The 26 ISO standards referred to by the India AI Guidelines

Posted on November 8, 2025 by Vijayashankar Na

While our Prime Minister Mr Narendra Modi swears by “Made in India” the reference to 26 ISO standards in the AI guidelines indicates that MeitY is not concerned with such indigenization of industry efforts.

This was once pointed out by the undersigned in 2011 when Section 43A rules were notified where MeitY became the marketing agency for ISO 27001 standards. This same mindset is reflected in the guidelines where instead of developing our own standard for compliance we are still interested in promoting only and only ISO standards.

I wish the committee had recognized that there are efforts already for development of indigenous frameworks of compliance such as  DGPSI or Data Governance and Protection Standard of India which is better than ISO27701:2025. The extended version DGPSI-AI has suggested compliance measures for DPDPA Compliance which include all the recommendations that this guideline suggests ( as would be specifically pointed out in subsequent articles). But the research of the Committee or the pressure to support non-indigenous standards must have over weighed the considerations of the committee and suppressed mention of any reference to DGPSI or similar efforts.

I am disappointed with the Chairman Dr Balaraman for not making a reference to the framework DGPSI and DGPSI-AI while finalizing the report.

DGPSI-AI could be considered as a framework which is a single indigenous framework which is good enough for compliance over  the 26 or more ISO standards pointed  out in the report and would have hurt the interests of promoters of ISO standards. Perhaps these forces must have worked in suppressing the information on the existence of DGPSI framework which  is a boon for SMEs to remain compliant with an affordable cost.

This would be considered as a failure of the Committee.

P.S: I am aware that my comments could create an adverse backlash on me but truth has to be told. If such committees headed by academic persons exhibit influence of vested interests, it has to be called out. Naavi will not be Naavi without pointing out such  deficiencies of the system. My advise to the committee members is “Be-Indian and Encourage Made in India efforts” . It is not enough if we call the mission as “India AI mission” and the guidelines as “India AI Guidelines”. The Indianness has to reflect through the actions and not remain in the name. If DGPSI-AI did not  merit a mention at least on Page 56  under Types of Voluntary frameworks, it only indicates that the Committee has not conducted proper literature research…or it was deliberately suppressed by vested interests. 

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Privacy. Bookmark the permalink.