially modifies an AI system or deploys it in a manner inconsistent with its original purpose, the organisation assumes the full liability of a primary developer. Fourth, strict liability, without proof of fault, should be imposed upon deploying organisations for physical injury and substantial economic loss caused by high-risk AI systems, with a causation presumption in favour of affected individuals where a significant link between the algorithmic output and the harm can be demonstrated. Fifth, an independent AI regulatory authority, with the technical capacity to conduct algorithmic audits, the legal standing to initiate enforcement proceedings, and the institutional independence to resist capture by the interests of either the technology industry or the state, must be constituted as the institutional anchor of the accountability regime. India’s National Institution for Transforming India (NITI Aayog) has published principles for responsible AI, and the Ministry of Electronics and Information Technology has engaged in consultative exercises, but advisory non-binding frameworks cannot substitute for statutory obligation in a constitutional order committed to the rule of law.
Conclusion
The accountability gap in Indian AI governance is not a condition that can be remedied by incremental judicial adaptation of existing doctrine. The structural features of algorithmic harm — its causal opacity, its diffusion across complex supply chains, its capacity for systemic discrimination, and its particular intensity in the context of state-mediated welfare and justice — demand a legislative response calibrated to these specific characteristics. The constitutional framework of the Indian Republic, with its commitments to dignity, equality, and the protection of fundamental rights against arbitrary power, provides both the normative foundation and the urgent imperative for such a response. The question before Indian legislators, regulators, and courts is not whether algorithmic accountability must be addressed, but whether India will construct the legal architecture necessary to answer it before the next generation of AI systems embeds new and deeper inequities into the administrative structure of the world’s most populous democracy. The time for principled, evidence-based legislative design is now, and the cost of continued inaction is borne not by the institutions that deploy algorithms, but by the citizens upon whose lives those algorithms operate.