ARTICLE | BLOGS, MAHARASHTRA

AI, Legal Tech, and the Law: Development and Regulation

January 31, 2026

Introduction

On 30th November 2022, with the public release of Chat GPT, the world at large was introduced to an AI interface for the first time. Since then, AI has made rapid advances including in the legal sector. It is relevant to note that per a NASSCOM-BCG Report on AI published in February 2024, it was stated that India’s AI market is projected to grow at 25-35% through 2027, expanding from USD 7-9 billion in 2023 to USD 17-22 billion by 2027.

As part of this substantial growth, AI is also attempting to aid and transform the usage of technology in the legal industry by various tools including, (i) automated contract review, (ii) AI assisted legal research and (iii) litigation strategy and outcome prediction.

This presents a substantial opportunity for legal-tech startups building AI-driven products. However, legal-tech startups need to be mindful of the changing legal paradigm and risks related to development of AI tools and systems viz. the Indian legal sector.

It is pertinent to note that while India currently has no standalone AI legislation, legal-tech products operate within an evolving regulatory framework. In this regard, the Ministry of Electronics and Information Technology (MeitY) in November 2025, released the India AI Governance Guidelines. These Guidelines while establishing seven foundational guidelines (sutras) for responsible AI development, also emphasize that India at this stage, will adapt existing legal frameworks including, the DPDP Act, Copyright Act, IT Act and other sectoral regulations, instead of enacting new standalone AI legislation. It is pertinent to note that UNESCO has on similar lines published its Guidelines on usage of AI in courts and tribunals.

This article aims to highlight the existing legal framework as also the risk matrix associated with AI and legal-tech.

The Current Regulatory Framework

As stated earlier, the AI Governance Guidelines have stated that India will adapt existing legal frameworks including, the DPDP Act, Copyright Act, IT Act and other sectoral regulations, instead of enacting new standalone AI legislation. This decision not to create a standalone AI statute, is a welcome decision as it does not make an otherwise new field of technology regulatory heavy. We will now take a brief look at the three main legislations stated above.

The DPDP Act – The enactment is the primary personal data protection statute of India, in a similar vein as the GDPR for the EU. It imposes obligations viz. consent, purpose limitation, and data minimisation on all entities processing digital personal data. It is pertinent to note that the Act includes a significant exemption for processing publicly available data, which directly supports the “Innovation over Restraint” principle that runs through the Guidelines. It is further pertinent to note that the Economic Survey for the year 2025-26, in its chapter pertaining to AI has stressed on the need to build on the foundations of the DPDP Act, with a view to expand data categorisation, so as to enable “heightened accountability and value-retention requirements to apply only where the risks and asymmetries are more pronounced.”

The IT Act – The enactment is the primary information & technology related governing statute of India. There are various sections that may be used to govern transmission of AI-generated material including sections 66D, 66E, 67 and 67A. It is pertinent to note that while section 79 of the Act provides exemption to intermediaries for third-party content, however the 2025 Draft Amendment to IT Rules include a significant shift, in so far as intermediary platforms shall be required thereunder to proactively identify, verify and label synthetically generated content.

The Copyright Act – The enactment governs the law of copyright in India. Currently, the statute makes no specific exception for text and data mining, nor is there any other exception to exempt any/all AI training activities from potential claims for copyright infringement. Further, there is no provision addressing the intricacies of AI created content inter alia whether it is copyrightable, who owns the rights et cetera. It is pertinent to note that the Ministry of Commerce, through the DPIIT department published a working paper to address some of the gaps in copyright law viz. AI, however no actual amendments have been made as of date to the copyright law.

Where Legal Risk Commonly Arises

Contract AI Platforms: These platforms/tools are built to assist with analysing and/or summarising and/or drafting contracts/agreements/MoUs et cetera. These platforms are thus required to routinely process confidential and commercially sensitive information. Therefore, these platforms must keep in consideration,

• Lawful data ingestion and consent under DPDPA: Companies must obtain free, specific, informed, unconditional and unambiguous consent. Further, Rule 13 requires Significant Data Fiduciaries to verify that algorithmic software does not pose risks to data principal’s rights.
• Confidentiality and privilege protection: Legal professional privilege must be maintained when handling client contracts. Third-party contract analysis requires robust confidentiality protocols.
• IP ownership: Developers need to be aware of IP rights over AI-generated content. The legal paradigm regarding IP rights over AI-generated content is still unclear. This uncertainty is highlighted from the Copyright office’s act of issuing a withdrawal notice pertaining to earlier granted copyright for AI-generated artwork ‘Suryast’ (created by RAGHAV AI).
• Liability Allocation: Where automated outputs are relied upon in negotiations, clear contractual terms defining developer, deployer, and user liability are essential.

Legal Research & Drafting Tools: These platforms/tools as the name suggests, aim to assist legal professionals in their legal research and opinion drafting by using AI. These platforms need to guard against various risks as the outputs can influence legal reasoning/opinions:

• AI Hallucination: This is one of the currently highlighted problems with AI based legal research. This involves AI hallucinating case citations that don’t exist. For example, the Supreme Court of India in the case of Deepak Raheja , was made aware of fictitious cases being cited in a rejoinder filed with the Court. Similarly, in the case of Mata v. Avianca Inc. , fictitious cases were cited before a US District Court. Developers will need to be mindful of these tendencies of current models while designing their platforms and provide adequate disclaimers and safeguards against the same, including, providing explainability of case-law summaries and citations.
• Documentation of training data sources: Developers will need to provide adequate disclosures regarding data sources used for training, in order to avoid any possible IP infringement claims. The legal risk in this regard is highlighted from the case of ANI v. Open AI , currently pending before the Delhi High Court, where ANI and other intervenors are suing Open AI for IP infringement by Open AI’s usage of the copyrighted material of the Claimants for training of its AI.
• Defining of AI’s role: The developers need to be cognizant of limiting the liability of the platform, and in this regard, need to clearly define the limited role of AI as a tool for assisting and not for providing legal advice, and that the platform is not a replacement for seeking legal advice from a professional.

Litigation Analytics & Predictive Tools: These platforms analyse judicial trends, in order to predict outcomes and/or assess risk viz. a proposed legal action. These platforms are increasingly seen as decision shaping systems and therefore need to be cognizant of the following factors:

• Data bias and model risk: Platforms need to be aware of the training data containing any historical, jurisdictional, or systemic biases, and thereby producing skewed predictions that reinforce existing inequities or misrepresent true litigation risk.
• Transparency and explainability: Platforms need to ensure maximum transparency and explainability of both sources and procedures. A failure to ensure such transparency regarding data sources, modelling assumptions, confidence intervals, and error rates, is undermining of informed use and complicates auditability, regulatory scrutiny, and judicial acceptance.
• Liability and Misrepresentation Risk: Platforms need to position themselves as analytical aids, and not decision-making substitutes. This ensures minimisation of any exposure to possible claims pertaining to professional negligence, misrepresentation, and product liability.

BUILDING RESPONSIBLE LEGAL AI: STRATEGIC IMPERATIVES

Platforms should aim to adopt the “seven sutras” for responsible AI as espoused in the AI Governance Guidelines , namely:

• Trust as the foundation – Without trust, innovation and adoption will stagnate.
• People First – Human centric design, human oversight, and human empowerment.
• Innovation over restraint – All other things being equal, responsible innovation should be prioritised over cautionary restraint.
• Fairness and equity – Promote inclusive development and avoid discrimination.
• Accountability – Clear allocation of responsibility and enforcement of regulations.
• Understandable by design – Provide disclosures and explanations that can be understood by the intended user and regulators.
• Safety, resilience and sustainability – Safe, secure and robust systems that are able to withstand systemic shocks and are environmentally sustainable.

Platforms should implement privacy protocols as part of their design to ensure DPDPA compliance. In this regard, the companies should,

• Obtain explicit, specific consent for data to be used for AI training.
• Implement reasonable security safeguards in consonance with industry best practices.
• Address right to erasure.

Platforms should proactively address concerns arising from copyright and other forms of IP. Platforms ought to,

• Obtain proper authorisation for copyrighted training data.
• Document data sources comprehensively.
• Clarify IP ownership of AI outputs, including hybrid outputs.

Platforms should aim to minimise/mitigate hallucination risk by taking various steps, including,

• Implementing verification systems for factual outputs (especially legal citations).
• Labelling AI outputs clearly as AI-generated.
• Including adequate and detailed disclaimers, including branding of AI services as legal assistance and not legal advice.
• Providing adequate confidence scores and disclosures regarding limitations of the AI model/platform.
• Maintain human oversight, at all critical junctures, especially when pertaining to factual outputs.

AI Regulation – The Proposed Direction

In the year 2025, we have seen a flurry of activity related to AI governance in India. These include the Draft IT Amendment Rules, the 2025 AI Guidelines, and the Working Paper on Copyright and AI, as well as the Economic Survey. These documents show that instead of a central monolithic regulatory system, we are currently opting for a more layered governance architecture.

While welcoming the direction being taken by the Indian state, it is our humble opinion that the governance model for AI should be based on the following principles,

• Proportionality: The regulatory/compliance obligations should be proportional to the potential harm and systemic importance of the AI technology, and not its novelty per se. This approach will ensure that our governance paradigm is focussed and risk-weighted and not throttling in nature.
• Coordination: The risk with a structured governance model is that a plethora of sectoral regulators may result in fragmented enforcement which may breed inefficiencies both viz. costs as well as development of the technology. To safeguard against this, sectoral regulators like the RBI, SEBI, TRAI, the Data Protection Board et cetera, should develop shared standards and information-sharing protocols, based on which sectoral obligations for AI based systems may be designed.
• Speed and agility: The pace of development and deployment of AI requires institutional readiness that is currently lacking and therefore requires deployment of the regulatory paradigm to keep pace. Further, the regulatory paradigm being deployed also needs to be agile to respond to future changes/development.

The recent judicial pronouncements like the Bombay High Court judgment in the Arijit Singh case and the Delhi High Court judgment in the Ravi Shankar case , show that cases relating to AI generated content are already reaching the judiciary and that the Courts have applied existing legal principles to AI-generated content. However, judicial intervention is ad-hoc, reactive and resource intensive. We thus, need to aim for clearer regulatory guidelines for AI, so as to enable AI developers to design AI accordingly, as a governance framework relying heavily on judicial adjudication for AI-related harms, will be an inefficient strategy.

Conclusion

For legal-tech companies, responsible AI is now a commercial differentiator. Law firms and enterprises increasingly expect privacy oriented, explainable systems, with robust documentation, and carefully structured contracts before adopting AI tools. Embedding legal review early during data selection, model training, and go-to-market planning, can significantly reduce regulatory risk and accelerate enterprise adoption.

As legal AI tools move from pilots to core infrastructure, getting the law right at the design stage is a strategic advantage. Startups that integrate ANI v. OpenAI lessons, Omkara Assets hallucination warnings, DPDPA's consent mandates, and the seven sutras will be best positioned to scale responsibly.

About Sinha-Singh and Rajpurohit

At Sinha-Singh and Rajpurohit, we advise AI and legal-tech companies on the legal architecture behind innovation, spanning data protection, IP strategy, technology contracts, risk allocation, and regulatory readiness.

*For legal support on building, deploying, or scaling AI-driven legal-tech products in India, connect with our Technology & Innovation practice.

---

Important Note

• AI powered Tech services : A Roadmap for future ready firms, available Here (last visited on 27/01/2026).
• Indian AI Governance Guidelines – Enabling Safe and Trusted AI Innovation, available Here (last visited 27/01/2026).
• Guidelines of the use of AI systems in Courts and Tribunals, published by UNESCO, available Here (last visited on 27/01/2026).
• S. 3 (c) (ii) of the DPDP Act.
• Available Here (last visited on 03/02/2026).
• Supra note 5 at Pg. 577.
• The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, 2025, available Here (last visited on 03/02/2026.)
• One Nation One License One Payment – Balancing AI Innovation and Copyright, published by Department for Promotion of Industries and Internal Trade (DPIIT), available Here (last visited on 03/02/2026).
• Nayantara Sanyal et al, Intersection of Intellectual Property Rights and AI generated works – Part I, published Here (last visited on 27/01/2026).
• Deepak Raheja & Anr. v. Omkara Asset Management, CA No. 12195/2025
• Roberto Mata v. Avianca Inc., 678 F. Supp. 3d 443, 448 (S.D.N.Y. 2023)
• ANI Media Pvt. Ltd. v. Open AI OPCO LLC, Civil Suit (Comm.) 1028/2024.
• Supra note 2.
• Order dated 26.07.2024 in Com IPR Suit (L) No. 23443 of 2024, Arijit Singh v. Codible Ventures LLP & Ors.
• Order dated 26.08.2025 in CS (Comm) 889/2025, Ravi Shankar v. John Doe(s)/Ashok Kumar(s) & Ors.
• Supra note 12.
• Supra note 10.