ADEQUACY OF INDIAN CYBER LAWS IN TACKLING DEEPFAKE CRIMES: A CRITICAL LEGAL ANALYSIS

The rapid evolution of Generative Artificial Intelligence has given rise to deepfakes—highly
sophisticated synthetic media that can convincingly manipulate audio, video, and images to
replicate real individuals with alarming realism. In India, deepfake technology has been weaponised
for non-consensual pornography, financial fraud through voice cloning, electoral manipulation, and
targeted harassment, generating urgent demands for legal intervention. This article critically
evaluates the adequacy of Indian cyber law in addressing deepfake-related offences. Employing a
doctrinal methodology, it analyses the Information Technology Act 2000, the Information Technology
(Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 and the Information Technology
Amendment Rules 2026, the Bharatiya Nyaya Sanhita 2023, and the Digital Personal Data Protection
Act 2023, situating these instruments within the constitutional framework of Articles 19(1)(a) and 21.
The article identifies a critical 'detection-regulation gap,' wherein the law mandates rapid removal of
harmful synthetic content without corresponding advancements in forensic detection capabilities,
creating risks of over-censorship and disproportionate compliance burdens on smaller
intermediaries. It further examines the evidentiary challenges inherent in establishing malicious intent
and authenticating deepfake content under criminal law, and the incomplete criminological
coverage of traditional offence categories—defamation, forgery, and impersonation—when applied to
AI-generated synthetic media. Through comparative analysis with the European Union Artificial
Intelligence Act, the article argues that India's framework remains predominantly reactive, addressing
post-publication harm rather than pre-emptively regulating deepfake-enabling AI technologies. It
concludes by proposing a multi-layered reform agenda: a dedicated Deepfake and Artificial
Intelligence Regulation Act, adoption of a risk-based classification framework, establishment of a
centralized AI Regulatory Authority, mandatory watermarking and content provenance standards,
and a national deepfake forensic infrastructure.
Keywords: Deepfakes, synthetic media, Information Technology Act 2000, IT Amendment Rules 2026,
Synthetically Generated Information, Bharatiya Nyaya Sanhita 2023, Digital Personal Data Protection
Act 2023, EU AI Act, detection-regulation gap, intermediary liability, Article 21, cyber law India