When the Algorithm Decides: Rethinking Liability Frameworks for Autonomous AI Decision-Making in Indian Courts
Introduction
On a Tuesday morning in Bengaluru, a loan officer reviews a rejection notice generated entirely by an algorithmic underwriting system. The applicant, a first-generation entrepreneur with no credit history but strong cash flows, has no recourse. The algorithm has decided, and no human reviewed the reasoning. Across town, a hospital diagnostic tool flags a patient for aggressive surgical intervention, and the attending physician, trusting the system, proceeds. Complications follow. Who answers?
These are not hypothetical futures. They describe present commercial and medical realities in India, where the adoption of autonomous and semi-autonomous AI decision-making systems is accelerating in lending, healthcare, insurance, human resources, and public administration. The legal infrastructure governing these deployments, however, remains stubbornly anchored to frameworks designed for human agency, physical causation, and identifiable tortfeasors. The question confronting Indian courts and lawmakers is fundamental: when an algorithm causes harm, who is liable, on what theory, and under what standard of proof?
This is not merely a regulatory question. It is a constitutional and jurisprudential one. The liability vacuum that surrounds autonomous AI decision-making implicates the right to an effective remedy, the principle of accountability in governance, and the foundational legal assumption that harm must be traceable to a responsible actor. As India advances its National AI Strategy and deploys AI across flagship government programmes, the inadequacy of current liability doctrine is no longer an academic concern.
Legal Framework
India currently lacks a dedicated statute governing AI liability. The patchwork of applicable law draws from tort doctrine under the Law of Torts, contractual responsibility under the Indian Contract Act, 1872, consumer protection under the Consumer Protection Act, 2019, and sectoral regulations in banking, insurance, and healthcare. The Information Technology Act, 2000, as amended, touches the edges of data-driven harm but does not address algorithmic decision-making with any precision.
The tort framework, rooted in the principles of negligence articulated through Donoghue v Stevenson and applied in India through cases like M.C. Mehta v Union of India, requires a plaintiff to establish a duty of care, a breach of that duty, causation, and resulting damage. Each of these elements strains against the realities of autonomous AI. Duty may be identifiable, owed by the developer or deployer. But breach is difficult to characterise when a system performs exactly as designed, and causation becomes opaque when a neural network’s output emerges from millions of weighted parameters that no individual human authored or reviewed.
The Consumer Protection Act, 2019, provides a more accessible avenue through its concept of defective goods and deficient services, with Section 2(47) defining a product as broadly construed to include those that fail to perform safely. The Central Consumer Protection Authority and consumer disputes commissions have handled a growing number of technology-related grievances. However, consumer redressal is ill-suited to systemic algorithmic harms that affect diffuse populations rather than identifiable individual consumers.
The Digital Personal Data Protection Act, 2023, though primarily a data rights statute, carries implicit liability implications. Its provisions on automated decision-making, if read expansively, could impose an obligation on data fiduciaries to ensure that consequential automated decisions do not cause unlawful harm. The Data Protection Board, once operationalised, may become a forum for algorithmic grievance, though its statutory mandate is still limited to privacy violations rather than broader AI harms.
Judicial Developments
Indian courts have not yet adjudicated a pure AI liability case, but several judgments provide useful doctrinal scaffolding. The Supreme Court’s articulation in Subhash Kumar v State of Bihar that the right to life under Article 21 encompasses the right to live in a dignified environment has been extended by subsequent courts to encompass freedom from arbitrary deprivation of economic opportunity. If an algorithmic lending or employment decision violates this dignity interest, particularly when the affected person belongs to a protected class, a constitutional tort argument begins to take shape.
The Delhi High Court’s directions in Karmanya Singh Sareen v Union of India demonstrated judicial willingness to interrogate automated data-processing systems for compliance with constitutional rights, even in the absence of specific enabling legislation. More recently, the Karnataka High Court in 2024 dealt with a petition challenging an AI-based facial recognition system used in law enforcement, with the court questioning the absence of any human oversight mechanism and directing the state to formulate a policy on algorithmic deployment in criminal identification.
In the context of medical AI, negligence cases before consumer forums have begun to touch on the question of physician reliance on algorithmic diagnostic tools. While courts have been reluctant to isolate the algorithm as a separate tortfeasor, they have begun scrutinising whether over-reliance on automated outputs without independent clinical judgment constitutes professional negligence. This approach, borrowed from aviation law’s treatment of automation bias, may become a template for broader AI negligence doctrine.
Contemporary Issues and Analysis
The core doctrinal problem is the attribution of agency. Classical tort law assumes that harm flows from a choice made by a person or entity with legal personhood. Autonomous AI systems blur this assumption in three ways. First, the system’s harmful output may not reflect any single design choice but emerges from training on vast datasets whose composition no individual reviewed. Second, the deployer may have configured the system without understanding its reasoning, and the developer may have fine-tuned it without anticipating the deployment context. Third, the system may improve or change its behaviour after deployment through online learning, making the original developer’s role increasingly attenuated.
Several analytical frameworks compete for adoption. Product liability doctrine, particularly strict liability for defective products, offers the most plaintiff-friendly approach. If AI systems are treated as products, their developers and sellers may be held strictly liable for harms caused by design defects or failure-to-warn defects, without requiring proof of negligence. This approach has been adopted in modified form by the European Union Product Liability Directive of 2024, which explicitly brings AI systems within the scope of defective product claims. India’s Product Liability Chapter in the Consumer Protection Act, 2019, provides a comparable framework, though it has not yet been applied to software or AI outputs.
Vicarious liability offers a second pathway. If an AI system is conceptualised as an agent, its principal, whether developer or deployer, might be held vicariously liable for its actions. While Indian law recognises vicarious liability in master-servant and principal-agent relationships, extending this doctrine to non-human agents requires statutory or judicial innovation. A third pathway, enterprise liability, holds that entities which commercially benefit from AI deployment must bear the costs of its failures as a matter of distributive justice, irrespective of fault.
There is also the problem of evidential opacity. Plaintiffs harmed by algorithmic decisions cannot access the model’s reasoning without discovery, and even with discovery, the explainability of deep learning systems remains a technically contested question. The Indian Evidence Act, as amended, does not address model explanations or technical audit reports as a category of evidence. Courts are poorly equipped to evaluate conflicting expert testimony about why a neural network produced a particular output.
Comparative and International Perspective
The European Union’s AI Liability Directive adopts a disclosure-and-presumption approach: plaintiffs who establish a plausible causal link between an AI system’s output and their harm may benefit from a rebuttable presumption of causation, shifting the burden to the defendant to disprove it. This significantly lowers the plaintiff’s evidentiary burden and may serve as a model for Indian reform.
The United States has adopted a sector-by-sector approach, with the Federal Trade Commission asserting authority over deceptive AI systems, the Equal Employment Opportunity Commission applying disparate impact doctrine to algorithmic hiring tools, and individual states such as California and Illinois enacting targeted AI regulation. The absence of a unified federal framework has produced regulatory fragmentation that India would do well to anticipate and avoid.
China’s AI governance framework assigns primary liability to service providers while requiring robust impact assessments before deployment. Singapore’s Model AI Governance Framework, though voluntary, has been widely adopted by financial institutions and offers sector-appropriate accountability templates that India’s sectoral regulators could adapt.
Practical and Policy Implications
For businesses deploying AI in India, the current liability vacuum is simultaneously a risk and an opportunity. The risk is that courts, confronted with algorithmic harm without adequate doctrine, will apply existing frameworks aggressively and unpredictably. An appellate court that treats AI outputs as products and applies strict liability could impose devastating judgment on a developer who had no knowledge of the harmful deployment context.
For governance, the implications are stark. Numerous central and state government schemes now use algorithmic tools for beneficiary identification, fraud detection, and welfare disbursement. The Public Distribution System, Jan Dhan financial inclusion programmes, and GSTN compliance analytics all embed algorithmic decisions that affect millions of citizens. A grievance framework that requires an individual to prove, in a civil court, that an algorithm wrongly denied them a benefit is practically inaccessible.
Suggestions and Reforms
India requires a dedicated AI Liability Act that addresses three distinct liability scenarios: liability for harm caused by AI systems in commercial deployment; liability for harm caused by AI systems in government decision-making; and liability for systemic harm caused by algorithmic discrimination at scale. The Act should establish a strict liability regime for high-risk AI applications in healthcare, financial services, and law enforcement, while adopting a negligence-based standard for lower-risk deployments.
The Act should introduce a mandatory algorithmic impact assessment obligation for high-risk AI deployments, with assessments filed with a designated regulatory authority. It should provide for a right to explanation in individual automated decisions, enforceable through consumer forums and writ courts. It should create an independent AI Harms Adjudication Tribunal with technical expertise, empowered to award compensatory and punitive relief and to recommend systemic reform to the deploying entity.
Evidentiary rules must be reformed to permit courts to draw adverse inferences from a defendant’s failure to produce model documentation, and to admit algorithmic audit reports prepared by accredited third parties as expert evidence. A developer registration and insurance mandate, similar to the mechanism under the Environment Protection Act for hazardous industries, would ensure financial capacity to meet liability awards.
Conclusion
The liability question in autonomous AI is not simply a matter of filling a legal gap. It is about whether Indian law will preserve the foundational principle that harm demands accountability, even when the harm-causing agent is a machine. Courts and legislators who defer the question allow harms to accumulate without remedy and allow developers and deployers to externalise the costs of their systems onto the most vulnerable affected populations. The juridical tradition that produced Rylands v Fletcher and its strict liability progeny, that recognised environmental harm as a constitutional injury, and that consistently expanded the circle of compensable loss is equipped, intellectually, to develop a coherent AI liability doctrine. What is lacking is the institutional will to do so before the caseload forces improvisation.