Consolidated Summary of Naavi’s Articles

Posted on June 13, 2026 by Vijayashankar Na

On 3 June 2026 the Supreme Court of India’s AI Committee released a 57-clause, 10-chapter draft, “Regulations for Use of Artificial Intelligence (AI) in Courts, 2026,” for public comments by 20 June 2026 (email office.regcc@sci.nic.in).

Naavi published a series of 11 interconnected articles on naavi.org between 11–13 June 2026 decoding the draft chapter-by-chapter, with accompanying AI-generated audio/video reviews, and indicated he would consolidate FDPPI members’ views for submission. He refers to the framework throughout as “SCAIF” (Supreme Court AI Framework).

Overall assessment.

Naavi calls the draft “a comprehensive document with 57 clauses spread over 10 chapters ready to be converted into a formal law” and “one of the most comprehensive judicial AI governance frameworks proposed anywhere in the world.” He characterizes its philosophy as distinctly Indian: “AI is welcomed as an assistant to justice, but never as a substitute for judicial reasoning.”

Wider significance — the “pre-emption” thesis.

Naavi argues the Supreme Court has “pre-empted” AI regulation in India. Because the document is issued under the highest court, he says it becomes an indicative “Due Diligence” framework for the private sector, and any future MeitY AI law “has to be in compliance with this Judiciary Framework since eventually the Supreme Court will determine if the law is acceptable.” He frames it as a “huge speed breaker” on industry lobbying (via NASSCOM) and on the “Law to Code” idea for DPDPA compliance pushed in an Economic Times report. The draft itself creates an explicit “presumption in favour of responsible AI adoption.”

Details

1. Overall assessment of the framework

Naavi is broadly approving of the substance and philosophy while critical of the administrative architecture.

He praises:

  • Human primacy (Section 4): He singles out the categorical statement that AI use “shall at all times remain strictly subservient to human judgement and judicial authority” as the most striking feature — “a surprising but mortal blow” to those citing Albania’s appointment of an “AI minister.” (Albania in September 2025 named an AI system, “Diella,” as Minister of State for Artificial Intelligence — reported as the first AI to hold a cabinet-level government role.) He reads Section 4 as a direct rebuttal to arguments (e.g., the Economic Times “Law to Code” piece) that AI could replace lawyers for DPDPA compliance: “Section 4 has simply shut down such arguments once and for all.”
  • He notes the draft’s stated “Innovation over Restraint” posture (Sections 16–17) but argues that in practice “‘Restraint’ over rides ‘Innovation’ and the Court has in fact been more rigid than necessary,” suggesting the authors worked “under a panic that Judicial system will be over whelmed by AI.” (The backdrop includes the Supreme Court’s February 2026 alarm at lawyers filing AI-drafted petitions with fabricated case citations, with CJI Surya Kant remarking that the practice was “absolutely uncalled for.”)
  • He observes an opening: innovators can still push AI in mediation and “with-recourse arbitration,” which would not be affected by these judiciary-focused regulations.

2. Relationship to his own DGPSI-AI framework

A recurring theme is that the SC draft validates and complements FDPPI’s DGPSI-AI framework (published September 2025; six governance principles, nine implementation specifications for AI deployers, thirteen for AI developers).

Key points:

  • DGPSI-AI’s foundational principle is “Unknown Risk is a Significant Risk” (treating AI as a significant risk that elevates a Data Fiduciary to Significant Data Fiduciary status under DPDPA); the second principle is “behind every AI algorithm there shall be one human for accountability,” which he says is the “distinguishing feature” mirrored in SCAIF’s human-primacy rule.
  • He frames the two as operating at different layers: the SC Regulations govern the judicial customer side; DGPSI-AI governs the vendor/deployer side. A DGPSI-AI-compliant vendor would, he argues, already satisfy much of Chapter VI / Regulation 46.
  • Two harmonization gaps he identifies:
    • (a) Audit philosophy — the draft prefers an “in-house audit” model and bars sharing source code/algorithms/datasets with third parties (Reg 38(2)), whereas DGPSI-AI values independent third-party audits; he suggests a balanced model of internal audits supplemented by accredited external assurance under controlled conditions.
    • (b) Regulatory posture — the draft presumes in favour of adoption, while DGPSI-AI emphasizes demonstrating compliance before deployment. He notes DGPSI-AI goes further than SCAIF in requiring a “Kill Switch” for critical risks.

3. Governance structure — his most detailed critique

Naavi maps the proposed structure in detail:

  • Apex Body (“Appropriate Authority”): A full-time permanent body of 9+ members — 2 Supreme Court judges (one as ex-officio Chairperson), 2 High Court Chief Justices, an MeitY officer (not below Joint Secretary), a cybersecurity expert, a finance expert, advocate(s) of standing, a member from an institution of national importance, and the professor heading AI at the National Judicial Academy (NJA), Bhopal, with power to co-opt experts. He notes the CJI nominates members and “would be the driving force of the committee.”
  • Five sub-committees: Judicial; Technical; Infrastructure and Finance; Case and Data Management; and Cyber Security.
  • CoRE-AI (Centre of Research and Excellence on Artificial Intelligence): an integrated research/legal-compliance support body of judges, lawyers, technical experts, academicians, think-tank fellows, post-doctoral researchers and NJA representatives.
  • AI Committees at the Supreme Court and every High Court (three judges + a senior AI Secretariat member), each supported by an AI Secretariat of officers/experts in judicial administration, technology, data science and law.

His concerns:

  • Bureaucratization, cost and scale: “While the importance given to AI Governance can be appreciated, the number of Committees, Sub Committees and Secretariats may create a huge structure with increased cost of administration.”
  • Over-governance and duplication: “There is a danger of excessive bureaucratization, over governance and duplication of functions which may delay the decision making process and create dysfunctional cross currents.”
  • Opportunity cost vs. pendency: “When 5 crore cases are pending, whether deploying such funds not for handling cases but for the administration requires re-thinking.”
  • Self-dependence under the CJI: He notes the system is set up in a “totally self dependent manner,” with all functions under the CJI; MeitY/NIC/CERT-In officials participate but function under CJI supervision.
  • Timeline: Given the broad representation, he estimates the Apex Body will take “about 2-3 months” to become functional.

His recommendations on structure:

  • Reduce cost via “better organization and using deputed officers from other Government organizations where there could be excess manpower capacities” — particularly since AI will take over routine administrative duties across government departments.
  • He observes the plan should be “re-visited with the help of a review committee” consisting of IISc, an IIM, an IIT, NLSIU, a private-sector organizational-structuring expert and an expert Chartered Accountant. Without such pruning, “the Central Government and CAG may be uncomfortable.”

4. Permissible and prohibited uses (Chapter III)

Naavi finds Chapter III “very explicit” with no cause for misunderstanding. He welcomes the prohibitions — especially the bar on using personal data to train algorithms and on automated judicial decision-making — noting “DGPSI-AI is already in sync with this thought.” His main critique is procedural: because vendors must obtain prior approval from the AI Committee at the Supreme Court or respective High Courts, “multiple software can got approved from different committees. This could have been avoided by making the approval of software from the centralized Technical Committee.” He also recommends that violation reporting be centralized so a non-compliant vendor/system “can be removed from the system in all other Courts” where it was in use.

(The draft’s Regulation 20 prohibitions, which he endorses, bar AI from reaching judicial outcomes, risk scoring for bail/flight risk/recidivism, predicting or profiling behaviour, assessing witness credibility, surveilling judges/lawyers/litigants, using opaque “black-box” systems affecting liberty, and submitting undisclosed AI output as evidence.)

5. Oversight, audits and incident management (Chapter V)

Naavi again critiques decentralization: “there is an attempted decentralization of oversight involving individual AI committees. This may create duplication and also conflicting decisions by different Courts.” He suggests “one grand committee of CJIs of all high Courts” for centralized decisions, including the format for the Technical and Ethical Impact Assessment (Section 35). He maps these requirements onto DGPSI-AI audits (explainability, risk assessment, human handler contact, guardrails documentation, third-party audit, etc.), noting DGPSI-AI requires external audits at both developer and deployer ends, whereas SCAIF prefers in-house audits (the role normally performed by a DPO in a private-sector organization).

On the AI Content Verification Authority (Section 44), he is notably skeptical: “This proposition under Section 44 is a highly ambitious proposal the full dimensions of which might not have been factored into the suggestion. It could mean setting up of a separate Forensic Lab for the task of verifying every AI content used in the Court process which may be practically beyond the scope of this regulation.”

He likewise argues the Section 42 emergency/fall-back (BCP) process and the Section 41 review of legacy systems (a separate audit, with a one-year window) should be centralized rather than left to each High Court.

His summary conclusion: “these oversight functions are better managed as a Central Expert team rather than being duplicated at every High Court level. If persisted, most High Courts will ignore the directions al together and the objective of this regulation may not be achieved.”

6. Data protection and constitutional/legal angles (Chapter VII)

This is where Naavi’s DPDPA/cyber-law expertise is most prominent:

  • The regulations recognize overlapping ITA 2000 and DPDPA 2023 obligations (Sections 48 and 54); Section 54 states the regulations are “in addition to and not in derogation of” those laws, with the other law prevailing in case of inconsistency.
    • He flags as an “ambiguity” the provision that where the regulations afford a higher degree of protection than administrative instructions, the regulations prevail.
  • “Sensitive Judicial Data” problem: The draft defines a new term, “Sensitive Judicial Data” (any PII of parties, witnesses or legal representatives, and any information whose unauthorised disclosure may cause harm).
    • Naavi points out that DPDPA does not define “Sensitive” data; it only defines “Significant Data Fiduciary” as one handling sensitive data. Therefore “If all data in the judicial system is ‘Sensitive’, Judicial authorities will become Significant Data Fiduciaries,” and “Use of AI further reinforces this status.”
  • Exemption analysis: He explains that complete DPDPA exemption is available only under Section 17(2), which does not automatically include courts unless they are “notified” as “instrumentalities of state” for the purpose of maintaining public order; Section 17(1) exemptions are partial (covering Chapter II legal-basis, Chapter III data-principal rights, and Section 16 cross-border transfer) and exclude the reasonable-security obligation under Section 8(5).
    • His recommendation: “MeitY declares the Court systems as exempted under Section 17(2) to avoid any perceived conflicts.”
  • He notes the draft adopts data minimisation and anonymisation (Sections 48–49), and that non-personal data processed by AI falls under ITA 2000.
  • Grievance redressal: Under Section 53, aggrieved persons may seek redressal through any other competent court, meaning the DPB–TDSAT–SC route for personal-data disputes may still be available.
    • He notes there is “no specified appeal mechanism” within the framework, and that grievance-redressal teams need separate training.

7. Procurement and private-sector engagement (Chapter VI / Regulation 46)

Naavi reproduces Regulation 46 in full and stresses it applies directly to the private sector. Key implications he highlights:

  • Prior written approval of the Appropriate Authority is required before any private entity can provide AI-related services; if applied to legacy systems, “every vendor who at present has been supplying any software product claiming to use AI will have to obtain clearance.”
  • Mandatory contract clauses (46(4)): data/output ownership, purpose limitation, full legal compliance, disclosure/incident reporting, audit rights, breach consequences, source/model transparency, explainability for high-risk tools, indemnity protecting courts, on-premise/sovereign-cloud deployment for sensitive judicial data, prohibition on retraining/fine-tuning on court data without AI Committee approval, and clear liability allocation.
  • IP: where tools are built using court data/resources, the court retains ownership or a perpetual royalty-free licence, and no private entity can claim exclusive IP — a provision he highlights approvingly.
  • He maps these onto DGPSI-AI’s 13 developer specifications and suggests that pre-certifying AI as “DGPSI-Compliant” could speed approvals. He recommends continuous monitoring of software. He also notes legacy systems get a one-year compliance-review window under the regulations.

8. Capacity building and competencies (Chapter VIII)

Naavi summarizes the training mandate (Section 49): AI Secretariats must develop, in consultation with domain experts and judicial training institutions, structured training for all judges, advocates and court staff who use AI — covering AI functioning/limitations, identification and mitigation of bias/hallucinations/errors, the legal and ethical framework (including litigant rights and judicial-officer obligations), data protection and cyber security, and incident-reporting/grievance procedures.

He notes grievance-redressal teams also require separate training, and emphasizes (per Section 53) that aggrieved persons retain recourse to other competent courts. He references the Section 51 “living repository” of best practices and the Section 52 biennial training review and annual training calendars.

9. General principles (Chapter II)

Naavi treats Chapter II’s principles — human primacy and judicial independence, rule of law (including the Bangalore Principles of Judicial Conduct, 2002), fairness/non-discrimination, transparency/explainability, accountability, auditability, data protection, purpose limitation, proportionality, inclusivity/accessibility, data integrity, cyber security, the presumption in favour of responsible adoption, and “Innovation over Restraint” — as broadly aligned with DGPSI-AI principles.

His main interpretive point, as noted above, is that despite the “Innovation over Restraint” label, the detailed regulation effectively makes restraint override innovation. He highlights the accountability principle that hallucination, opacity or “black box” behaviour cannot be invoked to escape responsibility for a wrong decision.

Recommendations

  1. Centralize oversight to control cost and avoid duplication (his highest-priority point).

Comments should press for a central expert team or a “grand committee” of High Court Chief Justices to handle software approval, impact-assessment formats, incident databases, AI registers, BCP/fall-back protocols, and content verification — rather than replicating these at every High Court. Benchmark that would change this position: if the Apex Body demonstrably keeps approvals/standards central and delegates only narrow local execution, the duplication concern is largely met.

2.Demand a costing/structure review.

Support his call for an independent review committee (IISc, an IIM, an IIT, NLSIU, a private-sector org-design expert, and a Chartered Accountant) to prune the the required manpower and cost. Threshold: a published manpower/budget plan relying on deputation from existing government cadres would address the CAG/Central-Government discomfort he predicts.

3.Resolve the DPDPA status of courts.

Urge MeitY to notify court systems as exempt under DPDPA Section 17(2), and seek clarity on whether courts become Significant Data Fiduciaries by virtue of handling “Sensitive Judicial Data” plus AI. Absent this, courts face genuine compliance ambiguity.

4.Rebalance the audit model.

Advocate a hybrid: in-house audits supplemented by accredited, security-cleared independent auditors operating within court premises — consistent with DGPSI-AI and with concerns raised by other commenters ( rather than a blanket prohibition on external audits.

5.Centralize vendor approval and de-listing.

Push for a single Technical Committee approval pathway and a centralized violation-reporting/de-listing mechanism so a non-compliant tool is removed across all courts at once.

6. Reconsider Section 44 (AI Content Verification Authority).

Treat it as aspirational and clarify its scope to avoid an effectively unfunded “forensic lab” mandate; provide for legacy-system review (Section 41) and BCP (Section 42) centrally.

7. For industry/AI vendors:

Begin aligning to DGPSI-AI-style specifications now (ownership, purpose limitation, explainability, indemnity, on-premise/sovereign-cloud, no retraining on court data), since Regulation 46 will gate all judicial procurement and is likely to become a private-sector due-diligence benchmark.

(P.S. The above summary was created by an AI assistant)

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Privacy. Bookmark the permalink.