Digital India Foundation, a policy think tank working in the areas of technology policy, digital inclusion, ethics of AI, supply-chain security, and governance of critical and emerging technologies. Dr. Arvind Gupta, Head and Co-founder, Digital India Foundation (DIF) talks in detail on security roadmap, impact of AI, best practices for CISOs and future outlook for technology.
Q. What are the key factors for Indian companies to prioritise their security roadmap and related investments?
Dr. Arvind: Indian companies must prioritize regulatory compliance under the DPDP, 2023, using encryption and audits to meet data protection laws and align with RBI, SEBI, and GDPR. AI disruption requires securing AI systems while leveraging them for threat detection amid regulatory shifts.
Supply chain shocks from geopolitical factors, worsened by USA tariff wars (e.g., 25% on Mexico/Canada, 20% on China), escalate costs and disruptions, necessitating vendor assessments and localized threat monitoring to counter trade conflicts and regional tensions.
Q. Reliability, transparency, user-centred design, and ethical use are central to security framework. Any new initiatives on DIF?
Dr. Arvind: DIF remains dedicated to promoting these guiding principles. In recent months, the Foundation has launched a series of user-centric research aimed at strengthening data protection and ensuring inclusive platform governance. It has also convened policy roundtables with stakeholders from government, industry, and academia to identify ethical and regulatory best practices. In addition, the Foundation supports pilot projects on responsible AI, emphasising transparency, fairness, and public trust. These initiatives align with India’s broader digital agenda and reflect the Foundation’s continued focus on safeguarding users’ interests.
Q. In a world of humans, machines, and AI; what does human leadership teach us about developing trustworthy technology?
Dr. Arvind: Human leadership highlights the importance of ethics, empathy, and responsible oversight. By setting clear principles before project initiation, leaders align technology with broader societal objectives rather than merely chasing efficiency. They also assemble interdisciplinary teams that bring together technical prowess and policy insights. In doing so, they safeguard user interests and foster transparency, ultimately building systems that command sustained trust.
Q. What does it take (wrt. people, process, technology) to build trustworthy systems?
Dr. Arvind: Building trustworthy systems starts with skilled professionals who grasp not only technical intricacies but also broader policy and ethical considerations. Effective governance and transparent processes safeguard against misuse, ensuring consistency in quality checks and regulatory compliance. My work across Ispirt, ONDC and other such DPIs has allowed me to work across several such systems. In, addition my paper on trust in technology focuses on several crucial aspects of ascertaining why citizens trust certain platforms with specific reference to DPI.
Q. AI is increasingly used to make important decisions. How do you see its evolution impact the lives of Indian citizens?
Dr. Arvind: AI is included in everything from digital assistants in homes to advanced analytics in healthcare and financial services, and it will become our ‘new normal’. Simultaneously, questions around privacy, fairness, and accountability remain as India implements the DPDP Act and sets standards for data protection. A balanced framework, where ethical considerations, transparent data handling, and robust oversight guide development, can help AI implementation flourish without compromising user trust or individual rights.
Q. In the context of trustworthy systems, ensuring that humans and technology solutions work together and complement each other. Is that tough or easy to do and why?
Dr. Arvind: It can be challenging when systems don’t account for human oversight or when interfaces are too complex for the average user. Solutions that incorporate transparent design, straight forward user experiences, and well-defined feedback loops can ease the transition. In India’s case we have done this in digital public infrastructure. When end users and operators feel engaged, knowing their data is secure, and they can intervene if something goes awry, technology shifts from an opaque tool to a trusted partner.
With MyGov’s citizen engagement platform and the Jeevan Pramaan digital life certificate system, when technology is designed with user feedback and strong governance principles, collaboration between people and digital tools becomes much smoother. These platforms offer intuitive interfaces and transparent processes, easing the burden on individuals—particularly senior citizens—while reducing manual work for administrators.
Q. Do you see DPDP Act emerge as a catalyst or deterrent with respect to data privacy of individuals, organisations, and India as a nation?
Dr. Arvind: The DPDP Act introduces provisions that, in several respects, surpass the protections afforded by Europe’s GDPR or the corresponding frameworks in the United States and China. The DPDP Act supports our broader Digital Public Infrastructure goals by strengthening trust through frameworks like the Data Empowerment and Protection Architecture (DEPA). By focusing on user consent and clear accountability for data fiduciaries, it aligns with India’s emphasis on empowering individuals while enabling smoother cross-border data flows. When combined with consent management systems and other DPI initiatives, and enforced consistently, this legislation could set India apart as a global leader in shaping responsible digital ecosystems.
Q. Tech leaders are aiming to enable inclusive growth and sustainable development. How can security technologies contribute to this cause?
Dr. Arvind: Security technologies serve as a foundation for both inclusion and sustainability. Encrypting transactions and safeguarding critical systems reduce the risk of fraud, as well as track resource consumption, helping organisations optimise energy use and reduce waste, a key concern for environmental goals. By combining robust data protection with responsible resource management, security tools enable economic growth that achieves these goals.
Q. What are the typical traits or characteristics for a CISO or security leader to pave a path forward on this trusted platform journey?
Dr. Arvind: Effective CISOs bring a strong understanding of risk management while aligning security measures to broader organisational goals. Effective communication skills ensure that executive teams and frontline staff alike can appreciate the business rationale behind specific controls. Finally, unwavering ethical standards guide them in safeguarding privacy and nurturing accountability. I have always believed that focusing on genuine user needs over short-term figures fosters an atmosphere of trust and encourages meaningful innovation. These core traits help build resilient environments that maintain stakeholder trust in an evolving digital landscape.
Q. How do you see Digital India Foundation (DIF), India Stack, ONDC, and other mega initiatives evolve by 2025 and 2026?
Dr. Arvind: DIF is working with partners across government and industry to cultivate best practices in data governance, AI, and startup ecosystems. India Stack, which already underpins innovations like UPI, will likely expand into new verticals that combine convenience with stronger consumer safeguards.
Meanwhile, ONDC’s open framework holds considerable promise for widening access to e-commerce and accelerating digital adoption among smaller retailers. India’s AI mission and investment in the 500 Crore Centre for Excellence also bodes well from an AI development perspective. These combined efforts could redefine India’s role on the global digital stage, promoting inclusive growth and setting new standards for trustworthy technology.
Read More from This Article: Dr Arvind Gupta: Trustworthy systems to empower India’s growing economy
Source: News