AI is all around us and in different forms. Today almost every software is considered as “AI-Embedded”. It is like the “Intel Inside” slogan.
On the one hand, IPR and Privacy activists are crying that AI developers are using data for algorithm development and machine learning ignoring the existing laws of Privacy and Copyright. On the other hand, users are using AI algorithms without understanding their complicity in this IPR or Privacy Violations.
In India both the vendors and the users are taking advantage of “There is No Law and hence I can do no wrong” attitude.
We need to ask ourselves if we need to wait for the “Digital India Act” to be enacted? or should we brace for the impact of AI with whatever is existing as a law.
We currently have one operative law such as ITA 2000 which “Attributes” any automated action of a software to a “Person”. The consequences of the use of the automated software therefore is accountable directly to a human who causes the software to behave in a particular manner. It could be one or more of the “Developer”, “Vendor” or the “Licensed User” who could carry this attribution and is/are accountable for the AI. The penalties already mentioned in ITA 2000 and the Judicial process of “Adjudication” with judicial oversight already in place can act as the remedy to those who get adversely affected by AI.
The principles of “Data Fiduciary” in DPDPA further expands the accountability of the “User” in terms of what assurances he has to seek from developers and what disclosures he has to make in his privacy notices and what consents he has to obtain.
We should therefore start applying the current laws to AI regulation in India and not worry about a new law which may eventually passed.
In implementation, the Developer as well as the User of an AI is advised to designate a human “Handler” for the AI functioning and disclose it appropriately. In the absence of such designation, the CISO/DPO will have to assume the responsibility.
Comments are welcome.
Naavi
