In September 2025 when FDPPI published the DGPSI-AI framework, it was presented as an extension of DGPSI for Data Fiduciary environment. This was the first AI regulatory guideline presented in India as a compliance framework for the industry. As against this “Self Regulatory” suggestion, MeitY released the Balaraman Committee report as its version of suggested AI regulation in November 2025.
In the recent days the industry has been trying to exert its influence through NASSCOM to persuade MeitY to introduce industry favouring regulation such as the infamous Economic times Report on “Law to Code” as a solution for DPDPA Compliance.
However the release of the Draft regulation on AI usage in Judiciary by Supreme Court has now put a huge speed breaker on the industry lobbying. By making this internal guideline as a comprehensive regulatory framework, Supreme Court has now presented a “Due Diligence framework” for industries to follow. It also indicates that any other framework or AI regulation to be introduced by MeitY has to be in compliance with this Judiciary Framework since eventually the Supreme Court will determine if the law is acceptable.
Naavi.org is happy to note that many of the suggestions made under this SC-Framework on AI is supplementing DGPSI-AI framework. We shall try to point out this comparison in this article.
Essence of DGPSI-AI
The DGPSI AI consists of
a) Six Principles of Governance
b)Nine implementation specifications for AI deployers (Restricted to DPDPA Compliance in a Data Fiduciary)
c) Thirteen specifications for AI developers (Restricted to supply of AI software to Data Fiduciaries)
For immediate reference, we are reproducing these three parts of DGPSI-AI here.
Th foundation of this framework is the following six principles.
1 Unknown Risk is a Significant Risk
2 Behind every AI algorithm there shall be one human for accountability
3 Every Privacy Notice covering an AI Process involved in processing of personal data shall be accompanied by an Explainability disclosure.
4 Use of every AI Process shall be validated by a document justifying the technical, operational and economical need both at the level of the Data
Fiduciary and the Data Processor with unconditional indemnity to the data principal.
5 Every AI process shall document the specific guardrails to secure the processing against Dark Patterns, Neurological manipulation and
physical harm to any data principal.
6 The responsibility of the AI deployer as a “Fiduciary” shall ensure all measures to safeguard the society from any adverse effect arising out of
the use of the AI.
The DGPSI-AI works within the framework of DPDPA Compliance and therefore has defined AI as an “Unknown Risk”. The logic for additional framework of compliance for AI is built because “Unknown Risk is Significant Risk” and bearer of significant risk should be considered as a Significant Data Fiduciary with the additional obligations under DPDPA.
The SC-AI framework (SCAIF) did not need support of such a logic and is being implemented within the administrative powers available to the Supreme Court to regulate the judiciary in India.
The “Human Accountability” is the second principle of DGPSI-AI and is the distinguishing feature of the SCAIF.
DGPSI-AI expects that a proper document explains the “Requirement of use of AI” where the concepts of “need”, “Proportionality” etc are covered.
DGPSI-AI recognizes that being a “Fiduciary”, a Data Fiduciary is obliged to get the best practices into place. Now the learnings from the SCAIF becomes the reference document that DGPSI-AI auditor has to take note of.
Here is a comparison of the two frameworks for further discussion
A closer examination, however, indicates that the two frameworks are similar and complementary instruments operating at different layers of the AI ecosystem.
The Supreme Court Regulations focus primarily on the governance of AI within judicial institutions. They prescribe the conditions under which Courts may procure, deploy, supervise, audit, and use AI systems while preserving judicial independence, human oversight, accountability, privacy, and constitutional values.
DGPSI-AI, on the other hand, focuses on the obligations of AI developers, deployers, service providers, and organisational users. It establishes a structured compliance framework for AI governance, risk management, transparency, accountability, privacy protection, and ethical deployment.
Viewed in this context, DGPSI-AI effectively governs the vendor and deployer side of the same AI ecosystem that the Courts seek to regulate through Chapter VI of the draft Regulations. The AI Service Providers engaged by Courts under Regulation 46 would, if compliant with DGPSI-AI specifications, already satisfy a substantial portion of the contractual and governance requirements contemplated under Regulation 46(4), including requirements relating to data protection, explainability, accountability, auditability, incident reporting, cybersecurity, and lifecycle governance.
The two frameworks therefore reinforce each other. The Court Regulations establish the expectations of the judicial customer, while DGPSI-AI establishes the operational responsibilities of the AI supplier and service provider.
There are, however, certain areas that may require further harmonization.
The first relates to audit philosophy. The draft Regulations prefer an “in-house audit” model and restrict disclosure of source code, algorithms, and datasets to external parties. DGPSI-AI, consistent with broader governance and assurance practices, recognizes the value of independent third-party audits as a mechanism for enhancing trust and accountability. A balanced approach may eventually emerge in which internal judicial audits are supplemented by accredited external assurance under controlled conditions.
The second relates to regulatory posture. The Court Regulations explicitly adopt a presumption in favour of responsible AI adoption and encourage innovation unless specific risks are demonstrated. DGPSI-AI, while equally supportive of innovation, follows a structured risk-management approach that places greater emphasis on demonstrating compliance before deployment. The difference is not one of objective but of emphasis.
These differences reflect the different institutional perspectives of a judicial regulator and a governance framework for AI providers.
Consequently, we look at the proposed Supreme Court framework as a validation of DGPSI-AI. However some tweaking of the DGPSI-AI framework if required would be thought of.
Naavi
