1. Why synthetic sexual content belongs in the POSH conversation
2. Weather workplace have moved beyond office premises? How does this affects POSH Policy
3. The 2026 IT Rules have raised the stakes. What Leaders should consider?
4. Recent cases around Deepfake sexual content – why response matters?
5. Building a POSH response that is ready for synthetic harassment
Deepfake Workplace Harassment are becoming a growing workplace concern as AI-generated sexual content, manipulated media, and digital harassment incidents increase across professional environments.
Sometimes, all it takes is her face.
A photograph from LinkedIn. A profile picture from Instagram. A still from an office event. Within minutes, that face can be placed onto an intimate image, a fake nude, a sexualised video, or a compromising scene that never happened.
The image may be artificial. The harm is not.
This is the new workplace problem employers cannot afford to treat as “just an online issue”: synthetic sexual harassment. It may involve no physical contact, no closed-door meeting, no direct proposition and no inappropriate touch. But when such content enters the workplace, travels through workplace relationships, or affects a woman’s ability to work with dignity, it becomes a workplace safety issue.
And in many cases, it may become a POSH issue.
Why synthetic sexual content belongs in the POSH conversation
The POSH Act recognises sexual harassment as more than physical contact. Its definition includes sexually coloured remarks, showing pornography, and any other unwelcome physical, verbal or non-verbal conduct of a sexual nature.
That final category of non-verbal conduct matters.
A deepfake nude, morphed image or fake intimate video may not depict a real event. But the question for an employer is not limited to whether the image is authentic. The better question is whether a woman’s identity was sexualised without consent in a work-linked context, and whether that affected her dignity, safety, professional relationships or working conditions.
That is where synthetic sexual content enters POSH territory.
The Supreme Court’s reasoning in Apparel Export Promotion Council v. A.K. Chopra remains important here. The Court made it clear that workplace sexual harassment must be understood through the lens of dignity, decency and women’s safety at work, not merely through the presence or absence of physical contact.
That principle is now being tested in a digital workplace.
Weather workplace have moved beyond office premises? How does this affects POSH Policy
It also happens through WhatsApp groups, Teams chats, Slack channels, shared drives, video calls, client groups, employee networks, social media connections and informal work-adjacent spaces.
A fake intimate image may not be created on an office device. It may not be sent during working hours. It may not first appear in an official company group. But that does not automatically remove the workplace connection.
If colleagues circulate it, joke about it, threaten to share it, use it to isolate the woman, or allow it to affect her professional environment, the employer cannot dismiss the matter as purely personal or purely online.
Indian courts have also cautioned against reading “workplace” narrowly. In Saurabh Kumar Mallick v. Comptroller & Auditor General of India, the Delhi High Court recognised that the meaning of workplace in a sexual harassment context cannot be confined only to the employer’s physical office premises when the purpose of the law is to protect women in work-linked environments.
That approach is critical now because digital misconduct rarely respects formal boundaries.
A company cannot simply say, “This happened online.”
Online is where work now lives.
The 2026 IT Rules have raised the stakes. What Leaders should consider?
Deepfakes are no longer a futuristic risk. In 2026, India amended the Information Technology Rules to specifically address synthetically generated information, including deepfakes and other AI-generated or AI-altered content. The amendment was notified through Gazette notification G.S.R. 120(E), dated 10 February 2026, and came into force on 20 February 2026. MeitY’s FAQ on FAQ on synthetically generated information and deepfakes explains how the new framework applies to synthetic content, including platform obligations around labelling, metadata, user warnings and takedown timelines.
The Rules define synthetically generated information broadly, covering artificially or algorithmically created, generated, modified or altered audio, visual or audio-visual information that appears authentic or true and may be difficult to distinguish from real persons, events, speech or conduct.
MeitY’s FAQ also notes that in the case of an unlawful morphed intimate image, an intermediary, such as a social media platform, hosting provider or online service facilitating the circulation of such content must disable access within two hours of receiving the complaint. While this makes timely response critical, but it does not alter the employer’s core responsibilities within the workplace. Employers should therefore:
- ensure strict confidentiality of the complaint, the identity of the complainant and the related proceedings;
- preserve relevant evidence, including screenshots, emails, chat records, device logs or internal reports, in accordance with applicable law and company policy;
- implement interim protective measures where necessary, including restricting contact, changing reporting structures or limiting workplace interaction;
- ensure that no retaliatory action, victimisation or adverse treatment is directed against the complainant or witnesses;
- provide appropriate support mechanisms, including access to the Internal Committee, counselling resources or employee assistance channels;
- assess whether the conduct has a sufficient nexus with the workplace so as to constitute workplace sexual harassment or misconduct under applicable law and internal policy; and
- coordinate with intermediary platforms and law enforcement authorities, where required, for removal, reporting or further investigation of the content.
An employer should not say, “Go to the platform first,” “Go to the police first,” or “We cannot act unless the image is proved real.”
That response misunderstands the harm.
POSH and cybercrime remedies can run together
A deepfake abuse case may require more than one legal route.
A POSH process examines whether work-linked sexual harassment occurred and what workplace action is necessary. A cybercrime complaint may examine criminal offences, identity misuse, privacy violations, publication or transmission of unlawful material, platform misuse and other penal consequences.
These routes can run in parallel.
The employer should not refuse to act under POSH merely because the complainant has not filed a police or cybercrime complaint. Equally, a POSH inquiry should not be presented as a substitute for criminal remedies where the complainant wants to pursue them.
The practical principle is simple: workplace protection should not be made conditional on police action.
Circulation can become a second violation
The deeper workplace injury often happens through circulation.
Someone forwards the image “just to check if it is true.” Someone else saves it “for proof.” A colleague sends it privately with laughing emojis. A manager receives it and does nothing. Soon, the image is no longer just content. It becomes atmosphere.
In digital harassment, forwarding is not neutral.
It is participation.
This is also where bystander training becomes important. Employees must know what to do if they receive sexualised synthetic content involving a colleague: do not forward it, do not speculate, do not joke, do not save it casually, do not confront the complainant informally, and do report it through the appropriate channel.
Containment is workplace safety.
Recent cases around Deepfake sexual content – why response matters?
Indian courts are beginning to confront synthetic sexual harm directly.
In Kamya Buch v. JIX5A & Ors., the Delhi High Court dealt with explicit morphed and deepfake material involving the plaintiff, including AI-generated visuals, pornographic/nude images and videos. The Court did not treat the matter as a casual online dispute. After reviewing the material in a sealed envelope, it described the content as “appalling, deplorable, defamatory” and a breach of the plaintiff’s fundamental rights.
The Court’s approach is useful for employers for three reasons.
- First, it recognised that morphed or deepfake sexual content can cause serious dignity, privacy and reputational harm even when the underlying image or video is fabricated.
- Second, it handled the material with sensitivity by permitting it to be placed before the Court in a sealed manner rather than reproduced openly.
- Third, it granted urgent ad interim protection and issued directions aimed at preventing further circulation, including takedown-related directions against websites/platforms and disclosure-related directions concerning those responsible for uploading or sharing the content
Internationally, Carranza v. City of Los Angeles is useful for workplace learning. In 2025, the California Court of Appeal affirmed a hostile work environment sexual harassment judgment involving the circulation of a nude image resembling a female LAPD captain. The case is important because the employer’s response to circulation became central, not merely the origin of the image.
Building a POSH response that is ready for Deepfake Workplace Harassment
Many POSH policies were drafted for a pre-AI workplace. They mention inappropriate touching, lewd comments, obscene gestures, sexual jokes, offensive emails, pornography and unwelcome advances. Those examples remain important, but they no longer cover the full reality of workplace sexual harm.
A modern POSH policy should expressly recognise that sexual harassment may include AI-generated, morphed, edited, synthetic or digitally manipulated sexual content when it is linked to work or affects the work environment. It should also address non-consensual sharing, threatening to share, storing, forwarding, displaying, requesting or joking about such content.
When a complaint involves synthetic sexual content, employers should avoid making the response depend on narrow questions such as whether the content was real, created on company equipment, sent during office hours or shared in an official group. Those facts may matter, but the deeper issue is whether the conduct was sexual, unwelcome, work-linked and harmful to dignity or working conditions.
Evidence must be handled carefully. A synthetic sexual image should not be downloaded, printed, forwarded or casually circulated in the name of “proof.” Access should be limited to those who genuinely need it for complaint handling, technical review or legal assistance.
Internal Committees do not need to become forensic laboratories. But they do need digital common sense. Screenshots can be manipulated, metadata may matter, content may disappear, technical help may sometimes be needed, and confidentiality becomes even more important when intimate synthetic content is involved.
A strong POSH response is not about panic. It is about preparedness: update the policy, train employees not to forward or discuss harmful content, equip ICs to handle digital evidence sensitively, and support the complainant without pressuring her into silence, settlement, withdrawal or resignation.
Beyond the POSH statute
The POSH Act is a gender-specific statute that protects women from sexual harassment at the workplace. That is why the POSH analysis focuses on women complainants.
But employers should not stop there.
Synthetic sexual abuse can also affect men, queer employees and non-binary employees. Even where a complaint does not fall within the statutory POSH mechanism, organisations should address similar harm through broader anti-harassment policies, IT policies, disciplinary processes, equality commitments and dignity-at-work frameworks.
A workplace that takes dignity seriously should not wait for the narrowest legal trigger before acting.
Closing thought
Employers should update POSH policies to cover AI-generated sexual content, morphed images, fake intimate vidaeos, synthetic audio and work-linked circulation.
They should also train employees not to forward, save, discuss or joke about such content, and equip Internal Committees to handle digital evidence with confidentiality and care.
The next POSH risk may not begin in a cabin.
It may begin with a prompt.