Naavi.org

To all AI experts

I request all readers who are experts in AI to take the trouble of going through the series of articles presented in this website and study the proposed Supreme Court AI Governance framework  (SCAIF) which  is expected to be the seed for the AI law in India similar to EU Ai act.

Though DGPSI-AI has already captured the essence of the required law, now SCAIF coming from the Supreme Court has a very high statutory weight.

If any of the experts have a suggestion, this is the time for them to act.

I think I have made their work in studying the proposal simpler by the 12 articles along with the Audio and Video overviews created by the AI Chair of FDPPI. You may or may not agree with the views but can benefit by the analysis.

Please write to the member secretary directly. if you feel like, you can mark a copy to Naavi for information.

Naavi

Here is a view from Mr. M. G. Kodandaram, IRS., Assistant Director (Retd),                   ADVOCATE and CONSULTANT

Abstract

The rapid emergence of Artificial Intelligence (AI) has transformed public administration, governance, commerce, and legal systems worldwide. Recognising both the opportunities and risks associated with AI, the Supreme Court of India, through its AI Committee, issued the Draft “Regulations for Use of Artificial Intelligence (AI) in Courts, 2026” (herein after ‘draft AI regulations’ for brevity) on 3 June 2026 for public consultation. The draft regulations seek to establish a comprehensive governance framework for the deployment of AI within the Indian judicial ecosystem.

Simultaneously, India has entered a new era of data governance through the enactment of the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Digital Personal Data Protection Rules, 2025(DPDP rules). Since AI systems fundamentally depend upon data for training, testing, validation, and deployment, the proposed judicial AI framework cannot operate independently of data protection laws.

This article examines the interaction between the Draft AI Regulations and the DPDP Act, together with the DPDP Rules. It analyses how principles such as purpose limitation, data minimisation, privacy by design, consent management, security safeguards, anonymisation, accountability, transparency, and data fiduciary obligations influence the design and implementation of AI systems in courts. The article also evaluates potential legal challenges and suggests a pathway toward responsible judicial AI governance in India.

—————————————————————————————————-

1. Introduction

Artificial Intelligence (AI) has emerged as one of the most transformative technologies of the twenty-first century, prompting judicial institutions worldwide to adopt AI-enabled tools for legal research, document management, translation, transcription, case scheduling, intelligent search, record summarisation, and other administrative functions. In India, initiatives such as SUPACE, SUVAS, AI-based translation systems, intelligent legal databases, and the digital infrastructure developed under the e-Courts Mission Mode Project reflect the judiciary’s growing engagement with AI. While these technologies offer significant opportunities to enhance efficiency and access to justice, they also raise important concerns relating to privacy, fairness, transparency, algorithmic bias, explainability, accountability, judicial independence, and the protection of sensitive judicial data.

Recognising both the potential and risks of AI, the Supreme Court’s AI Committee has proposed the Draft Regulations for Use of AI in Courts. The significance of this initiative is heightened by the existence of India’s dedicated data protection framework under the DPDP Act, 2023 and the DPDP Rules, 2025, which are expressly integrated into the draft regulations. Together, these developments represent India’s first comprehensive attempt to harmonise judicial governance, AI regulation, and personal data protection within a unified regulatory framework.

1. Brief Overview the DPDP Act, 2023

The DPDP Act, 2023 establishes a comprehensive legal framework for the processing of digital personal data in India. The Act applies to personal data collected in digital form, digitised personal data, processing activities carried out within India, and certain processing activities outside India where goods or services are offered to individuals in India. It identifies key stakeholders in the data ecosystem, namely the Data Principal, whose personal data is being processed; the Data Fiduciary, which determines the purpose and means of such processing; the Data Processor, which processes data on behalf of the Data Fiduciary; and the Significant Data Fiduciary, a category of entities notified by the Central Government based on the volume and sensitivity of data handled.

The Act is founded on internationally recognised principles such as lawful processing, purpose limitation, data minimisation, storage limitation, accuracy, accountability, security safeguards, and grievance redressal. These principles provide the essential framework for ensuring responsible and trustworthy deployment of AI systems within judicial institutions.

III. Incorporation of DPDP provisions into the Draft AI Regulations

The importance of data protection becomes particularly pronounced in the context of judicial use of AI because courts routinely process and store enormous volumes of highly sensitive personal information. Judicial records frequently contain names and address of litigants, Aadhaar numbers, financial and banking information, medical records, criminal histories, details of family and matrimonial disputes, evidence relating to sexual offences, identities of witnesses, juvenile records, biometric data, and commercially confidential information.

A notable feature of the Draft Regulations for Use of AI in Courts, is the conscious and systematic incorporation of concepts and terminology drawn from the DPDP provisions. The Regulations expressly adopt several key data protection concepts that are essential for the responsible use of AI in judicial environments. For instance, Regulation 3(1)(k) defines “Anonymisation” in a manner that closely aligns with contemporary privacy standards by requiring the irreversible removal or transformation of identifiers so that an individual cannot be identified either directly or indirectly. This concept assumes particular importance in the context of AI training datasets, where large volumes of judicial information may be used for machine learning and analytical purposes.

Similarly, Regulation 3(1)(s) expressly adopts the meaning of “Data” as assigned under Section 2(h) of the DPDP Act, thereby ensuring statutory consistency and avoiding interpretational conflicts between the two regulatory frameworks. Such harmonisation promotes legal certainty and facilitates uniform compliance standards across judicial institutions that process personal information through AI systems. Another significant incorporation is found in Regulation 3(1)(t), which introduces a detailed formulation of the principle of “Data Minimisation.” Under this provision, AI systems are required to collect, retain, and process only such data as is strictly necessary for achieving the specified and legitimate purpose for which the system is deployed.

The Regulations further recognise the unique sensitivity of information handled by courts through the introduction of the category of “Sensitive Judicial Data” under Regulation 3(1) (zh). This specialised classification acknowledges that judicial records often contain highly confidential information relating to litigants, witnesses, victims, juveniles, medical conditions, financial affairs, criminal proceedings, and other matters affecting personal dignity and legal rights. By creating a distinct category deserving heightened protection, the Regulations adopt an approach comparable to sensitive data classifications recognised in international privacy frameworks. Collectively, these provisions demonstrate that the Draft Regulations do not treat AI merely as a technological tool but seek to embed privacy, accountability, and data governance safeguards at the core of judicial AI deployment.

Consequently, the DPDP Act serves as the foundational pillar of judicial AI governance and provides the legal architecture necessary to ensure that technological innovation within the justice system remains consistent with privacy, fairness, and constitutional values.

1. Data Protection and Privacy as Foundational Principles

Regulation 10 of the Draft AI Regulations represents the clearest integration of the DPDP Act into the governance framework for judicial AI. It mandates that the processing of personal data through AI systems be governed by the principles of purpose limitation, data minimisation, and privacy by design, thereby incorporating core data protection obligations directly into judicial AI regulation. The provision recognises that the adoption of AI in courts cannot be divorced from the protection of personal data and individual privacy.

A central feature of Regulation 10 is its emphasis on purpose limitation. Under the DPDP framework, personal data may be processed only for a specified and lawful purpose. Applied to judicial AI, this means that information collected for adjudication, case management, or judicial administration cannot automatically be repurposed for AI training, algorithm development, or other secondary uses. Judicial records, therefore, cannot be treated as unrestricted datasets for technological experimentation. Any secondary use must be supported by a lawful basis, appropriate authorisation, and compliance with applicable privacy safeguards.

The regulation also incorporates the principle of privacy by design, requiring privacy protections to be embedded into AI systems from the outset rather than added later as compliance measures. This necessitates safeguards such as access controls, encryption, role-based permissions, audit logs, retention limits, and regular security assessments, particularly given the sensitive nature of judicial data.

Through the integration of these principles, Regulation 10 brings judicial AI governance in line with global best practices and firmly anchors it within India’s data protection regime under the DPDP Act.

1. Human Rights, Privacy and the Puttaswamy Doctrine

The constitutional basis of privacy protection within the Draft Regulations is rooted in the landmark judgment of the Supreme Court in Justice K.S. Puttaswamy v. Union of India, which recognised privacy as a fundamental right under Article 21 of the Constitution. The nine-judge Bench held that privacy is inseparable from individual dignity, autonomy, and personal liberty, and that the collection, storage, and use of personal information must be subject to constitutional safeguards. This decision laid the foundation for India’s contemporary data protection framework, including the DPDP Act, 2023.

The Draft AI Regulations seek to operationalise these constitutional principles in the context of judicial AI. Reflecting the spirit of Puttaswamy, Regulation 10(2) expressly provides that “the right to privacy shall be ensured in all AI-related operations of Courts.” This provision elevates privacy from a procedural compliance requirement to a governing constitutional principle for the deployment of AI within the justice system.

The regulation further reinforces the principle that technological innovation in courts must remain subject to judicial oversight and constitutional limitations. AI systems that result in excessive data collection, unauthorised profiling, intrusive surveillance, or disproportionate interference with personal information may therefore be vulnerable to constitutional challenge and judicial review. In this sense, the Puttaswamy doctrine serves as the normative foundation of the emerging judicial AI governance framework, ensuring that the adoption of AI in courts remains aligned with the constitutional commitment to privacy, dignity, liberty, and human rights.

1. Transparency and Explainability under Regulation 7

Regulation 7 addresses one of the most significant challenges associated with the use of AI in the judiciary — the opacity of AI systems. Many AI models operate as “black boxes,” generating outputs without clearly revealing the reasoning behind them. Such opacity is inconsistent with the judicial principles of transparency, accountability, and reasoned decision-making. To address this concern, Regulation 7 requires AI systems used in courts to adhere to the principles of transparency, explainability, intelligibility, and disclosure of decision logic, while subjecting opaque systems to heightened scrutiny.

These requirements complement the DPDP Act, 2023, by extending the concept of accountability beyond data processing to algorithmic decision-making. The regulation recognises that AI systems influencing legal rights or judicial processes must be capable of explanation and review.

The need for explainability is particularly important where AI tools assist in functions such as bail prioritisation, case listing, sentencing analysis, risk assessment, or document relevance ranking. In such situations, affected parties may legitimately seek to know what data was used, why a recommendation was generated, whether bias influenced the outcome, and whether the recommendation can be challenged or corrected. These questions are central to procedural fairness and due process.

By requiring AI-generated outputs to be understandable and open to scrutiny, Regulation 7 helps ensure that AI-assisted judicial administration remains consistent with constitutional values, principles of natural justice, and public confidence in the justice system.

VII. Regulation 12 and the Principle of Proportionality

Regulation 12 adopts a risk-based approach to judicial AI governance, recognising that different AI applications pose varying levels of risk to personal liberty, legal rights, and judicial outcomes. The regulation requires safeguards to be proportionate to the level of risk involved, reflecting a widely accepted approach in contemporary AI governance. Under this framework, AI systems used for administrative functions such as scheduling and case management are treated as low-risk, while research and analytical tools may fall within the medium-risk category. Applications that influence bail decisions, sentencing, detention, or adjudicatory processes are regarded as high-risk because of their potential impact on fundamental rights and individual liberty.

For such high-risk uses, Regulation 12 mandates enhanced safeguards, including meaningful Human-in-the-Loop oversight. This ensures that critical judicial decisions remain subject to human review and final determination, preventing any form of autonomous judicial decision-making. The regulation reflects the constitutional doctrine of proportionality, under which greater restrictions on rights require stronger justifications and safeguards.

 VIII. AI Training and DPDP Compliance: Regulation 20

Regulation 20 is one of the strongest data protection safeguards in the Draft AI Regulations and creates a direct link between judicial AI governance and the DPDP Act. It prohibits the use of personal data for training, testing, or refining AI systems unless prior approval has been obtained and all applicable data protection requirements are satisfied.

This provision addresses a critical concern in modern AI development, where machine-learning systems are typically trained on large datasets. Unlike publicly available internet content, judicial records contain highly sensitive information relating to litigants, accused persons, witnesses, victims, minors, and other participants in the justice system. Such records may include personal identifiers, financial details, medical information, family disputes, and criminal allegations, making their use for AI development particularly sensitive.

To address these concerns, Regulation 20 requires judicial approval before court records can be used for AI training or testing. This ensures that courts retain control over judicial data and prevents indiscriminate sharing with technology developers or third parties. The regulation also mandates compliance with applicable data protection laws, effectively extending DPDP principles such as lawful processing, purpose limitation, data minimisation, and accountability to AI training activities.

By placing oversight responsibilities on judicial authorities, Regulation 20 reinforces the role of courts as custodians of sensitive personal data.

1. Consent and Legitimate Processing Challenges

One of the most challenging issues at the intersection of AI and data protection concerns the use of judicial data for AI development and training. Under the DPDP Act, personal data processing generally requires either the consent of the individual concerned or a recognised ground of legitimate use. Applying these principles to judicial records raises complex legal questions.

Information disclosed during court proceedings differs from data voluntarily provided in commercial or digital contexts. Litigants, witnesses, victims, and other participants often disclose personal information because it is required for the adjudication of disputes and the administration of justice. Such information is furnished with the expectation that it will be used for judicial purposes, not for training or refining AI systems. Consequently, the secondary use of court records for AI development raises concerns relating to purpose limitation, informed consent, and the reasonable expectations of data principals.

A critical question is whether the original consent associated with judicial proceedings can extend to AI training activities. Since the data is collected primarily for adjudicatory purposes, extending its use to AI development may exceed the original purpose of collection. Similarly, while courts may rely on their statutory functions to adopt technological tools, any such use of personal data must still satisfy the requirements of necessity, proportionality, and lawful processing.

These challenges highlight the importance of anonymisation and de-identification as safeguards for balancing innovation with privacy protection. Although the Draft Regulations recognise these concerns, they do not fully resolve them, indicating a need for clearer rules governing consent, secondary use of judicial data, anonymisation standards, and institutional accountability.

1. Regulation 48 and Sensitive Judicial Data

Regulation 48, of the Draft Regulations, provides the most comprehensive privacy protection framework for judicial AI systems. It establishes safeguards for the protection, management, and lawful use of sensitive judicial data, reflecting the objectives of the DPDP Act.

One of the salient features of the regulation is its restriction on the transfer of sensitive judicial data. Such data cannot be shared with external systems or third parties without express written authorisation. This safeguard is particularly important where cloud service providers, AI vendors, consultants, or analytics firms are involved in judicial technology projects, ensuring that confidential court information is not disclosed without proper oversight.

The regulation also mandates technical and organisational safeguards, including encryption, contractual controls, access restrictions, and cybersecurity measures. These requirements help protect judicial data from unauthorised access, misuse, and security breaches while ensuring accountability among entities handling such information.

In addition, Regulation 48 incorporates the principle of data minimisation by encouraging the adoption of AI systems that require the least amount of personal data necessary to achieve their objectives. It further promotes anonymisation wherever technically feasible before data is used for AI training, testing, or refinement, thereby reducing risks of re-identification and privacy violations.

1. Cybersecurity Obligations and the DPDP Framework

Effective protection of personal data in judicial AI systems depends not only on privacy safeguards but also on robust cybersecurity measures. Recognising this, the Draft Regulations treat cybersecurity as an essential component of AI governance, consistent with the DPDP Act, which requires reasonable security safeguards to protect personal data from breaches and unauthorised access.

Regulation 48(5) operationalises these obligations by mandating annual cybersecurity audits, reporting of audit outcomes, and maintenance of audit records. These requirements ensure that cybersecurity remains an ongoing process of monitoring, assessment, and improvement rather than a one-time compliance exercise. Regular audits help identify vulnerabilities, evaluate existing controls, and strengthen institutional accountability. By requiring periodic audits and continuous oversight, this strengthens the security of judicial AI systems and complements the privacy protections contained elsewhere in the Draft Regulations.

XII. AI Secretariat and Governance Architecture

The Draft Regulations establish an AI Secretariat as the primary institutional authority responsible for overseeing the use of AI within the judicial system. The Secretariat is entrusted with functions relating to approvals, audits, incident monitoring, record maintenance, and overall regulatory oversight. From the perspective of data protection governance, it resembles a sector-specific compliance body tasked with ensuring that AI deployment remains consistent with legal and ethical standards. Over time, the Secretariat may play a broader role in developing privacy impact assessment templates, AI risk assessment frameworks, anonymisation standards, and vendor compliance protocols. The creation of such a dedicated institutional mechanism significantly strengthens accountability and governance within the judicial AI ecosystem.

XIII. Private Sector Participation and Data Fiduciary Obligations

The development and deployment of judicial AI systems will inevitably involve collaboration with private technology providers. While Chapter VI permits engagement with private entities, such participation raises important implications under the DPDP framework. Depending on the nature of their role, private vendors may function either as Data Processors when acting solely on court instructions or as Data Fiduciaries where they independently determine the purposes and mean of processing. This distinction has significant legal consequences and underscores the need for carefully structured contractual arrangements. Agreements with vendors should clearly address issues relating to data ownership, confidentiality, retention periods, deletion obligations, breach reporting, and audit rights. In the absence of such safeguards, sensitive judicial data may become vulnerable to misuse or commercial exploitation.

XIV. Cross-Border Data Transfers and Judicial Sovereignty

As many AI systems rely on cloud-based infrastructure that may be located outside India, questions relating to cross-border data processing are likely to assume increasing importance. Although the Draft Regulations do not extensively address this issue, the requirements of the DPDP framework concerning international data transfers will remain relevant. Judicial data is uniquely sensitive, involving concerns relating to sovereignty, national security, and confidentiality. Consequently, future iterations of the regulatory framework may consider measures such as localisation of judicial AI infrastructure, adoption of sovereign cloud arrangements, greater reliance on domestic data centres, and restrictions on foreign access to sensitive judicial information.

1. Areas Requiring Further Clarification

While the Draft Regulations represent a significant step towards responsible AI governance in the judiciary, certain areas would benefit from further clarification. The framework could be strengthened by requiring AI-specific Privacy Impact Assessments before the deployment of high-risk systems. Similarly, independent algorithmic audits could be mandated to evaluate issues such as bias, fairness, explainability, and accuracy. Greater clarity is also needed regarding data retention requirements, including prescribed timelines for storage and deletion of information used by AI systems. In addition, litigants may require stronger procedural protections, including the right to know when AI tools are used, to challenge AI-generated recommendations, and to seek correction of inaccuracies. The allocation of liability between courts and private vendors in cases of error, misuse, or data breaches also remains an area requiring further regulatory guidance.

XVI. Conclusion

The Draft AI Regulations represent a significant step in integrating AI into India’s judicial system while preserving judicial independence, transparency, accountability, and constitutional rights. Anchored in the DPDP Act, 2023 Rules, 2025, the framework recognises that courts are custodians of highly sensitive personal information and therefore require stronger safeguards than those applicable in ordinary commercial settings.

The Regulations establish important protections by restricting unauthorised use of personal data for AI training, mandating transparency and explainability in AI-assisted processes, requiring meaningful human oversight in high-risk applications, and safeguarding sensitive judicial data through security and privacy measures. These provisions seek to ensure that AI remains a tool to assist, rather than replace, human decision-making in the administration of justice.

Ultimately, the challenge for India is not merely to digitise court processes but to ensure that technological innovation strengthens the constitutional values of fairness, privacy, dignity, transparency, and the rule of law. Read together with the DPDP framework, the Draft AI Regulations provide a strong foundation for responsible judicial AI governance and position India among the leading jurisdictions seeking to balance technological advancement with the protection of fundamental rights.

Mr. M. G. Kodandaram, IRS.

Reference: Copy of the proposed regulation

On 3 June 2026 the Supreme Court of India’s AI Committee released a 57-clause, 10-chapter draft, “Regulations for Use of Artificial Intelligence (AI) in Courts, 2026,” for public comments by 20 June 2026 (email office.regcc@sci.nic.in).

Naavi published a series of 11 interconnected articles on naavi.org between 11–13 June 2026 decoding the draft chapter-by-chapter, with accompanying AI-generated audio/video reviews, and indicated he would consolidate FDPPI members’ views for submission. He refers to the framework throughout as “SCAIF” (Supreme Court AI Framework).

Overall assessment.

Naavi calls the draft “a comprehensive document with 57 clauses spread over 10 chapters ready to be converted into a formal law” and “one of the most comprehensive judicial AI governance frameworks proposed anywhere in the world.” He characterizes its philosophy as distinctly Indian: “AI is welcomed as an assistant to justice, but never as a substitute for judicial reasoning.”

Wider significance — the “pre-emption” thesis.

Naavi argues the Supreme Court has “pre-empted” AI regulation in India. Because the document is issued under the highest court, he says it becomes an indicative “Due Diligence” framework for the private sector, and any future MeitY AI law “has to be in compliance with this Judiciary Framework since eventually the Supreme Court will determine if the law is acceptable.” He frames it as a “huge speed breaker” on industry lobbying (via NASSCOM) and on the “Law to Code” idea for DPDPA compliance pushed in an Economic Times report. The draft itself creates an explicit “presumption in favour of responsible AI adoption.”

Details

1. Overall assessment of the framework

Naavi is broadly approving of the substance and philosophy while critical of the administrative architecture.

He praises:

• Human primacy (Section 4): He singles out the categorical statement that AI use “shall at all times remain strictly subservient to human judgement and judicial authority” as the most striking feature — “a surprising but mortal blow” to those citing Albania’s appointment of an “AI minister.” (Albania in September 2025 named an AI system, “Diella,” as Minister of State for Artificial Intelligence — reported as the first AI to hold a cabinet-level government role.) He reads Section 4 as a direct rebuttal to arguments (e.g., the Economic Times “Law to Code” piece) that AI could replace lawyers for DPDPA compliance: “Section 4 has simply shut down such arguments once and for all.”
• He notes the draft’s stated “Innovation over Restraint” posture (Sections 16–17) but argues that in practice “‘Restraint’ over rides ‘Innovation’ and the Court has in fact been more rigid than necessary,” suggesting the authors worked “under a panic that Judicial system will be over whelmed by AI.” (The backdrop includes the Supreme Court’s February 2026 alarm at lawyers filing AI-drafted petitions with fabricated case citations, with CJI Surya Kant remarking that the practice was “absolutely uncalled for.”)
• He observes an opening: innovators can still push AI in mediation and “with-recourse arbitration,” which would not be affected by these judiciary-focused regulations.

2. Relationship to his own DGPSI-AI framework

A recurring theme is that the SC draft validates and complements FDPPI’s DGPSI-AI framework (published September 2025; six governance principles, nine implementation specifications for AI deployers, thirteen for AI developers).

Key points:

• DGPSI-AI’s foundational principle is “Unknown Risk is a Significant Risk” (treating AI as a significant risk that elevates a Data Fiduciary to Significant Data Fiduciary status under DPDPA); the second principle is “behind every AI algorithm there shall be one human for accountability,” which he says is the “distinguishing feature” mirrored in SCAIF’s human-primacy rule.
• He frames the two as operating at different layers: the SC Regulations govern the judicial customer side; DGPSI-AI governs the vendor/deployer side. A DGPSI-AI-compliant vendor would, he argues, already satisfy much of Chapter VI / Regulation 46.
• Two harmonization gaps he identifies:
  • (a) Audit philosophy — the draft prefers an “in-house audit” model and bars sharing source code/algorithms/datasets with third parties (Reg 38(2)), whereas DGPSI-AI values independent third-party audits; he suggests a balanced model of internal audits supplemented by accredited external assurance under controlled conditions.
  • (b) Regulatory posture — the draft presumes in favour of adoption, while DGPSI-AI emphasizes demonstrating compliance before deployment. He notes DGPSI-AI goes further than SCAIF in requiring a “Kill Switch” for critical risks.

3. Governance structure — his most detailed critique

Naavi maps the proposed structure in detail:

• Apex Body (“Appropriate Authority”): A full-time permanent body of 9+ members — 2 Supreme Court judges (one as ex-officio Chairperson), 2 High Court Chief Justices, an MeitY officer (not below Joint Secretary), a cybersecurity expert, a finance expert, advocate(s) of standing, a member from an institution of national importance, and the professor heading AI at the National Judicial Academy (NJA), Bhopal, with power to co-opt experts. He notes the CJI nominates members and “would be the driving force of the committee.”
• Five sub-committees: Judicial; Technical; Infrastructure and Finance; Case and Data Management; and Cyber Security.
• CoRE-AI (Centre of Research and Excellence on Artificial Intelligence): an integrated research/legal-compliance support body of judges, lawyers, technical experts, academicians, think-tank fellows, post-doctoral researchers and NJA representatives.
• AI Committees at the Supreme Court and every High Court (three judges + a senior AI Secretariat member), each supported by an AI Secretariat of officers/experts in judicial administration, technology, data science and law.

His concerns:

• Bureaucratization, cost and scale: “While the importance given to AI Governance can be appreciated, the number of Committees, Sub Committees and Secretariats may create a huge structure with increased cost of administration.”
• Over-governance and duplication: “There is a danger of excessive bureaucratization, over governance and duplication of functions which may delay the decision making process and create dysfunctional cross currents.”
• Opportunity cost vs. pendency: “When 5 crore cases are pending, whether deploying such funds not for handling cases but for the administration requires re-thinking.”
• Self-dependence under the CJI: He notes the system is set up in a “totally self dependent manner,” with all functions under the CJI; MeitY/NIC/CERT-In officials participate but function under CJI supervision.
• Timeline: Given the broad representation, he estimates the Apex Body will take “about 2-3 months” to become functional.

His recommendations on structure:

• Reduce cost via “better organization and using deputed officers from other Government organizations where there could be excess manpower capacities” — particularly since AI will take over routine administrative duties across government departments.
• He observes the plan should be “re-visited with the help of a review committee” consisting of IISc, an IIM, an IIT, NLSIU, a private-sector organizational-structuring expert and an expert Chartered Accountant. Without such pruning, “the Central Government and CAG may be uncomfortable.”

4. Permissible and prohibited uses (Chapter III)

Naavi finds Chapter III “very explicit” with no cause for misunderstanding. He welcomes the prohibitions — especially the bar on using personal data to train algorithms and on automated judicial decision-making — noting “DGPSI-AI is already in sync with this thought.” His main critique is procedural: because vendors must obtain prior approval from the AI Committee at the Supreme Court or respective High Courts, “multiple software can got approved from different committees. This could have been avoided by making the approval of software from the centralized Technical Committee.” He also recommends that violation reporting be centralized so a non-compliant vendor/system “can be removed from the system in all other Courts” where it was in use.

(The draft’s Regulation 20 prohibitions, which he endorses, bar AI from reaching judicial outcomes, risk scoring for bail/flight risk/recidivism, predicting or profiling behaviour, assessing witness credibility, surveilling judges/lawyers/litigants, using opaque “black-box” systems affecting liberty, and submitting undisclosed AI output as evidence.)

5. Oversight, audits and incident management (Chapter V)

Naavi again critiques decentralization: “there is an attempted decentralization of oversight involving individual AI committees. This may create duplication and also conflicting decisions by different Courts.” He suggests “one grand committee of CJIs of all high Courts” for centralized decisions, including the format for the Technical and Ethical Impact Assessment (Section 35). He maps these requirements onto DGPSI-AI audits (explainability, risk assessment, human handler contact, guardrails documentation, third-party audit, etc.), noting DGPSI-AI requires external audits at both developer and deployer ends, whereas SCAIF prefers in-house audits (the role normally performed by a DPO in a private-sector organization).

On the AI Content Verification Authority (Section 44), he is notably skeptical: “This proposition under Section 44 is a highly ambitious proposal the full dimensions of which might not have been factored into the suggestion. It could mean setting up of a separate Forensic Lab for the task of verifying every AI content used in the Court process which may be practically beyond the scope of this regulation.”

He likewise argues the Section 42 emergency/fall-back (BCP) process and the Section 41 review of legacy systems (a separate audit, with a one-year window) should be centralized rather than left to each High Court.

His summary conclusion: “these oversight functions are better managed as a Central Expert team rather than being duplicated at every High Court level. If persisted, most High Courts will ignore the directions al together and the objective of this regulation may not be achieved.”

6. Data protection and constitutional/legal angles (Chapter VII)

This is where Naavi’s DPDPA/cyber-law expertise is most prominent:

• The regulations recognize overlapping ITA 2000 and DPDPA 2023 obligations (Sections 48 and 54); Section 54 states the regulations are “in addition to and not in derogation of” those laws, with the other law prevailing in case of inconsistency.
  • He flags as an “ambiguity” the provision that where the regulations afford a higher degree of protection than administrative instructions, the regulations prevail.
• “Sensitive Judicial Data” problem: The draft defines a new term, “Sensitive Judicial Data” (any PII of parties, witnesses or legal representatives, and any information whose unauthorised disclosure may cause harm).
  • Naavi points out that DPDPA does not define “Sensitive” data; it only defines “Significant Data Fiduciary” as one handling sensitive data. Therefore “If all data in the judicial system is ‘Sensitive’, Judicial authorities will become Significant Data Fiduciaries,” and “Use of AI further reinforces this status.”
• Exemption analysis: He explains that complete DPDPA exemption is available only under Section 17(2), which does not automatically include courts unless they are “notified” as “instrumentalities of state” for the purpose of maintaining public order; Section 17(1) exemptions are partial (covering Chapter II legal-basis, Chapter III data-principal rights, and Section 16 cross-border transfer) and exclude the reasonable-security obligation under Section 8(5).
  • His recommendation: “MeitY declares the Court systems as exempted under Section 17(2) to avoid any perceived conflicts.”
• He notes the draft adopts data minimisation and anonymisation (Sections 48–49), and that non-personal data processed by AI falls under ITA 2000.
• Grievance redressal: Under Section 53, aggrieved persons may seek redressal through any other competent court, meaning the DPB–TDSAT–SC route for personal-data disputes may still be available.
  • He notes there is “no specified appeal mechanism” within the framework, and that grievance-redressal teams need separate training.

7. Procurement and private-sector engagement (Chapter VI / Regulation 46)

Naavi reproduces Regulation 46 in full and stresses it applies directly to the private sector. Key implications he highlights:

• Prior written approval of the Appropriate Authority is required before any private entity can provide AI-related services; if applied to legacy systems, “every vendor who at present has been supplying any software product claiming to use AI will have to obtain clearance.”
• Mandatory contract clauses (46(4)): data/output ownership, purpose limitation, full legal compliance, disclosure/incident reporting, audit rights, breach consequences, source/model transparency, explainability for high-risk tools, indemnity protecting courts, on-premise/sovereign-cloud deployment for sensitive judicial data, prohibition on retraining/fine-tuning on court data without AI Committee approval, and clear liability allocation.
• IP: where tools are built using court data/resources, the court retains ownership or a perpetual royalty-free licence, and no private entity can claim exclusive IP — a provision he highlights approvingly.
• He maps these onto DGPSI-AI’s 13 developer specifications and suggests that pre-certifying AI as “DGPSI-Compliant” could speed approvals. He recommends continuous monitoring of software. He also notes legacy systems get a one-year compliance-review window under the regulations.

8. Capacity building and competencies (Chapter VIII)

Naavi summarizes the training mandate (Section 49): AI Secretariats must develop, in consultation with domain experts and judicial training institutions, structured training for all judges, advocates and court staff who use AI — covering AI functioning/limitations, identification and mitigation of bias/hallucinations/errors, the legal and ethical framework (including litigant rights and judicial-officer obligations), data protection and cyber security, and incident-reporting/grievance procedures.

He notes grievance-redressal teams also require separate training, and emphasizes (per Section 53) that aggrieved persons retain recourse to other competent courts. He references the Section 51 “living repository” of best practices and the Section 52 biennial training review and annual training calendars.

9. General principles (Chapter II)

Naavi treats Chapter II’s principles — human primacy and judicial independence, rule of law (including the Bangalore Principles of Judicial Conduct, 2002), fairness/non-discrimination, transparency/explainability, accountability, auditability, data protection, purpose limitation, proportionality, inclusivity/accessibility, data integrity, cyber security, the presumption in favour of responsible adoption, and “Innovation over Restraint” — as broadly aligned with DGPSI-AI principles.

His main interpretive point, as noted above, is that despite the “Innovation over Restraint” label, the detailed regulation effectively makes restraint override innovation. He highlights the accountability principle that hallucination, opacity or “black box” behaviour cannot be invoked to escape responsibility for a wrong decision.

Recommendations

1. Centralize oversight to control cost and avoid duplication (his highest-priority point).

Comments should press for a central expert team or a “grand committee” of High Court Chief Justices to handle software approval, impact-assessment formats, incident databases, AI registers, BCP/fall-back protocols, and content verification — rather than replicating these at every High Court. Benchmark that would change this position: if the Apex Body demonstrably keeps approvals/standards central and delegates only narrow local execution, the duplication concern is largely met.

2.Demand a costing/structure review.

Support his call for an independent review committee (IISc, an IIM, an IIT, NLSIU, a private-sector org-design expert, and a Chartered Accountant) to prune the the required manpower and cost. Threshold: a published manpower/budget plan relying on deputation from existing government cadres would address the CAG/Central-Government discomfort he predicts.

3.Resolve the DPDPA status of courts.

Urge MeitY to notify court systems as exempt under DPDPA Section 17(2), and seek clarity on whether courts become Significant Data Fiduciaries by virtue of handling “Sensitive Judicial Data” plus AI. Absent this, courts face genuine compliance ambiguity.

4.Rebalance the audit model.

Advocate a hybrid: in-house audits supplemented by accredited, security-cleared independent auditors operating within court premises — consistent with DGPSI-AI and with concerns raised by other commenters ( rather than a blanket prohibition on external audits.

5.Centralize vendor approval and de-listing.

Push for a single Technical Committee approval pathway and a centralized violation-reporting/de-listing mechanism so a non-compliant tool is removed across all courts at once.

6. Reconsider Section 44 (AI Content Verification Authority).

Treat it as aspirational and clarify its scope to avoid an effectively unfunded “forensic lab” mandate; provide for legacy-system review (Section 41) and BCP (Section 42) centrally.

7. For industry/AI vendors:

Begin aligning to DGPSI-AI-style specifications now (ownership, purpose limitation, explainability, indemnity, on-premise/sovereign-cloud, no retraining on court data), since Regulation 46 will gate all judicial procurement and is likely to become a private-sector due-diligence benchmark.

(P.S. The above summary was created by an AI assistant)

Also Refer:

Here is a summary of articles presented in this platform explaining the document released for public comments by the Supreme Court containing the proposed AI usage guidelines in Judiciary.

At first glance people may think this is only related to the Judicial Sector and  not relevant to the others. Naavi differs in this view for several reasons.

Firstly the document is issued under the support of the highest court of the land and therefore reflect the thoughts of the  Judiciary on how AI can be allowed to be  used. What is recommended here for the Judicial sector may be to a slightly smaller extent  applicable to the private sector also. This document is therefore a “Due Diligence” for the  rest of the industry.

Secondly private sector  will have a stake in selling software to the Judicial sector both  for administrative requirements as well as use by a Judge in arriving at his decision. The guidelines clearly define what kind of AI usage is permitted and what is not.

Since very little time is available for public comments  (to be submitted before 20th June 2026) we have tried to provide the series of articles explaining our reading of the material so that all the readers can proceed to form their own views and if required send their comments to the member secretary at office.regcc@sci.nic.in . The articles have also been explained in terms of audio reviews and video reviews created by an AI assistant. It makes the concepts explained in detail.

For easy access of all the articles, links are provided in this table below. Hope this will be appreciated. There are a few places where concerns have been expressed.

Naavi

(P.S: This is in continuation of our discussion on the suggested AI regulations for Judiciary by the supreme Court)

In the previous articles, we have discussed the different provisions of the regulations for AI adoption and usage in Judiciary released by the Supreme Court as a draft for public comments. Thee comments are required to be submitted before 20th June and there is very little time for all to study the proposition in depth. We have tried to  decode the provisions so that others can quickly assimilate and formulate their views.

In this article in this series we discuss the General Principles of AI Governance which is a very important aspect of the  regulation. These are comparable to the AI Governance principles and  covered under the principles of DGPSI-AI.

The  provisions of Chapter II are reproduced here for  reference.

CHAPTER II: GENERAL PRINCIPLES TO GOVERN ADOPTION, DEPLOYMENT AND USE OF AI SYSTEMS IN COURTS

4. Human primacy and judicial independence.—

(1) The use of Artificial Intelligence in Court processes shall at all times remain strictly subservient to human judgment and judicial authority.

(2) Every AI System shall function solely in an assistive capacity and shall not supplant or compromise the independent exercise of judicial authority by a duly appointed judicial officer.

(3) The ultimate authority to determine matters of law, fact and justice shall vest exclusively in the judicial officers of the competent jurisdiction.

5. Rule of law.—

(1) The adoption and use of AI Systems in Courts shall be consistent with the provisions of the Constitution and any other law for the time being in force including  the principles of natural justice and shall not be used in any manner that could undermine due process, the right to a fair trial, equality before law, or access to justice.

(2) The Bangalore Principles of Judicial Conduct (adopted in 2002) shall, in addition to these regulations, continue to govern the conduct of judicial officers in all matters, including those involving the use of AI.

6. Fairness and non-discrimination.—

(1) The AI Systems used in Court processes shall be designed, trained and deployed in a manner that promotes fairness and avoids discrimination.

(2) No AI System shall be deployed that perpetuates, amplifies, or introduces bias on the grounds of race, religion, caste, sex, gender, disability, language, economic status, or any other ground prohibited under the Constitution or any law for the time being in force and special care shall be taken to protect the rights and interests of vulnerable groups including women, children, persons with disabilities, marginalised and  minority  communities,  and  persons  from  economically  and  socially disadvantaged backgrounds.

7. Transparency and explainability.—

(1) Every AI System used in Court processes shall meet high standards of transparency and explainability.

(2) The functioning, data inputs and decision logic of any AI System used in a Court process shall be capable of being understood and, where appropriate, be explained to judicial officers, the parties concerned and the public.

(3) The deployment of AI Systems that are opaque or incapable of explanation shall be subject to heightened scrutiny and shall be restricted in high-risk applications affecting personal liberty or any lawful right of a person.

8. Accountability.—

(1) Accountability for all decisions made by any officer with the assistance of AI shall rest exclusively upon such officer and it shall not be permissible to invoke the outputs of an AI System, the opaqueness of a Black Box system, or the occurrence of hallucination, as a ground for avoiding accountability for a palpably incorrect, illegal, or harmful decision.

(2) The Appropriate Authority shall ensure that clear and documented lines of accountability are established and maintained for the operation of every AI System or AI Tool in a Court.

(3) Where any AI-generated output or information is used in any Court, it shall be treated as advisory in nature and reasonable care shall be taken to verify the accuracy of such output before the same is utilised:

Provided that the officer responsible and accountable for using such AI Tool may, for reasons to be recorded in writing, dispense with the requirement of verification:

Provided   further   that   such   AI   tools   used   exclusively   for   administrative (non-adjudicatory) functions and certified by the AI Secretariat to have established reliability, shall be deemed to satisfy verification requirements on a class basis, without requiring prior verification.

9. Auditability and continuous oversight.––

(1) Every AI System in use in Court processes shall be subject to continuous monitoring and periodic technical, legal and ethical audits   throughout   their   lifecycle   and  adequate  mechanisms  shall  be established to detect, document and address errors, malfunctions and biases.

(2) Audit findings shall be recorded and disclosed in accordance with these regulations,  and  shall  decide  upon  the  continued  deployment of  AI  Systems  in Courts.

10. Data protection and privacy.––

(1) The processing of personal data through AI Systems shall be governed by the principles of purpose limitation, data minimisation and data privacy by design in accordance with the provisions of the Digital Personal Data Protection Act, 2023 (22 of 2023) or any other law for the time being in force, and sensitive judicial data shall be accorded the highest standard of protection.

(2) The right to privacy shall be ensured in all AI related operations of Courts.

12. Purpose limitation.–– AI Systems shall be deployed and used solely for specific purposes for which they have been approved by the Appropriate Authority and any use of an AI System beyond the scope of its approved purpose shall require a separate and specific approval of the Appropriate Authority, which shall record reasons therefor.
13. Proportionality.––

(1) The use of AI in any Court process shall be proportionate to the nature, complexity and risk profile of the relevant task.

(2) Applications involving higher levels of risk to personal liberty or any lawful right of a person, or the integrity of judicial outcomes shall be subject to correspondingly heightened safeguards including mandatory Human-in-the-Loop requirements and independent oversight.

13. Inclusivity and accessibility.––

(1) AI Systems deployed in Courts shall be designed and operated to promote inclusivity and expand equitable access to justice.

(2) Specific attention shall be given to ensuring that the deployment of AI does not create or widen digital divides and that the benefits of AI-assisted judicial services are extended fairly to all stakeholders including those from rural, economically disadvantaged, or linguistically diverse communities.

14. Data integrity.––

(1) AI Systems used in Court processes shall be trained and operated on the basis of data that is accurate, representative, lawfully obtained and to the extent feasible, free from discriminatory bias.

(2)   The   deployment   of   AI   Systems,   trained   on   unlawfully   collected   or demonstrably biased datasets, shall be prohibited.

16. Cyber security.–– The confidentiality, integrity and availability of Court data, processed through or stored in AI Systems, shall be protected by robust, layered and continuously updated technical and organisational security measures, commensurate with the sensitivity of the data and the nature of the Court process.
17. Presumption in favour of responsible AI adoption.––

(1) Every Court shall actively seek opportunities to deploy AI Systems or AI Tools that demonstrably improve access to justice, reduce delays, or enhance administrative efficiency, and unless proved otherwise, the presumption shall be in favour of responsible adoption of AI in Court processes:

Provided that no AI System or AI Tool used for the purpose of assistance in Court processes, shall replace humans as far as decision-making is concerned, and shall not be deployed for dispute-outcome prediction.

(2) The restriction on, or refusal to permit, the use of any AI System or AI Tool, shall be for reasons to be recorded in writing, and such restriction shall be reasonable and to such extent so as to address the concern identified.

17. Innovation over Restraint—

(1) The adoption of Artificial Intelligence in Court processes shall be pursued, in a responsible manner, as a catalyst for impactful innovation in the justice delivery system; and the exploration, development and integration of AI Systems  and  AI  Tools  that  demonstrably further  the  goals of judicial efficiency and easy access to justice shall be actively encouraged.

(2) All innovation under sub-regulation (1) shall be carried out with due regard to the other general principles set out in this Chapter, so as to maximise the overall benefit of AI adoption while eliminating or minimising potential harm; and, all other things being equal, an approach that prefers active and responsible adoption over restraint shall be encouraged.

What strikes the eye most in this regulation is the categoric statement in Section 4 that use of AI in judicial process will at all times remain strictly subservient to human judgement and judicial authority.

This came as a surprising but mortal blow to those who were quoting Albania Government which had appointed an AI as a minister. It is a direct response to the recent article in Economic Times which recommended that companies should adopt AI for DPDPA compliance so that the army of lawyers required otherwise could be eliminated.  Section 4 has simply shut down such arguments once and for all.

Otherwise the principle of fairness, non discrimination, transparency, explain ability, accountability are covered under different sections.

Auditability and continuous oversight has been recommended along with Data Protection principles such as data minimisation, purpose limitation, proportionality.

The regulations prescribe that the systems must be  trained on data that is accurate, representative and “lawfully” obtained.

Cyber Security is also indicated as a principle to be ensured..

Together  there is emphasis on responsible adoption of AI though section 17 says “Innovation over Restraint”

When we look back on all the detailed regulation mandated here, it is obvious that “Restraint” over rides “Innovation” and the Court has in fact been more rigid than necessary. It appears that the authors have worked under a panic that Judicial system will be over whelmed by the AI usage and in due course may eliminate large part of the adjudication.

Given  the delays in the Court, innovators can still push for AI usage in Mediation process and also in “With recourse arbitration”. This should not affect these regulations being implemented in the formal Judicial system.

I request readers to not only  read all the articles but also take time to listen to the Audio overviews and Video overviews available in the link in the menu “Naavi Academy”.   These will clarify the articles. However please remember that the articles are written directly by Naavi while the overviews have been created by my AI assistant. He could have slipped in a few places but I have not found any material error. There could be some exaggerations and praise for Naavi which was not prompted. Kindly ignore.

Naavi

(P.S: This is in continuation of our discussion on the suggested AI regulations for Judiciary by the supreme Court)

Continuing our discussions on the AI regulations in Judiciary proposed by the Supreme Court let us explore section 49,50 an 51 in Chapter VIII of the regulations which prescribes the Capacity Building, Training and Best Practices.

The requirements of these sections are reproduced below for immediate reference.

CHAPTER VIII: CAPACITY BUILDING, TRAINING, AND BEST PRACTICES

49. (1) All Judges, advocates and Court staff, who are required to use or interact with AI Systems in the course of their duties, shall receive regular, structured training on the technical, legal and ethical dimensions of AI, as may be relevant to their functions.

(2)  Training  on  use  of  AI  in  Court  processes  shall be accessible to all such persons, including those in district Courts, and shall be offered in a manner that accounts for linguistic diversity.

(3) The training programmes shall be developed by the AI Secretariat in consultation with relevant domain experts and judicial training institutions, and shall address, at a minimum––

(a)  the functioning, capabilities and limitations of AI Systems in use in Court processes;

(b)   the identification and mitigation of AI bias, hallucinations and technical errors;

(c)   the legal and ethical framework governing AI in the judicial context, including the rights of litigants and the obligations of judicial officers under these regulations;

(d)  data protection principles, cyber security awareness and the handling of sensitive judicial data; and

(e)  the correct procedures for reporting AI Incidents, raising concerns and utilising grievance redressal mechanisms.

51. Repository of best practices on AI Incidents.––The Appropriate Authority shall maintain a living repository of best practices, case studies, lessons drawn from AI Incidents and guidance notes, which shall be regularly updated, curated and made available to all  relevant  Courts  and  judicial  personnel,  so  as  to  serve  as  an institutional memory to ensure continuity of competence, despite changes in staff or composition.
52. Review of training programmes.––

(1) The adequacy and effectiveness of training programmes shall be reviewed at least once in every two years by the AI Committee in consultation with the AI Secretariat, and such modifications as are warranted by practical experience or technological developments shall be implemented.

(2) Every High Court shall devise an annual training calendar in coordination with judicial training institutions and the Apex Body, to ensure the sustained and updated competence of all judicial and administrative personnel in matters relating to AI.

According to Section 49(3), the AI secretariat is required to develop training programs in consultation with relevant domain experts and  judicial training institutions to train all the Judges and other persons who are required to use AI in the system. The training needs to cover

(a)  the functioning, capabilities and limitations of AI Systems in use in Court processes;

(b)   the identification and mitigation of AI bias, hallucinations and technical errors;

(c)   the legal and ethical framework governing AI in the judicial context, including the rights of litigants and the obligations of judicial officers under these regulations;

(d)  data protection principles, cyber security awareness and the handling of sensitive judicial data; and

(e)  the correct procedures for reporting AI Incidents, raising concerns and utilising grievance redressal mechanisms.

Further the regulation also requires that the Grievance Redressal system will also be required to be set up at all the places to handle the grievances related to harm caused by AI usage. This team also needs to be separately trained since there is no specified appeal mechanism specified.

Under section 53, the aggrieved persons will also be open to seeking redressal of grievance though  any other competent court. This means that the DPB-TDSAT-SC route for grievance redressal in case of personal data related disputes may still be available.

Naavi