By Shaleen Mahajan
India’s rapid digital growth has transformed governance, banking, and communication, making services faster, more accessible, and better connected. However, this technological progress has also opened the door to complex cybercrimes that exploit fear, trust, and gaps in digital literacy. Among the most serious threats are “digital arrest” scams and AI-powered deepfakes, which endanger fundamental rights such as personal liberty, dignity, privacy, and trust in institutions.
Imagine receiving a phone call from someone claiming to be a police officer, warning that you will be arrested and demanding immediate payment to avoid it. This is not fiction but the reality of digital arrest scams in India. Recent high-profile cases highlight the gravity of the problem. Bollywood actor Suniel Shetty received temporary protection from the Bombay High Court after his image was misused in deepfake content, while industrialist S. P. Oswal lost ₹7 crore to fraudsters impersonating the Chief Justice of India and staging a fake Supreme Court hearing. These examples show that digital crimes can affect anyone, regardless of social status or profession.
A “digital arrest” is a fraudulent scheme in which cybercriminals pose as law-enforcement officers and coerce victims into making immediate digital payments. Victims are often accused of serious crimes such as money laundering or drug trafficking and pressured to pay “verification fees” or “bail money” under threats of arrest, frozen bank accounts, or public humiliation. Under the Constitution, Article 21 protects personal liberty and Article 22 safeguards against illegal arrest. Laws such as the Bharatiya Nagarik Suraksha Sanhita (BNSS), 2023 mandate proper legal procedure and judicial oversight for all arrests. Since a digital arrest has no legal validity, any such demand constitutes criminal conduct, involving fraud, impersonation, and violation of constitutional rights.
In addition to these scams, AI-powered deepfakes present a grave challenge by attacking credibility itself. Generative AI has made non-consensual intimate images (NCII), commonly known as revenge porn, far more harmful by producing hyper-realistic images and videos in which a person’s face is superimposed on explicit content, even when no real recording exists. The boundary between truth and fabrication becomes blurred, making it extremely difficult to disprove such content. Global studies indicate that nearly 90% of deepfake material is pornographic and primarily targets women. In India, the true extent is likely far greater than official data suggests due to stigma and under-reporting, underlining the urgent need for legal and technical responses.
The term “deepfake,” derived from “deep learning” and “fake,” refers to content created using advanced AI technologies such as Generative Adversarial Networks (GANs). These systems analyse large datasets of images and videos to produce highly realistic replicas. Deepfakes facilitate identity theft and fraud, such as the viral video falsely depicting the MD and CEO of the National Stock Exchange endorsing investment schemes. They also intrude upon privacy and disrupt social, economic, and political stability, as seen when Irish presidential candidate Catherine Connolly complained about a fake video claiming she had withdrawn from the election.
In India, the Ministry of Electronics and Information Technology (MeitY) has proposed amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, requiring platforms to remove prohibited content upon notice, strengthen grievance mechanisms, and label AI-generated or manipulated material. Platforms must also exercise due diligence to prevent the circulation of unlawful content.
The Information Technology Act, 2000 addresses cyber offences through several provisions. Section 66C penalises identity theft, Section 66D punishes cheating by personation, Section 66E deals with privacy violations, while Sections 67 and 67A regulate obscene and sexually explicit content. Section 69A empowers the government to block unlawful online material.
The Digital Personal Data Protection Act, 2023 requires data fiduciaries to obtain consent and adopt security safeguards, imposing penalties for violations. The Bharatiya Nyaya Sanhita (BNS), 2023 criminalises misinformation causing public harm and permits prosecution of organised cybercrime, including deepfake-related offences. Constitutionally, Articles 21 and 19(1)(a) protect personal liberty and freedom of expression, subject to reasonable restrictions.
Section 79 of the IT Act provides safe-harbour protection to intermediaries, conditional upon due diligence and absence of actual knowledge of illegality. Courts have emphasised balancing regulation with free speech, notably in Shreya Singhal v. Union of India (2015) and Kunal Kamra v. Union of India (2020).
India has developed reporting and enforcement mechanisms including the National Cyber Crime Reporting Portal, the Indian Cybercrime Coordination Centre (L4C), the Sahyog Portal, CERT-In advisories, and the Grievance Appellate Committee. Standard Operating Procedures under the IT Rules, 2021 guide responses to NCII and deepfakes.
AI-generated content increasingly violates personality rights, as seen in cases such as Arijit Singh v. Codible Ventures LLP, Ankur Warikoo v. John Doe, and incidents involving actor Akshay Kumar. Globally, nations have begun implementing AI-specific safeguards. Denmark amended copyright law to protect personal identity attributes, the United States enacted the TAKE IT DOWN Act, 2025, China mandates explicit and implicit labelling of AI content, and the EU AI Act requires clear identification of synthetic media.
By contrast, India’s regulatory framework remains fragmented. Existing laws do not explicitly recognise deepfake creation, AI impersonation, or purely digital harms as distinct offences, complicating investigations and weakening deterrence. Technical complexity further blurs responsibility across developers, deployers, and users. Although measures such as MeitY’s 24-hour takedown SOP and emerging detection technologies show progress, they remain insufficient without comprehensive legislation.
The proposed Deepfake Prevention and Criminalization Bill, 2023 seeks to fill this gap by criminalising harmful deepfakes and establishing a National Deepfake Mitigation and Digital Authenticity Task Force. Although pending enactment, it represents a crucial step toward AI-specific governance.
In conclusion, India’s legal and technological systems must evolve together to counter AI-enabled harms, ensure accountability, and protect constitutional rights. Strong legislation, effective oversight, and responsible AI deployment are essential to safeguarding liberty, dignity, and justice, and to building a safer digital future.
(Shaleen Mahajan is Final Year, LL.B., Guru Nanak Dev University, Amritsar)
