India Releases Draft AI Bill Proposing Mandatory Registration for High-Risk AI Systems

## India's Draft AI Bill: South Asia's First AI Regulatory Framework

India has released a draft Digital India AI Bill for public consultation, proposing a comprehensive AI regulatory framework that would establish India as the first South Asian country with formal AI legislation. The bill's scope and requirements would have significant implications for APAC technology companies operating in or serving the Indian market.

### Key Provisions of the Draft Bill

**High-Risk AI Classification**

The draft defines high-risk AI systems as those deployed in: - Critical infrastructure (power, water, transport, finance) - Healthcare diagnosis and treatment decisions - Credit and insurance scoring - Employment recruitment, screening, and management - Education assessment and administration - Law enforcement and judicial assistance - Government service delivery affecting citizen rights

High-risk AI systems would require registration with a proposed AI Regulatory Authority of India (ARAI) before deployment.

**Algorithmic Accountability Requirements**

For high-risk AI systems, the draft requires: - **Conformity assessment**: Pre-deployment testing and documentation demonstrating the system meets applicable technical standards - **Impact assessment**: Assessment of potential impacts on individuals and groups before deployment - **Bias audit**: Regular bias testing and documentation, particularly for AI systems making decisions about people - **Transparency declaration**: Public disclosure of AI systems used in regulated contexts - **Grievance mechanism**: Process for individuals to contest AI-assisted decisions affecting them

**Data Localisation Provisions**

The draft includes provisions requiring that AI systems processing sensitive personal data of Indian citizens must store and process that data on servers located in India — building on existing Digital Personal Data Protection Act (DPDP) requirements.

**Penalties**

The draft proposes penalties for non-compliant AI systems of up to 2% of global annual turnover — similar in structure to GDPR.

### What This Means for APAC Technology Companies

**Immediate actions (for companies with India-facing AI products):** 1. Inventory AI systems deployed in India or serving Indian users that fall into high-risk categories 2. Assess current documentation and governance practices against draft requirements 3. Engage in the public consultation process — the final bill will be shaped by industry feedback

**Medium-term implications:** - India represents 1.4 billion potential users — compliance with Indian AI regulation will be a commercial necessity for most APAC technology companies - Data localisation requirements will require India-specific AI infrastructure investments for companies currently serving India from regional infrastructure - The conformity assessment and bias audit requirements will create demand for AI audit and compliance services in India

### AIMenta Assessment

The India AI Bill, if passed in a form close to the current draft, would create the most significant new AI compliance obligation for APAC technology companies after the EU AI Act. The combination of 1.4 billion users, growing AI adoption, and proposed data localisation requirements means that APAC enterprises with India operations cannot treat Indian AI regulation as a distant concern.

The public consultation period (currently open) is an opportunity for APAC technology companies to engage with the proposed requirements and advocate for workable compliance frameworks before the bill is finalised. The AIMenta recommendation: participate in the consultation, begin gap assessment now, and plan for 12–18 months from final passage to full compliance readiness.