Ashish Rawat is a second-year LL.B. student at the School of Law, HNB Garhwal University, SRT Campus, Tehri Garhwal. His academic interests lie at the intersection of criminal law, technology regulation, and constitutional jurisprudence, with a particular focus on how emerging technologies challenge traditional doctrinal frameworks. He closely follows developments in Indian criminal-law reform and global AI governance, and writes for legal blogs and student journals to engage with contemporary debates in the field.
Introduction
The Bharatiya Nyaya Sanhita, 2023 (BNS) was projected as a decolonial overhaul of Indian criminal law, replacing the colonial-era Indian Penal Code after more than 160 years on the statute book. Yet, despite a year of parliamentary debate and an explicit promise of modernisation, the BNS remains conspicuously silent on one of the defining technological challenges of our age: the rise of autonomous, self-learning Artificial Intelligence (AI). From generative models and algorithmic trading systems to autonomous vehicles and AI-driven surgical platforms, machines today take consequential decisions whose outcomes range from financial loss and reputational injury to grievous physical harm. When such harm occurs, Indian criminal law is asked a question it cannot answer: who held the “guilty mind”? This blog examines the mens rea vacuum embedded in the BNS, contrasts the Indian position with emerging global frameworks—principally the European Union’s AI Act—and argues that statutory reform, not judicial improvisation, must fill the gap.
I. The Anthropocentric Foundation of BNS, 2023
Mens rea—literally “guilty mind”—is the doctrinal pillar of criminal liability in common-law systems. The BNS, like the IPC before it, repeatedly relies on expressions such as “intentionally”, “knowingly”, “voluntarily”, “fraudulently”, and “dishonestly” to constitute most substantive offences. Sections 100, 103, 318, 336 and 351 of the BNS—covering culpable homicide, murder, cheating, forgery and criminal intimidation—each hinge on a human mental element.[1] Even strict-liability categories, confined largely to regulatory offences, presume a human actor whose physical act (actus reus) coincides with a presumed or imputed state of mind.
This framework is structurally incapable of accommodating an autonomous AI system, which possesses neither consciousness nor moral agency. A neural network does not “intend” to defame, “know” the falsity of its output, or “voluntarily” cause harm; it computes probabilities. When such a system causes a wrongful act, prosecutors are compelled to reverse-engineer mens rea onto a human developer, deployer, or end-user—often years removed from the decision and frequently unable to predict the model’s behaviour because of its opacity. The BNS provides no statutory shortcut, no doctrine of imputed liability for algorithmic conduct, and no recognition of distributed responsibility across the AI value chain.
II. The Autonomous AI Liability Puzzle
Three scenarios illustrate the gap. First, consider an autonomous vehicle whose perception model fails to identify a pedestrian at night, resulting in death. The operator may have done nothing wrong; the developer wrote code that performed accurately in testing; the model’s actual decision path may be inscrutable even to its authors. Section 106 of the BNS (causing death by negligence) demands “rashness” or “negligence”—standards calibrated to human cognition, not to stochastic gradient descent.[2]
Second, generative AI tools have already produced defamatory deepfakes and obscene content at scale. Sections 356 (defamation) and 294 (obscenity) of the BNS require knowledge or intent.[3] The user prompted; the model generated. Where the output exceeds the prompt—a frequent phenomenon known as model hallucination—liability becomes doctrinally untraceable.
Third, automated trading algorithms have triggered market-manipulation events across jurisdictions. Section 318, the cheating provision, requires “dishonest” inducement.[4] An optimising algorithm has no dishonesty; it has a loss function. In each scenario the BNS forces the prosecutor into two unsatisfactory positions: stretch human mens rea to cover algorithmic causation, or abandon the case entirely. Neither protects victims nor deters reckless deployment.
III. Comparative Frameworks: How the World Is Responding
The European Union’s AI Act, adopted in 2024, takes a risk-based regulatory approach.[5] It prohibits certain AI practices outright (social scoring, real-time biometric surveillance in public spaces subject to narrow exceptions), imposes stringent obligations on “high-risk” systems (conformity assessments, human oversight, traceability, post-market monitoring), and lighter rules on limited-risk applications. Crucially, the EU has paired the AI Act with a proposed AI Liability Directive that introduces a rebuttable presumption of causation against deployers of high-risk AI, shifting the evidentiary burden away from victims.[6]
The United Kingdom has opted for a principles-based, sector-led approach articulated in its 2023 White Paper A Pro-Innovation Approach to AI Regulation, relying on existing regulators (ICO, MHRA, FCA, CMA) to apply five cross-cutting principles. Liability questions are largely left to tort, contract and product-safety law.[7]
The United States lacks a single federal framework. The Biden Administration’s Executive Order 14110 on Safe, Secure, and Trustworthy AI set agency-level obligations;[8] NIST’s AI Risk Management Framework remains voluntary;[9] and states such as Colorado and California have enacted localised AI statutes. Criminal liability for algorithmic harm continues to depend on traditional doctrines, although academic proposals for “negligent design” and “duty to monitor” offences are gaining traction.
Common to all three jurisdictions is an explicit acknowledgement that conventional mens rea doctrines do not map cleanly onto autonomous systems—and that statutory reform must close the gap. The BNS, drafted while this global discourse was already well underway, made no such acknowledgement.
IV. The Indian Vacuum and the Road Ahead
India’s response remains fragmented. The Information Technology Act, 2000 was drafted before contemporary AI even existed, and its intermediary-liability framework under Section 79 was designed for hosting platforms, not generative systems. The Digital Personal Data Protection Act, 2023 addresses data privacy but not algorithmic harm.[10] The promised Digital India Act remains a draft. NITI Aayog discussion papers and MeitY advisories, while useful, carry no binding criminal-law force.
A coherent reform agenda for the BNS, or for a companion statute, should consider four interventions. First, a statutory category of “AI-assisted offences” with calibrated liability allocated across developers, deployers and users. Second, strict or presumptive liability where high-risk AI causes death, grievous hurt or large-scale financial harm. Third, mandatory algorithmic-audit and incident-reporting duties, breach of which would itself constitute an offence. Fourth, an evidentiary shift permitting adverse inference where the opacity of a system prevents victims from establishing causation by ordinary means.
V. Conclusion
The BNS, 2023 was a once-in-a-generation opportunity to write India’s criminal code for the next century. Instead, by retaining a wholly anthropocentric mens rea architecture, it has inherited the limitations of the IPC into an era it was meant to surpass. Until Parliament confronts the autonomy of machines through purposive legislative reform, Indian courts will be left improvising at the very frontier where rights, responsibility and remedy converge—and the victims of algorithmic harm will pay the price for that legislative silence.
[1]Bharatiya Nyaya Sanhita 2023, ss 100, 103, 318, 336, 351.
[2]Bharatiya Nyaya Sanhita 2023, s 106.
[3]Bharatiya Nyaya Sanhita 2023, ss 356, 294.
[4]Bharatiya Nyaya Sanhita 2023, s 318.
[5]Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence (Artificial Intelligence Act) [2024] OJ L 1689.
[6]European Commission, Proposal for a Directive of the European Parliament and of the Council on adapting non-contractual civil liability rules to artificial intelligence (AI Liability Directive) COM (2022) 496 final.
[7]Department for Science, Innovation and Technology, A Pro-Innovation Approach to AI Regulation (CP 815, March 2023).
[8]Executive Order 14110 of 30 October 2023, Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence 88 Fed Reg 75191.
[9]National Institute of Standards and Technology, Artificial Intelligence Risk Management Framework (AI RMF 1.0) (NIST 2023).
[10]Information Technology Act 2000, s 79; Digital Personal Data Protection Act 2023.
Ghostline Legal