Ethics of AI in accounting and taxation in 2026: ICAI guidance, DPDP Act, bias and hallucination risks, client disclosure, and professional accountability.
Ethics of AI in Accounting & Taxation
By 2026, AI is not a pilot project in CA firms — it is embedded in audit sampling, tax notice replies, GST reconciliation, and advisory drafts. Yet the ethical obligations governing its use have not changed in kind, only in urgency. The Chartered Accountants Act 1949, the ICAI Code of Ethics, the Digital Personal Data Protection (DPDP) Act 2023, and NFRA's inspection expectations collectively define a clear compliance perimeter. This article maps that perimeter, names the failure modes, and gives you the practical workflow to stay well inside it.
Why AI Ethics Is a Professional Compliance Obligation, Not a Soft Value
The word "ethics" can make practitioners tune out, assuming it means aspirational principles rather than enforceable rules. In the context of AI, that assumption is wrong.
When a CA signs an audit report, certifies a return, or issues a tax opinion that was materially shaped by an AI output, the professional liability under Section 22 of the Chartered Accountants Act 1949 attaches to that CA — not to the software vendor. ICAI's Disciplinary Committee does not accept "the AI said so" as a defence. NFRA, which oversees statutory auditors of listed entities and large public interest entities, explicitly expects auditors to understand, control, and document every tool they use. If an NFRA quality review finds AI-generated working papers with no evidence of professional review, the firm faces adverse findings regardless of whether the output happened to be correct.
This is the baseline: AI generates a draft; the professional owns the conclusion.
ICAI's Ethical Framework for AI Use
ICAI's guidance on artificial intelligence, issued through its Committee on Information Technology and reinforced in CPE materials through 2025–26, translates the Code of Ethics' five fundamental principles into AI-specific obligations.
Professional Competence and Due Care
You must understand the tool well enough to identify when it is wrong. This does not mean understanding the underlying model architecture — it means knowing the categories of error your tool produces. An AI trained on pre-2024 data will not know the Finance Act 2025 amendments. An AI without access to the GST portal's rate-notification database will apply rates from its training corpus. Competence means building verification steps for exactly these gaps, not trusting the output because it looks authoritative.
Confidentiality
Client financial data — balance sheets, PAN details, bank statements, turnover figures, litigation disclosures — is confidential under ICAI's Code of Ethics and protected personal data under the DPDP Act. Uploading this data into a public-facing AI interface (any model where prompts contribute to training data, or where data is processed on servers outside your contractual control) breaches both obligations simultaneously. Before selecting any AI tool, obtain the vendor's data-processing agreement, confirm that client data is not used for model training, and document this assessment.
Objectivity and Independence
AI tools trained on broad datasets can reflect systemic biases in financial reporting or tax positions — for example, systematically favouring certain treatment of intangibles because that treatment dominated the training corpus. In audit work, where your independence is the product you sell, an undisclosed AI-driven bias in sampling or analytical procedures is a material threat. Review AI-assisted analytical procedures the same way you would review a junior associate's work: critically, not deferentially.
Transparency
Clients have a reasonable expectation to know when material parts of their engagement are processed by AI systems. This is not just an ethical preference — for regulated entities, listed companies, banks, and NBFCs, it may be a board-level governance expectation or a regulatory requirement.
The DPDP Act 2023: What Changes for CA Firms Using AI
The Digital Personal Data Protection Act 2023 governs the processing of personal data of individuals in India, irrespective of where that processing occurs. A CA firm that feeds a client's employee salary data, director PAN details, or individual tax records into any AI tool — domestic or foreign-hosted — is acting as a Data Fiduciary under the Act.
Core Obligations for Data Fiduciaries
- Consent: You must have a valid, specific, and informed consent from data principals (the individuals whose data is processed) before processing their personal data for AI purposes. The fact that they signed an engagement letter with your firm does not automatically extend to AI processing — your engagement letter must make this explicit.
- Purpose limitation: Data collected for statutory audit cannot be fed into an AI tool you are using for unrelated business development or benchmarking purposes. Each use must map to a declared purpose.
- Security safeguards: The Act requires "reasonable security safeguards" to prevent data breaches. Using a free-tier AI tool with no contractual data-protection terms almost certainly fails this standard.
- Data Principal rights: If a client's director asks you to correct or erase their personal data from any AI system your firm uses, you must have a mechanism to comply. Ask your AI vendor whether client-specific data can be deleted on request before you onboard the tool.
Cross-Border Transfer
Many leading AI tools are hosted on servers in the United States, the European Union, or Singapore. Under the DPDP Act framework, cross-border transfer of personal data requires compliance with the transfer framework as notified by the Central Government. Until the specific list of permitted countries is formally notified and updated, firms should rely on contractual safeguards — Standard Contractual Clauses or equivalent — and restrict AI processing to anonymised or aggregated data wherever possible.
Penalty exposure is significant. Breaches of Data Fiduciary obligations under the DPDP Act can attract penalties reaching up to Rs. 200–250 crores for serious contraventions as per the Act's Schedule. Even for smaller firms, the reputational and regulatory cost of a data breach traced to an AI workflow is disproportionate to any efficiency gain.
The Hallucination Problem — Why It Is Especially Dangerous in Tax Work
Hallucination — the tendency of generative AI to produce confident, plausible, and entirely fabricated outputs — is not a bug that will be patched in the next version. It is a structural characteristic of large language models. In creative writing, hallucination is tolerable. In tax and audit work, it can cause direct financial harm.
Categories of AI Error Seen in Practice (FY 2025-26)
- Fabricated citations: The model cites a CBDT circular or ITAT order that does not exist, with a realistic-sounding number and date.
- Outdated thresholds: TDS thresholds, GST turnover limits, and presumptive taxation limits change with each Finance Act. An AI tool not updated to Finance Act 2025 will apply superseded numbers.
- Rate misclassification: Applying a GST rate from an old notification to a service that has since been reclassified.
- Section number errors: Conflating Section 269ST (cash transaction limits) with Section 269T (repayment of loans), or citing a provision as it read before an amendment.
- Procedural errors: Getting wrong the sequence of steps required on the income-tax portal or the GST portal, leading to procedural defaults.
Worked Example: When an Unverified AI Output Becomes a Client Liability
This is a generalised illustrative scenario, not a reference to any specific client engagement.
A manufacturing company engaged a CA firm for GST compliance in FY 2025-26. The firm used an AI tool to prepare the annual GST reconciliation between GSTR-1, GSTR-3B, and the books. The tool classified a category of works contract services provided to a private commercial developer as attracting 12% GST (the rate applicable to affordable housing and certain government contracts). The correct rate for commercial works contracts is 18%.
Contract value (taxable supply): Rs. 50,00,000 GST charged and paid at 12%: Rs. 6,00,000 GST actually due at 18%: Rs. 9,00,000 Short payment: Rs. 3,00,000
The GST officer issues a notice under Section 73 of the CGST Act 2017 (demand without allegation of fraud):
| Component | Amount |
|---|---|
| Tax demand | Rs. 3,00,000 |
| Interest under Section 50 @ 18% p.a. for 14 months | Rs. 63,000 |
| Penalty @ 10% of tax (minimum) | Rs. 30,000 |
| Total outgo | Rs. 3,93,000 |
If the officer concludes there was suppression or deliberate misclassification, Section 74 applies, and the penalty floor becomes 100% of tax — bringing the total to approximately Rs. 6,63,000 on a Rs. 50 lakh contract.
The CA who relied on the AI output without independently verifying the applicable GST notification has:
- Caused a direct financial loss to the client
- Signed or certified a return containing an incorrect rate
- Created potential exposure under Section 122(2) of the CGST Act, which extends liability to persons who help another evade tax, even without intent
- Opened the door to an ICAI disciplinary complaint
The fix is not to stop using AI for GST reconciliation. The fix is to require a mandatory human check of every rate applied by the AI against the current GST rate notification before the reconciliation is finalised.
Building an AI Quality Control Workflow: Step by Step
Ethical AI use is not a matter of intention — it is a matter of process. Here is a workflow that holds up under ICAI peer review, NFRA inspection, and client audit.
- Define AI-permitted tasks in your firm's quality policy. Which tasks may be AI-assisted (drafting, classification, summarisation) and which require human-first treatment (tax opinion, audit conclusion, court filing)?
- Select tools with data-processing agreements (DPAs). Before onboarding any AI tool, obtain a signed DPA confirming: no training on client data, right to delete, encryption in transit and at rest, and breach notification timelines.
- Use anonymised or synthetic data for testing. When testing a new AI tool on your workflow, use dummy data — not live client files.
- Run the "golden source" verification step. For every legal provision, rate, threshold, or procedural requirement cited in an AI output, verify against the Bare Act text, official notification, or the relevant government portal (income-tax portal, GST portal, MCA V3) before it enters a client deliverable.
- Log AI involvement in every working paper. Each AI-assisted document in your working paper file must note: the tool name and version, the date and time of use, the initiating user, the prompt category (not the verbatim prompt if it contains client data), and the reviewer who cleared the output.
- Two-level review for high-stakes outputs. Any AI-assisted output that will be submitted to a tax authority, included in an audit report, or shared with a board should pass through a preparer review and a partner or manager review before release.
What Your Engagement Letters Must Now Say
If your standard engagement letter was drafted before 2024, it almost certainly does not address AI. Update it. At minimum, include:
- AI disclosure clause: A statement that the firm may use AI-assisted tools in the delivery of services, specifying the categories of work (not the tool names, which change).
- Data processing statement: Confirmation that client data will be processed in accordance with applicable data protection laws including the DPDP Act 2023, and that the firm's AI tool vendors are bound by appropriate data-processing agreements.
- Client restriction protocol: A mechanism by which the client can notify you that specific categories of their data — for example, undisclosed litigation, board-level strategy data, personal data of promoters — must not be processed through AI systems. Document your response to such restrictions in the engagement file.
- Responsibility affirmation: An express statement that the professional conclusions, tax positions, and certifications issued by the firm remain the responsibility of the engaged CA, and that AI tools are used as assistive instruments only.
Some listed-company clients, banks, and regulated entities will have their own AI governance policies that may impose additional restrictions. Ask for these policies at the engagement kick-off, not after the work is done.
Audit Trail: The Non-Negotiable Documentation Standard
SA 230 (Audit Documentation) requires auditors to document the nature, timing, and extent of audit procedures performed and the audit evidence obtained. The use of AI in an audit procedure is a matter that must be documented under this standard — the AI does not document itself.
For each AI-assisted audit or tax procedure, maintain a log that captures:
- Tool name and version (e.g., model version matters because outputs differ across versions)
- Date and time of the AI interaction
- User ID of the team member who ran the query
- Nature of the task (classification, drafting, anomaly detection, summarisation)
- Review action taken — specifically what the reviewer checked against what golden source
- Final output reference — the document identifier in the engagement file that reflects the reviewed, human-approved conclusion
This log must be retained as part of your working paper file for the same period as your other working papers — generally seven years for audit engagements, or longer if litigation is pending. Several practice management platforms designed for Indian CA firms now include native AI audit-trail modules; using a platform without this feature increasingly looks like a gap in quality management under ICAI's Statement on Quality Management (SQM 1 and ISQM-equivalent frameworks adopted by ICAI).
Common Mistakes That Create Professional Risk
These are the patterns that recur across peer reviews and disciplinary proceedings:
- Treating AI output as a first draft that goes directly to the client. No AI output should reach a client without a trained professional reviewer in the chain.
- Using a free or consumer-grade AI tool for client work. Free-tier tools typically have no data-processing agreement and may use prompts for training.
- Failing to update AI tools before major tax season. An AI tool not refreshed after a Finance Act notification will carry forward superseded thresholds and rates.
- No disclosure in engagement letters. If the client later objects to AI use, an engagement letter without an AI clause leaves the firm without contractual protection.
- Assuming AI-generated citations are real. Section numbers, circular references, and court citations from generative AI must always be verified against primary sources.
- Excluding AI use from working paper logs. A working paper that shows a polished, well-structured output with no evidence of how it was produced raises questions in peer reviews and NFRA inspections.
- Not training junior staff to flag AI errors. In a culture where questioning AI output is discouraged (because it slows things down), errors accumulate silently until they reach a client deliverable or an AO scrutiny notice.
- Ignoring client-imposed restrictions mid-engagement. If a client verbally restricts AI processing of a specific document and the restriction is not documented and enforced, the firm has no record of compliance.
Cross-Border Engagements: Navigating Overlapping Frameworks
CA firms with international clients face a layered compliance problem. An AI tool processing personal data of an EU-resident individual is simultaneously subject to the GDPR (General Data Protection Regulation) and, if the individual is also an Indian data principal, the DPDP Act. For US clients with SOX obligations or HIPAA-regulated data, the requirements on data residency and access controls may be more restrictive than Indian law.
The practical principle: apply the most restrictive framework that applies to the data subject in question. For cross-border engagements:
- Maintain a data-mapping record identifying the nationality and residency of every data principal whose personal data enters your AI workflow
- Ensure your DPA with the AI vendor addresses the applicable foreign frameworks
- Where you cannot satisfy cross-border transfer requirements, process only anonymised data through AI and retain identifiable data within controlled, jurisdiction-compliant systems
- Document your cross-border data flow decisions in the engagement file, not just in your firm's general privacy policy
Key Takeaways
- You own the output. Every AI-assisted conclusion you deliver to a client or submit to a tax authority is your professional responsibility under the CA Act 1949. "The AI produced it" is not a defence before ICAI, NFRA, or a court.
- The DPDP Act 2023 applies the moment you feed personal data into an AI tool. Obtain a signed DPA from your vendor, build consent into your engagement letter, and test your data-deletion mechanism before you need it.
- Hallucination is structural, not accidental. Build a mandatory golden-source verification step into every AI workflow — especially for tax rates, section numbers, and notification references. Do not rely on an output looking correct.
- Document AI use in your working papers. Log the tool, version, user, date, task, and review action for every AI-assisted step. SA 230 and NFRA inspection expectations require it.
- Update your engagement letters now. Include an AI disclosure clause, a data-processing statement, and a client restriction protocol. A letter silent on AI offers no contractual protection if a dispute arises.
- Train your team to flag AI errors without fear. A culture of deference to AI output is operationally dangerous. The most valuable quality-control asset in your firm is a junior associate who says "I checked this citation and it doesn't exist."
- For cross-border engagements, apply the most restrictive applicable data-protection framework. DPDP, GDPR, SOX, and PDPL can overlap — map your data subjects before selecting your AI processing workflow.
