This week (20–26 April 2026): A quiet regulatory week. No new gazette notification, CERT-In direction, RBI circular, SEBI circular or DoT rule was issued. The agenda is set by carryover from W15–W16 — the Gujarat High Court's 10 April 2026 PIL order directing Meta, Google, X, Reddit and Scribd to onboard the SAHYOG portal and comply with the three-hour takedown regime under the IT (Intermediary Guidelines) Amendment Rules, 2026; MeitY's 18 April constitution of the Technology and Policy Expert Committee (TPEC) and the parallel operationalisation of the AI Governance and Economic Group (AIGEG); and the approaching 13 November 2026 Rule 4 trigger under the Digital Personal Data Protection Rules, 2025.
Low-volume caveat: Only two items meet the 10+/15 scoring threshold for the Top section. We cover those honestly and use the rest of the tracker for the active regulatory calendar.
Top 2 Developments This Week
1. Gujarat High Court directs Meta, Google, X, Reddit and Scribd to onboard SAHYOG; centre discloses 13-of-94 compliance gap at X
What changed: On 10 April 2026, the Division Bench of Justices Sunita Agarwal and D.N. Ray of the Gujarat High Court, in Vikas Vijay Nair v. Union of India (C/WPPIL/9/2026), issued notice to five intermediaries — Meta, Google, X, Reddit and Scribd — and directed them to onboard the SAHYOG portal. The Court's order functions as the first judicial operationalisation of the three-hour takedown regime introduced by Rule 3(1)(d) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, 2026 (in force 20 February 2026). The Centre placed on record that, between 2024 and 2026, 94 statutory intimations had been issued to X under Section 79(3)(b) of the Information Technology Act, 2000 ('IT Act'), of which only 13 had drawn formal intermediary responses.
Issuer and date: Gujarat High Court Division Bench; order dated 10 April 2026; next hearing 8 May 2026.
Why it matters: The order forces a practical question that the 2026 amendment left unanswered — how courts will treat intermediaries who are not onboarded to SAHYOG when a takedown intimation issues. Practitioners advising intermediary clients should assume that non-onboarding itself will, after 8 May 2026, likely become a pleaded ground for loss of Section 79 safe-harbour. Founders operating India-facing platforms not yet integrated with SAHYOG should treat onboarding as a compliance pre-condition, not an optional channel. The matter sits within W17 because every respondent intermediary is expected to file its counter before the 8 May hearing — counter-preparation is the week's most significant silent workflow across tech-legal teams.
Link: Gujarat High Court — official portal. (Case docket details should be sourced from the HC's e-Court records; the order PDF is not yet individually hosted on the HC site.)
Score: 11/15 (significance 4, impact 4, novelty 3).
2. MeitY constitutes the Technology and Policy Expert Committee (TPEC) to anchor India's AI governance architecture
What changed: By office communication dated 18 April 2026 (announced via PIB PRID 2253322), MeitY constituted the Technology and Policy Expert Committee (TPEC), a standing expert body chaired by the Secretary of MeitY. TPEC provides technical and strategic inputs to the AI Governance and Economic Group (AIGEG) — the decision-making inter-ministerial body constituted earlier in April (PIB PRID 2252739). TPEC's listed members include Prof. B. Ravindran (IIT Madras), Prof. Rajat Moona (IIT Gandhinagar), and representatives from industry bodies NASSCOM, DSCI and MAIT. Its terms of reference cover national and international AI policy inputs, risk identification in emerging AI systems, gap-spotting in existing regulation, and diplomatic positions for India in G20 and Global Partnership on AI forums.
Issuer and date: Ministry of Electronics and Information Technology; committee constitution dated 18 April 2026.
Why it matters: TPEC + AIGEG together signal that India is moving from ad-hoc advisories (such as the MeitY AI Advisory of 15 March 2024) toward a permanent institutional architecture for AI governance ahead of the proposed Digital India Act. For practitioners, the takeaway is that future AI-related obligations — on labelling, provenance, training-data sourcing and cross-border model deployment — will likely flow through AIGEG recommendations refined by TPEC inputs, rather than through standalone advisories. For founders, the committee composition is the strongest signal yet that India's AI rule-making will be technically informed and sector-specific, rather than a single horizontal statute. Founders should monitor the first TPEC recommendations — expected in H1 2027 — as the de facto pre-legislative text for any future Digital India Act AI chapter.
Link: PIB — Technology and Policy Expert Committee constitution (PRID 2253322).
Score: 10/15 (significance 4, impact 3, novelty 3).
Regulatory Action Log
All Tier 1 items surfaced for the week, including sub-threshold items, with canonical links.
| Date | Regulator | Pillar | Action | Source |
|---|---|---|---|---|
| 2026-04-10 | Gujarat High Court | platforms-intermediaries | Notice to Meta, Google, X, Reddit, Scribd in Vikas Vijay Nair v. UOI (C/WPPIL/9/2026); SAHYOG onboarding directed; next hearing 8 May 2026 | gujarathighcourt.nic.in |
| 2026-04-13 | MeitY | ai-governance | AI Governance and Economic Group (AIGEG) constituted as central inter-ministerial body | pib.gov.in PRID 2252739 |
| 2026-04-17 | MeitY / IndiaAI | ai-governance | 10 Indian AI startups selected for Cohort II, IndiaAI Startups Global Acceleration Programme (Station F / HEC Paris partnership) | pib.gov.in PRID 2252858 |
| 2026-04-18 | MeitY | ai-governance | Technology and Policy Expert Committee (TPEC) constituted to advise AIGEG | pib.gov.in PRID 2253322 |
| 2026-04-20 to 04-26 | CERT-In | cybersecurity | No Section 70B directions issued during week; routine CIAD advisory feed only | cert-in.org.in/Directions70B.jsp |
| 2026-04-20 to 04-26 | RBI / SEBI / IRDAI / NPCI | fintech-payments | No new cyber or digital-lending circular issued; CSCRF next clarification window Q2/Q3 2026 (SEBI cadence) | rbi.org.in/Scripts/NotificationUser.aspx |
What's Next
Dated milestones over the next 2–4 weeks that practitioners and founders should anchor on.
- 2026-05-08 — Gujarat HC next hearing in Vikas Vijay Nair v. UOI (C/WPPIL/9/2026); intermediary responses on SAHYOG onboarding and three-hour takedown compliance are due. Expect a reasoned order probing X's 13-of-94 formal-response ratio.
- 2026-05-13 — DPDP Rules 2025 six-month marker. Phase 2 of the phased timeline under G.S.R. 843(E) approaches; MeitY is expected to issue clarifying notifications on which sub-rules activate. Monitor egazette.gov.in for G.S.R. series notifications.
- 2026-05-13 onward — SEBI CSCRF Q2 clarification window opens under the observed 4–6-month cadence from the 20 August 2024 base circular. Mutual Funds, AMCs and Phase-3 intermediaries should prepare technical-query submissions.
- 2026-05-15 to 2026-05-30 (expected) — TPEC first meeting under the 18 April 2026 terms of reference. First deliverables include an inventory of existing Indian regulatory gaps on generative-AI obligations and an input note for AIGEG on cross-border AI deployment.
- 2026-06-01 (expected) — DoT sub-rule notifications under Chapter IV of the Telecommunications Act, 2023; monitor dot.gov.in/notifications.
- 2026-11-13 — DPDP Rules 2025 Rule 4 trigger: Consent Manager registration and obligations come into force. Indian companies with minimum ₹2 crore net worth may begin filing.
Founder Action Items
- Audit SAHYOG integration status — if your platform is an intermediary under Section 2(w) of the IT Act, confirm whether your in-house legal/trust-and-safety team has onboarded SAHYOG and can receive statutory intimations under the three-hour takedown regime. Treat the 8 May 2026 Gujarat HC hearing as a soft deadline.
- Budget for AI governance engagement — with TPEC and AIGEG now operational, reserve in-house or external counsel bandwidth to track their first deliverables (expected H1 2027) and to prepare consultation responses. These committees are the pre-legislative route into the Digital India Act.
- Map your Consent Manager dependency — confirm whether your consent layer is in-house or third-party; if third-party, confirm whether the provider intends to register as a Consent Manager under Rule 4 of the DPDP Rules 2025 from 13 November 2026, and secure a written commitment from the provider before Q3 2026.
- Watch for DPDP timeline compression — MeitY's January 2026 industry consultation proposed cutting the Significant Data Fiduciary compliance window from 18 months to 12 months. No compression notification had issued as of 26 April 2026, but SDFs should run parallel readiness plans for both 13 November 2026 and 13 May 2027 target dates.
Practitioner Watch-list
- Gujarat HC SAHYOG order spillover — expect parallel PILs or writ petitions in Bombay, Delhi and Madras High Courts seeking similar directions against non-onboarded intermediaries. Prepare a template response strategy anchored in Section 79 safe-harbour and Rule 3(1)(d) due-diligence language.
- TPEC / AIGEG procedural architecture — no publicly notified rules of procedure yet exist for either body. Advise clients intending to make submissions to route them via NASSCOM / DSCI / MAIT where possible until TPEC publishes an independent consultation channel.
- DPDP compression notification risk — if the January 2026 compression proposal is notified by Q3 2026, Significant Data Fiduciaries lose six months of runway on Section 10 / Section 11 obligations (DPO appointment, DPIA cycle, independent audits). Ensure engagement letters with SDF clients allow scope-reset flexibility.
- IT Rules 2026 three-hour takedown litigation — track any writ challenge to the three-hour timeline on Article 19(1)(a) and Shreya Singhal proportionality grounds. The Gujarat HC order does not itself adjudicate the amendment's constitutionality; a direct challenge is almost certainly coming.
- CERT-In six-hour reporting carryover — the Section 70B(6) directions of 28 April 2022 complete four years in force on 28 April 2026; CERT-In is historically due to issue a revision or clarification cycle around anniversary dates. Monitor cert-in.org.in/Directions70B.jsp in W18.
FAQ
Was any new rule or circular notified in the 20–26 April 2026 week?
No new primary notification (gazette rule, CERT-In direction, RBI circular or SEBI circular) was issued during ISO Week 17 of 2026. The week is a carryover-and-operationalisation phase. The most recent anchor instruments — DPDP Rules 2025 (G.S.R. 843(E), 13 November 2025), IT (Intermediary Guidelines) Amendment Rules 2026 (effective 20 February 2026) and the Technology and Policy Expert Committee constitution (18 April 2026) — continue to set the agenda.
What is the SAHYOG portal and why does it matter this week?
SAHYOG is the Ministry of Home Affairs / I4C coordination portal through which government officers issue reasoned intimations under Section 79(3)(b) of the Information Technology Act, 2000 to intermediaries. In the Gujarat HC PIL order of 10 April 2026 (C/WPPIL/9/2026), the Division Bench directed Meta, Google, X, Reddit and Scribd to onboard SAHYOG and respond to statutory notices within the three-hour takedown window introduced by the IT Rules 2026. The Centre disclosed that X had formally responded to only 13 of 94 takedown intimations issued between 2024 and 2026 — a compliance gap that the 8 May 2026 next hearing is likely to probe.
What is the next DPDP Rules 2025 trigger date practitioners should watch?
The next trigger under DPDP Rules 2025 (G.S.R. 843(E)) is 13 November 2026 — twelve months from notification — when Rule 4 on Consent Manager registration and obligations comes into force. Consent Managers must be companies incorporated in India with a minimum net worth of ₹2 crore, as set out in Rule 4. A separate MeitY consultation (launched January 2026) has proposed compressing Significant Data Fiduciary obligations under Sections 10 and 11 of the Digital Personal Data Protection Act, 2023 from an 18-month to a 12-month window; no compression notification had issued as of 26 April 2026.
Source policy: This tracker cites only Tier 1 sources — government ministries, regulators, the official gazette, and court portals. Discovery-only sources (legal-news portals, policy-commentary sites) are not cited.
Next edition: W18, covering 27 April – 3 May 2026, scheduled for publication Sunday 3 May 2026 (22:00 IST).