ARTICLE
24 February 2026

Data Privacy, AI And Technology Newsletter | February 2026

DL
Dentons Link Legal

Contributor

Dentons Link Legal logo
Established in 1999, Dentons Link Legal is a full service corporate and commercial law firm with over 50 partners and 250 lawyers across multiple practice areas. With offices across all major Indian cities and access to more than 160 offices in more than 80 countries of Dentons’ combination firms across the world, Dentons Link Legal is equipped to assist you in achieving your business objectives with the help of a team of experienced, well trained and qualified lawyers.
Explore Firm Details
Welcome to the February 2026 edition of the Data Privacy, AI and Technology Newsletter. This edition captures significant regulatory and policy developments shaping India's evolving digital, AI, and fintech landscape.
India Technology
Nusrat Hassan,Kapil Chaudhary,Avisha Gupta
+1 Authors
 Your Author LinkedIn Connections
Nusrat Hassan’s articles from Dentons Link Legal are most popular:
  • with readers working within the Technology and Law Firm industries
Dentons Link Legal are most popular:
  • within International Law, Government, Public Sector and Intellectual Property topic(s)

Welcome to the February 2026 edition of the Data Privacy, AI and Technology Newsletter. This edition captures significant regulatory and policy developments shaping India's evolving digital, AI, and fintech landscape. It provides an overview of the White Paper released by the Office of the Principal Scientific Adviser on strengthening AI governance through a techno-legal framework, with particular emphasis on deepfakes, cross-border regulatory convergence, and design-based compliance mechanisms.

The newsletter also examines the updated Anti-Money Laundering and Counter-Financing of Terrorism guidelines issued by the Financial Intelligence Unit-India for Virtual Digital Asset service providers, highlighting strengthened KYC, audit, and activity-based compliance obligations. In addition, it covers the Reserve Bank of India's newly issued Master Directions on Internal Ombudsman frameworks for Payment Banks and eligible Non-Banking Financial Companies, aimed at reinforcing customer grievance redressal and institutional accountability.

Updates: Industry Updates: India

Technology Updates

The Office of the Principal Scientific Adviser to the Government of India has released a White Paper titled 'Strengthening AI Governance Through Techno-Legal Framework.'

January 23, 2026: The Office of the Principal Scientific Adviser to the Government of India released a White Paper titled 'Strengthening AI Governance Through Techno-Legal Framework', which sets out an approach to build a trusted and accountable AI ecosystem. The white paper presents the techno-legal approach as a practical, ecosystem-wide model that embeds governance into AI systems by design.

Key considerations for developing a techno-legal framework for AI governance in India, as discussed in the white paper inter alia, are as follows:

  • Special Consideration for Deepfakes: Addressing deepfakes solely through content-level takedowns is structurally inadequate because deepfake misuse operates across an interconnected pipeline. The white paper instead suggests a techno-legal approach that uses content-provenance mechanisms, including mandatory disclosure, persistent identifiers, and cryptographic metadata at generation and distribution, that may mitigate such harms.
  • Cross-Border Challenge: AI systems operate across different jurisdictions with differing legal and regulatory standards, creating a risk that models governed by one framework may not comply with the safeguards required in another. To address global alignment, it is essential to identify core AI features that are internationally relevant and can converge. The white paper advocates a techno-legal approach that helps translate legal needs into technical controls that work across borders.
  • Balancing compliance with flexibility: The white paper advices to establish a parallel techno-legal framework that integrates laws, rules, standards, and technological tools development to maintain flexibility in compliance.

Link Here

The Financial Intelligence Unit-India updated the Anti-Money Laundering (AML) & Counter-Financing of Terrorism (CFT) guidelines for Reporting Entities providing services related to Virtual Digital Assets (VDAs)

January 8, 2026: The Financial Intelligence Unit-India (FIU-IND) released the updated 'AML & CFT Guidelines for Reporting Entities Providing Services Related to Virtual Digital Assets' (2026 guidelines), which replaces the earlier guidelines issued on March 10, 2023 (2023 guidelines). With the 2026 guidelines, the FIU-IND has consolidated the AML/CFT framework with respect to VDAs into a single document including the registration requirements of Virtual Digital Assets Service Providers (VDA SPs).

Highlights of the 2026 guidelines inter alia are as follows:

  • Explicit clarification that VDA SPs obligations are activity-based and apply regardless of their physical presence in India. All entities, regardless of their registered location, engaged in notified activities must register as a Reporting Entity (RE) and adhere to the prescribed AML/CFT/CPF requirements.
  • Increased frequency of periodic KYC updation: To strengthen ongoing customer due diligence, REs have been mandated to enhance the frequency of periodic KYC updation. High-risk clients are required to undergo KYC updation every six months, while all other clients must be subjected to KYC updation at least once in a year. The 2023 guidelines instead required only annual KYC updation for all clients.
  • Introduction of internal audit timeline: The 2026 guidelines require REs to conduct an independent audit of their AML/CFT/CPF controls, systems, procedures, and safeguards on an annual basis. The 2023 guidelines did not mandate a periodic timeline.

Link Here

Fintech Updates

Reserve Bank of India issues master directions for Payment Banks and Non-Banking Financial Companies regarding internal grievance redressal mechanism:

January 14, 2026: Reserve Bank of India (RBI) has issued the following master directions to strengthen the internal grievance redressal mechanism and ensure the speedy and meaningful resolution of customer complaints:

  • Master Direction - Reserve Bank of India (Payments Banks - Internal Ombudsman) Directions, 2026 which is applicable to payment banks having ten (10) or more banking outlets in India as on March 31, 2025.
  • Master Direction - Reserve Bank of India (Non-Banking Financial Companies - Internal Ombudsman) Directions, 2026 which is applicable to the following Non-Banking Financial Companies (NBFCs) fulfilling the criteria as on March 31, 2025 (i) Deposit-taking NBFCs (NBFCs-D) with ten (10) or more branches; (ii) Non-Deposit taking NBFCs (NBFCs-ND) with asset size of INR 5,000 crore and above and having public customer interface. These directions do not apply to a Housing Finance Company, Core Investment Company, Infrastructure Debt Fund-Non-Banking Financial Company, Non-Banking Financial Company - Infrastructure Finance Company, Non-Operative Financial Holding Company, Primary dealers, Mortgage Guarantee Company.

The key directions of the Reserve Bank of India (Payments Banks - Internal Ombudsman) Directions, 2026 and Reserve Bank of India (Non-Banking Financial Companies - Internal Ombudsman) Directions, 2026 inter alia include:

  • Every payment bank/NBFC (as the case may be) must appoint at least one (1) internal ombudsman and must ensure that the post of the internal ombudsman does not remain vacant at any time. To ensure this, a deputy internal ombudsman must also be appointed who will discharge the functions of the internal ombudsman in absence of internal ombudsman.
  • The tenure of the internal ombudsman/ deputy internal ombudsman must be a fixed term of not less than three (3) years. However, the total tenure (including extension/reappointment, if any) must not exceed five (5) years.
  • The Internal Audit Department of the payment bank/NBFC (as the case maybe) must conduct an internal audit in order to ensure the implementation of these directions with regards to process of appointment of internal ombudsman/deputy internal ombudsman; actions taken; auto-escalation of the partially resolved or wholly rejected complaints within the timelines.

These directions will come into effect immediately except the following directions which must be complied by June 30, 2026:

  • The number of internal ombudsman/deputy internal ombudsman must be determined by the Board of the NBFC or Customer Service Committee of the Board of the payment bank (as the case may be) on the basis of the volume and complexity of the complaints received.
  • The payment bank/NBFC (as the case maybe) must provide for three categories i.e. 'Fully Resolved', 'Partially Resolved' and 'Wholly Rejected' in its complaint management system for recording the decision on the complaints before the escalation to the office of internal ombudsman. However, certain types of complaints are exempted from such classification which inter alia include complaints relating to internal administration, human resources, matters relating to staff pay and emoluments within the bank etc.
  • The payment bank/NBFC (as the case maybe) must ensure that a complaint is not closed by the same branch/ unit / other touch points. A complaint which is being wholly rejected or partially resolved must be reviewed at a fairly senior level, which the payment bank/NBFC (as the case maybe) may decide as deemed fit, before sending it to the internal ombudsman.

Link Here

Link Here

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of Nusrat Hassan
Nusrat Hassan
Photo of Kapil Chaudhary
Kapil Chaudhary
Photo of Ambuj Sonal
Ambuj Sonal
Photo of Avisha Gupta
Avisha Gupta
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More