Naavi.org

This is in continuation of our earlier post on “Model Risk Management” guidelines released by RBI as draft for public comments.  (Copy of guidelines)

Let us discuss the “Chapter II” of the draft guidelines on “Governance”.

This chapter prescribes that an RE is accountable for the “Outcomes” of all models used by it irrespective of whether it was developed internally or sourced from outside. The focus on “Outcomes” and not the technology itself is a very intelligent way of bringing all “Automated Decision making” into the realms of the regulation.

The regulation also requires that there should be a “Board Approved Model Risk Management Framework” in place including AI/ML models. Since the definition of “Models” extend to all algorithms, analytics, interfaces, applications, decision-based rules, and other computational tools which, by virtue of their use, have a material impact on decision-making in various business processes, this applies to even internal excel sheets which are designed to take decisions and influence client decisions.

The Model Risk Management Framework (MRMF) should therefore cover risks that arise from the use of any automated decision making algorithms.

The distinction of what is included and what  is not in the regulation depends on the detailed definition of a “Model” which uses three  components.

1. Input Component

2. Processing Component

3. Output component.

Input component includes “Data”, “Decision rules” and “Assumptions”.

Processing component includes “Statistical”, “Mathematical” techniques including AI which is used to analyse and interpret the input components.

Output components are the business and operational decision making that arises out of the model.

This is a very broad definition and hence MRMF has to include all decision related risks where the decision making uses a software component which  uses any form of intelligence.

The Board should be responsible for the oversight on MRMF and periodically approve and review. Guideline also recognizes the need for factoring the RE’s risk appetite.

This exactly reflects the DGPSI principles where the risk assessment is vetted by the top management  and a “Deviation Justification Document” based  on the Risk absorption capacity is adopted.

Committees  under the Board and the Senior Management are expected to establish appropriate procedures etc to mitigate the risks.

Chapter III of the  draft regulations address the “Model Risk Management” (MRM) requirements.

The MRM requirements suggest three lines of defence namely

a) Model owners being first line of defence,

b) An independent model risk management and validation function being second line of defence, and

c) A  robust and independent internal audit function being third line of defence

This is the same as “Process Owners” as the  process  level risk managers envisaged in the DGPSI. Suggests Concurrent supervision  including performance testing.

The guideline recommends “Risk Based Model Tiering” with “High” or “Low” which should be reviewed at least annually. Models  classified as “High Risk” should be approved by an appropriate committee. The Risk assessment is based on the impact on the financial outcomes affecting the RE as well as the potential implication on the consumers.

An appropriate inventory of all “Models” need to be maintained by the RE with details such as Model Owners, developers, Validators, approvers, risk, intended use, dependencies etc. This is similar to the “Process Inventory” recommended under DGPSI.

RE should ensure that the Grievance redressal system should cover the consumer risks.

Chapter IV covers the Model Life Cycle Management which requires appropriate  documentation and procedures of model selection, development, validation, approval, deployment and online monitoring.

RE should also manage appropriate Change Management, Business Continuity management  and  De-commissioning of unused models.

Under Chapter V, the guideline specify how policies and procedures should guide third party models in the entire life  cycle of acquisition, use, de-commissioning etc.

Guidelines specify that An RE should define the scope of AI / ML model, including for foundational AI models and frontier AI models, and put in place additional controls, commensurate with its potential impact on customers, business operations, and financial outcomes.

In cases where the third-party provider does not disclose adequate information regarding the AI / ML model, the RE should identify risks that arise from such constraints, and put in place the necessary mitigants, such as limiting the usage.

In cases where the third-party provider does not disclose adequate information regarding the AI / ML model, the RE should identify risks that arise from such constraints, and put in place the necessary mitigants, such as limiting the usage.

RE should put in place appropriate control boundaries through system-level controls or model design features to mitigate risks of hallucinations, particularly in models capable of generating content (e.g., generative AI models) and use cases where the model outputs directly or indirectly drive customer interaction or decision making.

It should ensure that models are not overfitted to training data and are capable of appropriate generalisation.

An RE should establish appropriate mitigants to address the data risks such as data quality, non-representativeness, incompleteness, breach of intellectual property rights. (*Ed: Need to add Personal Data Protection also) Changes in data distribution, including data drift and concept drift, should be monitored and addressed on an ongoing basis.

Guidelines prescribe “Human Oversight”  on AI and adoption of “Kill Switch”  stating

An RE should establish robust human oversight for AI models including use cases involving automated decision-making by models. It should establish appropriate risk mitigants which inter-alia include:
(i) Human-in-command arrangements (e.g., human-in-the-loop / human-on-the-loop / other human oversight mechanisms);
(ii) override, suspension, or deactivation mechanisms, including kill-switch arrangements; and,
(iii) periodic review of model outputs and model-driven decisions by humans to identify anomalies.

Chapter VI clarifies that these guidelines once approved will super cede relevant provisions in the Guidance Note on Credit Risk management dated October 12, 2002.

In summary,  RBI has produced a comprehensive governance framework that extends beyond AI to encompass every automated decision-making model used by regulated entities. Its emphasis on Board accountability, lifecycle governance, independent validation and human oversight makes it one of the most mature regulatory approaches to AI governance in India.

From the DGPSI perspective, many of the principles—Board oversight, risk-based governance, process ownership, inventories, lifecycle management and documented risk acceptance—are already embedded within the DGPSI framework, demonstrating a strong convergence between RBI’s regulatory expectations and established data governance best practices.

This development has given some additional thoughts  for elaborating certain  aspects of DGPSI-Banks.

Just as “Data is Life” is a key differentiator for   DGPSI-Hospital framework,  “Model Risk Management” becomes a key distinction of DGPSI-Banks framework.

Naavi

An Interesting Workshop on Healthcare is being organized by KIMS Hospitals in Secunderabad on 27th June 2026.

Details are as follows.

Naavi is happy to participate in the event.

Naavi

In continuation of our previous post,  here is an outline of the 16 page draft guidelines issued by RBI on AI usage in Regulated Entities (RE), for public comments.

The scope of the guideline  has been defined broadly as to cover “Models” and termed Artificial Intelligence as a “Technology”. The risks arising out these models usage is termed as “Model Risks” which may lead to inaccurate outcomes, flawed decisions, financial losses, operational disruptions, compliance failures and other adverse consequences for REs, consumers and the financial system.

The Guideline itself is called “Guidance on Regulatory Principles for Model Risk Management 2026”  (GRP-MRM).

Hence  the guidance lays down a broad set of regulatory principles for the management of risks arising from use of models which includes AI/ML. The guidance is applicable to all REs.

The chaptalization of the guidance note is as follows:

Chapter I: Preliminary

Chapter II:  Goverance

Chapter III Model Risk Management

Chapter IV: Model LifeCycle Management

Chapter V: Specific Models

Chapter VI: Other Provisions.

Chapter I covers the Introduction, Applicability and Scope as well as the definitions.

For the purpose of the guidance, “Model” has been defined as follows:

‘Model’ means a system, whether developed internally, sourced from third-parties, or a combination thereof, that incorporates data, applies theoretical, empirical, or judgement-based assumptions (input component), uses statistical, mathematical, economic, financial, or such other cognitive techniques (including Artificial Intelligence (AI) / Machine Learning (ML)) to analyse, interpret relationships and process inputs (processing component) and produce results that are used for business or any other operations and decision making (output component).

It includes algorithms, analytics, interfaces, applications, decision-based rules, and other computational tools which, by virtue of their use, have a material impact on decision-making in various business processes, irrespective of whether such tools are recognised as models by the RE.

Illustration – A spreadsheet-based loan pricing calculator deployed or used by an RE may be considered as only a basic mathematical tool. However, if the RE uses this tool to derive lending rates, customer margins, or credit terms, such that it takes inputs (borrower type, tenor, credit score, collateral value), applies processing logic (interest rate grids, risk-weighted spreads, margin formulas), and produces an output (final lending rate or price) which then affects business decisions, then it should be considered as a model

This approach is a huge innovation that avoids the debate on “What is the technical definition of AI” and focusses more on the intention  of the use of software to by pass human intervention. (This may impact our definition of AI in the DGPSI-AI framework).

…To Be Continued

Naavi

Also Listen to t he explainer here

View the Video Overview here.: 

Recently the Supreme Court released a comprehensive guidance on the use of AI in Judiciary for which comments were filed by Naavi/FDPPI ( Copy of  comments ) , after many articles here. 

Some time back, Naavi.org had reported about the Bhattacharya Committee having published its report on “Framework for Responsible and Ethical Enablement of AI, referred to briefly as  -FREE-AI).

Now RBI has adopted the recommendations and released a draft guideline for public comments, copy of which is available here.

 Draft Guidelines for AI for  Public Comments

According to the Press release, comments can be submitted by public till July 24, 2026

The comments / feedback may be submitted through the link under the ‘Connect 2 Regulate’ Section available on RBI’s website or alternatively be forwarded to:

The Chief General Manager, Operational Risk Group
Department of Regulation, Central Office
Reserve Bank of India
Shahid Bhagat Singh Marg, Fort
Mumbai – 400 001

Or

By e-mail with the subject line ‘Feedback on Guidance on Regulatory Principles for Model Risk Management’

According to the Press release, the objectives of this document  is as follows:

The Reserve Bank had issued the draft “Regulatory Principles for Management of Model Risks in Credit” on August 05, 2024, with a view to strengthen governance and risk management practices relating to use of models in credit, followed by report of the Committee on Framework for Responsible and Ethical Enablement of Artificial Intelligence (FREE-AI) on August 13, 2025. Considering model usage has expanded significantly and regulated entities are increasingly using models, including those employing Artificial Intelligence / Machine Learning (AI / ML), across various business and decision-making processes; weaknesses in their governance, oversight, risk management and controls may expose the regulated entities to financial, operational, compliance, and reputational risks. Recognising this, the Reserve Bank has today released draft ‘Guidance on Regulatory Principles for Model Risk Management’ which provides holistic and broad regulatory expectations for model risk management across the model lifecycle. The Guidance is applicable to all models used by regulated entities, including third party models and models employing AI / ML.

To facilitate  public to formulate their views, some comments shall be provided here in a series of articles. Hope it would be of use.

Naavi

Reserve Bank had issued the draft Reserve Bank of India (Responsible Business Conduct) Third Amendment Directions, 2026 on March 6, 2026 for seeking feedback from stakeholders. The draft Amendment Directions inter alia proposed to enhance the scope of existing instructions on limiting liability of customers in unauthorised electronic banking transactions to cover other categories of fraudulent electronic banking transactions, reduce the time taken by banks to process complaints related to fraudulent electronic banking transactions, and introduce a compensation mechanism for small value fraudulent electronic banking transactions.

Refer the Press release Dated June 24, 2026, here

These instructions will be effective from January 1, 2027.

This is for general  information of Bank customers.

Interested persons are requested to peruse the directions available below.

1. Reserve Bank of India (Commercial Banks – Responsible Business Conduct) Third Amendment Directions, 2026
2. Reserve Bank of India (Small Finance Banks – Responsible Business Conduct) Third Amendment Directions, 2026
3. Reserve Bank of India (Payments Banks – Responsible Business Conduct) Second Amendment Directions, 2026
4. Reserve Bank of India (Local Area Banks – Responsible Business Conduct) Third Amendment Directions, 2026
5. Reserve Bank of India (Regional Rural Banks – Responsible Business Conduct) Third Amendment Directions, 2026
6. Reserve Bank of India (Urban Co-operative Banks – Responsible Business Conduct) Third Amendment Directions, 2026
7. Reserve Bank of India (Rural Co-operative Banks – Responsible Business Conduct) Third Amendment Directions, 2026

Key points to be noted are the insertion of definition of Negligence by Bank and negligence by customer.

Accordingly the following two directions have been inserted.

(20B) Negligence by a bank inter alia includes the following actions by the bank:

(i) not putting in place the mandated systems and procedures to ensure safety and security of EBTs; or

(ii) not sending mandatory alerts for EBTs; or

(iii) not providing 24×7 channels for reporting of fraudulent EBTs or loss of debit / credit card; or

(iv) not acting diligently upon a customer notification regarding unauthorised EBT(s) or loss of debit / credit card; or

(v) system malfunctions / security breaches / internal frauds leading to unauthorised EBTs.

(20C) Negligence by a customer inter alia includes the following actions by the customer:

(i) failing to exercise reasonable care in usage of credentials such as PIN, password, OTP or other details (e.g., providing credentials for carrying out transactions to another person, whether intentionally or otherwise, writing down and storing the PIN with a debit / credit card, etc.); or

(ii) not notifying the bank promptly after finding out about a fraudulent EBT, or loss of a debit / credit card; or

(iii) not paying attention to specific, directed and clear warnings from the bank that a prospective transaction is likely a scam; or

(iv) downloading malicious apps; or

(v) failing to update her / his registered mobile number / email address with the bank in case of change.”.

Third party breach has been defined as under:

26.1A Third-party breach means a situation where the deficiency lies neither with the bank nor with the customer but lies elsewhere in the system and includes deficiency on the part of an intermediary such as a Third-Party Application Provider (TPAP), Payment Aggregator (PA), Payment Gateway (PG), Telecom Service Provider (TSP), etc

For full details kindly refer to the links provided above in the press release.

Naavi

The basic objective of the Digital Personal Data Protection Act (DPDPA) is to give individuals a right to protect their privacy through the regulated management of personal data while it is processed by third parties. How we arrived at that objective is itself a story of how our understanding of data has evolved — and that evolution is the key to seeing why hospitals are different.

In the first generation, personal data was understood technically: a set of binary data which the perceiver is able to read as information belonging to an identifiable individual. The concern of that era was the preservation of Confidentiality, Integrity and Availability — the familiar CIA triad of information security. Data was qualified as “sensitive” only when its loss could harm the individual, and protection meant securing the bits.

The second generation reframed data as money. As organizations searched for monetization strategies, digital marketing companies built their business on profiling data principals and linking that profile to advertising. Data became an asset to be valued and traded. It was at this stage that privacy protection surfaced as a public concern, and laws such as the DPDPA emerged to address it.

Because “privacy” is notoriously difficult to define, the DPDPA wisely declined to define it. Instead it prescribed certain measurable obligations on the processing of personal data and enforced them through a stringent penalty system. These are the obligations of the Data Fiduciary — the organization that, by determining the purpose and means of processing, is recognized as a trustee and is expected to take micro-level decisions in that fiduciary character. The Fiduciary’s journey therefore begins with a Notice that explains the purpose of collection and how the data will be used, followed by the capture of the data principal’s Consent.

The DGPSI frameworks recognized this changing perception and introduced Data Valuation as a key parameter in their compliance strategies. And it is precisely the question of valuation that brings us to the third generation — and to hospitals.

In a hospital, the personal data of a patient is not simply personal data that has a value to be monetized. It is representative of life itself. Any misuse or breach does not end in financial loss; it could endanger the life of the patient. Hence the axiom “Data is Money” is not valid for the healthcare sector. Here we need to treat Data as Life.

Note that valuation does not disappear in this third generation — it changes its denomination. The value of patient data is no longer measured in rupees of monetization but in the severity of harm to life. DGPSI’s Data Valuation parameter therefore remains central to healthcare compliance; only the currency changes.

This matters all the more because the DPDPA deliberately abandoned the category of “sensitive personal data” that earlier Indian rules had recognized. The statute applies a single, uniform standard to all personal data and refuses to place health data on a special pedestal. If the law will not elevate health data, then governance must. The responsibility of restoring the special status of patient data falls on the compliance framework, not on the statute.

This is the reasoning behind a deliberate DGPSI decision. The DPDPA grades the “significance” of a Data Fiduciary largely by scale — the volume and sensitivity of data and the breadth of risk to data principals — and leaves the designation of a Significant Data Fiduciary to government notification. But harm to life cannot be graded by scale. One life lost is not less significant than many lives lost. A small nursing home that endangers a single patient through a data breach has caused a harm no less grave than a large hospital chain. The volume-based test of significance, sensible for commercial data, is the wrong yardstick for life.

DGPSI therefore treats every hospital as a Significant Data Fiduciary — regardless of its size, the number of patients it serves, or whether the government has notified it as such. Under DGPSI, the threshold question “Am I a Significant Data Fiduciary?” has only one answer for a hospital: yes.

That elevation has a direct governance consequence. For an ordinary company, one can argue for a lean compliance team. The DPDPA makes a Data Protection Officer (DPO) a mandatory statutory function only for a Significant Data Fiduciary, while leaving the Chief Information Security Officer (CISO) as a best-practice function. On that footing, a general company could let the DPO be made responsible for DPDPA compliance and allow the CISO to continue focusing on what he is presently doing.

A hospital cannot be governed so simply. Once every hospital is treated as a Significant Data Fiduciary, the DPO becomes a full, mandatory function in each one. But the DPO cannot be placed on the pedestal of data protection responsibilities alone, because a hospital has a third officer whose role cannot be subordinated — the Patient Safety Officer (PSO).

The PSO’s functions are quasi-legal. They often protect the hospital and its doctors from liabilities arising out of unfortunate adverse events. This authority cannot be allowed to be pushed down by the DPO. One may debate whether the CISO can still be pushed down and the compliance left to the DPO and the PSO together. After giving weight to these sensitivities of governance, DGPSI has decided to retain a triumvirate — the DPO, the CISO and the PSO — as the compliance team in a hospital.

The wisdom of insisting on all three becomes obvious the moment a breach occurs. A single data breach in a hospital can trigger two clocks at once: the CISO must report the cyber incident to CERT-In within six hours, while the DPO must notify the Data Protection Board and the affected patients within seventy-two hours under the DPDP Rules. (The moment the data breach report is triggered the Patient  Safety event also gets triggered.) Two timelines, two regulators and two reporting formats have to be coordinated under pressure — which is exactly the coordination the triumvirate exists to provide. Leave one officer out, and the clock keeps running while the others stitch the response together.

The DGPSI-Hospital governance structure therefore retains an apex DPDPA governance body — which includes other stakeholders such as the CFO and the CMO, and is led by an Independent Director — with the triumvirate functioning as its sub-committee. Accountability to the regulator rests with the fiduciary through this apex body; the triumvirate is the coordinating engine beneath it, not a diffusion of responsibility. Externally, each of the three members maintains a distinct line of exposure: the DPO to the Data Protection Board (DPB), the CISO to CERT-In, and the PSO to the NABH accreditation authorities.

As regards the PSO’s remaining obligations, the call is for cooperation rather than competition. The PSO has to coordinate with the CISO and the CIO to establish a compliance architecture for NABH accreditation, without interfering with the DPO’s requirements under the DPDPA.

These distinctions grow sharper as hospitals adopt artificial intelligence. AI-assisted diagnosis, clinical decision support and the profiling of patient data fold the safety question and the data-protection question into a single question: an erroneous or biased model can endanger life exactly as a breach can. Governing such systems needs the safety lens of the PSO, the security lens of the CISO and the data-protection lens of the DPO acting together.

These changes need to be reflected in DGPSI-Hospital as an improvement to the framework — DGPSI-FULL with AI.

Naavi