How does AI detect GST tax evasion?

AI runs unsupervised clustering, supervised classifiers and graph analytics on GSTR-1, GSTR-3B, GSTR-2B, e-invoice, e-way bill, FasTag and bank data to detect anomalies. Patterns like circular trading, abnormal credit notes, unusual transit routes and refund concentration emerge as risk signals, which the system uses to score and rank taxpayers for audit.

Will AI replace GST officers?

No. AI ranks and prepares cases, but human officers retain decision authority. They review the AI-curated evidence, conduct physical verification where needed, exercise judgement and issue notices under Sections 73, 74 or 122. This human-in-the-loop design balances efficiency with fairness and remains the standard for Indian tax administration.

How can businesses reduce their AI-driven GST risk score?

File GSTR-1 and GSTR-3B on time, reconcile GSTR-2B every month, manage vendor compliance through scorecards, maintain disciplined e-invoice and e-way bill records, respond promptly to system nudges and DRC-01A intimations, and avoid abrupt swings in ITC claims or refund profiles that look anomalous compared to peer taxpayers.

Does AI enforcement comply with the DPDP Act?

Government AI systems must align with the Digital Personal Data Protection Act, 2023 and its 2025 rules where personal data is involved. Expect more transparency over time about model design, data used, and explanations behind major notices, especially in cases that proceed to tribunal or High Court for adjudication.

AI Role in Preventing GST Tax Evasion

In FY 2026-27, the CBIC's Directorate General of Analytics and Risk Management (DGARM) does not wait for audit season to find tax evasion. It runs machine-learning models against every return, every e-invoice and every e-way bill filed across India's 1.4 crore active GSTINs — continuously, not periodically. Each GSTIN carries a dynamic risk score. When that score breaches a threshold, automated systems can block Input Tax Credit (ITC), freeze refunds or direct a jurisdictional officer to issue a notice under Section 73 or 74 of the CGST Act, 2017 — often before the taxpayer has even filed the next month's return.

Why GST Enforcement Needed AI — And Got It

India's GST ecosystem generates data at a scale that makes rule-based compliance checks practically impossible. Consider just a month's worth of activity: roughly 1.2 crore GSTR-3B returns, over 90 crore e-invoices, and tens of lakhs of e-way bills. Behind each data point sits a network of suppliers, buyers, transporters, bank accounts and PAN holders.

The old approach — selecting cases for audit based on periodic desk reviews or informant tips — was never going to scale. AI does three things the old approach could not:

Pattern recognition at scale. Unsupervised clustering groups GSTINs by behaviour. A freshly registered GSTIN that immediately issues large invoices to buyers in distant states, with zero inward purchase records, is instantly distinguishable from any legitimate business cluster.
Cross-source correlation. AI joins GSTR-1 data with GSTR-2B, Invoice Reference Number (IRN) records from the Invoice Registration Portal (IRP), e-way bill logs, FasTag tolling data for commercial vehicles, and the Income Tax department's Annual Information Statement (AIS). A declared consignment that never generated an e-way bill is a signal a human reviewer would rarely catch manually.
Continuous re-scoring. Risk scores update each time new data arrives. A GSTIN that was low-risk in April 2026 can become high-risk by June if its supplier network changes or a key vendor is flagged in another investigation.

Union Budget 2026-27 earmarked resources for expanding CBIC's data infrastructure, including capabilities for graph analytics and advanced pattern detection across indirect tax data. DGARM is the operational arm that translates that investment into enforcement actions on the ground.

Inside DGARM: How Your GSTIN Gets a Risk Score

DGARM — the Directorate General of Analytics and Risk Management — sits above the jurisdictional structure, feeding risk signals to Principal Chief Commissioners and jurisdictional officers across India. It does not adjudicate; it prioritises.

Your GSTIN's risk score is a composite built from several weighted signals:

Filing behaviour. Chronic lateness on GSTR-1 or GSTR-3B is itself a flag, separate from the late fee under Section 47. A firm that consistently files on the 35th day after the due date signals either administrative weakness or a deliberate pattern of deferring reconciliation scrutiny.
ITC utilisation patterns. The ratio of ITC claimed to tax paid in cash is compared against industry cohorts. If you claim near-100% of your liability through ITC every month across all heads — Integrated GST (IGST), Central GST (CGST), State GST (SGST) and Cess — while peers in your industry show higher cash tax payment rates, the model takes note.
Supplier network quality. DGARM scores your supply chain, not just your GSTIN. If even one of your top-five suppliers has a low compliance rating — an irregular filer, negligible e-way bill generation relative to declared sales, or an appearance in a prior fraud cluster — your score worsens accordingly.
Turnover-to-activity consistency. A trading firm declaring Rs. 20 crore of outward supplies but with negligible electricity consumption per AIS data, no payroll reflected in Form 26AS, and no e-way bill generation is inconsistent with its own declared profile.
Amendment and cancellation frequency. Repeated amendments to GSTR-1, unusually high IRN cancellation rates, or large credit notes issued in the final days of a financial period all count against the score.

The score updates monthly — sometimes more frequently when a fraud network is being unwound and related GSTINs across the ring are being re-evaluated together.

The Five AI Detection Modules Running in 2026

1. Fake ITC Detection via Graph Analytics

This is CBIC's most powerful enforcement tool and the one with the widest blast radius. Graph models map every GST transaction as a network: nodes are GSTINs; edges are invoices. A missing trader — a firm that issues invoices collecting GST from buyers but never remits the tax or files GSTR-3B — creates a distinctive subgraph: large outward supplies shown in GSTR-1, near-zero inward purchases, no e-way bills and a PAN linked to multiple dormant or newly registered GSTINs.

The model does not just flag the missing trader. It traces every downstream recipient of that GSTIN's invoices and scores them as potential participants in ITC fraud. If you received invoices from a missing trader — even in good faith — you appear in a flagged cluster. This is why vendor due diligence is a legal obligation, not a courtesy.

2. Return Mismatch Scoring (GSTR-1 / 3B / 2B)

GSTR-1 (outward supply detail), GSTR-3B (summary return with tax payment) and GSTR-2B (auto-populated ITC ledger derived from suppliers' GSTR-1 filings) must tell a consistent story. AI looks for:

ITC claimed in GSTR-3B that exceeds what GSTR-2B reflects — a potential violation of the condition under Section 16(2)(aa), inserted by the Finance Act 2021
Outward supplies declared lower in GSTR-3B than in GSTR-1 — under-declaration of output tax liability
Timing abuse: large ITC claims in months when the corresponding GSTR-2B has not yet been fully populated by suppliers

A single month's mismatch may be explainable. A pattern of mismatches in one direction, month after month, at material amounts, is what the AI flags — and what the Proper Officer investigates.

3. E-Invoice and E-Way Bill Anomaly Detection

Since August 2023, e-invoicing has been mandatory for businesses with aggregate turnover exceeding Rs. 5 crore. Every B2B invoice must carry an IRN issued by the IRP before the invoice is served on the buyer. The AI cross-references:

IRN issuance against e-way bill generation: a Rs. 10 lakh consignment to a buyer 500 km away with no matching e-way bill is physically incoherent
IRN cancellation rates: firms that issue and cancel large volumes of IRNs within 24 hours are suspected of using IRNs for collateral or financing purposes rather than genuine trade
FasTag tolling records: commercial vehicles crossing toll plazas generate data that CBIC can cross-reference against declared e-way bill routes and dates

4. Refund Profiling for Exporters

Exporters claiming refunds under a Letter of Undertaking (LUT) receive heightened scrutiny because the zero-rated supply mechanism — export without payment of tax, followed by ITC refund — has historically attracted abuse. DGARM's model profiles each exporter against a cohort of comparable exporters by:

Input concentration: if 80% of your ITC comes from one supplier and that supplier has a weak compliance profile, the refund application is held pending investigation
Export document consistency: shipping bills, bank realisation certificates and GSTR-1 Table 6A export entries are matched automatically
Sudden export spikes: a business with no export history that suddenly claims large refunds over a short period is inconsistent with its prior profile

Refunds can be withheld without a formal notice in cases of serious red flags, under the discretion available to the Refund Sanctioning Authority.

5. Credit-Note Abuse and Amendment Patterns

Section 34 of the CGST Act permits a supplier to issue a credit note reducing output tax liability, with the corresponding obligation on the recipient to reverse ITC. The AI tracks credit-note issuances against the timeline of original invoices, tax payments and the recipient's ITC reversal records. Year-end clusters of large credit notes — particularly in March — that reduce the supplier's annual liability without corresponding ITC reversals in recipient GSTR-3B filings are a classic pattern the model is specifically calibrated to detect.

How a Risk Flag Becomes a Legal Notice

The AI system does not issue notices. It prioritises. A flagged GSTIN enters a queue reviewed by a jurisdictional Proper Officer. The officer's toolkit, informed by the AI's curated evidence package, includes:

DRC-01A — A pre-show-cause intimation under Rule 142(1A) of the CGST Rules, 2017. This is the department's first formal communication, inviting payment of the ascertained amount with a reduced or nil penalty before a full notice is issued. If you respond within 30 days with full payment, the penalty under Section 73 is nil for non-fraud cases.
Section 73 notice — For demand of tax not paid, short-paid, or ITC wrongly availed where fraud is not alleged. Time limit: 3 years and 9 months from the due date of the relevant annual return. Penalty: 10% of tax, minimum Rs. 10,000.
Section 74 notice — Where fraud, wilful misstatement or suppression is alleged. Extended time limit: 5 years and 9 months. Penalty: 100% of the tax evaded. If paid within 30 days of the Section 74 notice: penalty reduces to 25% under Section 74(5).
Rule 86A — The Proper Officer can block the entire ITC balance in your Electronic Credit Ledger — immediately and without full adjudication — where there is reason to believe the ITC was fraudulently availed. This is the most operationally disruptive consequence for a working business.

Worked Example: A Rs. 15 Lakh Fake ITC Claim and Its Full Cost

A Mumbai-based garment trading firm with turnover of Rs. 2.4 crore in FY 2024-25 availed Rs. 15,00,000 in IGST ITC from a Surat-based supplier during June–September 2024. The supplier's GSTIN appeared correctly on GSTR-2B each month, and the trader claimed the ITC in GSTR-3B without further scrutiny.

DGARM's graph model, running in November 2024, identifies the Surat GSTIN as a missing trader: Rs. 1.2 crore of outward supplies declared in GSTR-1, zero e-way bills generated, GSTR-3B unfiled for all four months, and the same PAN linked to two other GSTINs in Gujarat showing identical patterns. The garment trader's GSTIN enters the fraud cluster automatically.

Legal exposure under Section 74 (fraud alleged):

Component	Basis	Amount
Tax demand	ITC wrongly availed	Rs. 15,00,000
Interest (Section 50)	18% p.a. × 18 months	Rs. 4,05,000
Penalty (Section 74)	100% of tax evaded	Rs. 15,00,000
Total exposure
Rs. 34,05,000

If the trader pays within 30 days of DRC-01A — before the formal Section 74 notice is served — the penalty is nil or, at worst, 25% (Rs. 3,75,000), saving a minimum of Rs. 11,25,000 compared to post-notice adjudication.

If the trader had run a monthly e-way bill check on their top suppliers, the Surat GSTIN's profile — high declared sales, zero e-way bills, unfiled returns — would have been visible on the GST portal's "Search Taxpayer" function in July 2024 itself. The cost of that check: negligible.

What You Must Do Right Now: A Compliance Checklist

Monthly Actions (Non-Negotiable)

File GSTR-1 by the 11th (monthly filers) or by the 13th of the month after the quarter-end (QRMP filers under the Quarterly Return Monthly Payment scheme). Late filing is a standalone risk signal — the model treats it as a behavioural pattern, not an administrative lapse.
Reconcile GSTR-2B before filing GSTR-3B. Claim ITC only up to what GSTR-2B reflects for each supplier. Section 16(2)(aa) makes this a statutory condition, not a best practice.
Run the GSTR-1 versus GSTR-3B delta on the day you file GSTR-3B. Outward supplies and output tax declared in GSTR-1 must be at least equal to what you declare in GSTR-3B Table 3.1.
Check your top-10 suppliers' filing status using the "Search Taxpayer" function on the GST portal (www.gst.gov.in). If a key vendor has not filed GSTR-3B for two or more consecutive months, stop availing ITC from that supplier and issue a written notice to them.
Verify IRN generation for every B2B invoice you issue above the e-invoice threshold. Download bulk IRN reports from the IRP and match them against your sales register before month-end.

Quarterly and Annual Actions

Run a full Section 17(5) blocked-credit review — ITC on motor vehicles, construction services, employee food and recreation, and club memberships is blocked; misclassification is a clean Section 73 trigger.
Before filing GSTR-9 (annual return for FY 2026-27, due December 31, 2027), reconcile the full year's GSTR-1, 3B and 2B; declare any ITC reversals and short-paid tax proactively rather than waiting for a notice. Voluntary disclosure under Section 73(5) eliminates penalty entirely.
For exporters, ensure all shipping bills are tagged to GSTR-1 Table 6A entries, bank realisation certificates are on file, and the LUT reference number for FY 2026-27 is correctly recorded before claiming any refund.

Common Mistakes That Inflate Your AI Risk Score

Claiming ITC beyond GSTR-2B without documentation. Section 16(2)(aa) is unambiguous. If ITC does not appear in GSTR-2B, the legal conditions to claim it are stringent. Exceeding the GSTR-2B balance without a documented legal basis is one of the highest-probability Section 73 triggers.
Filing GSTR-3B with round-number tax figures. A tax liability of exactly Rs. 5,00,000 or Rs. 10,00,000 every single month without variation is statistically improbable for any real business. The model notices.
Ignoring DRC-01A intimations. These have a 30-day response window. Letting the window expire converts a potentially penalty-free resolution into a full Section 73 or 74 adjudication with mandatory interest.
Not updating your GSTIN's contact details. If the department sends a system nudge or intimation to an obsolete mobile number or email, and you miss it, the non-response itself becomes an adverse data point in your profile.
Issuing large credit notes in March without corresponding ITC reversal tracking. Year-end credit notes that visibly reduce output liability, without evidence of ITC reversal in the recipient's returns, are one of the most reliably flagged patterns in DGARM's credit-note abuse module.
Concentrating purchases in related parties without arm's-length pricing documentation, formal agreements and full e-invoice compliance. Related-party transactions are a specific audit signal across both GST and direct tax AI systems, and the two datasets are increasingly being cross-referenced.

Governance, Fairness and DPDP 2023

AI-driven enforcement raises legitimate questions about due process. A GSTIN flagged by a model is not automatically guilty. The law requires the Proper Officer to apply independent mind before issuing a notice — the AI risk score is an input to that mind, not a substitute for it.

Under the Digital Personal Data Protection Act, 2023 and its 2025 rules, personal data processed by government systems — including data linked to individual proprietors, partners and directors — is subject to purpose limitation and data minimisation requirements. Courts and tribunals are beginning to ask, in high-value adjudications, whether the model's output was disclosed to the taxpayer in a form that allowed meaningful challenge.

Practically, this means you have defensible grounds to:

Request the specific mismatch data relied upon in any written reply to a notice under Section 73 or 74. The Proper Officer is not obliged to share model source code but must disclose the transactions and figures that form the basis of the demand.
Challenge factual errors in the underlying data at the earliest stage — a wrong e-way bill association, a misattributed GSTIN, or an IRN incorrectly linked to your PAN. Errors at the data layer, if left unchallenged, compound through the adjudication and appellate process.
Document legitimate explanations for anomalies before the first hearing. A temporary spike in the ITC-to-output ratio caused by a capital goods purchase is entirely explainable with the purchase invoice, e-invoice IRN, e-way bill and payment record in one coherent folder.

Building an AI-Aligned Internal Compliance Function

The most effective response to CBIC's GST AI enforcement is to run the same analytics on your own data before the department does.

Build a monthly internal risk dashboard — a spreadsheet or a simple BI extract — tracking:

GSTR-2B match rate: ITC claimed in GSTR-3B ÷ ITC visible in GSTR-2B. Target 100%; investigate anything below 95% before the next period opens.
Supplier filing health score: what percentage of your ITC-contributing vendors filed GSTR-3B on time in the trailing twelve months. Flag any supplier below 85%.
E-invoice coverage rate: B2B invoices with valid, uncancelled IRN as a percentage of total B2B invoices issued. Target 100%.
Credit-note ratio: credit notes issued as a percentage of gross turnover. Flag when materially above your own historical average, and document the business reason.

Vendor scoring deserves particular attention. Each quarter, assign your significant suppliers a score based on four factors: (1) timely GSTR-3B filing over trailing twelve months; (2) GSTR-2B ITC reflected without gaps; (3) e-invoice compliance rate; and (4) no adverse enforcement action per public records. Suppliers scoring below your defined threshold trigger a conversation — and potentially a shift to cash-on-delivery terms until the vendor improves.

Finally, build a documented policy repository for contentious GST positions: your cross-charge methodology between group entities, place-of-supply determinations for complex services, reverse-charge liability under Sections 9(3) and 9(4), and blocked-credit classifications under Section 17(5). Positions that are written down, internally reviewed and consistently applied are far more defensible at notice stage — and far less likely to be flagged as suppression — than positions reconstructed after a notice arrives.

Key Takeaways

DGARM scores every GSTIN dynamically. Your GST risk score updates monthly based on filing behaviour, ITC patterns, supplier network quality, e-invoice consistency and cross-dataset correlations with AIS and FasTag data.
Fake ITC detection is graph-based and has a wide blast radius. Receiving invoices from a missing trader pulls your GSTIN into a fraud cluster regardless of intent. Vendor due diligence is a legal obligation under Section 16(2), not optional goodwill.
The financial cost of Section 74 is extreme. A Rs. 15 lakh fake ITC claim can generate Rs. 34 lakh of total exposure — tax plus 18% annual interest plus a 100% penalty. A DRC-01A response within 30 days can cut that by over Rs. 11 lakh.
GSTR-2B reflection is a statutory condition for ITC. Section 16(2)(aa) is not administrative guidance — it is law. Exceeding your GSTR-2B balance without documented legal justification is one of the cleanest Section 73 triggers in the system.
DRC-01A is your lowest-cost exit from any dispute. Paying the ascertained amount within 30 days of a pre-notice intimation eliminates penalty entirely in non-fraud cases and reduces it to 25% in fraud cases. Never let a DRC-01A expire unanswered.
Run your own risk analytics before the department runs theirs. A monthly dashboard covering GSTR-2B match rate, supplier filing health, e-invoice coverage and credit-note ratios mirrors the primary signals DGARM tracks — and gives you advance warning of every flag the system is likely to raise.
AI enforcement is contestable. Request the specific transaction data behind any notice; challenge factual errors at the first opportunity; document legitimate explanations for anomalies before adjudication begins. The AI risk score is an input to a human decision — not the decision itself.

AI Role in Preventing GST Tax Evasion