The Squirrels

Governance · Policy · Politics · The Economy

Friday, 3 July 2026
‹ The Squirrels
Economy

India's AI Tax Surveillance: Inside the New IT Act 2025

By The Squirrels·

On April 1, 2026, the relationship between the Indian state and its citizens will undergo a fundamental, irreversible shift. The commencement of the Income Tax Act, 2025, marks the culmination of a decade-long digital transformation, replacing the legacy 1961 framework with an AI-driven, faceless assessment model. Official sources verify that this new architecture is designed to process financial data at an unprecedented scale.

However, beneath the official narrative of a "simpler, more transparent" tax regime lies a sprawling surveillance apparatus. By mapping the exact data points collected, analyzing who controls this information, and examining the statutory framework, a stark reality emerges: India has constructed a financial panopticon with profound legal vulnerabilities and missing constitutional safeguards.

The Scale of Ingestion: Mapping the Data Points

The sheer volume of data ingested by the state's new architecture is staggering. According to official data, the Income Tax Department processed an estimated 6.5 billion financial transactions in the fiscal year 2024-25 alone. From this massive data pool, exactly 400 million (40 crore) Annual Information Statements (AIS) were generated, corresponding to the 9.19 crore income tax returns filed during the same period.

The system processed 6.5 billion financial transactions in FY 2024-25, generating 400 million Annual Information Statements to track taxpayer behavior.

This data is not merely aggregate; it is hyper-granular. The Statement of Financial Transactions (SFT) captures an exhaustive list of citizen activities. Verified official sources confirm the system maps:

  • Mutual fund purchases and share trading activities.

  • Foreign remittances and overseas assets.

  • Credit card payments and utility settlements.

  • The purchase of luxury goods, specifically tracking items like watches and art exceeding ₹1 million.

Furthermore, credible outlets report that effective April 2026, the new statutory thresholds for quoting a Permanent Account Number (PAN) will tighten the net further, dropping to ₹20 lakh for immovable property transactions and ₹5 lakh for vehicle purchases.

The financial return on this surveillance is already materializing. Official records show an additional tax mop-up of ₹11,000 crore generated from 11 million updated returns filed since April 2022, driven directly by automated data-sharing and targeted "nudge" campaigns.

Endless rows of servers representing the massive data processing scale of the tax department

The Architecture of Project Insight

The current surveillance machine was not built overnight; it is the result of incremental, systemic expansion. Analysts estimate that the foundation was laid nearly a decade ago.

In 2016, the Income Tax Department launched "Project Insight," an initiative officially designed to utilize artificial intelligence and machine learning to track high-value transactions and detect tax evasion. Over the years, this project evolved from a backend analytics tool into the primary interface of Indian tax administration.

By November 28, 2025, the Central Board of Direct Taxes (CBDT) launched its second "NUDGE" initiative. This program utilized Automatic Exchange of Information (AEOI) data to algorithmically prompt taxpayers to revise returns regarding foreign assets. The final integration occurs on April 1, 2026, when the Income Tax Act, 2025 officially commences, introducing unified tax years and the TRACES 2.0 portal, effectively hardwiring Project Insight's AI capabilities into the statutory core of Indian law.

The Legal Void: Surveillance Without Safeguards

The government maintains that this data collection is non-intrusive. According to the Press Information Bureau, the objective is "to build a tax regime that is not only simpler but also more transparent and intelligent." The official narrative frames the AI-driven system as a mechanism to promote voluntary compliance, aligning with national growth.

However, legal analysts and civil liberties groups argue that the system creates an unchecked surveillance state, pointing to a glaring disconnect between constitutional rights and statutory reality.

In August 2017, the Supreme Court of India delivered the landmark K.S. Puttaswamy v. Union of India judgment, recognizing privacy as a fundamental right under Article 21 of the Constitution. The judgment established that any state interference with privacy must meet strict tests of legality, necessity, and proportionality.

Yet, the legislative framework enabling the tax surveillance machine appears to bypass these tests. The Digital Personal Data Protection (DPDP) Act, passed in August 2023, establishes a data protection framework but grants broad exemptions to state instrumentalities. Legal analyses reveal that Section 17 of the DPDP Act grants the state exemptions that do not require traditional thresholds of "public emergency" or necessity.

Privacy advocates note that the DPDP Act replaces nuanced public interest standards with a blanket restriction on "information which relates to personal information," effectively removing the requirement to examine the connection between the information and public activity. As one legal expert estimated, the Act "places the privacy interests of public officials performing public duties on the same footing as those of ordinary private citizens, creating an irrational classification."

Legal document dissolving into digital code representing the loss of privacy safeguards

Digital Search Powers and Institutional Design

The most alarming vulnerability lies within the new tax code itself. Analysts report that Section 247 of the Income Tax Act, 2025 grants authorities unprecedented "digital search powers." This provision reportedly allows tax officials to access emails, social media, and digital communications without the strict proportionality safeguards mandated by the Puttaswamy judgment.

This contradicts official claims of a "non-intrusive" administration. By consolidating digital-first procedures directly into the statutory core, the state's data-gathering apparatus is largely insulated from routine judicial oversight.

Furthermore, the institutional design of the oversight bodies raises separation of powers concerns. While the DPDP Act created the Data Protection Board of India (DPBI), analysts point out that executive control over the DPBI's composition severely limits its ability to act as an independent check on the Income Tax Department's surveillance capabilities.

The Ground Reality: Algorithmic Injustice

While the CBDT touts "faceless assessments" as a method to eliminate human corruption, the ground reality for citizens and businesses is a heavy, often paralyzing compliance burden. The system shifts the burden of data reconciliation entirely onto the taxpayer.

Deductors face massive compliance costs due to complex, section-specific rules and the need for constant reconciliation between the AI-generated Annual Information Statement (AIS), the Taxpayer Information Summary (TIS), and actual income.

Crucially, the AI architecture effectively reverses the presumption of innocence in financial matters. Any mismatch between the AI-generated AIS/TIS and a taxpayer's filed return automatically triggers scrutiny, delayed refunds, or notices. AI tools are used to raise "red flags," leading to automated harassment where taxpayers must spend resources to prove the machine wrong. Unconfirmed reports from single sources suggest that a single unverified data point from a third-party reporting entity can freeze a small business's working capital through automated tax demands.

Stressed business owner working late at a laptop surrounded by paperwork

Historical Precedents and Future Implications

India's architecture is not entirely unique, but its scale and lack of safeguards are unprecedented. The system mirrors the United States' Foreign Account Tax Compliance Act (FATCA) and aligns with the OECD's Common Reporting Standard (CRS).

However, the closest cautionary tale comes from Australia. Historically, the Australian Taxation Office (ATO) implemented similar data-matching programs, which resulted in the disastrous "robodebt" scandal. Algorithmic errors unlawfully targeted vulnerable citizens with automated debt notices, leading to severe public backlash and massive legal settlements.

India's Project Insight scales this automated data-matching concept to a population of 1.4 billion. By amplifying the risks of algorithmic injustice in a developing democracy, the Income Tax Act, 2025 creates a volatile environment.

As the April 2026 rollout approaches, the data is clear: India has built a highly efficient, AI-driven tax collection machine. But by prioritizing data ingestion over constitutional safeguards, and automated enforcement over the presumption of innocence, the state has engineered a surveillance architecture that fundamentally threatens the financial privacy of every citizen. The question is no longer whether the state is watching, but whether the legal system retains the power to make it look away.