A scam every five minutes

Deepfake fraud has moved from novelty to daily threat. Reporting through 2025 found nearly half of Indian adults had been targeted by, or knew a victim of, an AI voice-cloning or deepfake scam — roughly double the global average. The financial damage is real, with a large share of victims losing money.

For businesses, the danger is the "CEO voice call": a finance executive receives an urgent voice note that sounds exactly like their MD, authorising a transfer. The voice is synthetic. The loss is not.

The regulatory response

In February 2026, India’s IT (Intermediary Guidelines) Amendment Rules introduced aggressive controls on synthetically generated content:

A short takedown window for flagged deepfake content — measured in hours, not days.
Mandatory labelling and metadata standards for AI-generated media.
Greater accountability for platforms hosting synthetic content.

This sits alongside the DPDP framework to form a tighter digital-governance net. But takedown rules act *after* content spreads — they don’t stop the targeted call to your finance team.

Regulation removes deepfakes from public platforms. It does nothing for the private WhatsApp message aimed straight at your employee.

Where your defence actually lives

The last line of defence against a deepfake is a trained human who follows a process:

Mandate call-back verification for any financial or sensitive request — on a known number, never the one provided in the message.
Establish a code-word or second-approver rule for high-value transactions.
Normalise scepticism of urgency. "I called to confirm" should never be career-limiting.
Run simulations that include voice and video pretexts, not just email.

The bottom line

India is building strong legal guardrails against deepfakes, and that matters. But for your organisation, resilience comes from process and awareness: verify the request, distrust the urgency, and make reporting effortless.