By Prashant Kumar Chauhan, Ph.D., Faculty of Law, University of Lucknow.

Artificial Intelligence (AI) has emerged as both a potent instrument and a vulnerable target in the ever-evolving landscape of cybercrime. Its deployment ranges from enhancing cybersecurity infrastructure and predictive policing to facilitating sophisticated cyberattacks, such as deepfakes, autonomous phishing bots, AI-generated ransomware, and algorithmic manipulation. Simultaneously, AI systems themselves are increasingly being targeted by adversaries through techniques like data poisoning and adversarial attacks, exposing critical vulnerabilities. The legal and regulatory frameworks to govern such dual-use technology, however, remain fragmented and underdeveloped across jurisdictions.

This paper undertakes a comparative legal analysis of the regulatory approaches to AI and cybercrime adopted by India, the European Union, and the United States. It identifies the key strengths and shortcomings of each model, examining the extent to which existing legal instruments address the attribution of liability, automated decision-making, and protection of digital rights in the context of AI-driven cyber threats. While the European Union moves towards a unified and risk-based approach through the proposed AI Act, the United States adopts a sectoral, innovation-driven model, and India grapples with regulatory vacuum amid fast-paced digital transformation.

The paper aims to contribute to the discourse on harmonising AI governance with cybercrime control and proposes strategic legal reforms in India by drawing insights from global best practices and institutional experiences.

Keywords: Artificial Intelligence (AI), Cybercrime, Cybersecurity Infrastructure, European Union, United States, AI-Driven Cyber Threats.