India AI Impact Summit 2026

navigating-the-ai-regulatory-landscape-a-cross-compliance-framework-for-safety-and-governance

7 min read

TRACK:Safe and Trusted AI
SPEAKERS
  • Aarthi Sivanandha, AZB & Partners
  • Dr. Lalit Patil, International Neurodegenerative Disorders Research Center (INDRC) "
  • Dr. Mohammed Misbahuddin, C-DAC Bangalore
  • Dr. S. D. Sudarsan, C-DAC Bangalore
  • Dr. Vit Dockal, International Development Research Centre (INDRC), Czech Republic
  • Mr. Ramesh Naidu Laveti, C-DAC Bangalore
SESSION OVERVIEW

This session examines the evolving AI regulatory landscape through a cross-compliance lens, comparing various national frameworks for data governance, safety, and accountability. It highlights practical approaches to implementing trustworthy, safe AI, drawing on large-scale project experience. The discussion aims to support policymakers, practitioners, and institutions in aligning innovation with regulatory compliance, ethical standards, and responsible AI governance across jurisdictions.

VIDEO RECORDING

Navigating the AI Regulatory Landscape: A Cross-Compliance Framework for Safety and Governance

Abstract

The session explored how organisations can develop trustworthy AI that complies with both the European Union’s AI Act and India’s emerging data‑governance regime. Panelists compared risk‑classification frameworks, highlighted practical safety parameters (risk management, data quality, transparency, human‑in‑the‑loop, robustness and post‑market monitoring), and discussed concrete cross‑border initiatives such as the CLARA Centre of Excellence and the AI Factory funding programme. The discussion concluded with a legal deep‑dive on India’s DPDP Act, the challenges of aligning it with GDPR, and a brief audience Q & A on liability for “black‑box” AI models.

Detailed Summary

  • Moderator (Ramesh Naidu Laveti) opened the panel, noting the importance of the AI Summit and thanking the Indian government and Prime Minister Modi for supporting AI dialogue.
  • He introduced the theme: building AI systems that are safe, trustworthy, and compliant across jurisdictions, especially between India (≈ 1.4 billion people) and the EU (≈ 450 million people).

2. Cross‑Compliance Concept (Dr Lalit Patil)

  • Cross‑compliance is defined as the need for a system developed in one jurisdiction (India) to meet the regulatory expectations of another (EU) when serving users there.
  • Key contrast: the EU already has a dedicated AI Act (one of the world’s strictest); India currently relies on sector‑specific laws and the upcoming DPDP Act.
  • Patil emphasized that the lack of a dedicated AI law in India can be a blessing for rapid innovation, but prepares companies for future regulation by adopting EU‑style safeguards now.

2.1 Risk‑Based Classification (EU AI Act)

Risk tierTypical examplesCompliance implications
UnacceptableSocial scoring, real‑time biometric surveillanceProhibited in the EU
High‑riskAI used in medical devices, biometric identification, critical infrastructureMandatory conformity assessment, extensive documentation, post‑market monitoring
Limited‑riskChatbots with minimal impactTransparency obligations (e.g., disclose “AI‑generated” content)
Minimal‑riskSimple statistical toolsNo specific obligations
  • Companies targeting EU markets must classify their AI, then apply the corresponding controls.
  • Patil warned that continuous risk management is required; the classification does not stop at launch but persists throughout the system’s lifecycle.

2.2 Roles in the AI Value Chain

  • AI Provider / Manufacturer – designs and builds the model.
  • AI Deployer – integrates the model into a product or service.
  • AI Promoter – markets the AI‑enabled solution.
  • AI User – end‑user interaction.

Each role carries distinct obligations (documentation, monitoring, liability).

3. Technical Safety Parameters (Dr Mohammed Misbahuddin & Dr S.D. Sudarsan)

3.1 Data Quality & Bias Mitigation

  • Data provenance is paramount; AI is only as unbiased as its training data.
  • Misbahuddin illustrated a clinical‑data example: a model predicting platelet counts could produce erroneous outputs if trained on biased population data (e.g., European vs. Indian genetic backgrounds).
  • Continuous authentication of datasets is required, including bias audits and representativeness checks.

3.2 Technical Documentation & Transparency

  • Detailed technical documentation (model architecture, training data, preprocessing steps, risk‑mitigation measures) must be maintained and made available to regulators.
  • Sudarsan stressed that inability to explain a system undermines claims of safety.

3.3 Human‑in‑the‑Loop Oversight

  • Human oversight is not just a “post‑hoc” check; it must be embedded throughout development and deployment (e.g., prompt‑editing interfaces in LLMs).
  • The panel suggested design patterns where users can override or pause AI decisions before final execution.

3.4 Accuracy, Robustness & Cybersecurity

  • Accuracy is critical in high‑stakes domains such as healthcare. A mis‑read blood‑pressure reading could lead to harmful medication.
  • The panel highlighted privacy‑focused LLMs like Lumo (Proton) that deliberately refuse to answer when uncertain, sacrificing convenience for safety.
  • Cybersecurity threats (data poisoning, model extraction) demand secure pipelines and post‑market monitoring.

3.5 Post‑Market Monitoring

  • Ongoing monitoring of model performance, drift, and emergent risks is essential.
  • Sudarsan recommended a feedback loop: collect real‑world usage data, re‑evaluate risk classification, and issue corrective patches.

4. European Perspective & Collaborative Initiatives (Dr Vit Dockal)

4.1 CLARA – Centre of Excellence

  • CLARA is a €43 million EU‑funded hub integrating AI, ML, large‑language models, high‑performance computing (HPC) and quantum computing to explore complex biological processes (e.g., neuronal ageing, cancer cell dynamics).
  • Dockal highlighted the need for early‑stage compliance: even research‑phase projects must embed data‑privacy safeguards because they handle massive health datasets.

4.2 AI Factory Funding Programme

  • Announced €40 million (3‑year) investment to provide AI‑as‑a‑service for European start‑ups: compute resources, model validation, and regulatory guidance.
  • The programme will act as a sandbox for innovators, offering free access to robust infrastructure in exchange for adherence to EU safety standards.

4.3 Indo‑EU Trade Agreement & Zlín Impact Accelerator

  • The recent Indo‑EU trade deal opens a pathway for Indian AI start‑ups to establish Czech subsidiaries via the Zlín Impact Accelerator.
  • Benefits: one‑year free office space, visa support, up to €1 million seed funding, and access to EU regulatory expertise.

4.4 Ethical Layer – Digital Humanism

  • Dockal cited the Digital Humanism Principles (adopted in Poissdorf, Austria) as a non‑binding ethical framework that complements legal requirements (EU AI Act, MDR).

5. Indian Legal & Policy Landscape (Aarthi Sivanandha)

5.1 Why Regulate?

  • AI poses three primary safety categories: malfunction, misuse, and systemic risk.
  • India’s DPDP Act (Data Protection and Data Privacy) and the “Seven Sutras” (voluntary governance guidelines) aim to address these risks while preserving innovation.

5.2 Comparative Overview of Global Approaches

RegionRegulatory stanceMain focus
USLight‑touch, sector‑specificMarket‑driven innovation
ChinaOpaque, state‑led mandatesStrategic dominance
BRICS (incl. India)Tailored to linguistic & socio‑economic diversityData‑sovereignty, inclusion
EUComprehensive AI Act & GDPRFundamental rights, high‑risk oversight
Japan / Korea / TaiwanEmerging sector‑specific rulesSafety & accountability

5.3 Core Challenges for Indian Policymakers

  1. Data scarcity & under‑reporting – Lack of reliable statistics on deep‑fakes, child‑targeted misuse, etc.
  2. Tooling gap – Need for robust AI‑safety detection tools; funding and R&D are limited.
  3. Pace of innovation – Laws tend to lag behind rapid model improvements (e.g., GPT‑4 vs. GPT‑5).
  4. Liability allocation – Determining who is responsible when a black‑box model causes harm.

5.4 Practical Recommendations

  • Keep regulations simple & clear: Given India’s massive user base, overly complex rules hinder compliance.
  • Adopt a “defence‑in‑depth” strategy: Combine technical safeguards, organisational processes, and societal awareness.
  • Leverage international standards (IEEE, ISO, IETF) while customizing them for local context.

6. Audience Q & A (Selected Exchanges)

QuestionerIssue RaisedKey Points from Answer
Mayank (J S Held)Liability gap: EU AI Act obligations lie with the provider; India’s DPDP places liability on the data fiduciary (e.g., an Indian bank). How can a board certify compliance when the model is a black box?– Indian boards treat EU compliance as necessary but not sufficient; they must also verify DPDP alignment.
– If the data processed is not Indian data, EU compliance may suffice.
– Boards increasingly demand forensic‑level audit rights in contracts, though industry‑wide standards are still evolving.
Unidentified audience memberRBI guidelines for banks – how to reconcile with cross‑border AI contracts?– RBI’s recent service‑legal‑agreement framework imposes mandatory AI‑risk assessments for vendors.
– Banks should embed DPDP‑compliant clauses and require continuous monitoring from providers.
General audiencePractical steps to ensure “AI‑generated” content is labelled for transparency.– Sudarsan reiterated the EU requirement that any AI‑generated output carry a clear notice (e.g., “Generated by AI”).
– India is expected to adopt a similar mandatory labeling rule soon.

7. Closing Remarks

  • Moderator (Ramesh Naidu Laveti) thanked participants, highlighted the forthcoming action plan and call for collaboration across India, the EU, and the Czech Republic.
  • Emphasised that building a global cross‑compliance framework is a collective, interdisciplinary effort that must involve lawyers, technologists, policymakers, and industry leaders.
  • The session concluded with a brief farewell and an invitation to visit the AI Summit expo.

Key Takeaways

  • Risk‑based approach is universal: Classify AI systems (unacceptable, high‑risk, limited‑risk, minimal‑risk) and apply proportional safeguards.
  • Cross‑compliance requires early alignment: Indian developers should adopt EU AI‑Act controls before any EU market entry to avoid retro‑fitting.
  • Data quality and bias mitigation are foundational; continuous dataset authentication prevents systemic discrimination.
  • Technical documentation, transparency, and human‑in‑the‑loop oversight are mandatory for high‑risk AI under both EU and emerging Indian norms.
  • Post‑market monitoring must be built into the product lifecycle to detect drift, emerging threats, and compliance gaps.
  • European initiatives (CLARA, AI Factory, Zlín Impact Accelerator) offer concrete resources for Indian innovators seeking EU‑compliant development pathways.
  • India’s DPDP Act and “Seven Sutras” aim to balance safety with innovation, but face challenges around data availability, tooling, and rapid model evolution.
  • Liability allocation remains a key tension: Indian fiduciaries cannot rely solely on provider‑issued EU compliance certificates; they need contractual audit rights and DPDP‑aligned risk assessments.
  • Collaboration is essential: Standard‑setting bodies (IEEE, ISO, IETF) and multi‑country consortia must harmonise technical, ethical, and legal dimensions to create a truly trustworthy, cross‑border AI ecosystem.

Prepared for the AI Summit (Delhi, 2026) – “Navigating the AI Regulatory Landscape: A Cross‑Compliance Framework for Safety and Governance.”

See Also:

Graph View

Backlinks