Naavi.org

Albania Government led AI in Governance when Prime Minister Edi Rama appointed an Virtual AI minister Diella as a formally appointed “Minister of State for Artificial Intelligence” and its 83 yet to be born children-robots  as additional ministers.  After Saudi Arabia which gave citizenship to a humanoid Robot, Sophia and a Polish beverage company appointed MIKA as a CEO , there is a thought that India should also attempt reducing its huge Government expenditure by replacing the Government employees substantially with AI agents.

I hope Mr Narendra Modi takes a look at this proposal.

It is noted that the Ministry of Information Technology (MeitY) may be favourably inclined to the proposal since one of its “officials”  has suggested private sector companies that they should have an enterprise AI appointed as a AI-DPO to manage the compliance of DPDPA. Some Cyber Security specialists seem to agree with this possibility. (See the  ET Article here).

It is time to consider putting this suggestion into practice by appointing an “Additional Secretary” to the MeitY to manage the responsibilities for DPDPA Compliance.

Under the Seventh Schedule of the DPDPA Rules, associated with Rule 23,  the Government  is  expected to appoint an officer of the Central Government in the MeitY as the Secretary in Charge for “Carrying out assessment for notifying any Data Fiduciary or class of Data Fiduciaries as Significant Data Fiduciary.”.

There is one thought that one “Corporate Official” has suggested that

MeitY may appoint an AI-Secretary for this purpose. This AI-Secretary can be an “Agentic AI” which can log into a company’s network, make a thorough analysis of the Company’s personal data collection and the risk profile presented by its activities and declare whether an organization is a “Significant Data Fiduciary” or  not. Since this will be an assessment  by the  Government it  will be binding on the Judiciary at a later day if this question comes up. 

Alternatively if the MeitY is endorsing the JIO compliance Management system as an “Approved DPDPA Compliance Management  System”, the same system may be configured to send a report to the MeitY initially on the status of an organization as an SDF and there after periodically report the operations of the organization to the DPB or the MeitY.

Once this project succeeds, all Government departments  can replace atleast 50% of their Secretaries with AI and another 75% of the employees with AI Children like the Albanian initiative.”

It is needless to say neither Naavi nor Naavi.org considers this as a desirable  proposition.

Naavi has in fact suggested under DGPSI-AI framework  that for every AI application there must be a designated “Human Handler” to take the responsibility for the activities  and decisions taken by the AI.

However in the interest of “Free Speech”  and “Freedom of Press of Naavi.org”, the proposition of the “Corporate Official”, we have published the proposal. We are also committed in the spirit of “Confidentiality” of the personal information to keep the identity of this corporate official undisclosed.

We are not also not commenting on whether this “Corporate Official” is a human or a Cyborg or a humanoid Robot like Mika or Sophia or an AI chat bot like Diella.

Request readers to be sensitive to this issue and not ask for the identity of this “Official”.

But we invite public comments on this thought which we consider is relevant in the current state of thinking of MeitY.

Naavi

Audio Overview:

English : Kannada : Hindi : Telugu : Tamil

Professionals are like lotus in the Pond. Everybody want to raise. In the process some want to raise above others and enter into a competing mode. What we need to appreciate is that the Lotus will raise even when the water itself raises, though every body else also raise with us.

This is the principle with which the Association of Internal Data Auditors (AIDAI) wishes to develop.

Independent Data Auditor is the statutory auditor designated under Section 10 of DPDPA to “evaluate the compliance of the Significant Data Fiduciary in accordance with the provisions of this Act”.

This is a new profession created by DPDPA 2023 and is different from the IS audit or other kinds of audits involving “Data” for different purposes. For example an Advocate audits contracts of an organization to check if all vendors are properly bound by contract for Data Protection. A Chartered Accountant checks data to audit the financial transactions or a potential fraud. A Cost accountant checks data to evaluate the cost of creation and holding or pricing for sale. A Company secretary evaluated compliance of an organization to different provisions of the Companies Act.

All of them are well equipped to be “Data Auditor as envisaged under DPDPA 2023”.

FDPPI envisages that the future set of “Data Auditors” is not limited to “Privacy Auditors”  who might have acquired a qualification as a “Certified DPO” or equivalent. It is a huge lake of professionals from multiple professions focussing on one goal…”Make India DPDPA Compliant”.

AIDAI or the Association of Independent Data Auditors a part of FDPPI aims to bring together all these professionals into a single forum.

Today at 11.00 am, a brief interaction has been arranged to discuss the role of an  Independent Auditor in India and how AIDAI proposes to go about this work.

Link to the event :

Naavi

Principle to note: ಜಲವೃದ್ಧ್ಯಾ ವರ್ಧತೇ ಪದ್ಮಂ (Jala Vridhya, vardhate Padmam)

To
Sri Ashwini Vaishnaw
Honourable Minister for Railways and Electronics & Information Technology
Government of India
New Delhi

Subject: Need for Clarification on Reported “Law-to-Code” Initiative under DPDPA

Dear Sir,

I draw your attention to an article published in The Economic Times dated May 20, 2026 titled “Center is Eyeing Law to Code to AI-Proof Data Law”. (Link)

According to the report, MeitY is examining the possibility of converting portions of the Digital Personal Data Protection Act into executable code-based compliance systems capable of automated decision-making relating to consent management, retention control, deletion obligations, and other compliance functions.

The article suggests that such a framework is being discussed in the context of AI-driven cyber threats and machine-speed governance requirements.

At the outset, I wish to clarify that I am not opposed to the use of AI tools, automation, or software-assisted compliance mechanisms by Data Fiduciaries. Such adoption is both commercially and technologically inevitable. However, the decision to adopt a particular compliance architecture, AI engine, or software platform must remain the responsibility of the Data Fiduciary acting as a statutory trustee of personal data.

My concern is regarding any perceived or implied endorsement by the Ministry of a particular compliance methodology, especially one that may be interpreted as converting legal obligations into pre-defined executable “smart contract”-like systems.

In my view, the following issues require careful consideration:

1. Legal Interpretation Cannot Be Fully Codified
   DPDPA obligations involve context-sensitive interpretation, balancing of legitimate uses, proportionality, contractual obligations, sectoral regulation, and evolving judicial principles. These cannot always be reduced into deterministic machine rules without risk of oversimplification.
2. Risk of Implied Government Endorsement
   If MeitY is perceived as recommending or standardizing a particular AI-led compliance model, such recommendation may later be relied upon by regulated entities as a defence in enforcement proceedings. This may unintentionally dilute accountability under the Act.
3. Market Distortion Concerns
   Any official or semi-official endorsement of specific compliance technologies may create an uneven market environment and unintentionally favour certain vendors or architectures over others.
4. Constitutional and Regulatory Implications
   Since the constitutional validity and adjudicatory structure of the DPDPA framework are presently under judicial scrutiny, public statements suggesting automated governance replacing regulatory discretion may unintentionally complicate the Government’s legal position before the Hon’ble Supreme Court.
5. Need for Transparency
   If consultations have indeed been conducted with industry stakeholders on this subject, it would be appropriate to place the broad consultation framework, policy objectives, and guiding principles in the public domain so that informed debate can take place.

I have elaborated some of these concerns in my earlier article titled “Calling a National Debate on Law to Code by MeitY”. (Link)

I therefore request that MeitY issue an appropriate clarification stating that:

• adoption of AI-assisted compliance tools is a matter of choice and accountability of individual Data Fiduciaries;
• the Government does not intend to replace statutory interpretation or adjudicatory discretion with automated systems;
• no implied endorsement should be inferred for any specific compliance technology, architecture, or vendor ecosystem.

I submit this representation in the larger interest of preserving confidence in the neutrality, flexibility, and constitutional robustness of the DPDPA framework.

I would appreciate a public clarification on this issue.

Yours faithfully,
Vijayashankar Nagarajarao

P.S: For better understanding, I am posting an explainer by NotebookLM in English, Kannada, Hindi and Tamil. Links are below:

Video Overview in English

Audio Overview in : English, Kannada, Hindi and Tamil

MeitY has proposed to issue an AI  software for  compliance of DPDPA.

Details have been discussed in the earlier article

Listen to  these views also

Podcast in English

Podcast in Kannada

Podcast in Hindi

This issue needs a National Debate.

P.S: The podcasts  have been generated using NotebookLM. There could be minor errors. The basic information is available in the post

Naavi