Cyber Law, Artificial Intelligence, and Data Privacy in India: Bridging an Incomplete Regulatory Architecture

Abstract Artificial intelligence is no longer peripheral to India’s digital ecosystem; it is embedded within its administrative, financial, and social infrastructures. This shift has sharpened long-standing concerns around privacy, surveillance, and legal accountability. While the recognition of privacy as a fundamental right in Justice K.S. Puttaswamy (Retd.) v Union of India (2017) and the enactment of the Digital Personal Data Protection Act, 2023 signal meaningful progress, the regulatory response remains uneven. This article argues that India’s current framework, though increasingly rights-oriented, remains insufficiently attentive to the distinct risks posed by AI systems—particularly opacity, automated decision-making, and diffuse liability. Drawing on doctrinal analysis and comparative developments, it suggests that India’s legal architecture is evolving, but not yet coherently aligned with the realities of algorithmic governance.