Regulating Synthetically Generated Content: A Deep Dive into the 2026 Amendment to the 2021 IT Rules

The Information Technology [Intermediary Guidelines and Digital Media Ethics Code] Amendment Rules, 2026 [“2026 Amendment”] have been notified on the 10th of February, 2026, and came into effect on the 20th of February, 2026. This particular amendment has introduced significant changes to the pre-existing 2021 Rules.

The 2026 Amendments aim at regulating the Synthetically Generated Information [“SGI”], considering the prevalent usage of deepfakes and the AI-generated content in recent times. At the same time, it also focuses on the compliance of the intermediaries for curbing the spread of unlawful digital content

The 2026 Amendments introduce a rigorous, technology-centric framework specifically targeting Synthetically Generated Information [“SGI”] and deep fakes.

The central pillar of this reform is the radical compression of compliance timelines, slashing the standard 36-hour takedown window to a mere 3 hours for government and court orders, and as little as 2 hours for sensitive content involving non-consensual imagery. For intermediaries, the Safe Harbor protection under Section 79 of the IT Act is now conditional upon proactive verification and labeling of AI content.

The 2021 IT Rules initially set the standard for intermediary due diligence. However, the quick spread of advanced generative AI tools exposed major regulatory shortcomings. Issues like widespread deepfakes, financial scams, and AI-fueled misinformation demonstrated the inadequacy of the original 36-hour takedown window. This lengthy period frequently allowed damaging content to gain irreparable reach before any action could be taken.

The 2026 Amendments serve three primary objectives:

Definitional Precision: Providing a formal statutory definition for AI-generated content to eliminate legal ambiguity.
Viral Containment: Mandating a real-time takedown to match the velocity of digital distribution.
Algorithmic Accountability: The emphasis is shifting from reactive moderation to the implementation of proactive technical safety measures integrated by design.

KEY CHANGES INTRODUCED

The 2026 Amendments have modified many provisions of the 2021 Rules through the way of incorporation of the SGI into the regulatory arena. This, in turn, has led to the enhancement of the responsibility of the intermediaries. The major changes have been mentioned below:

Rule 2[1]: The 2026, in addition to the pre-existing definition of “content”, has added “audio, visual or audio-visual information” under the 2[1][ca]. Moreover, the “synthetically generated information” has been introduced by making provision of 2[1][wa]. Under this, SGI refers to the AI-generated content or the algorithmically altered content that appears to be authentic and is said to be indistinguishable from the natural person or real-world event. The exceptions have excluded the routine good-faith edits, document creation and the enhancement of accessibility without doing any material changes. This is a newer addition that was absent in the 2021 Rules.
Rule 2[1B]: The definition of “information” under the 2021 Rules was considered to be general. However, the 2026 Amendments have now included the SGI for the unlawful acts which were present under Rules 3[1][b], 3[1][d], 4[2] and 4[4]. The new definition clarifies that the removal or in any manner disabling the access to the SGI in compliance would not violate the safe harbour conditions that have been stated under Sections 79[2][a]/[b] for addressing the potential liability concerns which were not explicitly stated under the 2021 Rules.
Rule 3[1][c]: In the 2021 Rules, the Intermediaries had to inform the users about the Rules, privacy policies and the consequences of non-compliance annually under Rule 3[1][b] of the earlier act. However, under the 2026 Amendment, notifications every three months shall be required. Such notifications must place emphasis on the rights to terminate access to the content, removal of it or reporting of the offences under the Bhartiya Nyaya Sanhita and/or POCSO Act. The new clauses introduced mandate the presence of SGI-specific warnings, which shall also include the potential penalties, removal of the content, account suspension, disclosure of identity to the victims and the mandatory reporting of the offences which were not present in the 2021 Rules.

Rule 3[2]: The 2021 Rules allowed a time period of 15 days for grievance resolution as per Rule 3[2][a][i]. Further, the timeline of takedown of unlawful content varied: if the content fell in the category of “non-consensual intimate imagery”, then 24 hours, and in case of any other Rule, the time limit was within 72 hours of reporting. The 2026 Amendment has reduced this grievance resolution now to 7 days, and the timings has been changed to 36 hours for certain intimation and to two hours for the non-consensual intimate content. The government instructions would now require written orders, which would be with the authorised officers who are not below the rank of the Deputy Inspector General of Police.

Action Category	Timeline Before (2021)	Timeline Now (2026)
Lawful Takedown Order	36 Hours	3 Hours
Sensitive Content Removal	24 Hours	2 Hours
Standard Grievance Resolution	15 Days	7 Days
Urgent Grievance Resolution	72 Hours	36 Hours
User Policy Notification	Once a Year	Every 3 Months

Rule 3[3]: This Rule was completely absent in the 2021 Rules; the amendment now requires intermediaries to enable the SGI creation that would deploy reasonable technical measures for the prevention of the unlawful SGI, which could be false documents, child exploitation or any other kind of false depiction. The non- lawful SGI should be labelled prominently with the presence of visible notices, or even audio disclosures that are embedded with the metadata, which is permanent in nature or even unique identifiers that cannot be suppressed or removed.
Rule 4[1A]: Significant Social Media Intermediaries [“SSMIs”] now face the most stringent “pre-publication” requirements. Earlier, under the 2021 Rules, SSMIs were expected to “endeavour to deploy” proactive technical measures. However, now, under Rule 4(1A), SSMIs must require users to declare if the content is SGI before publication. They must also deploy reasonable and proportionate technical measures [automated tools] to verify the accuracy of user declarations. Resultantly, they shall now be considered the Verifier of Authenticity: they can no longer trust a user's upload label, but must verify it algorithmically.
Rule 7: The 2021 Rules referenced the Indian Penal Code [IPC]. All references have been updated to the Bharatiya Nyaya Sanhita, 2023 [BNS]. Consequently, violations will now trigger modern penal consequences. The user agreements must, therefore, be updated to reflect this new legal hierarchy.

ANALYSIS

The 2026 Amendment shows the shift towards a regulation which is proactive towards AI-generated content while aiming to mitigate harms like misinformation and non-consensual deepfakes that would enhance the accountability of the platforms.

Pursuant to Section 79 of the Information Technology Act, intermediaries are afforded immunity provided they exercise due diligence. The 2026 Amendments introduce a “Deemed Failure” provision within Rule 4[1A]. Should an SSMI knowingly countenance, facilitate, or neglect to address Substantially Grievous Information [“SGI”] that contravenes the stipulated rules, it shall be automatically deemed to have failed in its obligation of due diligence. This presumption effectively reallocates the burden of proof to the platform, necessitating that they substantiate the operational effectiveness of their technical verification mechanisms.

The 2026 Amendment further incorporates a significant provision: a "removal of doubts clause." This clause is strategically designed to incentivise platforms to accord greater importance to victim safety than to the mere preservation of content. Specifically, proactive measures undertaken against Sexually Explicit Material [SGI] in adherence to these rules, including the deployment of automated filtering technologies, will not compromise an intermediary's statutory immunity under Section 79 of the IT Act.

Rule 7 performs a critical legal update by replacing all references to the Indian Penal Code [IPC] with the BNS, 2023. This alignment integrates specific BNS provisions regarding "False Information" and "Forged Electronic Records" directly into the intermediary’s removal obligations.

Rule 3[1][ca][ii][III] mandates the identification and disclosure of a violating user's identity directly to a complainant who is a victim. While intended to empower victims of deepfakes, this provision creates a direct friction point with the Digital Personal Data Protection [DPDP] Act, 2023. Intermediaries must now develop strictly audited workflows to verify victim status before such disclosures.

The whole concept of defining and integrating the system of SGI, the amendment has provided for India’s first formal legal framework for such content that would potentially protect citizens from a rapid increase in unlawful SGI content.

Regulating Synthetically Generated Content: A Deep Dive into the 2026 Amendment to the 2021 IT Rules

KEY CHANGES INTRODUCED

ANALYSIS

Related Reads

Intermediary Liability in Data Leaks: Decoding the December 2025 MeitY Advisory to VPNs and Other Intermediaries

Understanding the Newly Implemented UPI Rules: The Legal and Practical Ramifications for Modern Finance

The Regulatory and Ethical Landscape of Dark Patterns in E-Commerce

Can Safe Harbour Stay Safe?: Copyright, Repeat Infringement, and the Role of Platforms

Navigating Legal Risk and Compliance in the Era of AI: A Comprehensive Guide for Indian In-House Counsels

Explore More Articles