India AI Impact Summit 2026

from-policy-to-practice-governing-ai-for-global-impact

6 min read

TRACK:Safe and Trusted AI
SPEAKERS
  • Ashish Aggarwal, Nasscom
  • Gail Kent, Google
  • Ivana Bartoletti, Wipro
  • Jules Polonetsky, Future of Privacy Forum
  • Wifredo "Wifi" Fernández, xAI
SESSION OVERVIEW

Trust is the infrastructure of AI adoption. This session focuses on what it takes in 2026 to govern AI for real world benefit, especially in the Global Majority. We move from principles to practice through sandboxes with clear entry and exit criteria, independent evaluation and red teaming, and reusable assurance artifacts such as model cards, audit logs, and incident reporting. We ask where interoperability and collaboration accelerate impact, and where sovereignty and geopolitics create friction.

VIDEO RECORDING

From Policy to Practice: Governing AI for Global Impact

Detailed Summary

  • Context & Purpose – Ashish opened the session by noting that the discussion is the culmination of several pre‑summit meetings on AI governance. He highlighted two core tensions:
    1. Intent vs. Implementation – industry intentions (e.g., “responsible AI”) often collide with the technical reality of putting those intentions into practice.
    2. Pressure Points – competition, speed‑to‑market, and user‑engagement demands can erode governance safeguards.
  • Shared Responsibility – He emphasized that governance must be a joint effort among regulators, users, and industry rather than a hand‑off of responsibility.

2. The Open‑Weight Model Dilemma (Kareena Prunkey)

  • What is being released? – The panel agreed that “open‑weight” can mean just the model parameters, the training data, or an entire tool‑belt that enables downstream use. Each release type carries distinct risk profiles.
  • Capability‑Risk Link – Capabilities (e.g., detecting software vulnerabilities) map directly onto dual‑use risks (e.g., weaponising the same capability).
  • Mis‑use Potential
    • Fine‑tuning for harmful content (e.g., pornographic or extremist outputs) is already observed at scale.
    • Model provenance – tracking who modifies a model and when is vital for ecosystem monitoring.
  • Governance Steps Proposed
    1. Define the release artifact (weights only, data, tool‑belt).
    2. Measure capabilities through systematic benchmarking.
    3. Test misuse resilience (adversarial fine‑tuning, jailbreak attempts).
    4. Ecosystem monitoring – maintain provenance logs and audit trails.
  • Good vs. Bad Release Examples
    • Good: Staged release to a limited researcher community with strict monitoring.
    • Bad: Unrestricted release of image‑generation models that quickly become a large pool for CSAM (child sexual abuse material) generation.

3. Governance in Practice – Privacy & Legal Frontlines (Jules Polonetsky)

  • Who owns AI governance? – Early on, privacy and legal teams assumed the lead because they already managed regulator relationships. This pattern repeats across many firms.
  • Regulatory “Gate‑keeping” – Example: Italy’s Garante was among the first regulators to demand that an AI service stop operating in the country. These regulators often lack extra resources, creating a choke‑point‑risk.
  • Business Pressure – Companies cannot wait for final EU‑AI‑Act guidance; they must ship products now. Hence, internal “impact assessments” proliferate, but they are fragmented (e.g., separate assessments for GDPR, California privacy, AI‑specific rules).
  • Tooling & Automation – AI‑driven assessment tools are improving, offering faster, reasonably accurate risk signals, though human review remains essential.
  • Incentive Mis‑alignment – Without clear, universal baselines, firms race to the bottom (e.g., ad‑tech privacy compromises). Jules called for consensus standards (privacy, data‑collection, bias) to level the playing field.

4. Google’s Global‑vs‑Local Governance Model (Gail Kent)

  • Principled Foundations – Google’s universal AI principles (social benefit, fairness, safety, accountability) guide all products.
  • Partnership Approach – Governance is co‑created with:
    1. Governments (local law compliance).
    2. Academia & Think‑tanks (evidence base).
    3. Civil‑society (user expectations).
  • Safety & Privacy in Gemini
    • Model‑level safety: internal red‑team testing, adversarial fine‑tuning checks.
    • Product‑level safety: continuous monitoring of downstream use cases.
  • Local Nuance – India Example – Indian users heavily consume multimodal content; thus safety testing includes video and audio modalities, and privacy assessments reflect local expectations around data residency and consent.
  • Governance under Rapid Release Cadence – Google stresses that its principles are immutable, even as model versions (e.g., Gemini 1 → Gemini 2) roll out quickly. The same safety‑privacy guardrails apply regardless of speed.

5. Wipro’s Deploy‑er Perspective (Ivana Bartoletti)

  • From Privacy‑Lead to Deploy‑er Lead – Initially, privacy officers owned AI governance at many firms; Wipro transitioned to a broader, cross‑functional governance model.
  • Governance as Growth Enabler – Positioning governance not as a checkbox but as a strategic differentiator that builds client trust and long‑term value.
  • Client‑Facing Governance
    • Negotiating Liability – Clarify where responsibility ends (Wipro vs. client) especially with third‑party tools (Google, xAI).
    • Phased Roll‑outs – Advise clients to start with low‑risk use cases, then expand after maturity checks.
    • Upskilling Legal Teams – Provide legal‑tech training so that contracts capture AI‑specific risks.
  • Concrete Example (Redacted) – A client wanted 50 % “agentic” AI; Wipro recommended a staged pilot, highlighted hallucination risks, and set human‑in‑the‑loop checkpoints before full deployment.

6. xAI’s Front‑Line Safety Framework (Wifredo “Wifi” Fernández)

  • Safety‑by‑Design – xAI publishes a public Frontier AI Framework (renamed for California compliance) that enumerates risk categories: dual‑use, child‑safety, self‑harm, political bias, “sycophancy,” etc.
  • Model Cards & Transparency – Each model release (e.g., Grok 4, 4.1, upcoming 4.2) includes a detailed model card covering training data, benchmark performance, and identified risks.
  • Public‑Feedback Loop – xAI leverages its social‑media platform (X) to gather real‑time user and researcher feedback, enabling rapid risk mitigation and “building in public.”
  • Governance Trade‑offs – Balances trade‑secret protection with openness; transparency about safety measures is maximised while proprietary details are protected.

7. Audience Interaction & Cross‑Cutting Themes

ThemeRepresentative Points
Evaluation Gap (Kareena)Benchmarks often over‑state real‑world safety; need more robust pre‑deployment testing.
Benchmark Need (Jules)Industry‑wide privacy and safety benchmarks would give engineers actionable metrics.
Tool Accessibility (Jules)Low‑cost governance platforms (e.g., OneTrust, Creo AI) are essential for startups lacking large legal teams.
Child‑Safety & Age‑Based Controls (xAI)Default safeguards must protect minors; governments may legislate age‑gating, but platforms should offer parental controls and safe‑mode defaults.
AI Agents – Governance Frontier (Google)Human‑in‑the‑loop, bias mitigation, and red‑team testing remain core even as agents become more autonomous.
Data‑Protection Law Implementation (India) (Jules)Robust implementation of India’s Data Protection Act within 12 months would catalyse better governance globally.

8. Closing & Take‑aways (Ashish Aggarwal)

  • Gratitude expressed to NASSCOM, FPF, the speakers, and the audience.
  • Emphasis that governance is a continuous, collaborative journey, not a one‑off checklist.

Key Takeaways

  • Governance must translate policy intent into concrete, testable controls (e.g., staged releases, sandboxing, provenance logs).
  • Open‑weight models pose unique dual‑use risks; responsible release requires clarity on what is released, capability benchmarking, misuse testing, and ecosystem monitoring.
  • Privacy and legal teams are natural early stewards of AI governance, but the responsibility now spans across product, risk, and engineering functions.
  • Global principles (e.g., Google’s AI Principles, xAI’s Frontier AI Framework) should be applied uniformly, even when product release cadence accelerates.
  • Local context matters – India’s heavy multimodal usage and pending Data Protection Act demand tailored safety and privacy assessments.
  • Shared‑responsibility models are essential: regulators set baselines, industry builds interoperable tools, and users (including parents for minors) retain agency.
  • Standardised benchmarks for privacy, bias, and safety are urgently needed to give engineers actionable metrics and to level the playing field.
  • Governance tools must be affordable and accessible for startups and mid‑size firms; otherwise, compliance becomes a barrier to innovation.
  • AI agents heighten the need for human‑in‑the‑loop safeguards, clear accountability, and continuous red‑team evaluation.
  • Rapid, public‑feedback loops (as used by xAI) improve risk detection and enable faster mitigation without sacrificing transparency.

See Also:

Graph View

Backlinks