India AI Impact Summit 2026

ai-governance-in-the-age-of-powerful-ai-iinternational-perspectives-and-the-code-of-practice

5 min read

TRACK:Safe and Trusted AI
SPEAKERS
  • Henna Virkkunen, European Commission
  • Lucilla Sioli, European Commission
  • Sean Ó hÉigeartaigh, University of Cambridge
  • Yoshua Bengio, Mila Institute
SESSION OVERVIEW

Bringing perspectives from government, academia, industry, and civil society across regions, the session will explore how AI governance frameworks can support responsible innovation, and build shared trust in widely deployed AI systems. This panel will also introduce the Code of Practice for general-purpose AI models and examine its implications globally. The discussion will unpack requirements on transparency, copyright, and lifecycle risk management, including safeguards for advanced models with systemic impact.

VIDEO RECORDING

AI governance in the Age of Powerful AI - IInternational Perspectives and the Code of Practice

Detailed Summary

  • Moderator’s opening asked panelists to articulate why a coordinated international AI‑governance approach is essential and what risks arise from fragmented rules.
  • Jay Chowdhury (Zscaler) emphasized that multinational corporations operating in 50+ jurisdictions would face “a lot of issues” if each country imposed its own AI rules. He warned against over‑alignment that would “kill innovation” while also noting that no alignment creates compliance chaos.
  • Aparna Bhawa (Zoom) drew on personal experience as an Indian‑American, contrasting the “haves and have‑nots” during the COVID‑19 pandemic (e.g., PPE vs. toilet‑paper stockpiling). She argued that cross‑border data flows are a “basic level framework” enabling services like Zoom; excessive national restrictions would impede citizen progress.
  • David Zapolsky (Amazon) highlighted that Amazon’s global model—e‑commerce, cloud, satellite internet—relies on free movement of goods, information and “open skies”. Government barriers create “friction” and “potential problems”. He warned that premature regulation (e.g., Colorado’s early AI law) can stall adoption because “no one really knows how to apply it”.
  • Yarek Kutulowski (DeepL) stressed that AI products must be “inherently global” to achieve economies of scale; a common, transparent regulatory layer would benefit both companies and end‑users while respecting national sovereignty on privacy.

2. Security, Trust, and the “Five‑Pillar” Model

  • Jay introduced the Indian government’s “five pillars” of AI sovereignty (application, model, data, compute, governance). He warned that without a security overlay, these pillars become vulnerable to data‑poisoning and other attacks.
  • He advocated for zero‑trust architectures (Zscaler’s specialty) that protect every layer, noting that “the user is the weakest link today; tomorrow AI agents will be the weakest link”.
  • Aparna echoed the partnership model: Zoom must give users (from enterprise IT admins to casual consumers) control over security & privacy settings (e.g., waiting rooms, passcodes). She illustrated how the pandemic forced Zoom to expose enterprise‑grade controls to everyday consumers, creating an “obligation” to embed safeguards at all usage levels.

3. Upstream vs. Downstream Governance

  • David described Amazon’s Bedrock platform: a cloud‑based AI service where the upstream (model testing, bias mitigation, security) is performed by Amazon, but downstream customers retain ownership of their data and can apply guardrails (toxicity filters, usage policies).
  • He stressed that data residency and model transparency are baked into the service, enabling enterprises to comply with local regulations while still leveraging global AI capabilities.

4. Agentic AI and Evolving Risk Profiles

  • Yarek explained DeepL’s shift from pure translation to “agentic AI” that can execute tasks on behalf of customers. This shift raises higher‑stakes governance (e.g., translating FDA‑critical R&D documents or executing autonomous actions).
  • He highlighted the need for trust layers that verify outcomes against enterprise expectations, and for policies that can adapt to varying regulatory landscapes across jurisdictions.

5. Flexible, Risk‑Based Regulation vs. Prescriptive Rules

  • Jay argued for a flexible, risk‑based approach: identify “high‑risk” uses (e.g., decisions affecting life, health, civil rights) and regulate those, rather than applying a “unified field theory” of AI law that would hinder innovation.
  • Aparna illustrated a sliding scale of risk management: enterprise customers receive granular toggles, whereas consumer‑grade accounts get only essential safeguards (waiting rooms, passcodes). She emphasized that user experience must remain central, with “choice” as the primary lever.
  • David warned that over‑prescriptive regulation can force companies to delay or abandon product launches in certain markets. He cited examples where Amazon postponed roll‑outs due to regulatory uncertainty, and where “regulation that doesn’t differentiate between AI‑assisted shopping and AI‑assisted medical documentation would cripple useful innovation”.
  • Yarek noted that regulatory maturity varies by region (e.g., Colorado, EU, Japan, Peru). He positioned DeepL’s European roots as an advantage for navigating early regulations and for helping customers interpret them.

6. Forward‑Looking Vision (One‑Year Outlook)

Each panelist answered: What is the single change you hope to see in AI governance over the next year?

  • Jay (Zscaler) – Adoption of global, security‑first standards that embed zero‑trust principles into AI‑deployment pipelines, preventing malicious manipulation of models.
  • Aparna (Zoom) – A clear, tiered framework that lets companies offer “enterprise‑grade” security options while still delivering frictionless experiences for consumers, ensuring the “user‑experience” remains paramount.
  • David (Amazon)Risk‑based regulatory guidance that differentiates between low‑risk consumer applications and high‑risk enterprise/medical uses, enabling Amazon to launch AI services worldwide without patchwork compliance.
  • Yarek (DeepL)International harmonisation on AI‑agent accountability (e.g., audit trails, liability rules) so that multilingual & agentic AI can be safely deployed across borders.

Key Takeaways

  • Global alignment is essential: fragmented AI rules create compliance nightmares for multinational firms; a baseline set of shared principles can reduce friction without stifling innovation.
  • Over‑regulation harms innovation: early, overly prescriptive laws (e.g., Colorado’s AI act) lead to implementation delays, product stalls, and market hesitation.
  • Risk‑based, flexible regulation works best: focus on high‑impact use‑cases (life‑affecting decisions, civil‑rights impacts) while allowing lighter oversight for low‑risk applications.
  • Security must be embedded at every layer: the “five‑pillar” model requires a security overlay; zero‑trust architectures are a viable way to protect data, models, and downstream agents.
  • User‑enterprise partnership is critical: companies need to give both enterprise admins and end‑users granular controls (waiting rooms, data‑privacy toggles) to maintain trust.
  • Upstream governance (cloud providers, model vendors) can relieve downstream burden: services like Amazon Bedrock provide guardrails, data‑ownership guarantees, and bias mitigation out‑of‑the‑box.
  • Agentic AI raises new governance challenges: beyond translation, autonomous agents demand provenance, auditability, and cross‑border liability frameworks.
  • Regional regulatory maturity varies: Europe’s early regulations, Colorado’s pilot law, and cautious approaches in Japan/Peru illustrate differing tempos; companies must adapt but also advocate for harmonisation.
  • Future priority – standardized security & accountability standards: panelists converge on the need for globally recognised security‑first standards and clear accountability rules for AI agents.

Disclaimer: The official agenda listed speakers from the European Commission, University of Cambridge, and Mila Institute, but they do not appear in the recorded transcript. The summary reflects the participants actually heard in the video.

See Also:

Graph View

Backlinks