In the first place, the report relies too heavily on regulatory principles developed by countries of the Global North. While there is no harm studying these approaches, we should give some thought to how they will work in the Indian context before imitating them blindly.
Countries make risk-reward trade-offs that are appropriate to their advanced stage of development. To the Global North, AI is nothing more than a tool that improves the efficiency of an already well-functioning society. If the risk AI poses is too high, they can afford to forgo some of the benefits it provides.
For India, on the other hand, AI presents a unique opportunity to extend the progress we have achieved to those who still remain excluded from its benefits. For us, AI is not a luxury. It is a necessity.
If this is the only way we can quickly reach those sections of our society that are overlooked and underserved, we need to use it—even if that means taking a more aggressive approach to risk than the Global North considers acceptable.
The other problem with the report is its heavy reliance on techno-legal measures to achieve its ends. There is probably no one more in favour of embedding regulation into technology than me. I literally wrote a book on it. But just because we have a techno-legal hammer does not mean every regulatory problem is a nail.
Take, for example, the suggestion that we use the MeITy consent artefact to determine who is liable for AI harms. The report argues that if we assign immutable, unique identities to participants in the AI ecosystem, we will be able to use the consent artefact to track and record their activities. That way, when any harm occurs, we can easily figure out who is to blame.
That the government is even thinking of using the protocol that lies at the heart of our Data Empowerment and Protection Architecture to identify and track entities in this manner makes my skin crawl. Not only will this go against the grain of the privacy-by-design approach on which the entire system has been based, it is unmoored from the reality of how the ecosystem functions.
Consent managers have no way to establish immutable and unique identities. More importantly, they cannot see the content being transferred through their pipes. To perform the activities that the report expects them to, we will need to contort the consent artefact into shapes it was never meant to assume.
The report also refers to copyright issues that are commonly raised in connection with the development and deployment of AI. However, rather than making a clear recommendation of what needs to be done, the report has kicked the can down the road, calling for yet another consultation.
In previous columns, I have called for an amendment of the Indian Copyright Act so that our developer community can benefit from the sort of fair use and text-and-data mining exemptions other countries have put in place. Why the report does not make a similar recommendation is beyond me.
That said, there is much to welcome in the report. I agree with its finding that there is no need for us to enact a specific legislation for AI and that our existing laws and regulations are more than capable of addressing the new risks it might bring about.
I am also glad that it has highlighted the need to train our regulators and law enforcement authorities on the harms AI can cause, so that they can suitably alter the way they approach regulation and supervision.
I whole-heartedly endorse the two institutional recommendations that it makes—the constitution of an inter-ministerial AI coordination committee for AI governance and the establishment of a secretariat for technical advice. Given the cross-cutting nature of AI, we would do well to coordinate governance at high levels.
If AI generates misleading advertisements in the financial sector, there is every likelihood that the same techniques will be used in other sectors of the economy. It is only by applying the learnings in one sector to other contexts that we will be able to prevent the harms from repeating.
At the same time, given the speed at which the technology is evolving, it will be very useful to have a body tasked with providing technical advice and evaluating AI incidents. I am also glad that the report makes it clear that the primary objective of incident reporting should not be to find fault, but to mitigate any future harms.
It is only when we create incentives for companies to share their experiences that the entire industry will be able to learn from their collective experience and mitigate harms before they become widespread.
If the report is to be judged solely on the basis of its recommendations, it has the right mix of agile governance and light-touch supervision. But it also explains how these conclusions were arrived at, offering us a window to how the government is thinking.
If the Western risk-focused approach that underpins much of the thinking behind the report also extends to enforcement, Indian AI companies are going to find it very hard to innovate.
#ministrys #regulation #report #broadly
