On 7 March 2024, the Union Cabinet chaired by the Prime Minister approved the IndiaAI Mission with a total outlay of Rs. 10,371.92 crore over five years, creating India's first whole-of-government scheme for artificial intelligence. The Mission is implemented by the IndiaAI Independent Business Division ('IBD') under Digital India Corporation, reporting to the Ministry of Electronics and Information Technology, and is structured across seven pillars that span compute capacity, foundation models, datasets, applications, skills, startup finance, and safe-and-trusted AI governance.
TL;DR for founders
IndiaAI Mission is the Rs. 10,371.92 crore, five-year Cabinet-approved scheme approved on 7 March 2024 that sets up India's AI compute pool (10,000+ GPUs), an indigenous foundation-model Innovation Centre, a non-personal-datasets platform, application grants in healthcare / agriculture / education, an AI FutureSkills track, startup financing, and a Safe and Trusted AI pillar housing the IndiaAI Safety Institute announced on 30 January 2025. It is not a statute — so it creates no new AI offence — but participating in any pillar binds you to DPDP Act consent rules for personal data, the MeitY AI Advisory's labelling and traceability directions, and (from 20 February 2026) the Synthetic Media Amendment Rules' three-hour takedown and labelling regime. Treat the Mission as funding access plus a compliance magnifying glass, not a safe harbour.
What the IndiaAI Mission is
The Mission is an executive scheme authorised by the Cabinet decision of 7 March 2024 (PIB Press Release PRID 2012355 and PRID 2012375). Three structural facts define its legal posture:
- Total outlay: Rs. 10,371.92 crore over a five-year horizon.
- Implementing agency: the "IndiaAI" Independent Business Division constituted under Digital India Corporation, a Section 8 company under the administrative control of the Ministry of Electronics and Information Technology ('MeitY'). The IBD functions as the Mission's secretariat, call-for-proposals issuer, and disbursal channel.
- Legal form: Cabinet-approved scheme. The Mission is not a gazette-notified rule, not delegated legislation under the Information Technology Act, 2000 ('IT Act'), and not a statute passed by Parliament. It therefore creates contractual and grant-compliance obligations on participants rather than statutory offences or penalties.
This distinction matters. An intermediary that ignores the Mission suffers no direct penalty, but intermediaries operating AI services in India remain bound by the IT Act, the IT Rules 2021, the MeitY AI Advisory dated 1 March 2024 (as revised on 15 March 2024), the Digital Personal Data Protection Act, 2023 ('DPDP Act') and sector-specific regulation. The Mission overlays grant-specific obligations on top of this statutory baseline when a founder accepts Mission funding, compute access, or dataset access.
The seven pillars
The Cabinet approval structures the Mission across seven pillars. The breakdown below is taken directly from the PIB release (PRID 2012355) and the indiaai.gov.in portal maintained by the IndiaAI IBD.
1. IndiaAI Compute Capacity
Establishment of a scalable AI compute ecosystem comprising more than 10,000 Graphics Processing Units ('GPUs') in public-private partnership. The capacity is intended to service startups, researchers, academia and government users. Access is rationed through an empanelled-user framework managed by the IBD; calls for expression of interest are routed through indiaai.gov.in.
2. IndiaAI Innovation Centre
The Innovation Centre is tasked with developing and deploying indigenous Large Multimodal Models ('LMMs') and domain-specific foundational models in critical sectors. The operating pattern is a grant-cum-partnership with Indian research teams, with the IBD retaining usage rights for Mission-wide deployment.
3. IndiaAI Datasets Platform
A unified, one-stop platform for access to quality non-personal datasets for AI innovation. The platform is explicitly scoped to non-personal data to avoid collision with the DPDP Act regime on personal data. Where datasets incidentally carry personal data fields, Section 4 and Section 6 DPDP Act obligations continue to apply; the platform does not operate as a Section 17 DPDP Act exemption.
4. IndiaAI Application Development Initiative
Grants and support for application-layer AI products in priority sectors — healthcare, agriculture, education, governance — where IndiaAI funding addresses identified problem statements. This pillar is the Mission's most direct founder-facing track because it funds production deployment, not just research.
5. IndiaAI FutureSkills
Curriculum support, Data and AI Labs in Tier 2 and Tier 3 cities, and expansion of AI courses at undergraduate, master's and doctoral level. Delivered in partnership with academic institutions under the Ministry of Education.
6. IndiaAI Startup Financing
A streamlined access-to-funding track for deep-tech AI startups, with the stated purpose of accelerating "futuristic AI projects". Operated in conjunction with government venture instruments and private co-investors.
7. Safe and Trusted AI
The pillar that carries the Mission's regulatory signalling. It funds Responsible AI projects, indigenous tooling, self-assessment checklists for innovators, and — most importantly — governance frameworks. On 30 January 2025, the Minister for Electronics and Information Technology announced the establishment of the IndiaAI Safety Institute under this pillar. The Safety Institute operates on a Hub-and-Spoke model, engaging academia, startups, industry and line ministries to produce AI-safety research, evaluation methodologies, and Responsible-AI reference frameworks grounded in Indian social, economic, cultural and linguistic diversity.
Legal and regulatory scaffolding
The IndiaAI Mission is not a stand-alone regulatory edifice; it sits inside a multi-layer compliance stack. Founders accepting Mission support — and even those who do not — should understand how the Mission interacts with each layer.
Interaction with MeitY's AI Advisory (1 March 2024, as revised 15 March 2024)
MeitY's AI Advisory requires every intermediary and platform serving Indian users to (a) label under-tested or unreliable AI output, (b) obtain user consent via a pop-up warning, and (c) implement metadata / originator-identification for deepfake and synthetic content. Mission-funded AI products inherit these obligations fully. A Mission grant recipient building a chatbot, an LLM API, an image generator or a voice-clone tool must demonstrate compliance with the Advisory as part of its grant-reporting package.
Interaction with IT Rules 2021, Rule 3(1)(d) and Rule 3(3)
Rule 3(1)(d) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 ('IT Rules 2021'), as amended on 15 November 2025, tightened the takedown timeline for court-ordered or government-notified unlawful content. The Synthetic Media Amendment Rules, 2026 ('Synthetic Media Amendment'), notified via G.S.R. 120(E) on 10 February 2026 and effective from 20 February 2026, introduce a three-hour takedown window for a broad set of illegal content and a two-hour window for non-consensual intimate imagery and child sexual abuse material. Rule 3(3), as amended, requires labelling of synthetically generated audio, visual and audio-visual content, including prominent on-screen watermarks for video and spoken disclaimers for audio. Mission-funded platforms are intermediaries for purposes of Section 79 of the IT Act, and these obligations apply in full.
Interaction with the DPDP Act, 2023
Mission grants do not disapply DPDP Act, 2023 obligations. Where a Mission-funded model is trained on personal data — for instance, health records under a healthcare-application grant — the grant recipient is a Data Fiduciary under Section 2(i) DPDP Act and must comply with the lawful-processing regime under Section 4, the consent regime under Section 5 and Section 6, and the security safeguards under Section 8(5). Where aggregate volume, sensitivity or national-interest thresholds are met, the recipient may be designated a Significant Data Fiduciary under Section 10 DPDP Act with augmented obligations including Data Protection Impact Assessments and periodic audits. Monetary penalties under the Schedule to the DPDP Act can reach Rs. 250 crore per instance of failure.
Interaction with the pending Digital India Act
MeitY has publicly signalled that the Digital India Act will eventually consolidate and replace the IT Act, the IT Rules 2021 framework and fragmentary AI advisories in a single statute. The Digital India Act has not yet been introduced in Parliament as at April 2026. The Safe and Trusted AI pillar's governance-framework deliverables — especially those produced through the IndiaAI Safety Institute — are expected to feed into the Digital India Act's AI chapter when tabled.
IndiaAI Safety Institute — mandate and likely outputs
The IndiaAI Safety Institute ('AISI') was announced by the Minister for Electronics and Information Technology on 30 January 2025, following a MeitY consultation held on 7 October 2024 under the Safe and Trusted AI pillar. The AISI's publicly stated mandate covers:
- Science-based indigenous research on AI safety, evaluation and testing methodologies calibrated to Indian datasets, languages and use-cases.
- Responsible AI frameworks — reference standards, self-assessment checklists, testing protocols, and governance templates that Mission-funded (and, in practice, non-Mission) AI deployers can adopt.
- Stakeholder coordination — engaging startups, industry, academia and line ministries on AI-governance gaps, including election-integrity, deepfake-response, and sector-specific model risk.
AISI is not the AI regulator. It is a research-and-standards body embedded in the Mission. Binding rules will continue to come from MeitY (under the IT Act) and from sectoral regulators; AISI outputs operate as recommended practice that may crystallise into binding obligations through subsequent Advisory or rule amendments.
AI compute and data infrastructure — practical implications
Subsidised compute — Section 79 IT Act implications
Access to Mission compute does not shift safe-harbour positioning. A Mission-funded startup deploying an LLM remains an intermediary under Section 2(1)(w) of the IT Act, and continues to qualify for Section 79 IT Act safe harbour only if it observes IT Rules 2021 due diligence. Using Mission compute does not grant immunity for user-generated outputs and does not substitute for Rule 3(1)(d) takedown compliance.
Dataset access — DPDP interaction
The IndiaAI Datasets Platform is scoped to non-personal datasets. When a founder enriches a Mission-provided non-personal dataset with personal data — for example, linking anonymised health records to clinical outcomes that become re-identifiable — the combined dataset transitions into personal-data territory. Section 2(t) DPDP Act defines personal data as "any data about an individual who is identifiable by or in relation to such data", and re-identification triggers full Data Fiduciary obligations.
IP implications under Innovation Centre / Application Development
Mission grant agreements typically include background-IP and foreground-IP clauses reserving Government-use rights and Indian-deployment rights. Founders should read the specific call-for-proposals ('CFP') in each case — the IBD has issued distinct CFPs for foundation models, sector applications, and Safety Institute research. Unlike pure private grants, Mission CFPs often require (i) open availability of trained models to Indian public-sector users on non-discriminatory terms, (ii) board-resolution evidence of IP-assignment flow-down to the grant recipient, and (iii) audit rights for the IBD during the grant window.
Sector coverage — healthcare, agriculture, education
The Application Development Initiative concentrates grants in healthcare, agriculture and education. Each sector layers an additional regulator on top of the Mission's baseline:
- Healthcare AI — interacts with the Central Drugs Standard Control Organisation ('CDSCO') where the AI is a Software as a Medical Device, and with Indian Council of Medical Research ('ICMR') guidelines for clinical research. Training on health data triggers Section 6 DPDP Act consent obligations and, post-Significant Data Fiduciary designation, Section 10 DPDP Act obligations.
- Agriculture AI — interacts with the Ministry of Agriculture's extension platforms and, where geo-spatial data is used, with the National Geospatial Policy 2022. Personal-data content is typically minimal, but farmer-specific data crosses into DPDP territory.
- Education AI — interacts with University Grants Commission ('UGC') norms, NCERT content licensing, and — most significantly — child-consent rules under Section 9 DPDP Act, which restricts processing of personal data of a child (under 18) to verifiable parental consent and prohibits tracking or targeted advertising.
Practitioner analysis
1. Advising an AI startup on grant eligibility and compliance strings
When a startup approaches Mission funding, client counsel should run three parallel diligence tracks. First, CFP-specific eligibility: Indian incorporation, founder Aadhaar-KYC, sector-alignment, minimum techno-commercial maturity. Second, statutory compliance readiness: IT Rules 2021 due diligence (including grievance officer, takedown mechanisms, Rule 3(1)(d) three-hour readiness post-20 February 2026), MeitY Advisory labelling and consent pop-ups, DPDP Act consent architecture, and CERT-In Directions 2022 log-retention (180 days minimum under Direction (v)). Third, grant-specific strings: IP assignment, audit rights, public-sector access, publication and open-source obligations. Mission participation often requires more disclosure than a pure commercial deployment, not less.
2. IP clauses under Innovation Centre and Application Development Initiative
Founders contracting under the Innovation Centre or the Application Development Initiative commonly encounter three recurring IP terms: (i) foreground-IP grant-back in favour of the Government of India for Indian-public-sector use; (ii) background-IP non-assertion by the recipient against Government use during the grant window; and (iii) publication and open-source obligations in specified cases. These clauses are negotiable within CFP parameters — practitioners should baseline-test grant terms against the recipient's existing VC shareholder agreements to avoid silent breach of pre-existing IP-warranty covenants.
3. Data sharing under the IndiaAI Datasets Platform — interaction with DPDP Section 7
The IndiaAI Datasets Platform is a non-personal-data platform by design. Where a founder intends to use platform-provided data in a manner that could re-identify individuals, Section 2(t) DPDP Act will re-activate the Data Fiduciary regime. Section 7 DPDP Act sets out the limited grounds for processing personal data without consent (legitimate uses such as Government function, medical emergency, employment). Platform participation is not itself a Section 7 ground. Client counsel should script decision trees distinguishing non-personal, pseudonymous and personal data flows, with DPDP Board-facing documentation at each boundary.
4. Safety-by-design audit expectations
The Safe and Trusted AI pillar is expected to produce testing protocols and self-assessment checklists through the IndiaAI Safety Institute. Prudent practice ahead of binding requirements is to (i) maintain a dated bias-and-reliability test register for each production model, (ii) document red-team testing against Rule 3(1)(b) IT Rules 2021 content categories (defamation, obscenity, misinformation, impersonation), (iii) retain model cards including training-data provenance, and (iv) capture model-change logs with version hashes. These artefacts map cleanly to anticipated AISI checklists and anticipate the Digital India Act's likely documentation regime.
5. Monitoring the Mission-to-Statute transition
Advisors should track three workstreams: MeitY's AI-rule-making pipeline (Synthetic Media Amendment implementation questions, next Rule 3 iteration), the AISI's first guidance outputs (expected over 2026 and 2027), and the Digital India Act's introduction calendar. The period between today and the Digital India Act's enactment is likely to produce multiple interim rule amendments, each with short implementation windows — the Synthetic Media Amendment's 10-day window (10–20 February 2026) was a warning shot.
Founder checklist
- Now — read each specific IndiaAI call for proposals before relying on general Mission literature; CFP eligibility and IP terms vary materially across pillars.
- Before applying — complete a bias / reliability / election-integrity test register and a DPDP-compliant data-flow map for the product you intend to fund.
- Grant agreement stage — pressure-test foreground-IP, audit-rights and public-sector-use clauses against your existing investor SHA and customer contracts.
- By 20 February 2026 — ensure Rule 3(3) synthetic-media labelling and Rule 3(1)(d) three-hour takedown operational readiness for any public-facing AI output.
- Ongoing — track IndiaAI Safety Institute outputs and map them to internal audit protocols; bank evidence for the Digital India Act transition.
Frequently asked questions
Is my AI startup eligible for IndiaAI Mission support? Eligibility differs by pillar. The IndiaAI Startup Financing pillar and the IndiaAI Application Development Initiative are principally directed at Indian-incorporated deep-tech AI startups building in priority sectors such as healthcare, agriculture and education. Subsidised compute under IndiaAI Compute Capacity (more than 10,000 GPUs procured in public-private partnership) is accessible to researchers, startups and academia through the IndiaAI Independent Business Division's empanelled-user framework. Each call for proposals issued through indiaai.gov.in specifies its own eligibility gate — read the specific CFP, not general Mission literature.
Does participating in the IndiaAI Datasets Platform waive my consent obligations under the DPDP Act, 2023? No. The IndiaAI Datasets Platform is explicitly designed to streamline access to quality non-personal datasets for AI innovation. Where a dataset contains personal data within the meaning of Section 2(t) of the Digital Personal Data Protection Act, 2023, the lawful-processing obligations under Section 4 and the consent requirements under Section 6 DPDP Act apply in full. Participation in a government dataset platform does not create a standalone exemption under Section 17 DPDP Act unless a specific notification is issued. Founders should continue to treat personal-data flows as DPDP-governed irrespective of Mission participation.
What is the IndiaAI Safety Institute's role compared to MeitY's? The IndiaAI Safety Institute, announced by the Minister for Electronics and Information Technology on 30 January 2025, sits within the Safe and Trusted AI pillar of the IndiaAI Mission and operates on a Hub-and-Spoke model. It focuses on science-based, indigenous research on AI safety, evaluation methodologies, and responsible-AI frameworks grounded in Indian social, economic, cultural and linguistic context. MeitY remains the administering ministry and the rule-making authority for AI-related obligations under Section 79 of the Information Technology Act, 2000 and the IT Rules 2021. The Safety Institute is a research-and-standards body; MeitY is the regulator.
How does the IndiaAI Mission relate to the pending Digital India Act? The IndiaAI Mission is an executive scheme under the Ministry of Electronics and Information Technology authorised by the Union Cabinet decision of 7 March 2024. The Digital India Act, which MeitY has signalled will eventually replace the Information Technology Act, 2000 and consolidate intermediary, AI and harm-based obligations in a single statute, has not yet been introduced in Parliament as at April 2026. The Mission's Safe and Trusted AI pillar — particularly the Safety Institute's governance-framework deliverables — is expected to inform the substantive content of the Digital India Act when tabled.
What AI compliance obligations apply today even if I do not join the IndiaAI Mission? Every AI intermediary or platform serving users in India must already comply with: (i) the MeitY Advisory dated 1 March 2024 as revised on 15 March 2024 — labelling of under-tested or unreliable AI output, consent pop-ups, metadata and originator-identification for deepfakes; (ii) Rule 3(1)(b) and Rule 3(1)(d) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, including the three-hour takedown and synthetic-media labelling obligations under the Synthetic Media Amendment Rules, 2026 (G.S.R. 120(E), notified 10 February 2026, effective 20 February 2026); (iii) the DPDP Act, 2023 where personal data is processed; and (iv) Section 70B of the IT Act and the CERT-In Directions dated 28 April 2022 for cyber-incident reporting. IndiaAI Mission participation adds grant-specific compliance strings, not a new legal regime.
Sources
- PIB — Cabinet Approves Ambitious IndiaAI Mission (PRID 2012355, 7 March 2024)
- PIB — Cabinet Approves Over Rs 10,300 Crore for IndiaAI Mission (PRID 2012375)
- IndiaAI Mission portal
- MeitY — Press Releases and Advisories
- IndiaAI Safety Institute — MeitY consultation announcement
- Digital India Corporation — IndiaAI IBD release (30 January 2025)
- Principal Scientific Adviser — AI Mission
- Digital Personal Data Protection Act, 2023 — India Code
- Information Technology Act, 2000 — India Code
This explainer is part of Veritect's Digital, Data & AI Law vertical. It is an original analysis prepared from Tier 1 government sources — the Press Information Bureau, MeitY, the IndiaAI portal operated by the Digital India Corporation, and India Code — and does not reproduce or paraphrase any third-party commentary. For verification, consult PIB PRID 2012355 and PRID 2012375, indiaai.gov.in, and the Ministry of Electronics and Information Technology's news register.