The Draft AI framework suggested for the Judiciary by the Supreme Court once adopted is a mandatory order for the Judiciary which includes the Supreme Court, The High Courts, all other Courts and tribunals as well as statutory commissions performing adjudicatory functions within the territory of India.
However this sectoral framework designed under the supervision of the highest Court of the land is so comprehensive that it appears to be intended as a template for the MeitY for framing the AI law and for the Private Sector to adopt it for different sectors.
In particular, Chapter VI of the Act refers to the vendors who may supply AI products to the Judicial system and hence applies to the private sector directly. This is a reflection of the DGPSI-AI framework where 13 implementation specifications were designated for AI vendors while 9 implementation specifications were separately indicated for the Data Fiduciaries.
For immediate reference Chapter VI of the proposed regulations consisting of Sections 46 is reproduced below.
CHAPTER VI: PROCUREMENT AND PRIVATE SECTOR ENGAGEMENT
Section 46: Engagement of Private Entities.––
(1) No private entity, vendor, or third-party service provider shall undertake, participate in, or provide any service in connection with an AI System deployed in Court processes without the prior written approval of the Appropriate Authority.
(2) All proposals for engagement of private entities in connection with AI Systems shall, prior to approval by the Appropriate Authority be subject to a comprehensive evaluation covering technical capability, legal compliance, ethical standards, data security practices and financial standing.
(3) The procurement of AI Systems and related services shall, subject to ensuring transparency, competition, value for public resources and compliance with applicable procurement law and financial regulations, be governed by such procedures as the Chief Justice may determine.
(4) All agreements entered into with private entities for AI-related services shall include mandatory provisions governing––
(a) ownership of, and access rights to, Court data and AI outputs;
(b) prohibition on the use of Sensitive Judicial Data or Court data for any purpose beyond the scope of the engagement;
(c) full compliance with these Regulations and all applicable laws;
(d) obligations of disclosure, incident reporting, and cooperation with audits;
(e) the right of the AI Secretariat to audit and inspect the relevant AI System and its underlying data;
(f) consequences of breach, including suspension or termination of the engagement and liability for harm;
(g) source and model transparency, including complete technical documentation of the architecture and training data of the AI System;
(h) explainability documentation for all High-Risk AI Tools;
(i) mandatory indemnity clauses protecting the Court from liability for harms caused by defects in vendor-supplied AI Systems;
(j) on-premise or sovereign cloud deployment requirements for AI Systems processing Sensitive Judicial Data;
(k) explicit prohibition on the retraining, fine-tuning, or modification of AI models using Court data without the express written approval of the AI Committee;
(l) Clear contractual allocation of liability between the Court and the vendor in the event of AI-related incidents, data breaches, or harm to litigants or third parties.
(5) All AI Systems supplied, operated, or maintained by private entities shall be subject to continuous monitoring and periodic audits by the AI Secretariat throughout the duration of the engagement, as provided in regulation 38.
(6) Any data breach, security incident or AI Incident, involving an AI System provided or maintained by a private entity, shall be reported by such entity to the Appropriate Authority without delay and non-compliance of such reporting, or with any other material condition of engagement, may result in the suspension or termination of the engagement and such further consequences as the Appropriate Authority may direct.
(7) The AI Secretariat shall be empowered to grant expedited approval within thirty days for an AI Tool that––
(a) is used exclusively for administrative purposes not involving personal data of parties;
(b) does not affect adjudicatory functions; and
(c) is functionally similar to a tool already approved by the Appropriate Authority.
(8) The AI Secretariat shall maintain a register of all tools approved under sub-regulation (7).
(9) Where AI Tools are developed using Court data or Court resources, the Appropriate Authority shall ensure that the Court retains ownership of, or a perpetual royalty-free licence to, the resulting tool and its outputs. No private entity shall claim exclusive intellectual property rights over tools developed primarily using judicial data or public resources.
Comments:
The section 46 clearly indicates that a prior approval of the appropriate authority (as designated in the regulation) is required before any private entity can participate in any service with the Judicial system.
If the regulations are applied to legacy systems, then every vendor who at present has been supplying any software product claiming to use AI will have to obtain clearance from the authority.
“Appropriate Authority” means––(i) the Apex Body at the Supreme Court of India; or (ii) the AI Committee at the respective High Court or Tribunal or Commission, as the case may be, under whose administrative control an AI System is deployed or proposed to be deployed;
The apex body to be set up at Supreme Court needs to have atleast 9 members. This comprises of 2 judges from the Supreme Court, 2 judges from the High Court. It will also contain one member from an Institution of national importance, one officer not below the rank of Joint Secretary, in MeitY, an expert in Finance, An expert in Cyber Security, one or more advocates of standing and professor heading the AI in National Judicial Academy, Bhopal. Considering the broad representation envisaged, it should take about 2-3 months for such a committee to become functional.
The Vendor contracts need to include clauses mentioned in section 46(4). This includes declaration of ownership, purpose limitation in the use of data, data breach responsibilities, technical documentation, explain ability documentation, indemnity, no use of data for Machine learning, etc. If AI Tools are developed using Court data or Court resources, the Appropriate Authority shall ensure that the Court retains ownership of, or a perpetual royalty-free licence to, the resulting tool and its outputs. No private entity shall claim exclusive intellectual property rights over tools developed primarily using judicial data or public resources.
It is suggested that the software should be monitored on a continuous basis.
AI Systems already in use in Courts at the time of commencement of these Regulations shall be reviewed by the AI Secretariat for compliance within a period of one year from the date of such commencement and the Appropriate Authority shall determine the appropriate course of action in respect of any system found to be non-compliant.
These regulations are mandatory but applicable only to the Judicial sector. The DGPSI-AI-Developer related implementation specifications is a voluntary self regulatory recommendation. However, for an immediate comparison, we reproduce here the 13 implementation specifications of DGPSI-AI-Developer.
As we can observe the DGPSI-AI requirements cover the suggested requirements under the regulations and if any AI is pre-certified that it is DGPSI-Compliant, the process of approval may be faster.
Some of the requirements of DGPSI-AI-Developer is covered under other sections of the regulation which we shall discuss in our subsequent articles.
Naavi
