JSA Prism | FinTech | August 2025

Please click here to download the Prism as a PDF.

Balancing innovation and risk: How India’s financial regulators are approaching Artificial Intelligence

On August 13, 2025, the Reserve Bank of India (“RBI”) released the Framework for Responsible and Ethical Enablement of Artificial Intelligence (“FREE-AI”) Committee Report (“FREE AI Report”). This marks a step towards India’s approach to Artificial Intelligence (“AI”) governance. The FREE AI Report lays the foundational principles of responsible and ethical adoption of AI in the banking sector.

The Ministry of Electronics and Information Technology, alongside the sectoral regulators such as RBI and the Securities and Exchange Board of India (“SEBI”) have been wary of the increasing adoption and integration of AI and Machine Learning (“ML”) across sectors, particularly in the financial product or services sector. Starting with the government’s policy wing, NITI Aayog, publishing a series of policy papers on responsible AI principles back in 2018, India has witnessed several policy initiatives by way of sector specific guidance and sub-committee reports aiming to regulate AI. However, these guidance continue to remain non-binding and advisory in nature.

RBI’s Free AI Report

In December 2024, RBI unveiled its plans to constitute a FREE-AI committee to provide recommendations to develop an AI regulatory framework in the financial and banking sector. This committee was tasked with coming up with guardrails that enable innovation as well as mitigate risk.

The FREE AI Report identifies AI as a transformative technology reshaping financial services, offering both significant opportunities such as increased inclusion and heightened efficiency, and notable risks like bias, opacity, and cybersecurity threats. The FREE AI Report highlights the increasing integration of AI and machine learning in financial sector applications, from credit assessment and fraud detection to customer service improvements and recognises the need for a responsible and ethical framework for AI adoption by India’s diverse and evolving financial ecosystem.

The FREE AI Report’s approach is underpinned by 7 (seven) fundamental ‘Sutras’ (guiding principles):

1. trust as the foundation;
2. people first;
3. innovation over restraint;
4. fairness and equity;
5. accountability;
6. understandable by design, and safety; and
7. resilience and sustainability.

These principles are designed to ensure that AI adoption in finance enhances public trust, supports human judgment, promotes inclusion and fairness, and is auditable, explainable, and robust. The FREE-AI committee stresses the importance of fostering both innovation and effective risk mitigation and operationalises the sutras into 2 (two) complementary sub-frameworks:

1. ‘Innovation Enablement’ framework:  This framework focuses on strengthening the sector’s infrastructure (shared data and compute resources, sandboxes), adopting agile and adaptive policies, and building institutional and human capacity for AI innovation. It lays down recommendations for enabling innovation under 3 (three) pillars: (i) infrastructure; (ii) policy; and (iii) capacity. The recommendations include establishing a high-quality financial sector data infrastructure; launching AI innovation sandboxes; supporting indigenous financial sector-specific AI models; integrating AI with digital public infrastructure (DPI); developing adaptive, principle-based regulatory policies; and incentivising AI-driven affirmative actions for financial inclusion.
2. ‘Risk Mitigation’ framework: This framework mandates robust governance, consumer protection, continuous assurance, and focused oversight over the deployment and operations of AI systems in financial services. It also lays down recommendations for risk mitigation under its own 3 (three) pillars: (i) governance; (ii) protection; and (iii) assurance. On the risk mitigation front, the FREE AI Report prescribes board-approved AI policies, comprehensive data governance, structured model validation, mandatory red teaming (an adversarial testing approach designed to challenge AI systems to reveal hidden vulnerabilities, stress points, and risks) of high-risk AI, robust business continuity plans, AI incident reporting, comprehensive AI audit frameworks, transparent public disclosures, and standardised compliance toolkits to ensure responsible and trustworthy AI adoption across institutions.

Under these 2 (two) frameworks, the FREE-AI Report provides 26 (twenty-six) recommendations to operationalise the proposed regulatory framework for AI governance in the financial sector.

SEBI’s approach to AI governance in financial market

Alongside RBI, SEBI has also been on the frontier of AI governance in the Indian financial market. The increasing adoption of AI/ML technologies across financial markets in areas such as risk management, surveillance, compliance, and advisory services within stock exchanges, brokers, and mutual funds, has prompted SEBI to consider the risks and benefits posed by such AI systems. In this regard, SEBI released a consultation paper on June 20, 2025, on the proposed guidelines for the responsible usage of AI and machine learning in securities market and sought public and stakeholder comments. SEBI has put together recommendations to safeguard investor protection, ensure market integrity, and maintain financial stability in the Indian financial market.

The key recommendations set out in the consultation paper focus on establishing stringent model governance practices, robust testing frameworks, ongoing monitoring, and clear accountability for AI/ML implementations. The principles outlined require market participants to set up skilled internal teams, engage in continuous risk assessment, maintain comprehensive documentation, and adopt fallback mechanisms for model failures.

The consultation paper further emphasises on enhanced disclosure requirements to clients, anti-bias controls, independent auditing, periodic accuracy reporting to SEBI, and strict data privacy and cybersecurity measures. The proposal introduces a tiered regulatory approach, offering a light-touch regime for AI/ML systems not directly impacting clients, such as those used exclusively for internal compliance or surveillance.

Additionally, in February this year, SEBI notified an amendment to the SEBI (Intermediaries) Regulations, 2008 which introduced a new chapter relating to usage of AI. Per the amendment, persons and entities regulated by SEBI using AI/ML tools whether developed in-house or sourced from third parties are solely responsible for the privacy, security, and integrity of investors’ and stakeholders’ data, including fiduciary data, throughout all processes. They are also fully accountable for any outputs generated by such tools and for ensuring compliance with all applicable laws.

Code for regulated entities – developments in other jurisdictions

Several jurisdictions and their regulators are also introducing their own self-regulatory and guidance-based approaches to regulate AI adoption in financial services.

Financial regulators such as Monetary Authority of Singapore (“MAS”) in Singapore has issued guiding principles for the use of AI and data analytics in the financial sector. The MAS has issued sector-specific ‘FEAT’ principles (Fairness, Ethics, Accountability, and Transparency) for the financial services market. While these guidelines are not mandatory, they aim to guide banks, insurance companies, capital market intermediaries, and other entities supervised by MAS.

Similarly, United Kingdom’s financial regulator, the Financial Conduct Authority and the Bank of England published a joint discussion paper (DP5/22) on ‘Artificial Intelligence and Machine Learning’ in the financial sector. The paper examined the unique risks and challenges posed by AI/ML, including issues related to governance, model accountability, transparency, and regulatory gaps and suggested guiding principles to be adopted by financial market players.

Further, the European Union’s AI Act (“AI Act”) became the first binding law (will come to effect in a phased manner) to govern AI systems, however, it does not contemplate sectoral approach but rather an approach based on the risk which the AI tool poses. Further, the European Commission also released ‘General Purpose AI Code of Practice’ as a voluntary tool for the general-purpose AI models (one trained on large-scale data using self-supervision, capable of performing a wide range of tasks, and adaptable for integration into various systems, such as ChatGPT) to comply with the legal obligations on safety, transparency and copyright under the AI Act.

Conclusion

The FREE AI Report suggests AI-specific enhancements to existing RBI master directions. For instance, in directions governing outsourcing of functions under regulated entities, a suggested enhancement is to incorporate obligations to disclose the use of AI by third-party vendors and their subcontractors. Similarly, under the Cyber Security Frameworks in banks, capturing AI specific threats such as model poisoning and adversarial attacks in the risk assessments under cyber security policy and establish protocols for monitoring and mitigating AI related cybersecurity incidents. By providing both a principled foundation and actionable recommendations, the framework seeks to balance innovation with robust governance, making responsible AI adoption in the financial sector.

AI presents India with an opportunity to accelerate growth, improve governance, and solve challenges at scale. To unlock this potential, India must adopt a forward-looking regulatory approach. One that nurtures innovation, ensures accountability, and builds public trust. Striking this balance will be key to shaping an AI ecosystem that not only drives development but also safeguards our collective future.

This Prism has been prepared by:

Sajai Singh Partner

Himanshu Kumar Associate

Saurav Kumar Junior Associate

For more details, please contact [email protected]