The India impact AI summit has been a great success despite the first day problem of crowd management and the needless embarassment caused by one of the exhibitors. It has created a high degree of awareness in the Indian public and also  drawn international attention to India’s progress in the field.  It will take some time for the current status of AI to be fully understood in the “Sarvam AI mayam” euphoria created by the event

Despite the different reports about the event in the media, there is not much coverage on the “AI Risks” both to the users and to the society.

Normally innovators are not concerned about the impact of any new technology on the society. The talk of “Ethics” is simply an eye wash. Untill “Ethics” is enforced through a law which is sufficiently deterrant, no commercial organization can be expected to recognize “Ethics” beyond the word being repeated in speeches.

It is the responsibility of the society to conisder if India has to recognize the AI risks and take regualtory steps to ensure that they donot become a problem like how Cyber Crimes have become a problem for the society.

AI driven Risks may manifest both as operational Risks as well as AI driven Cyber Crimes. They will create a larger challenge to the society which cannot be ignored.

These are additional to the debate whether AI will result in Job Losses, Businesses going bust, AI taking over humans etc.

Were there any stalls in the summit on these themes?… Were there panel discussions?…Were there expert  talks? Were there solutions discussed?….. We need to explore.

In the meantime, I leave below some instances of AI related issues in health care which I had collected a few days back which should open our eyes on operational risks in the use of AI.

• UnitedHealth & Humana “nH Predict” Algorithm (2025):
• AI algorithm used to deny coverage to elderly patients had a 90% error rate on appeal.
• The system, optimized for cost-cutting, disproportionately impacted patients, with humans often overturning 9 out of 10 denials.
• Dermatology AI Bias (2024):
• A study on skin cancer detection AI found that most systems struggled to perform on non-white skin, with significant performance drops in sensitivity for dark-skinned individuals.
• Pulse Oximeters Overestimation (2024):
• A UK review confirmed that pulse oximeters, often aided by AI, tended to overestimate oxygen levels in people with darker skin, leading to potential delays in treatment.
• Epic Sepsis Model (2022/2024):
• A widely deployed sepsis prediction model in hundreds of U.S. hospitals was found to have a very poor, failing performance compared to its advertised performance
• It missed 67% of sepsis cases while triggering excessive false alarms.
• Fake Medical Information (2025):
• Studies showed that AI chatbots, such as GPT-4, failed to gather complete medical histories and sometimes generated incorrect, dangerous diagnoses based on simulated patient conversations.
• ECG Misinterpretation (2025):
• In a 2025 trial, an AI-enabled ECG tool wrongly flagged a heart attack for a healthy 29-year-old woman, illustrating how models can be “statistically confident while still being clinically wrong”.
• NEDA “Tessa” Chatbot (2023):
• The National Eating Disorders Association had to disable its chatbot, Tessa, after it was found to be providing dangerous weight-loss advice and calorie-tracking recommendations to people with eating disorders.
• Data Privacy Violations (DeepMind):
• Google’s DeepMind received criticism after it was revealed that the NHS had provided data on 1.6 million patients to train its “Streams” app without proper patient consent.
• Robotic Surgery Failures (2023):
• AI-powered robotic systems have shown failures where the electrical current can leave the robot, resulting in accidental burns to surrounding tissues

Let us study such incidents and try and find solutions in the form of technology and governance.

We need to start discussing solutions to AI risks and the need for new regulations including modification of ITA 2000 and introduction of the concept of Neuro Rights within DPDPA.

Naavi

The Supreme Court heard three petitions on February 16 challenging DPDPA act as well as the rules.

The key aspects of the disputes raised are

1. Section 44(3) which amends RTI act section 8(1) will dilute the current procisions.
2. Government seeks powers to seek data from data fiduciaries
3. The Act fails to bring a balance between Right to Privacy and Right to freedom of information.

Naavi.org would analyse the petitions in detail in due course. We are in receipt of copy of one of the petitions posted by Mr Apar Gupta on his website. Copies of the other two petitions are still not available.

Naavi

On  16th February 2026, the Supreme Court heard the prelimary petitions challenging DPDPA 2023 from the perspective of whether Section 44(3) and other sections  violate the Constitution.

The three petitions which were heard were

1. 1. Venkatesh Nayak v. Union of India, W.P.(C) No. 177/2026;
   2. The Reporters Collective Trust & Anr. v. Union of India & Ors., W.P.(C) No. 211/2026; and
   3. National Campaign for Peoples Right to Information v. Union of India, W.P.(C) No. 212/2026.

Despite strong pleadings, the Court refused to stay the act but committed the pertitions to a larger bench. It has issued necessary notices to the Government.

A detailed post on internetfreedom.in provides additional information on the developing case. A copy of the petition  of The Reporter Collective Trust is  avaialable here.

This petition goes much beyond Section 44(3) and challenges Sections 5, 6, 8, 10, 18, 19, 36, besides 44(3) of the DPDP Act, 2023, and Rules 3, 6, 7, 8, 9, 13, 16, 17, and 23 of the
DPDP Rules, 2025.

It  is interesting to note that while the petition wants to have easy access to all beneficiaries of various Government schemes, they want to redact the name of the petitioners because they consider it their right to privacy.  This is a point to be noted.

The prayer in the petition is as follows:

PRAYER

Therefore, in light of the above-mentioned facts and circumstances, it is respectfully prayed that this Hon’ble Court may kindly be pleased to:

A. Issue a writ in the nature of mandamus, or any other appropriate writ, order, or direction declaring the whole of the Digital Personal Data Protection Act, 2023, and specifically Sections 5, 6, 8, 10, 17, 18, 19, 36, and 44(3), of the Digital Personal Data Protection Act, 2023, to be void, inoperative and unconstitutional for being ultra vires Articles 14, 19, and 21 of the Constitution;

B. Issue a writ in the nature of mandamus, or any other appropriate writ, order, or direction declaring the whole of the Digital Personal Data Protection Rules, 2025, specifically Rules 3, 6, 7, 8, 9, 13, 16, 17, and 23 of the Digital Personal Data Protection Rules, 2025, to be void, inoperative and unconstitutional for being ultra vires Articles 14, 19, and 21 of the Constitution;

C. Issue any other writ, order or direction as this Hon’ble Court may deem fit and proper to do complete justice in the circumstances of the case.

It is our duty to analyze the petition point by point and present it to the larger public to understand the issues involved. We shall do so in due  course. Watch this space.

Naavi

Also Refer: livelaw

As expected, the law of DPDPA is now before the Supreme Court. Normally Courts are expected to step in when a citizen has an adverse impact of the law. and seeks remedy. However, in India, almost every law that gets passed by the Parliament is srutinized by the supreme Court even before it is implemented under the speculation that “This is unconstitutional, Give a stay and later scrap the law”. The same thing has now happenned for DPDPA 2023. There are always some so called Public Interested litigation specialists who  contrive the reason to challenge the law and hamper the progress. Supreme Court has allowed itself to be used as an instrument of delaying legislation in the country and the trend continues.

I refer to the article in “Thewire.in” which refers to a petition of one RTI activist Mr Venkatesh Nayak to ensure that “Two decades of tranparency in the life fo public authorities is not reversed into an era of dark opacity”. The case would be argued by Ms Vrinda Grover and perhaps also Mr Prashat Bhushan, before a bench of Justices Suryakant, Joymalya Bagchi and Vipul Pancholi today.

We donot have a copy of the petition to understand the logic but the article makes the following mentions which we can comment on.

1.Section 44(3) is already in force.

2. Section 44(3) amends RTI act  to broadly exempt the disclosure of information deemed to be “Personal” and provides a “Blanket bar” on an obligation to disclose all personal information.

3. Section 4493) contravenes Article 19(1)(a) of the constitution and violates the right to equality by equating privacy oc public functionaries to that of ordinary citizens”.

Another petition that has been filed is Reporters Collective & Nitin Sethi v. Union of India (W.P.(C) No. 177/2026)   This petition extends the objections and seeks to strike down the entire DPDPA as unconstitutional. Objections are made on Sections 5, 6, 8, 10, 17, 18, 19, 36, and 44(3), alongside Rules 3, 6, 7, 8, 9, 13, 16, 17, and 23 of the 2025 Rules.

Another petition filed by Prashant Bhushan for NCPRI petition (W.P.(C) No. 211/2026 also reflects a similar view.

While we appreciate the legal acumen of those who have filed these petiotions, it is clear that the objective of this elite exercise is to delay DPDPA implementation to the extent possible. It is unlikely that the Supreme Court may be persuaded to consider the objections but the petition has the power to disturb the industry’s resolve to start implementation immediately.

The Urban Naxalites would be happy…that they have placed one more hurdle on the Government to do what it  wants to do.

For the time being, let us watch what the Supreme Court does on this petition. We shall analyse the case as it develops.

Probably a notice would be issued to the Government in this regard. We donot expect any stay at this point of time.

I request any of the readers having a copy of the petitions to send me a copy so that we can take a deeper look at the same.

Naavi

Also Refer:

Opposition seeks repealing of Section 44(3) of DPDPA 2023

The hue and cry about RTI Act being diluted by DPDPA is misplaced.

In October 2025, Meity had released a draft notification related to amendment of ITAct Intermediary Rules related to publication of synthetic content. On 10th February 2026, the final rules have been notified with several clarifications related to the provisions.

The gazette Notification along with an FAQ are available  here. Brief Discussion of these amended rules will be available in FDPPI training program for CDPODA on February 21 and 22.

Gazette Notification of 10th February 2026

FAQ 

These are amendments to Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and willbe effective from 20th February 2026.

Naavi

Going  by the news paper reports it appears that many Indian companies including giants like TCS are eyeing registration as “Consent Manager” under DPDPA  2023. There is news that JIO and Airtel are also interested in being registered as “Consent Manager”.

Further, NeGD had announced a “Code Development Competition” for development of an  open source Consent Management platform to manage the Consents under DPDPA by Data Fiduciaries. This was a competition for a prize of Rs 50 lakhs and as part of the specifications of the coding competition, a document called “BRD” or “Business Requirement Document” had been issued by NeGD.

Under this competition, the following six entities were short listed for the final round of code development.

In the background there are 17 RBI licensed “Account Aggregators” who are acting as “Consent Managers under DEPA”  who may be thinking that they are already “Consent Managers” and should automatically be eligible for registration under DPDPA.

With these developments the media and many experts are confused about the intentions of the MeitY on how they would modify the  DPDPA Rules of November 13  to accommodate the lobbying by the giants such as TCS, Jio and Airtel.

While Naavi.org has explained in detail the conflicts betwee the DPDPA act and the Rules, and will continue to debate this provision, it is our duty to point out that there is a need for substantial change in the  Rule 4 of the November 13 publications.

If the Meity goes ahead  with registration of companies without synchronizing the rules with the act, there could be legal objections that may stall registered Consent Managers from going ahead with the implementation of the accreditation. We can expect some of the other aspiring candidates seeking stay on the registration through legal means.

Let us watch this interesting developing news space.

Naavi