The Ministry of Electronics and Information Technology (MeitY) has finally released the long-awaited draft of the Digital India Act (DIA) 2026 for public consultation, firing the starting gun on the most significant overhaul of India’s technology laws in over two decades. This is not a minor amendment to the aging Information Technology Act of 2000. It is a fundamental rewrite of the rules governing the internet in India, a comprehensive attempt to regulate everything from artificial intelligence and online competition to the very liability of platforms for user-generated content. For India’s startups, this draft is both a minefield of new compliance obligations and a potential map to new opportunities. The next 60 days of consultation are not just a bureaucratic exercise; they are a critical window for the ecosystem to shape the future of its own operating environment.

For years, founders have operated within the relatively permissive framework of the IT Act, a law drafted when the internet was a novelty and social media was non-existent. The DIA draft signals the end of that era. It introduces concepts like a risk-based framework for AI, a new class of powerful “gatekeeper” platforms with special obligations, and a dramatic rethinking of the “safe harbor” provisions that have shielded intermediaries from liability. Understanding these changes is no longer optional. It is essential for survival and growth in the next chapter of India’s digital story.

The Erosion of Safe Harbor: A New Era of Platform Accountability

Perhaps the most seismic shift proposed in the DIA draft is the move away from the broad legal immunity platforms have enjoyed under Section 79 of the IT Act. This “safe harbor” provision has historically protected intermediaries, from social media giants to e-commerce marketplaces, from being held liable for content posted by their users, provided they followed certain takedown procedures. The new draft fundamentally alters this relationship between platform and user content.

From Passive Intermediary to Proactive Gatekeeper

The draft legislation appears to replace the concept of a passive intermediary with a principle of “accountability and duty of care”. This means platforms will be expected to make proactive, “best effort” attempts to prevent the hosting and spread of specific types of unlawful content. This isn’t just about responding to takedown notices anymore. It implies a requirement to deploy content moderation technologies and processes to identify and filter harmful material before it goes viral.

For startups in the social media, content sharing, and creator economy spaces, the implications are profound. The cost of compliance will skyrocket. It necessitates significant investment in AI-powered moderation tools, larger human review teams, and sophisticated legal oversight. The ambiguity around terms like “best effort” and “proactive monitoring” creates a new landscape of legal risk. A platform could find itself in court not because it refused to take down a piece of content, but because its automated systems failed to catch it in the first place. This could stifle innovation, as early-stage companies may lack the resources to build the kind of moderation infrastructure the new law demands.

Defining Unlawful Content

The draft expands the categories of content that platforms must guard against, reportedly including specific provisions targeting misinformation, deepfakes, and content harmful to children. While laudable in intent, the practical challenge for a startup will be implementing these rules at scale without engaging in over-censorship that could harm user experience and free expression. The line between moderating harmful content and making editorial judgments is thin, and the DIA draft pushes platforms much closer to that line.

Regulating the Algorithm: India’s First Comprehensive AI Framework

The Digital India Act draft marks India’s first serious attempt to create a comprehensive legal framework for Artificial Intelligence. Moving beyond advisories and ethical guidelines, the bill proposes a concrete, risk-based approach to AI governance, clearly drawing inspiration from frameworks like the European Union’s AI Act.

A Tiered Approach to AI Risk

The legislation is expected to classify AI systems into different risk categories: low, medium, and high. While low-risk applications like spam filters or recommendation engines might face minimal regulation, “high-risk” AI systems will be subject to stringent compliance requirements. These high-risk categories will likely include AI used in critical sectors:

  • Fintech: AI models used for credit scoring, loan approvals, and fraud detection.
  • HR Tech: Systems for automated resume screening, candidate ranking, and employee performance monitoring.
  • Health Tech: AI used for medical diagnosis, treatment planning, and robotic surgery.
  • Public Services: AI deployed in law enforcement, judicial systems, and the administration of public benefits.

Startups operating in these domains will face a new reality. Compliance for high-risk AI will likely involve mandatory pre-deployment risk assessments, regular third-party audits, clear data governance and transparency protocols, and provisions for human oversight to override algorithmic decisions. While this creates a significant barrier to entry, it could also become a competitive advantage. An AI startup that can demonstrate robust compliance with the DIA’s high-risk framework may find it easier to win enterprise contracts and build public trust.

Algorithmic Fairness and Explainability

Crucially, the draft tackles the “black box” problem. It proposes requirements for algorithmic fairness and the “explainability” of AI-driven decisions. A fintech startup that denies a user a loan will no longer be able to hide behind a proprietary algorithm. Under the new law, they may be required to provide a clear, understandable reason for the decision. This forces companies to invest in explainable AI (XAI) techniques and to rigorously test their models for biases related to gender, caste, or geography. For founders, this means the data science team and the legal team need to start working together from day one of product development.

Challenging Big Tech: A New Competition Law for the Digital Economy

In a direct challenge to the dominance of a few large technology companies, the DIA draft introduces a new framework for promoting competition in the digital market. It seeks to create a special class of platforms designated as “Systemically Important Digital Intermediaries” (SIDIs), a concept analogous to the “gatekeepers” defined in the EU’s Digital Markets Act (DMA).

The Obligations of a SIDI

The draft will likely lay out specific criteria for classifying a company as a SIDI, based on factors like the number of users, revenue, and market position. Once designated, these companies would be subject to a list of “do’s and don’ts” designed to prevent anti-competitive behavior. These obligations could include:

  • Prohibitions on Self-Preferencing: A SIDI operating a marketplace would be barred from giving its own products and services preferential treatment over those of third-party sellers.
  • Data Sharing Mandates: SIDIs may be required to share certain anonymized or aggregated user data with smaller competitors to foster innovation.
  • Interoperability Requirements: This is a game-changer. The law could mandate that dominant messaging or social media platforms allow their services to interoperate with smaller rivals, breaking down walled gardens.

For Indian startups, this is arguably the most promising part of the entire bill. An Indian e-commerce logistics startup could gain fairer access to a major marketplace. A new social media app could potentially connect with users on an established network. This ex-ante regulation, which aims to prevent anti-competitive harm before it happens, is a significant departure from the Competition Commission of India’s current model of investigating abuses after the fact. It could meaningfully level the playing field and create new avenues for growth for homegrown tech companies.

The Founder’s Action Plan: Navigating the Next 60 Days

The release of the draft is not the final word. It is the beginning of a crucial policy debate. Founders and investors cannot afford to be passive observers. Here are three immediate priorities:

  • Engage with the Consultation: This is the most critical step. Read the draft carefully. Work with industry bodies like NASSCOM, IndiaTech, and others to formulate and submit detailed feedback to MeitY. Point out clauses that are ambiguous, unworkable, or could have unintended negative consequences for innovation. This is the chance to influence the final text of the law.
  • Conduct a Compliance Gap Analysis: Do not wait for the bill to become law. Start mapping your current operations against the draft’s proposals. If you use AI, assess which risk category your systems might fall into. Review your content moderation policies and technology. Understand where the biggest gaps are and begin formulating a roadmap to close them.
  • Educate Your Board and Investors: The DIA represents a systemic shift in regulatory risk. Your board and investors need to understand the financial and operational implications. This will impact future fundraising, valuations, and your company’s long-term strategy. Proactively communicating your understanding of the landscape and your plan to adapt is crucial for maintaining stakeholder confidence.

    • The Digital India Act is the government’s ambitious blueprint for the next generation of the internet. It seeks to balance innovation with user safety, competition with responsibility. For startups, the cost of doing business is about to go up, but the rules of the game may also become fairer. The companies that thrive in this new environment will be those that treat compliance not as a burden, but as a core part of their product and strategy.