Deepfakes, Dignity, and the Law: Is India’s Current Legal Framework Adequate to Address Non-Consensual Deepfake Content, and What Does a Rights-Based Legislative Response Look Like?

ABSTRACT

Rapid advancements in artificial intelligence birthed deepfake technology, allowing users to graft faces or voices onto tampered content without permission. Creative potential exists here. However, weaponizing these tools for harassment and sexual exploitation created a massive legal nightmare. India currently lacks the infrastructure to manage this chaos. Truth be told, current laws fail every single test. That is the reality. Analysing the Information Technology Act 2000, the Bharatiya Nyaya Sanhita 2023, and the IT Intermediary Guidelines and Digital Media Ethics Code Rules 2021 highlights if they offer actual protection against such non-consensual content. Investigating these texts shows extensive framework shortcomings when compared to simple technical errors. By reviewing comparative approaches from the UK, USA, and EU, this research centres arguments on constitutional rights to dignity, privacy, and equality found in the landmark Puttaswamy v. Union of India decision. Proposing an innovative, rights-focused legislative system remains necessary to handle this escalating dilemma within Indian borders. We need better laws for digital safety immediately. Relying on outdated statutes leaves regular citizens vulnerable to endless manipulation. Serious reform must prioritize individual rights over corporate convenience, ensuring justice evolves alongside these dangerous digital threats. Fix the system. Legal frameworks must finally catch up to the current reality of our online lives, protecting people before more damage occurs. Every day lost provides more room for unchecked abuse to flourish across vulnerable networks.

Keywords: Deepfakes, Artificial Intelligence, Non-Consensual Intimate Images, Information Technology Act 2000, Bharatiya Nyaya Sanhita 2023, Digital Personal Data Protection Act 2023, Right to Privacy, Right to Dignity, Comparative Technology Law

INTRODUCTION: THE TECHNOLOGY THAT LAW DID NOT SEE COMING

In late 2023, widely shared video featuring Rashmika Mandanna became available online. Her features were grafted onto another body in an insinuating exhibition designed to deceive. Millions watched before oversight mechanisms cleared the mess. Outrage followed instantly, drawing comments from high-profile figures and government officials alike.[1] Searching for a clear legal remedy, however, left many frustrated. That is the reality.

Deepfake technology leverages complex Generative Adversarial Networks to generate near-authentic digital fabrication by projecting images onto various entities. Frankly speaking, this is not considered some distant technological disaster awaiting us down the line. It is a tool currently carving paths of destruction through the lives of women across the country. Existing laws fail to bridge this gap. Serious psychological trauma stems from these acts, often ruining careers or fuelling extortion schemes that effectively silence victims. Legal protections involving personal worth and privacy are disregarded while these online attacks occur daily. It is what it is. Defining the core research problem requires examining if current criminal statutes or data protection laws offer actual safety against synthetic content. India relies on a fragmented, reactive system built for a prior digital era, lacking the specific tools needed for this modern threat.[2] Is the current setup coherent? Clearly, it is failing. Patchwork measures cannot hold back the tide of malicious content generated through these sophisticated tools. This paper argues that dedicated legislation becomes mandatory to secure human rights in an age of automated forgery. We need laws that speak to current harms, rather than squeezing new crimes into outdated language. Statutes must prioritize individual rights over administrative convenience to hold bad actors accountable.

Focusing on constitutional frameworks provides the best path forward for future policy. Simply tweaking old regulations remains a losing battle.[3] Building a rights-based response ensures the law evolves alongside malicious developers. Protect those at the front lines by establishing clear definitions and swift judicial recourse. Only through such targeted, robust reform can the state hope to provide meaningful protection against the corrosive effects of weaponized synthetic media in a rapidly changing, unstable world.

UNDERSTANDING THE HARM: WHY DEEPFAKES ARE NOT JUST “FAKE NEWS”

Before examining the law, it is essential to understand why deepfakes represent a qualitatively different kind of harm from other forms of online abuse or misinformation. Traditional defamation or obscenity involves content that is recognisably fabricated or that uses genuinely obtained material. Deepfakes are different in three critical ways that have direct legal implications.

First, deepfakes are designed to be indistinguishable from reality. Unlike a cartoon or an obviously edited photograph, a well-made deepfake video appears entirely authentic to the ordinary viewer. This makes the reputational damage immediate and extraordinarily difficult to remedy — once a viewer has seen what appears to be a real video of a person in a compromising situation, the subsequent revelation that it was fabricated does not fully undo the damage.[4] The psychological research on this phenomenon — sometimes called the “continued influence effect” — confirms that corrections rarely catch up with the original false impression.[5]

Second, deepfakes weaponize a person’s own identity against them. The harm is not merely that false content exists — it is that the victim’s own face, voice, and likeness are used to create that content. This is a violation of something more fundamental than reputation — it is a violation of the person’s control over their own identity and self-presentation, which lies at the core of what the Supreme Court recognised as the right to privacy in Puttaswamy.[6]

Third, the scale and speed of digital dissemination means that by the time a legal remedy is obtained, the content has already reached an audience of potentially millions. The law’s traditional remedies — injunctions, damages, criminal prosecution — are all retrospective tools that cannot undo the harm already done. This demands preventive and platform-level obligations that existing law does not adequately impose.[7]

The Current Legal Landscape: A Fragmented and Inadequate Response

1. The Information Technology Act, 2000

The Information Technology Act, 2000 in India serves as the fundamental legal framework to tackle cybercriminal activities along with streaming media. Significant clauses often referred to in relation to deepfakes comprise Clause 66E,[8] which holds accountable those who document or send intimate photos without consent; Section 66D, covering imposter fraud conducted via digital technologies; and Section 67A for publishing sexually explicit electronic material. To be honest, these established principles find it hard to adapt with modern synthetic media. Section 66E specifically targets captured footage, failing to address deepfakes where no real recording event ever occurred. It just fails. Meanwhile, Section 67A remains narrow because it demands explicit sexual content, leaving suggestive yet harmful synthetic media entirely unaddressed. Section 66D focuses heavily on financial fraud rather than the relational or social damage deepfakes inflict on individual reputation. Legal definitions currently lag behind technical reality.[9]

Intermediaries managing social media platforms operate under Section 79, which offers safe harbour protection against third-party content provided they remove unlawful posts upon receiving notice.[10] Rules established in 2021 further demand that significant intermediaries respond to concerns within twenty-four hours and settle disputes within a fortnight. Under increasing pressure after the public Rashmika Mandana incident, the Department of Electronics and Information Technology issued an advisory in late 2023. This mandate demands companies to pull deepfake content within a span of thirty-six hours on receipt of a complaint. Unfortunately, these advisory lacks true statutory power, creating zero enforceable rights for actual victims. It is what it is.

Reliance on legislation drafted in 2000, and last updated in 2008, creates a dangerous void for citizens navigating modern digital ethics.[11] Legislators designed these rules for a world without synthetic artificial intelligence, forcing current lawyers to stretch old concepts to fit brand-new problems. Stretching laws creates immense confusion. Courts and law enforcement end up guessing how these archaic snippets should apply to current harms, leaving victims vulnerable. Addressing deepfakes effectively requires a dedicated framework that recognizes modern synthetic capabilities rather than bending dated statutes out of shape. Without aggressive updates, existing gaps will continue to widen as technology advances beyond our reach. We have reached a point where legacy software cannot possibly manage modern human threats. Simply patching old code fails to secure the network, and the same principle applies to our current legal landscape regarding the rise of digital impersonation and non-consensual synthetic content across the web.[12]

2. The Bharatiya Nyaya Sanhita, 2023

Bharatiya Nyaya Sanhita, 2023, effectively replacing the Indian Penal Code, 1860, includes various provisions touching upon deepfakes. Section 77 addresses voyeurism, Section 79 addresses stalking, while Section 356 addresses criminal defamation.[13] Obscenity still falls under these legal umbrellas too. Unfortunately, none explicitly define or cover synthetic AI-generated content. To be honest, these laws were crafted long before current technological threats emerged. Applying them requires uncomfortable interpretive stretching just to reach a verdict. It is what it is.[14]

Creating a deepfake remains technically legal under this framework. Criminal liability only triggers when someone uses these outputs to harass or target a woman via sexually explicit content. Actually, anyone can generate non-consensual media without facing consequences, provided they keep the files private or distribute them through loopholes outside narrow definitions. That is a massive gap in our justice system. Legal experts argue that this oversight leaves victims unprotected against emerging digital harms. Simple updates to the existing penal code are overdue because the current language fails to grasp the sheer scale of modern deceptive media. Real legislation requires precise terminology to hold bad actors accountable for their unethical actions.[15]

3. The Digital Personal Data Protection Act, 2023

The Digital Personal Data Protection Act, 2023 represents India’s most recent major legislative intervention in the digital space.[16]It establishes rights of data principals including the right to erasure under Section 12 and imposes obligations on data fiduciaries regarding the processing of personal data. A person’s biometric data — including their facial image and voice — is personal data for the purposes of the Act, and its use to create a deepfake without consent could arguably constitute unlawful processing.[17]

However, the DPDP Act has several limitations in the deepfake context. First, it is primarily a regulatory framework focused on data processing by entities that collect data — it is less well-suited to addressing the actions of individual bad actors who scrape publicly available images to create deepfakes. Second, the Act’s enforcement mechanism — through the Data Protection Board — is designed for regulatory action against data fiduciaries, not for providing rapid relief to individual victims of deepfake abuse.[18] Third, the Act contains broad government exemption clauses under Section 17 that have been widely criticised as potentially undermining the framework’s effectiveness.[19]

Comparative Perspectives: What Other Jurisdictions Have Done

1. The United Kingdom

The United Kingdom has taken meaningful legislative steps through the Online Safety Act, 2023, which criminalises the sharing of deepfake intimate images without consent and imposes significant obligations on online platforms to prevent and address such content.[20] The Criminal Justice Act, 2003 has also been interpreted to cover certain forms of deepfake-based harassment. Importantly, the UK Law Commission recommended in 2022 that the creation of a deepfake intimate image should itself be criminalised, regardless of whether it is shared — recognising that the act of creation is itself a violation of the subject’s dignity and autonomy.[21]This recommendation reflects a rights-based understanding of the harm that goes beyond the IT Act’s focus on publication and distribution.

2. The United States

Legislative initiatives nationwide attempts to curb rise of deepfake images via federal and state frameworks. National initiatives centre on the DEEPFAKES Oversight Legislation, a suggestion that calls for informative tags while outlawing malicious synthetic content. Still, it remains pending law.[22]

California, Virginia, and Georgia emphasize safeguarding individuals to protect from non-consensual deepfake pornographic material. AB 602 and AB 730 function as models here, as they establish criminal liability and private civil rights for victims seeking damages. Truth be told, direct litigation is often faster than waiting for clogged court systems. It is what it is. This private right of action model offers a viable path for India. Victims there face slow, under-resourced criminal systems when reporting gender-based violence involving technology. Shifting toward civil reparations might provide quicker relief than endless government legal battles. Everyone deserves real justice.

3. The European Union

EU lawmakers enacted the Artificial Intelligence Act throughout 2024, choosing regulation over blunt criminal enforcement. Vulnerable systems encounter intense monitoring currently. Developers must label AI-generated content clearly so users see the truth. Such rules treat deepfakes as a core governance issue rather than just random acts of digital malice. It just works.[23]

Actually, Indian statutes currently lack this systemic depth regarding emerging technology standards. Legislators there focus on punishing specific crimes after they happen, whereas Europe hits the problem at its roots. Building infrastructure around transparency requires boldness. That is the reality. Nations must choose between reactive laws or proactive design controls.

The Constitutional Framework: Rights That Demand a Legislative Response

Indian legal scholars frequently overlook the constitutional necessity for specific deepfake legislation. Existing laws struggle to grasp how technology mangles our fundamental protections. Take into account K S Puttaswamy v the Union of India, where the court established privacy as a core facet of Provision 21.[24] This ruling preserves your physical self, your sense of self, and your personal data. Developing an immoral deepfake deprives them of all three. It takes your appearance, forge your actions, and broadcasts your likeness to everyone without permission. That is the reality.

Dignity sits at the heart of this mess. Francis Coralie Mullin v Administrator, Union Territory of Delhi[25] established that human dignity remains inseparable from our constitutional life. Deepfake pornography functions as a brutal assault on that very concept. To be honest, most victims have no clear path toward justice. State authorities possess a positive obligation to protect citizens from bad actors, a duty clearly outlined in Vishaka v State of Rajasthan.[26] Failure here leaves individuals exposed to severe, unchecked harms.

Inclusivity continues to be a persistent concern under Articles 14 and 15. Studies indicate that women individuals bear the brunt of manipulated media aggression. A legal system ignoring a threat that explicitly targets women helps maintain deep-seated structural inequality. We must not permit our operating framework to neglect these systemic concerns while claiming to uphold constitutional principles. Closing these loopholes necessitates clear legislative action in place of imprecise readings of outdated statutes. Safeguarding individuals from online infringement necessitates innovative, focused limits since our essential rights are currently at risk from technology developers who neglect ethical standards. Every day spent waiting is another day where victim privacy vanishes into thin air. We need change.[27]

Towards a Rights-Based Legislative Framework: What India Needs

Proposed elements for a dedicated legislative framework in India aim to confront non-consensual deepfake content directly. These suggestions reflect constitutional rights plus international lessons, effectively filling the structural voids observed in current legal systems. India calls for an exact, technology-neutral legislative definition regarding deepfakes. This definition should cover media generated using AI technology that accurately portrays an individual in non-existent scenarios, specifically lacking their explicit approval. Relying on current, vague laws creates gaps that solely benefit malicious actors. That is the reality. Criminalizing the creation of these deepfakes as a standalone, primary offense remains vital, even if the content never reaches the public sphere. The act of creation itself fundamentally violates an individual’s dignity. Distribution acts as a separate, aggravated offense carrying heavier penalties. To be honest, victims frequently struggle with the current legal burden of reporting gender-based violence. Offering victims a, personal civil lawsuit option allows them to sue offenders or online platforms for reparations independent of criminal procedures.

Platforms have to deal with mandatory, enforceable obligations instead of encountering simple advisory recommendations. Tech giants should implement proactive detection systems plus commit to removing verified deepfakes inside clear, firm timeframes. Preservation of evidence for law enforcement is also necessary here. Financial penalties must sting enough to ensure compliance. In the future, a mandatory disclosure requirement applying to all artificial media, matching the guidelines outlined by the EU AI Act, functions as a protective measure. This approach does not forbid authentic artistic applications of AI resources, but it confirms spectators thoroughly comprehend when they view synthetic content. Failing to label material depicting real persons must trigger legal consequences. Introducing a swift adjudicatory process delivers a key means of salvation for people facing threats. With the assistance of the Privacy Protection Committee created under the DPDP Act 2023, the government could offer rapid interim relief, including prompt cease-and-desist orders and removal mandates. People who have suffered ought to have an approach that avoids the gruelling pace of ordinary civil courts.[28] Speed matters in the digital age. By implementing these six pillars, India can finally address the growing threat of deepfake abuse with precision. Legislators should act quickly to secure these protections for the digital public. These rules represent the minimum threshold for safety in a volatile environment where technology constantly evolves. Clear, sharp laws turn the tide against bad actors. Effective regulation is the only way to protect basic human autonomy online today. It works if enforced.

Conclusion: The Law Must Catch Up Before the Harm Compounds

Findings suggest India’s current legal framework, notably the IT Act from 2000, the BNS of 2023, and the DPDP Act 2023, lacks the capability to shield citizens against non-consensual deepfake material. The legal provisions emerged from an era known for strikingly unlike challenges of technology. Implementing ancient laws in relation to new synthetic platforms forces a shaky interpretation that leads to risky legislative gaps. Women frequently pay the price for these failures. That is the reality. Constitutional rights concerning privacy, dignity, and equality mandate that the state provides genuine protection against digital exploitation. Regrettably, India has yet to satisfy this obligation. Comparing our situation to the United Kingdom, the United States, or the European Union reveals that specific legal structures are not just possible, but highly effective. Actually, we have plenty of external models to reference. Consider the grandmother in Jharkhand singing traditional songs versus the actress facing weaponized digital impersonation; they appear worlds apart. Truth be told, both share a fundamental need for bodily autonomy and control over their public story. Legislative inaction ignores these vulnerable people. Deepfake threats evolve at terrifying speeds while state protocols remain stuck in the past. Parliament must act now to bridge these gaps. Relying on outdated policies ensures nothing changes.

Specific, rights-grounded action remains the only path forward. Blanket silence from elected officials leaves citizens exposed to predatory algorithms every single day. We demand direct, clear statutes that address synthetic identity theft immediately. The technology creates chaos on its own terms. Waiting for a perfect moment serves no one. Comprehensive reform is necessary today.

BIBLIOGRAPHY

Primary Sources

Bharatiya Nyaya Sanhita 2023 (India)

Constitution of India

Digital Personal Data Protection Act 2023 (India)

Information Technology Act 2000 (India)

Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 (India)

Online Safety Act 2023 (UK)

Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 (Artificial Intelligence Act)

CASES

Francis Coralie Mullin v Administrator, Union Territory of Delhi (1981) 1 SCC 608

Justice K S Puttaswamy v Union of India (2017) 10 SCC 1

Vishaka v State of Rajasthan (1997) 6 SCC 241

[1] Karan Kaushik, ‘Deepfake Video of Rashmika Mandana Goes Viral; Amitabh Bachchan Calls for Legal Recourse’ The Hindu (New Delhi, 07-11-23).

[2] Ministry of Electronics and Information Technology, Advisory on Deepfakes (Government of India, 07-11-23).

[3] Danielle Keats Citron and Mary Anne Franks, ‘Criminalizing Revenge Porn’ (2014) 49 Wake Forest Law Review 345, 347.

[4] Sensity AI, ‘The State of Deepfakes: Landscape, Threats, and Impact’ (Sensity AI Research Report 2020) 4.

[5] Ullrich Ecker and others, ‘The Psychological Drivers of Misinformation Belief and Its Resistance to Correction’ (2022) 3 Nature Reviews Psychology 13, 15.

[6] Justice K S Puttaswamy v Union of India (2017) 10 SCC 1, [144] (Chandrachud J).

[7] Citron and Franks (n 4) 352.

[8] Information Technology Act 2000 (India), ss 66D, 66E, 67A.

[9] Karnika Seth, Computers, Internet and New Technology Laws (2nd edn, LexisNexis 2016) 312.

[10] Information Technology Act 2000 (India), s 79.

[11] Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 (India), r 4(1)(b).

[12] Ministry of Electronics and Information Technology, Advisory on Deepfakes (Government of India, 07-11-23) para

[13]  Bharatiya Nyaya Sanhita 2023 (India), ss 77, 79, 356.

[14] Vakul Sharma, Information Technology: Law and Practice (5th edn, Universal Law Publishing 2022) 445.

[15] ibdi

[16]  Digital Personal Data Protection Act 2023 (India).

[17] Digital Personal Data Protection Act 2023 (India), s 2(t) (definition of ‘personal data’).

[18] Digital Personal Data Protection Act 2023 (India), ss 18–27 (Data Protection Board).

[19] Usha Ramanathan, ‘The Data Protection Bill: A Critique’ (2023) 58 Economic and Political Weekly 23, 25.

[20] Online Safety Act 2023 (UK), s 188.

[21]  Law Commission of England and Wales, ‘Intimate Image Abuse: A Final Report’ (Law Com No 407, 2022) para 6.12.

[22] DEEPFAKES Accountability Act, HR 4355, 116th Congress (US, 2019).

[23] Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence (Artificial Intelligence Act) [2024] OJ L1689/1, arts 50, 52.

[24] Justice K S Puttaswamy v Union of India (2017) 10 SCC 1, [180] (Chandrachud J).

[25] Francis Coralie Mullin v Administrator, Union Territory of Delhi (1981) 1 SCC 608 (Supreme Court of India).

[26] Vishaka v State of Rajasthan (1997) 6 SCC 241 (Supreme Court of India).

[27] Constitution of India Art. 14 & 15

[28] Digital Personal Data Protection Act 2023 (India), s 18 (jurisdiction of Data Protection Board).