Latest news with #DPDPA
Time of India
5 days ago
- Business
- Time of India
Why India's AI future hinges on smarter data centres
Imagine building a skyscraper on sand. That's what India's AI ambitions could look like without rethinking data centres. As generative AI, 5G, and IoT explode, our digital economy's bedrock—data centres—is at a tipping of AI Data Centres in IndiaIndia's data centre market is sprinting at ~25% CAGR, fueled by AI's relentless demand for compute power. But here's the catch: while we generate 20% of global data, we hold just 3% of data centre capacity. The government's push for data localisation under the Digital Personal Data Protection Act (DPDPA) has further accelerated the establishment of local data centres, drawing significant investments from global giants like AWS, Microsoft, and Google, as well as domestic players such as Reliance Jio and Yotta Infrastructure. Recently, during the Union Budget presentation, Finance Minister Nirmala Sitharaman allocated INR 20 billion ($230 million) for the IndiaAI mission, which will be used to build AI and data centre infrastructure, including GPUs, data centres, and connectivity solutions. AI isn't just code—it's hardware. Next-generation data centres need GPU clusters, liquid cooling, optical fibre cables, connectivity solutions, and renewable energy to handle workloads that are ten times denser than traditional setups. Projects like Yotta NM1 in Navi Mumbai and CtrlS Hyderabad exemplify the shift toward AI-optimised facilities, equipped with GPU clusters, advanced cooling, and renewable energy integration. The Infrastructure Gap: A Strategic Imperative Despite this momentum, India's AI data centre infrastructure faces significant challenges: Real estate and Connectivity challenges India's major metro markets like Mumbai, Chennai, Bengaluru, and Hyderabad dominate data centre capacity but face high land costs and limited availability of suitable sites. While metros benefit from robust fibre networks, many regions beyond metropolitan areas still suffer from limited fibre availability and high latency, impeding AI workloads that require ultra-low latency and high bandwidth. Network Latency and Location Strategy AI applications require ultra-low latency to function effectively, which means data centres must be located close to end users in major metropolitan areas. However, high population density and limited land availability complicate site selection. Addressing network latency requires not only proximity but also optimised connectivity infrastructure, including carrier-neutral facilities and high-speed interconnections within and between data centres. Infrastructure Modernisation and AI-Readiness Many existing data centres in APAC were designed before the AI era and are not equipped to handle the unique demands of AI workloads. This creates a gap that new developments and upgrades must fill by incorporating AI-ready features such as higher floor loading capacity, advanced cooling systems, and enhanced network capabilities. Made in India solutions - India's data centre revolution demands locally engineered solutions to overcome unique challenges like connectivity gaps in tier 2 and 3 cities, unreliable power infrastructure, complex land acquisition hurdles, and the need for energy-efficient architectures tailored to extreme climatic conditions. This requires data centre solutions like driving demand for home-grown solutions that cater to hyper-scalable fibre backhaul, edge computing integration, etc. Charting the path forward The fundamental changes AI is bringing to data centres are truly remarkable. India's vision to become a global AI powerhouse hinges on bridging the digital infrastructure gap, requiring advanced connectivity solutions to build this infrastructure. As AI continues to take centre stage, data centres built on agile and future-proof optical fibre foundations will evolve to provide immense compute power. This transformation will enable them to meet the industry's demands, including: Agile, high-bandwidth connectivity for AI - AI workloads demand massive, low-latency data transfer within the data centre and between data centres (DCI). Legacy copper struggles with scale and distance. The industry requires high-speed, low-latency optical solutions. Pre-terminated systems ensure rapid, error-free deployment, which is crucial for scaling AI scalability and future-proofing - India's data explosion requires infrastructure that can scale exponentially. Density is key to managing space and cost. High-fibre-count optical solutions offer unparalleled fibre density for scalable inter-facility links. Pre-terminated Systems are inherently designed for easy upgrades and massive bandwidth headroom, protecting latency and high reliability - AI and real-time analytics demand near-instantaneous data movement. Innovative optical solutions compliant with international standards such as ANSI/TIA-942, TIA-568, ISO 11801 guarantee engineered reliability and signal integrity, minimising latency jitter and failure risk. India's AI future depends on a holistic approach to digital infrastructure—one that integrates advanced optical connectivity, power-efficient cooling, and scalable physical digital infrastructure. India's AI race isn't just about algorithms; it's about reinventing infrastructure that's future-proof, sustainable, and inclusive. The question isn't if we'll bridge the gap—it's how fast.
Time of India
7 days ago
- Business
- Time of India
DPDP and the criticality of data: A turning point for India's gigital future
India is on the brink of implementing one of its most consequential digital regulations – the Digital Personal Data Protection Act, 2023 (DPDPA), and its accompanying rules. As the country inches closer to operationalizing this framework, there is a growing sense of urgency across the tech ecosystem. The era of soft compliance is over. Data has emerged not only as a currency for innovation but also as a growing liability, and the new regime reflects the government's sharpened focus on accountability, transparency, and regulatory control. At its core, the DPDPA is a principles-based legislation. The draft rules currently under consultation provide a closer view of what real-world compliance will demand—particularly in areas such as consent, retention, data erasure, and breach notification. This is where the criticality of data governance truly comes into focus—not just as a question of digital infrastructure, but as a matter of strategic economic and legal consequence. Data compliance vs practicality The draft rules under should adopt a more risk-based and proportionate approach to age verification and parental consent. As it stands, the requirement for verifiable consent—regardless of a data principal's self-declared age—could impose disproportionate burdens on data fiduciaries, often compelling them to collect excessive data and implement rigid mechanisms that may violate principles of data minimisation. International standards like the EU-GDPR and COPPA offer a more balanced path by allowing entities to take 'reasonable efforts' to verify age and parental consent, depending on the nature of the service and risk involved. The DPDPR should follow suit by clarifying that stricter age assurance measures be applied only where high-risk processing of children's data is involved, while permitting flexibility for low-risk use cases. This not only prevents unnecessary operational hurdles for businesses but also aligns better with both child protection goals and practical feasibility. What's more, the DPDP Act also does not currently allow for 'legitimate interest' as a legal basis to process data—something that other jurisdictions like the EU recognize. This could make basic business activities like internal audits, AI training, and even due diligence for M&A transactions unnecessarily difficult. Breach reporting framework One of the more stringent aspects of the draft rules is the breach notification framework. Data fiduciaries are required to notify both the Data Protection Board and the affected data principals of every data breach, irrespective of the perceived level of risk or harm. While a more extended window of 72 hours (or longer, subject to the Board's discretion) has been proposed for submitting a detailed report to the Board, the timeline for notifying affected data principals is notably tighter—requiring disclosure 'without delay.' In addition, a preliminary breach report must also be submitted to the Board without delay, containing essential initial details. Given the varying levels of detail and specificity expected in these 'without delay' notifications to the Board and data principals, there may be differing interpretations of the timeline and its practical implications. This structure, though well-intentioned, raises concerns about the resulting desensitization of both users and regulators. In practice, most breaches require internal triage: identifying the breach, scoping its impact, initiating remediation. Reporting too early without adequate clarity could expose companies to unnecessary reputational and legal risks. Worse, it could distract from mitigating actual harm. A more pragmatic approach would involve the introduction of a severity threshold, distinguishing minor from major breaches, and re-calibrating reporting timelines, to ensure meaningful compliance rather than mechanical disclosure. MSMEs and the risk of overregulation Another critical concern is the asymmetry of impact. While large corporations may struggle with scale, it is smaller businesses that will feel the heat of non-compliance most acutely. The framework as it stands does not adequately differentiate obligations by the size, scale, or risk profile of the fiduciary. As seen in other sectors, overly burdensome compliance can stifle MSME growth. Risk-based regulation—where the extent of compliance is proportionate to the sensitivity and volume of data—needs to be institutionalised. Governance beyond compliance What the DPDP regime ultimately signals is the institutionalization of data governance in India. The legislation is not just about data protection. it is about shaping the way organizations think about trust, risk, and accountability. This is not merely a legal challenge—it is an organizational transformation. Policymakers must continue to listen—to industry, to civil society, and to consumers—so that implementation is guided by dialogue rather than dictate. India has a unique opportunity to set the gold standard in digital governance—not just by protecting personal data, but by enabling the responsible unlocking of its economic value. But to achieve this, the DPDP Rules must evolve: from ambiguity to clarity, and from theory to real-world feasibility. Five key areas to make the DPDP law more effective: Adopt a risk-based approach to age verification and parental consent —aligned with global best practices and avoid one-size-fits-all mandates that may lead to over-collection of data and create compliance burdens. Add 'legitimate interest' as a basis for data processing —especially for due diligence in M&A and Investment activities and internal operations. Introduce a severity-based breach reporting system and reconcile reporting timelines to avoid false alarms and regulatory fatigue. Clarify the language requirements for user notices—especially for backend or automated services. Differentiate compliance for MSMEs to ensure ease of doing business isn't compromised. Encourage industry-led self-regulation under the oversight of the Data Protection Board. Facebook Twitter Linkedin Email Disclaimer Views expressed above are the author's own.
Time of India
09-06-2025
- Business
- Time of India
Indian banks must urgently embrace AI, privacy technologies to comply with DPDP Act: Report, ET LegalWorld
Indian banks must urgently adopt artificial intelligence (AI), privacy-enhancing technologies (PETs), and privacy-by-design strategies to effectively comply with the Digital Personal Data Protection Act (DPDPA), according to a report released by Protiviti. The report, titled "Navigating DPDPA in Banking: Compliance, Impact, and AI-Powered Strategies for Futureproofing", was unveiled at the 4th IBA CISO Summit 2025, hosted by the Indian Banks' Association. It highlighted that the regulatory and operational impact of DPDPA will be far-reaching, and banks must re-engineer their critical functions to align with privacy-by-design principles in order to meet the requirements of India's most comprehensive data protection law to date. Advt Advt The report offered sector-specific insights, guiding banks on how to harmonise DPDPA compliance with existing regulations issued by the Reserve Bank of India (RBI) and the Securities and Exchange Board of India (SEBI).It also identified unique privacy risks for the banking sector, including algorithmic profiling, third-party data sharing, and challenges in managing customer consent. An operational playbook is presented to help banks integrate privacy-by-design principles across core functions such as Know Your Customer (KYC) and fraud detection, along with strategies to automate compliance the report highlighted the role of technology and AI in enabling scalable and efficient privacy noted that due to the volume and sensitivity of personal data handled, banks are likely to be classified as Significant Data Fiduciaries (SDFs) under DPDPA. This status brings enhanced obligations such as conducting Data Protection Impact Assessments (DPIAs), ensuring algorithmic transparency, performing regular data audits, and appointing a Data Protection Officer (DPO).The report advised that compliance should not be treated as a one-time project but rather approached through a risk-based, adaptive operating model that can evolve with emerging threats, regulatory developments, and technological advancements. It also encourages banks to embed AI wherever suitable to enhance operational efficiency and streamline privacy report also pointed out the urgent need for stronger data governance, cross-functional accountability, and AI-driven privacy solutions within the banking sector. It stressed that regulatory alignment, customer trust, and digital innovation must move forward also noted that the DPDPA will overlap with sector-specific guidelines from RBI and SEBI, adding new layers of instance, existing RBI data retention rules will need to align with DPDPA's principles of data minimization and storage limitation, while breach reporting obligations must cater to both financial regulators and the new Data Protection Board of India. (ANI) Join the community of 2M+ industry professionals Subscribe to our newsletter to get latest insights & analysis. Download ETLegalWorld App Get Realtime updates Save your favourite articles Scan to download App
India Gazette
09-06-2025
- Business
- India Gazette
Indian banks must urgently embrace AI, privacy technologies to comply with DPDP Act: Report
New Delhi [India], June 9 (ANI): Indian banks must urgently adopt artificial intelligence (AI), privacy-enhancing technologies (PETs), and privacy-by-design strategies to effectively comply with the Digital Personal Data Protection Act (DPDPA), according to a report released by Protiviti. The report, titled 'Navigating DPDPA in Banking: Compliance, Impact, and AI-Powered Strategies for Futureproofing', was unveiled at the 4th IBA CISO Summit 2025, hosted by the Indian Banks' Association. It highlighted that the regulatory and operational impact of DPDPA will be far-reaching, and banks must re-engineer their critical functions to align with privacy-by-design principles in order to meet the requirements of India's most comprehensive data protection law to date. The report offered sector-specific insights, guiding banks on how to harmonise DPDPA compliance with existing regulations issued by the Reserve Bank of India (RBI) and the Securities and Exchange Board of India (SEBI). It also identified unique privacy risks for the banking sector, including algorithmic profiling, third-party data sharing, and challenges in managing customer consent. An operational playbook is presented to help banks integrate privacy-by-design principles across core functions such as Know Your Customer (KYC) and fraud detection, along with strategies to automate compliance efforts. Furthermore, the report highlighted the role of technology and AI in enabling scalable and efficient privacy solutions. Protiviti noted that due to the volume and sensitivity of personal data handled, banks are likely to be classified as Significant Data Fiduciaries (SDFs) under DPDPA. This status brings enhanced obligations such as conducting Data Protection Impact Assessments (DPIAs), ensuring algorithmic transparency, performing regular data audits, and appointing a Data Protection Officer (DPO). The report advised that compliance should not be treated as a one-time project but rather approached through a risk-based, adaptive operating model that can evolve with emerging threats, regulatory developments, and technological advancements. It also encourages banks to embed AI wherever suitable to enhance operational efficiency and streamline privacy management. The report also pointed out the urgent need for stronger data governance, cross-functional accountability, and AI-driven privacy solutions within the banking sector. It stressed that regulatory alignment, customer trust, and digital innovation must move forward together. It also noted that the DPDPA will overlap with sector-specific guidelines from RBI and SEBI, adding new layers of compliance. For instance, existing RBI data retention rules will need to align with DPDPA's principles of data minimization and storage limitation, while breach reporting obligations must cater to both financial regulators and the new Data Protection Board of India. (ANI)
Time of India
09-06-2025
- Business
- Time of India
Indian banks must urgently embrace AI, privacy technologies to comply with DPDP Act: Report
Indian banks must urgently adopt artificial intelligence (AI), privacy-enhancing technologies (PETs), and privacy-by-design strategies to effectively comply with the Digital Personal Data Protection Act (DPDPA), according to a report released by Protiviti. The report, titled "Navigating DPDPA in Banking: Compliance, Impact, and AI-Powered Strategies for Futureproofing", was unveiled at the 4th IBA CISO Summit 2025, hosted by the Indian Banks' Association. It highlighted that the regulatory and operational impact of DPDPA will be far-reaching, and banks must re-engineer their critical functions to align with privacy-by-design principles in order to meet the requirements of India's most comprehensive data protection law to date. The report offered sector-specific insights, guiding banks on how to harmonise DPDPA compliance with existing regulations issued by the Reserve Bank of India (RBI) and the Securities and Exchange Board of India (SEBI). It also identified unique privacy risks for the banking sector, including algorithmic profiling, third-party data sharing, and challenges in managing customer consent. An operational playbook is presented to help banks integrate privacy-by-design principles across core functions such as Know Your Customer (KYC) and fraud detection, along with strategies to automate compliance efforts. Live Events Furthermore, the report highlighted the role of technology and AI in enabling scalable and efficient privacy solutions. Discover the stories of your interest Blockchain 5 Stories Cyber-safety 7 Stories Fintech 9 Stories E-comm 9 Stories ML 8 Stories Edtech 6 Stories Protiviti noted that due to the volume and sensitivity of personal data handled, banks are likely to be classified as Significant Data Fiduciaries (SDFs) under DPDPA. This status brings enhanced obligations such as conducting Data Protection Impact Assessments (DPIAs), ensuring algorithmic transparency, performing regular data audits, and appointing a Data Protection Officer (DPO). The report advised that compliance should not be treated as a one-time project but rather approached through a risk-based, adaptive operating model that can evolve with emerging threats, regulatory developments, and technological advancements. It also encourages banks to embed AI wherever suitable to enhance operational efficiency and streamline privacy management. The report also pointed out the urgent need for stronger data governance, cross-functional accountability, and AI-driven privacy solutions within the banking sector. It stressed that regulatory alignment, customer trust, and digital innovation must move forward together. It also noted that the DPDPA will overlap with sector-specific guidelines from RBI and SEBI, adding new layers of compliance. For instance, existing RBI data retention rules will need to align with DPDPA's principles of data minimization and storage limitation, while breach reporting obligations must cater to both financial regulators and the new Data Protection Board of India.
