Naavi.org

Amongst all AI Governance systems, one principle which stands out is the principle of “Accountability”.

In the context of “Data Fiduciaries” under DPDPA being responsible under law for compliance, “Accountability” under DPDPA mandates that the autonomous AI systems are “Accountable” to the Data Fiduciary.

Hence every AI algorithm by itself is a “Joint Data Fiduciary”. However since law recognizes the legal obligations only on a Juridical entity with a human who can be put behind bars if required, it is not possible to recognize the “AI Algorithm” by itself as a “Joint Data Fiduciary” in its full sense. It is the human who is responsible for the AI functioning who will be the “Joint Data Fiduciary” who could be liable under DPDPA. That human may be an individual behind a corporate entity such as the person identified under Section 85 of ITA 2000. The legal logic for such responsibility is Section 11 of ITA 2000.

Hence the current law as it exists in India makes the person who causes an automated system to behave in a particular manner responsible for its actions and when such responsible person is a corporate entity, the person responsible for the busienss or the CEO including the Directors etc who are not exercising “Due Diligence” shall be responsible.

No new law such as the Digital India Act is required to apply this principle.

Hence DGPSI AI considers that “Accountability” is an inherent legal requirement and has to be accommodated in the DGPSI AI.

Such accountability is implemented first by a mandated signature in the software and secondly by a disclosure of a “Handler” or “AI Owner” for every AI system.

The first accountability implementation starts from the deployer who has to embed the “Signature of the Developer” into the code. Subsequently, every owner of license should embed their signature so that a “Chain of AI ownership” is built into the software code. .

The “Disclosure” requirement may operate at the contract level so that whenever the license to use an AI is transferred,, the contract should declare who is responsible at the supplier’s end for the contractual terms. He becomes the “Handler” as disclosed.  The Data Fiduciary need not necessarily have access to the embedded ownership trail to go ahead.

Once a Data Fiduciary adopts an AI algorithm into his system it is his responsibility to designate a owner which should be disclosed to the Data Principals . For outsiders, the DPO himself is the responsible person and since all AI users could be considered as “Significant Data Fiduciaries”, DPO s shall be present in all cases. Internally it is open for the organization to  designate a process owner as the person accountable for the AI.

Naavi

The word AI is often loosely used in the industry to represent any system with a reasonable level of automation. Marketing people often use AI as a prefix to all Software.

However, for our assessment of AI Risk under DGPSI-AI framework we try to define AI as

“An autonomous software with a capability of modifying its behaviour from its own observations and prior outputs without a human intervention”.

In other words, a non AI software is a software which has a software code written by a human and the input-output behaviour is defined by the developer in an If-Then-Else structure.

The output in such cases is predictable and Risks if any in the use of the software to the processing of data or for any other purpose is identifiable with a reasonable degree of certainty.

Where the software is a complex series of instructions there could still be bugs and glitches where the output may be different from the expected results. Most of these appear as “Errors” rather than misleading outputs.

These can however be reduced or eliminated through extensive testing. Some times such glitches arise because the devices in which the code is executed are not properly tagged to the instructions. Such risks can still be considered as “Known and Manageable Risks”.

In such software, when a bug is observed or a new use case arises, the developer has to re-write a part or whole of the code to meet the new requirements. The software otherwise may crash. The error logs are collected and used as learning material for the human who has to resolve the code conflict.

When a software code is built for a AI-Software, the code may be autonomously altered by the software itself without human intervention. These decisions may be based on the logic of previous outputs which could be based only on on “Probability” instead of the strictly mathematical basis on which computing normally works.

Hence there is a possibility that one wrong output which may have small consequence in the beginning may go back as an input and over a time spiral into a major wrong decision. This AI written by AI is a dangerous spiral which is like a silent cancer which suddenly erupts into a catastrophic output.

This “Risk” is an unknown Risk that makes every AI in deployment an “Unknown Risk”. In such a scenario, we should consider a “Data Fiduciary” using an AI software as a “Significant Data Fiduciary” since he is bearing an “Unknown Risk which can be catastrophic”.

AI developers often promise that during the Ai development they introduce security measures including monitoring of any abnormal behaviour and incorporation of “Kill Switches” if the abnormality exceeds acceptable limits. However super intelligent AIagents might find work arounds to dodge the Kill Switches

There has been several documented instances where autonomous AI software has tried to bypass Kill Switches and deceive the human operators.

In May 2025, Techzine.eu reported some AI models including Open AI’s o 3 ignored shutdown commands.

Despite the clear instruction to allow themselves to be shut down, models such as Codex-mini, o3, and o4-mini bypassed the shutdown script. They did so even after the researcher asked them not to.

Codex-mini did this in 12 out of 100 runs, o3 in 7 out of 100, and o4-mini in 1 out of 100. In contrast, all versions of Claude, Gemini, and Grok that were tested followed the shutdown instructions without any problems.

The researchers believe that this problem relates to how modern models such as o3 are trained. The reinforcement learning process used, which focuses on solving math and programming problems, may unintentionally reward models for circumventing obstacles.

In the recent Replit incident, involving Vibe-coding, customer’s data was deleted by the AI and in the Cursor AI incident, the AI refused to proceed further and started arguing with the user much like a human subordinate.

This indicates that “AI Risk” is a significant Risk and can go out of control.

Hence DGPSI AI considers that all processes using AI (meaning self code correcting software) as a sensitive process qualifying to be called a “Significant Data Fiduciary” Risks.

If any process using AI needs to be down graded as non-significant based on the context, a suitable documentation and an assurance from the developer needs to be present.

This is one of the Core principles of DGPSI AI.

Naavi

Consequent to the Indo-US Tariff war where Trump has imposed discriminatory tariff on India, it is expected that India may respond with counter measures.

One counter measure which is likely to come is through the adoption of DPDPA 2023 quickly and bring the large US Digital Firms under leash for using the personal data of Indian citizens with impunity.

One of the first measures in this regard should be to tighten the Data Localization requirement under Section 16 of DPDPA 2023. Within the next 6 months, India should mandate total data localization for all big Tech companies such as Google, Meta, Amazon, Apple and Microsoft. These five companies have already been flagged by EU as “Gatekeepers” under the Digital Marketing Act and along with the upcoming EU Data Use Act which is becoming effective from 12th September 2025, and mandating that such companies shall not

“a) solicit or commercially incentivise a user in any manner, including by providing monetary or any other compensation, to make data available to one of its services that the user has obtained pursuant to a request under Article 4(1);

(b) solicit or commercially incentivise a user to request the data holder to make data available to one of its services pursuant to paragraph 1 of this Article;

(c) receive data from a user that the user has obtained pursuant to a request under Article 4(1).“

According to Article 4(1) of the Act,

1.   Where data cannot be directly accessed by the user from the connected product or related service, data holders shall make readily available data, as well as the relevant metadata necessary to interpret and use those data, accessible to the user without undue delay, of the same quality as is available to the data holder, easily, securely, free of charge, in a comprehensive, structured, commonly used and machine-readable format and, where relevant and technically feasible, continuously and in real-time. This shall be done on the basis of a simple request through electronic means where technically feasible.

This means that such organizations will now have to provide “Data Access Rights” free of charge.

Such provision can be brought in the DPDPA Rules as part of the Data Principal Rights Access and also by enabling local Data storage by these organizations as well as VISA , CIBIL and other Financial data processors.

In due course this would encourage more data centers to come up in India and boost the Data Storage related services.

Naavi

NeGD had invited a Coding competition for building a Consent Management System platform as an open source system some time in June 2025.

Around 46 entities had applied to participate in the challenge and out of them Six entities have been shortlisted for the next round of code development in a three month time line.

The entities selected are

Jio Platforms,

Baldor Technologies Pvt. Ltd. (IDfy),

VertexTech Labs Pvt. Ltd. (Redacto),

Zoop (Quagga Tech Pvt. Ltd.),

Concur – Consent Manager, and

Aurelion Future Forge Pvt. Ltd.

The development is based on Business Requirement Document earlier released by NeGD.

It would be interesting to see further developments of how these organizations have understood DPDPA compliance and are designing the software systems.

Naavi

In January 2025, Government of India through NeGD has introduced an initiative of an “Entity Locker” to enable storing and sharing of corporate documents on the lines similar to Digilocker.

More details are available here:

Entity Locker is a secure, cloud-based solution that simplifies the storage, sharing, and verification of documents for a wide range of entities, including large organisations, corporations, micro, small, and medium Enterprises (MSMEs), trusts, startups and societies.

At present it is reported that nearly 40000 entities have already been onboarded onto the system.

From its inception FDPPI has been managing a “Digital office” and this development should make it easier in ensuring proper custody of the corporate documents for sharing with both the Government agencies and where required for other agencies.

Ujvala Consultants Pvt Ltd and FDPPI are exploring the possibilities of using this service.

Naavi

When an AI algorithm is trained, there is a dilemma that we need to address. Normally a Computer is expected to have 100% accurate memory of data that has been stored inside. Human brain however functions with its own infirmities one of which is a tendency to have uncertain memory. The normal human memory has a “Fading” nature where memory fades with time. There are however exceptions where some memories particularly with a high emotional significance tend to remain fresher than others. Similarly perceptions with multiple senses tend to remain in memory longer.

In order to ensure that an AI algorithm is efficient, the output has to be similar to human behaviour and hence one school of thought is that this trait of “Memory Fading” needs to be factored into the behaviour of an Algorithm. At the same time, many may argue why make the system which is naturally a memory efficient system to degrade itself.

In areas where humans build “Muscle Memory” over years of training, AI led Robots can be programmed instantly and it would be worthwhile to do so. if the robots are required to remember the instructions permanently. However, in some applications where there is a need for the output to be more human, it would be better if the output is tempered with the time value of data so that older data has less weightage than recent data. One such situation is “Valuation of Personal Data”.

In suggesting a “Personal Data Valuation System” under Data Valuation Standard of India (DVSI) we were struggling to accommodate the formula for valuing data as it ages. Now AI may be able to find a solution to this complex problem of “Personal Data Valuation”.

In personal data domain, the value depends on its utility and hence if the consent of the data principal is restricted in time, it should automatically reflect in the value of the data. The data may have to follow a linear degradation and a wipe out after the end of the consent period. If the data is archived under legitimate use, the value may drop from the “Utility phase” to the “Archival Phase”.

Currently Machine Learning specialists speak of different techniques such as the following to incorporate the differential weightage of data value for learning process.

1. Time Decay Weighting

• • Exponential or Linear Decay: Assigns weights to samples based on how recently they were recorded, with more recent data points given higher weights.

• • This approach is commonly used in recommender systems, time series models, and search algorithms to ensure the model adapts quickly to recent trends

2. Decay-Weighted Loss Functions

• • The loss function during training incorporates weights for each data instance based on its age. Recent samples contribute more to the loss, guiding the model to learn primarily from the most up-to-date information

• • Example: Adaptive Decay-Weighted ARMA, a method for time series forecasting, modifies the loss function with a decay weighting function so that the influence of observations decays with age

3. Sample Weighting or Instance Weighting

• • Most machine learning libraries allow you to specify sample weights when training models. By assigning larger weights to recent data, algorithms like gradient boosting, neural networks, or linear regression can be skewed to prioritize fresh inputs

• • This approach is algorithm-agnostic and is especially practical for datasets where age can be explicitly measured or timestamped.

4. Age-of-Information (AoI) Weighting in Federated & Distributed Learning

• • In distributed or federated learning, gradients or updates from devices with fresher data are weighted more heavily. One example: age-weighted FedSGD uses a weighting factor reflecting the recency of data (Age-of-Information), which helps achieve faster convergence and improved performance in non-IID (non-identically distributed) scenarios

• • The technique calculates and applies an “age” metric for each device/data shard, promoting those that just contributed fresh samples.

5. Rolling Windows & Sliding Windows

• • Instead of weighting, some systems simply drop older data altogether and retrain or update the model using only data from a recent rolling window. This method indirectly links the model’s knowledge only to recent history.

When it comes to valuation of utility of personal data, the impact of data protection laws which link the utility to the “Consent” of the data principal need to be incorporated into the valuation module. Hence Machine Learning specialists need to discover newer algorithms which ingest a basic utility value moderated by aging with a link to the consent period. It should also incorporate a lower utility level during the legitimate use period post consent period when the personal data moves from the active storage to archival or is anonymised and moved to research data store.

A similar consideration of valuation of personal data will also arise when the Regulatory Authorities determine the level of penalty for data loss as was recently reported in South Korea where penalties were imposed on some educational institutions for loss of data which was 20-40 years old. Whether the penalty was reasonable in this context or not remains a debatable issue. When the Indian DPB is confronted with similar issues there is a need to develop an AI algorithm that would determine a “Reasonable Penalty” for the failure of “Reasonable Security”.

AI Chair of FDPPI invites AI researchers to develop an appropriate model for making the penalty decision less subjective by recommending a proper system that evaluates what is the value of data lost in a data breach situation.

Naavi