Naavi.org

(P.S: This is in continuation of our discussion on the suggested AI regulations for Judiciary by the supreme Court)

In continuation of our discussions on the proposed regulations for use of AI in judiciary released by Supreme Court for public Comments, we shall today look at Chapter III of the regulations related to Permissible and Prohibited  uses.

Under this chapter there is a clear definition of what kind of AI is permissible and what is not. While DGPSI-AI and other frameworks rely on a  Risk Assessment and classification of Risk as significant or not, since this regulation is sector specific, the regulatory draft directly defines what is permitted and what is not.

The following is the text of the regulation.

CHAPTER III PERMISSIBLE AND PROHIBITED USES

18. Appropriate Authority to identify use of AI in Courts.–– The Appropriate Authority shall determine, from time to time, the areas of Court processes in which AI Systems may be utilised, in accordance with the provisions of these regulations.
19. Permissible uses of AI.–– (1) Subject to prior approval in writing by the Appropriate Authority and to the supervision and verification of officers nominated for that purpose, AI Systems may be used for the following purposes, which are illustrative and not exhaustive:–

(a)   case management (including identification of defects in new filings), cause list preparation, hearing scheduling and docket prioritisation;

(b)  automated transcription of court proceedings, subject to mandatory review and certification of accuracy by a Designated Officer;

(c)   translation of judgments, orders, pleadings and other legal documents, subject to human verification of accuracy and fidelity to the original;

(d)   legal research, precedent retrieval, citation verification and document summarisation

(e) administrative functions including case filing assistance, defect scrutiny, record management and judicial resource allocation;

(f)  conversational AI Assistants and guided chatbots to assist litigants and other stakeholders in accessing Court services and understanding procedural requirements, subject to human oversight of their functioning;

(g)    accessibility services including text-to-speech, speech-to-text, Braille translation and visual assistance tools, for persons with disabilities or language barriers;

(h) document authenticity verification and fraud detection in administrative processes, subject to mandatory human review of all outputs before any action is taken;

(i)  anonymisation of judgments, orders and Court records for publication in the public domain;

(j) analytical tools for judicial administration, court performance assessment and backlog monitoring and management; and

(k) auto-generation of prescribed formats, notices and summons with metadata merge including automated preparation of administrative documents.

(2) Any use of AI not enumerated under sub-regulation (1), or not otherwise specifically approved, shall require the prior written approval of the Appropriate Authority, which shall record reasons for the grant or refusal of such approval.

20. Prohibited uses of AI.–– (1) The following uses of AI are strictly prohibited in all Court processes. These prohibitions are absolute and non-derogable, and shall not be subject to relaxation or modification by any authority under these Regulations, including under the power conferred by Regulation 19(1)––

(a)  no personal data of any person shall be used to train, test, or refine any AI System without the prior approval of the Appropriate Authority and, where applicable, in compliance with applicable data protection law;

(b)   no judicial outcome (including any judgment, order, or finding of fact or law) shall be reached through Algorithmic Decision-Making alone or solely on the basis of AI-generated information, data, or analysis and the human judicial authority shall be the determinative authority in all adjudicative decisions;

(c)   no AI System shall perform the function of adjudication or sentencing in any  matter  without  mandatory  Human-in-the-Loop  and  any  output  of  an  AI System in relation to adjudicative or sentencing questions shall be treated as advisory only and shall be subject to independent judicial evaluation;

(d)   no AI System shall be used for Risk Scoring for any purpose in Court processes, including the assessment of flight risk, prediction of recidivism, evaluation of bail eligibility, or determination of the credibility of parties or witnesses;

(e)   no undisclosed, opaque, or unexplainable AI System shall be used in any Court process that may materially affect the lawful rights or personal liberty of any party;

f)  no AI System shall be used to predict, profile, or infer the future conduct or behaviour of parties, accused persons, witnesses, or legal representatives in any Court process;

(g)  no AI System shall be used for the surveillance or continuous monitoring of judicial officers, advocates, litigants, or any other person within or in connection with Court premises or Court processes, except as may be specifically authorised by applicable law for the time being in force;

(h)  no AI-generated output shall be submitted to a Court as an independent source of evidence without full and transparent disclosure of its AI-generated character; and

(i)   no AI System shall be used in any manner that may compromise the confidentiality  of  judicial  deliberations  or  the  independence  of  the  judicial decision-making process.

(2) The prohibitions referred to in sub- regulation (1)  shall be absolute and shall not be subject to relaxation or modification by any authority.

21. Remedial measures by AI Committee.–– Every violation of any prohibition specified in regulation 20 shall be reported forthwith to the AI Secretariat, which shall be placed before the AI Committee, and the AI Committee shall, after due enquiry, direct such remedial measures, including the suspension of the relevant AI System, as it deems appropriate.

The section is very explicit and there is no cause for any misunderstanding. There are specific permitted uses such as the administrative functions . But even for these, prior approval is required to be taken by vendors from an  appropriate authority which will be the AI committee in the Supreme Court or respective High Courts.

It is possible that multiple software can got approved from different committees. This could have been avoided by making the approval of software from the centralized Technical Committee.

Under the prohibited uses, the use of personal data for training of the algorithm is prohibited and so also is any automated judicial decision making.  This is welcome and DGPSI-AI is already in sync with this thought.

It is preferable if clarification is also made available that violations if any are reported to the central committee so that the vendor or the system can be removed from the  system in all other Courts where it might have been earlier in use.

Naavi

(P.S: This is in continuation of our discussion on the suggested AI regulations for Judiciary by the supreme Court)

The proposed AI regulation in Judiciary has envisaged a strong Governance mechanism for AI usage.

Firstly a full time permanent apex body is being constituted  to regulate and promote innovation, integration, governance, oversight, standard-setting and policy development on Artificial Intelligence in judiciary. Though section 22 suggests that this will take care of bot “Innovation” and “Regulation” we can envisage that  it will be  mainly a regulatory body permitting innovation within limits.

The apex body will consist of 2 Judges of Supreme Court nominated  by CJI one of whom will serve as the Chairman ex-officio.

Two more Chief justices of High Courts, would also be nominated by the CJI.  An officer not below the rank of a Joint Secretary from MeitY would be  an ex-officio member. One expert in Cyber Security and one expert in Finance would also be in the apex body.  One (or more) advocates of standing and one member from an  institution of national importance or any institution of repute would also be nominated by the CJI. Lastly the professor in charge of AI in National Judicial Academy Bhopal would also be in the committee. Additionally the Apex body can co-opt such other experts from Research institutions or academic bodies as it deems necessary. either on a case to case basis or standing basis with the permission of the CJI.

Thus the Apex body which is referred to as the “Appropriate Authority”  would be a 9+ member committee with wide representation of judges, advocates and technical experts.  The CJI will determine the terms of appointment of non-ex-officio members.

One of the functions of the Committee  is to ensure that no AI system, whether autonomous AI agent or static predictive model or any AI Tool, is in violation of any of the provisions of the Constitution or any law for the time being in force and are in compliance with the operational safeguards;

The Committee will also ensure compliance of these regulations, liaise with MeitY, NIC etc, hear and recommend actions  when grievances are raised or any other functions assigned.

It is obvious that CJI would be the driving force of the committee and will head the committee as the ex-officio chairman.

The apex  body shall constitute  five sub committees namely

(a) Judicial Committee; (b) Technical Committee;

(c) Committee on Infrastructure and Finance;

(d) Case and Data Management Committee; and

(e) Cyber Security Committee

Supreme Court will also form a “Center of Research and excellence on Artificial Intelligence” (CoRE-AI) ), as an integrated body, having such number of experts in the fields of technology, law, and academia, as may be determined by the Apex Body, to provide research and legal compliance-related support to the Apex Body. This center will have experts who are Judges, lawyers, technical experts, academicians in the fields of AI and law, Senior and Distinguished Fellows from Think-tanks, post-doctoral researchers and representatives of the National Judicial Academy.

Additionally the Supreme Court and every High Court shall constitute AI Committees to oversee, regulate and facilitate the responsible adoption and governance of AI within its jurisdiction.

This AI Committee will consist of three judges and a senior member of the  AI secretariat and such other members of the  AI secretariat as the AI may invite and will monitor. Each such committee would be supported by an AI Secretariat.

The AI Secretariat shall consist of such a number of officers and experts in judicial administration, technology, data science and law, as may be determined by the AI Committee.

While the importance  given to AI Governance can be appreciated, the number of Committees, Sub Committees and Secretariats may create a huge structure with increased cost of administration.

It appears that the system is being set up on a totally self dependent manner and hence all functions are being regulated directly under the CJI with multiple  committees and employees. Officials of MeitY, NIC and  CERT-In would be involved in relevant committees but will function under the CJI’s supervision.

A rough estimate indicates that the entire paraphernalia consists of nearly 1000 individuals and a total operating cost of around Rs 250-300 crores per annum along with capital expenditure that may exceed another 300 crores.

There is a danger of excessive bureaucratization, over governance and  duplication of functions which may  delay the decision making process and create dysfunctional cross currents.

When 5  crore cases are pending, whether deploying such funds not for handling cases but for the administration requires re-thinking.

It appears that there is scope for substantial reduction of costs by better organization and using deputed officers from other Government organizations where there could be  excess manpower capacities particularly since AI will be used for routine administrative duties in every department of the Government.

This plan appears to have been developed by the National Judicial Academy Bhopal and needs to be re-visited with the help of  a review committee consisting of IISc, one IIM, one IIT, one NLSUI and an expert in organizational structuring from Private Sector and an expert Chartered Accountant.  Without such pruning, there is a possibility that the Central Government and CAG may be uncomfortable.

Naavi

(P.S: This is in continuation of our discussion on the suggested AI regulations for Judiciary by the supreme Court)

The Draft AI framework suggested for the Judiciary by the Supreme Court once adopted is a mandatory order for the Judiciary which includes the Supreme Court, The High Courts, all other Courts and tribunals as well as statutory commissions performing adjudicatory functions within the territory of India.

However this sectoral framework designed under the supervision of the highest Court of the land is so comprehensive that it  appears to be intended as a template for the MeitY for framing the AI law and for the Private Sector to adopt it for different sectors.

In particular, Chapter VI of the Act refers to the vendors who may supply AI products to the Judicial system and hence applies to the private sector directly. This is a reflection of the DGPSI-AI framework where 13 implementation specifications were designated for AI vendors while 9 implementation specifications were separately indicated for the Data Fiduciaries.

For immediate reference Chapter VI of the proposed regulations consisting of Sections 46 is reproduced below.

CHAPTER VI: PROCUREMENT AND PRIVATE SECTOR ENGAGEMENT

Section 46: Engagement of  Private  Entities.––  

(1)  No  private  entity,  vendor,  or third-party service provider shall undertake, participate in, or provide any service in connection with an AI System deployed in Court processes without the prior written approval of the Appropriate Authority.

(2) All proposals for engagement of private entities in connection with AI Systems shall, prior to approval by the Appropriate Authority be subject to a comprehensive evaluation covering technical capability, legal compliance, ethical standards, data security practices and financial standing.

(3) The procurement of AI Systems and related services shall, subject to ensuring transparency, competition, value for public resources and compliance with applicable procurement law and financial regulations, be governed by such procedures as the Chief Justice may determine.

(4) All agreements entered into with private entities for AI-related services shall include mandatory provisions governing––

(a) ownership of, and access rights to, Court data and AI outputs;

(b)   prohibition on the use of Sensitive Judicial Data or Court data for any purpose beyond the scope of the engagement;

(c) full compliance with these Regulations and all applicable laws;

(d)  obligations of disclosure, incident reporting, and cooperation with audits;

(e)   the right of the AI Secretariat to audit and inspect the relevant AI System and its underlying data;

(f)     consequences  of  breach,  including  suspension  or  termination  of  the engagement and liability for harm;

(g)        source    and    model    transparency,    including                 complete          technical documentation of the architecture and training data of the AI System;

(h)  explainability documentation for all High-Risk AI Tools;

(i)  mandatory indemnity clauses protecting the Court from liability for harms caused by defects in vendor-supplied AI Systems;

(j)  on-premise or sovereign cloud deployment requirements for AI Systems processing Sensitive Judicial Data;

(k)  explicit prohibition on the retraining, fine-tuning, or modification of AI models  using  Court  data  without  the  express  written  approval  of  the  AI Committee;

(l)  Clear contractual allocation of liability between the Court and the vendor in the  event  of  AI-related incidents,  data  breaches,  or harm to litigants or third parties.

(5) All AI Systems supplied, operated, or maintained by private entities shall be subject to continuous monitoring and periodic audits by the AI Secretariat throughout the duration of the engagement, as provided in regulation 38.

(6) Any data breach, security incident or AI Incident, involving an AI System provided or maintained by a private entity, shall be reported by such entity to the Appropriate Authority without delay and non-compliance of such reporting, or with any other material condition of engagement, may result in the suspension or termination of the engagement and such further consequences as the Appropriate Authority may direct.

(7) The AI Secretariat shall be empowered to grant expedited approval within thirty days for an AI Tool that––

(a) is used exclusively for administrative purposes not involving personal data of parties;

(b) does not affect adjudicatory functions; and

(c)  is  functionally similar to  a  tool  already  approved  by  the  Appropriate Authority.

(8)  The  AI  Secretariat shall  maintain a  register of all tools approved under sub-regulation (7).

(9)  Where AI  Tools are developed using Court data or Court resources, the Appropriate Authority shall ensure that the Court retains ownership of, or a perpetual royalty-free licence to, the resulting tool and its outputs. No private entity shall claim exclusive intellectual property rights over tools developed primarily using judicial data or public resources.

Comments:

The section 46 clearly indicates that a prior approval of the appropriate authority (as designated in the regulation) is required before any private entity can participate in any service with the Judicial system.

If the regulations are applied to legacy systems, then every vendor who at present has been supplying any software product claiming to use AI will have to obtain clearance from the authority.

 “Appropriate Authority” means––(i) the Apex Body at the Supreme Court of India; or (ii)  the  AI  Committee  at  the  respective  High  Court  or  Tribunal  or Commission, as the case may be, under whose administrative control an AI System is deployed or proposed to be deployed;

The apex body to be set up at Supreme Court needs to have atleast 9 members. This comprises of  2 judges from the Supreme Court, 2 judges from the High Court. It will also contain one member from an Institution of national importance, one officer not below the rank of Joint Secretary, in MeitY, an expert in Finance, An expert in Cyber Security, one or more advocates of standing and  professor heading the AI  in National Judicial Academy, Bhopal. Considering the broad representation envisaged, it  should take about 2-3 months for such a committee to become functional.

The Vendor contracts need to include clauses mentioned in section 46(4). This includes declaration of ownership, purpose limitation in the use of data, data breach responsibilities, technical documentation, explain ability  documentation, indemnity, no use of  data for Machine learning, etc. If AI  Tools are developed using Court data or Court resources, the Appropriate Authority shall ensure that the Court retains ownership of, or a perpetual royalty-free licence to, the resulting tool and its outputs. No private entity shall claim exclusive intellectual property rights over tools developed primarily using judicial data or public resources.

It is suggested that the software should be monitored on a continuous basis.

AI Systems already in use in Courts at the time of commencement of these Regulations shall be reviewed by the AI Secretariat for compliance within a period of one year from the date of  such commencement and the Appropriate Authority shall determine the appropriate course of action in respect of any system found to be non-compliant.

These regulations are mandatory but applicable only to the Judicial sector. The DGPSI-AI-Developer related implementation  specifications  is a voluntary self regulatory recommendation.  However, for an immediate comparison, we reproduce here the 13 implementation specifications of DGPSI-AI-Developer.

As we can observe  the DGPSI-AI requirements cover the suggested requirements under the regulations and if any AI is pre-certified that it is DGPSI-Compliant, the process of approval may be faster.

Some of the requirements of DGPSI-AI-Developer is covered under other sections of the regulation which we shall discuss in our subsequent articles.

Naavi

(P.S: This is in continuation of our discussion on the suggested AI regulations for Judiciary by the supreme Court)

In September 2025 when FDPPI published the DGPSI-AI framework, it was presented as an extension of DGPSI for Data Fiduciary environment. This was the first AI regulatory guideline presented in India as a compliance framework for the industry.  As against this “Self Regulatory” suggestion, MeitY released the  Balaraman Committee report   as its version of suggested AI regulation in November 2025.

In the recent days the  industry has been trying to exert its influence through NASSCOM to persuade MeitY to introduce industry favouring regulation such as the infamous Economic times Report on “Law to Code” as a solution for DPDPA Compliance.

However the release of the Draft regulation on AI usage in Judiciary by Supreme Court has now put a huge speed breaker on the industry lobbying. By making this internal guideline as a comprehensive regulatory framework, Supreme Court has now presented a “Due Diligence framework” for industries to follow. It also indicates that any other framework or AI regulation to be introduced by MeitY has to be in compliance with this Judiciary Framework since eventually the Supreme Court will determine if the law is acceptable.

Naavi.org is happy to note that many of the suggestions made under this SC-Framework on AI is supplementing DGPSI-AI framework. We shall try to point out this comparison in this article.

Essence of DGPSI-AI 

The DGPSI AI consists of

a) Six Principles of Governance

b)Nine implementation specifications  for AI deployers (Restricted to DPDPA Compliance in a Data Fiduciary)

c) Thirteen specifications for AI developers  (Restricted to supply of AI software to Data Fiduciaries)

For immediate reference, we are reproducing these three parts of DGPSI-AI here.

Th foundation of this framework is the following six principles.

1 Unknown Risk is a Significant Risk

2 Behind every AI algorithm there shall be one human for accountability

3 Every Privacy Notice covering an AI Process involved in processing of personal data shall be accompanied by an Explainability disclosure.

4 Use of every AI Process shall be validated by a document justifying the technical, operational and economical need both at the level of the Data
Fiduciary and the Data Processor with unconditional indemnity to the data principal.

5 Every AI process shall document the specific guardrails to secure the processing against Dark Patterns, Neurological manipulation and
physical harm to any data principal.

6 The responsibility of the AI deployer as a “Fiduciary” shall ensure all measures to safeguard the society from any adverse effect arising out of
the use of the AI.

The DGPSI-AI works within the framework of DPDPA Compliance and therefore has defined AI as an “Unknown Risk”. The logic for  additional framework of compliance for AI is built because “Unknown Risk is Significant Risk” and bearer of significant risk should be considered as a Significant Data Fiduciary with the additional obligations under DPDPA.

The SC-AI framework (SCAIF) did not need  support of such a logic and is being implemented within the administrative powers available to the Supreme Court to regulate the judiciary in India.

The “Human Accountability” is the second principle of DGPSI-AI and is the distinguishing feature of the SCAIF.

DGPSI-AI expects that a proper document explains the “Requirement of use of AI” where the concepts of “need”, “Proportionality” etc are covered.

DGPSI-AI recognizes that being a “Fiduciary”, a Data Fiduciary is obliged to get the best practices into place. Now the learnings from the SCAIF becomes the reference  document that DGPSI-AI auditor has to take note of.

Here is a comparison of the two frameworks for further discussion

A closer examination, however, indicates that the two frameworks are similar and  complementary instruments operating at different layers of the AI ecosystem.

The Supreme Court Regulations focus primarily on the governance of AI within judicial institutions. They prescribe the conditions under which Courts may procure, deploy, supervise, audit, and use AI systems while preserving judicial independence, human oversight, accountability, privacy, and constitutional values.

DGPSI-AI, on the other hand, focuses on the obligations of AI developers, deployers, service providers, and organisational users. It establishes a structured compliance framework for AI governance, risk management, transparency, accountability, privacy protection, and ethical deployment.

Viewed in this context, DGPSI-AI effectively governs the vendor and deployer side of the same AI ecosystem that the Courts seek to regulate through Chapter VI of the draft Regulations. The AI Service Providers engaged by Courts under Regulation 46 would, if compliant with DGPSI-AI specifications, already satisfy a substantial portion of the contractual and governance requirements contemplated under Regulation 46(4), including requirements relating to data protection, explainability, accountability, auditability, incident reporting, cybersecurity, and lifecycle governance.

The two frameworks therefore reinforce each other. The Court Regulations establish the expectations of the judicial customer, while DGPSI-AI establishes the operational responsibilities of the AI supplier and service provider.

There are, however, certain areas that may require further harmonization.

The first relates to audit philosophy. The draft Regulations prefer an “in-house audit” model and restrict disclosure of source code, algorithms, and datasets to external parties. DGPSI-AI, consistent with broader governance and assurance practices, recognizes the value of independent third-party audits as a mechanism for enhancing trust and accountability. A balanced approach may eventually emerge in which internal judicial audits are supplemented by accredited external assurance under controlled conditions.

The second relates to regulatory posture. The Court Regulations explicitly adopt a presumption in favour of responsible AI adoption and encourage innovation unless specific risks are demonstrated. DGPSI-AI, while equally supportive of innovation, follows a structured risk-management approach that places greater emphasis on demonstrating compliance before deployment. The difference is  not one of objective but of emphasis.

These differences  reflect the different institutional perspectives of a judicial regulator and a governance framework for AI providers.

Consequently, we look at the proposed Supreme Court framework as a validation of DGPSI-AI. However some tweaking of the DGPSI-AI framework if required would be thought of.

Naavi