Synopsis
India first: Firms prioritise domestic industry guidelines over global frameworks, remain confident on DPDPListen to this article in summarized format
While the sectoral and regulatory expectations are the immediate focus, industry officials believe they are broadly aligned with the global framework. For instance, Ratan Kumar Kesh, Chief Operating Officer at Bandhan Bank, considers the Reserve Bank of India’s Framework for Responsible and Ethical Enablement of AI (FREE-AI) as a starting point for a responsible, comprehensive, scalable and ethical deployment.
“While the possibilities of AI are vast, we are being extra careful to ensure that we do not take undue risks related to customer protection or risk management. Moreover, we are investing in an AI governance layer to ensure that in a scaled AI scenario we don’t lose sight of these essential guardrails. Cyber security and data protection are paramount at all times,” Kesh said.
Aligned with global benchmarks
Local frameworks like DPDP or RBI regulations are structurally aligned with global benchmarks like NIST, ISO, and the General Data Protection Regulation (GDPR), Europe’s landmark privacy law, Sandeep Agarwal, Chief Technology Officer - Security at Cisco India and South Asia, said.
“While the nomenclature may differ on the surface, the underlying controls largely remain the same. For enterprises, the challenge is less about rebuilding infrastructure and more about ensuring the right visibility, security, policy enforcement, and governance capabilities are in place,” Agarwal said.
The global standards such as AI Risk Management Framework (AI RMF) created by the US National Institute of Standards and Technology and the IEC 42001 by the International Organization for Standardization (ISO) inform life insurance firm Aviva India’s AI framework, but it remains anchored in the Insurance Regulatory and Development Authority of India’s (Irdai) consumer-protection mandates, said Gaurav Banka, Chief Risk Officer at Aviva India.
“The frameworks are strengthened by human oversight for decisions with significant customer impact. This ensures that AI enhances decision-making while safeguarding rights, privacy, and confidence,” Banka said.
Despite the focus on meeting local regulations, Indian firms continue to lag in updating the necessary infrastructure. Indian firms remain slow in migrating their workloads from global to localised cloud and AI systems, said Piyush Somani, Managing Director at sovereign cloud services provider ESDS.
Compliance reality
According to the survey of tech leaders across 214 companies on trust, governance, and the digital personal data protection (DPDP) regime, a majority of enterprises stress they are ready for the currently under-implementation DPDP regime when it comes to AI. But Harsh Walia, Partner at legal firm Khaitan & Co, advises caution.
“Many organisations may feel reasonably confident they are aligned with the core principles of the DPDP framework, such as consent, purpose limitation, and data minimisation. But given how nascent and nuanced the framework still is, regulatory expectations remain difficult to predict with confidence,” Walia said.
This article is part of the AI Vantage series, developed in partnership with Cisco
