India AI Impact Summit Insights
All sessions

Hardware-Rooted AI Sovereignty: Building Trusted Infrastructure for the Global South

Contents

Executive Summary

This AI Impact Summit panel discusses how hardware-enabled verification and governance mechanisms can enable trustworthy, verifiable AI infrastructure for countries in the Global South, addressing the critical gap between AI experimentation and safe, compliant deployment at scale. The session emphasizes that hardware-rooted governance—using trusted execution environments (TEEs) and cryptographic verification—offers a technically viable path to implement safety, sovereignty, and compliance without requiring centralized authorities, while acknowledging that technological solutions must be paired with strategic policy decisions about what AI should accomplish within different jurisdictions.

Key Takeaways

  1. Hardware verification is feasible and deployable now, not theoretical—Lucid's demo showed production-ready deployment of AI agents with cryptographic proofs of data localization, compliance auditing, and sovereignty within minutes, using existing hardware infrastructure.

  2. The trust gap is the bottleneck, not the capability gap—enterprises are ready to deploy AI at scale but won't without verifiable evidence of safety, compliance, and data protection. Hardware-rooted mechanisms directly solve this bottleneck.

  3. Sovereignty is about verified trust, not isolation—countries don't need to own every component of the stack; they need formal verification and international mechanisms to trust what runs on their infrastructure and what happens to their data.

  4. Verification scales better at the regional/treaty level than the national level—Global South countries should pool resources around existing frameworks (data protection laws, regional initiatives) rather than duplicating infrastructure, following the model of data localization which 144 countries already implement.

  5. Strategic alignment on AI's purpose precedes technical implementation—before investing in sovereignty infrastructure, countries must define what problems AI should solve locally; otherwise, they're paying to keep pace with others' agendas rather than advancing their own.

Key Topics Covered

  • Hardware-rooted AI governance and verification — Using trusted execution environments (TEEs) and cryptographic proofs to enforce safety and compliance
  • AI sovereignty and data localization — Ensuring data residency, control, and autonomy over AI systems within national/regional boundaries
  • Enterprise AI adoption at scale — Challenges of deploying AI agents in regulated industries (finance, healthcare, telecom)
  • India's hardware and semiconductor strategy — National policy investments (India Semiconductor Mission, data center subsidization)
  • Safety and alignment challenges — Bridging the gap between current AI system safety and acceptable risk thresholds for high-consequence applications
  • Geopolitical dynamics and verification — The need for international coordination and verification mechanisms for frontier AI
  • Trust infrastructure for the Global South — Building verification systems that don't require every country to rebuild infrastructure independently
  • Data protection and compliance — Linking AI governance to existing data protection frameworks (DPDP Act, RBI guidelines)
  • Proof-carrying code and formal verification — Techniques to ensure software/models comply with defined safety properties
  • Open-source AI risks and supply chain security — Vulnerabilities in open models and the need for upstream verification

Key Points & Insights

  1. Enterprise AI deployment is constrained by trust, not technology: While AI capabilities are mature enough for production, 91% of enterprises cite speed of deployment and data security as critical blockers. The gap between experimentation (80% of Indian companies in 2025) and full-scale deployment is widening, driven primarily by lack of verifiable safety and compliance assurance.

  2. Hardware-level governance is more enforceable than software governance: Stuart Russell argues that regulating AI at the software level is "hopeless" because software is produced by typing, but hardware is produced by ~100 highly trained engineers in billion-dollar facilities using globally constrained supply chains. This makes hardware-rooted controls substantially harder to circumvent.

  3. Proof-carrying code enables decentralized verification without central licensing authority: Instead of relying on government bodies to grant licenses, software can come with machine-readable cryptographic proofs that hardware can verify instantly. This scales governance without bottlenecks and doesn't require trusting a central authority.

  4. The AI safety risk gap is enormous: CEOs estimate 10-50% extinction risk from advanced AI, but Russell argues acceptable risk should be ~1 in 100 million per year. This represents a 10 million-factor gap—requiring dramatic safety improvements before deploying highly capable systems.

  5. Trust is more critical than ownership for digital sovereignty: No country—including the US—has complete digital sovereignty across the full stack. What matters is verifiable trust through formal verification, not ownership. The US doesn't manufacture chips (Taiwan), design automation software, or control most microprocessor markets.

  6. Trusted execution environments (TEEs) are already ubiquitous: Nvidia, Intel, AMD, and Huawei GPUs/CPUs include TEEs that enable cryptographic verification of running software without exposing model weights or sensitive data. This technology is mature and deployable now.

  7. Verification must address both the model and the supply chain: Connor Dunlop's demo shows deployment-level verification (data localization, PII compliance), but Adam Segal emphasizes upstream verification is equally critical—verifying what data trained the model, what methods were used, and detecting potential backdoors or malicious insider actions before deployment.

  8. Regional, pooled verification mechanisms are more practical than national fragmentation: Ranata Dwan argues that rather than every country building independent verification infrastructure, countries should build on existing shared frameworks (data protection policies exist in 144 countries) and regional initiatives to scale verification efficiently.

  9. Strategic clarity on "what AI is for" is prerequisite to sovereignty: Marcus emphasizes that pursuing AI sovereignty without defining national priorities and purposes leads to a costly arms race in paradigms that may not serve local interests. Countries must step back from "more is better" and decide what AI should accomplish locally.

  10. The geopolitical race dynamic may force unsafe deployments: Robert Traver notes that in competitive geopolitical contexts, actors may be tempted to deploy less safe systems to keep pace. International coordination through verification is the only known mechanism that has enabled countries to step back from technology races (referenced via nuclear arms control parallels).

Notable Quotes or Statements

"We need to improve the safety of our AI systems by a factor of 10 million." — Stuart Russell, on the gap between current AI safety estimates (10-50% extinction risk) and acceptable thresholds (~1 in 100 million per year)

"Software is produced by typing and it's very hard to stop 8 billion people from typing. But hardware is produced by hundred billion dollar facilities created by tens of thousands of highly trained engineers using components that can only be sourced from one or two manufacturers in the world." — Stuart Russell, on why hardware-rooted governance is more enforceable than software-level regulation

"What matters is not ownership but trust. Right? We don't gain much by having sovereign hardware running American Facebook or Chinese WeChat." — Stuart Russell, reframing the sovereignty debate from ownership to verifiable trust

"Verification is an enabler of trust. It's not an alternative... it contributes to interoperability because if you know that systems are trustworthy and following verification you can do business with them." — Ranata Dwan, on how verification facilitates trade and cross-border trust, not barriers

"Without that step back and questioning what AI is for in your jurisdiction, you will always be playing catch-up with a paradigm that may or may not serve your interests." — Marcus, on the necessity of strategic clarity before pursuing technical sovereignty

"The Dr. Evil problem" — Stuart Russell, referring to the challenge that no regulation can ensure bad-faith actors don't deploy unsafe systems—only hardware-enabled governance can enforce this

"Hardware enabled governance seems possible but far from easy..." — Robert Traver, acknowledging that while verifiable hardware governance is theoretically sound, implementation requires sustained research and policy-technical alignment

Speakers & Organizations Mentioned

Government/Policy:

  • S. Krishna, Secretary, Ministry of Electronics and Information Technology, Government of India
  • Eileen Donahoe, Former US Special Envoy for Digital Freedom (Biden administration), former US Ambassador to the UN Human Rights Council
  • Robert Traver, Co-director, Oxford Martin AI Governance Initiative; Center for the Governance of AI
  • Ranata Dwan, Director of Tech Policy and Tech Diplomacy, Simon Institute for Long-Term Governance
  • Duncan Cass, Center for International Governance Innovation (CIGI)

Academics & Researchers:

  • Stuart Russell, UC Berkeley (renowned AI safety and control researcher; referenced Human Compatible)
  • Adam Segal, Council on Foreign Relations (mentioned as speaker, noted focus on model supply chain security)
  • Marcus [surname not fully clear in transcript], Director, ADA Lovelace Institute

Companies & Organizations:

  • Lucid Computing — Hardware-enabled AI governance/verification platform (demo presenter: Connor Dunlop, Director of Policy)
  • Blue Machines (blue machines.ai) — AI voice agents for customer engagement
  • Adita Billa Capital — Indian financial services company (case study for voice AI deployment)
  • Sympatico — Eileen Donahoe's angel investing fund focused on AI assurance technologies
  • Secure AI Futures Lab — Co-organizer of this panel
  • Impact Academy — Co-organizer

Regulatory Bodies Referenced:

  • SEBI (Securities and Exchange Board of India)
  • DPI (Digital Public Infrastructure, India)
  • RBI (Reserve Bank of India) — Personal data retention guidelines
  • DPDP Act (Digital Personal Data Protection Act, India)

Technical Concepts & Resources

Core Technologies:

  • Trusted Execution Environments (TEEs) — Cryptographic "lockboxes" on GPUs/CPUs (Nvidia, Intel, AMD, Huawei) enabling software verification without exposing sensitive data (model weights, training data)
  • Proof-carrying code — Software packaged with machine-readable cryptographic proofs of compliance with defined safety properties; verifiable in real-time by hardware
  • Formal verification — Mathematically rigorous techniques to prove software/systems meet specified properties (Stuart Russell's research domain since 1982)
  • Hardware-rooted governance — Using hardware design and constraints to enforce policy compliance (vs. software-level regulation)

AI Models Referenced:

  • Llama 3 (8B parameters) — Open-weight model used in Lucid's demo
  • Other frontier models mentioned: Qwen, GLM
  • Open models proliferation — Risk noted: OpenClip project introducing new security vulnerabilities daily

Standards & Frameworks:

  • DPDP Act (Digital Personal Data Protection Act) — India's data protection framework
  • RBI Personal Data Retention Guidelines — Reserve Bank of India rules
  • European Commission AI Sovereignty Pillars: Data security, data localization, autonomy/control
  • Data residency verification — Cryptographic proof that workloads execute in specified geographic regions (used in Lucid demo: Mumbai data localization)

Infrastructure & Initiatives:

  • India Semiconductor Mission — Phase 1 (2022), Phase 2 announced in Feb 2025 budget; first Micron production facility inaugurating imminently; focus on high-bandwidth memory for AI
  • National Policy on Electronics (2012) with post-2014 acceleration
  • Digi Locker — India's digital identity infrastructure (reference point for trusted infrastructure at scale)
  • Stack (likely referring to NPCI's payment/digital infrastructure)
  • Global GPU pricing: India subsidizes access to ~65 rupees per GPU vs. $2.5-3 globally (1/4 cost)

Concepts & Frameworks:

  • AI agents as "augmented workforce" — Framing of AI as non-sleeping, untiring employees that don't require management overhead
  • Voice as a rich medium — Emotional, attention-engaging interface vs. impersonal chat
  • Compliance guardrails — Regulatory constraints embedded in agent behavior (e.g., SEBI disclaimers, portfolio recommendations)
  • Audit chains — Automated logging and accountability trails
  • Data provenance — Tracking data lineage and training data sources
  • Data cards — Documentation/metadata for models and datasets (analogous to model cards)
  • Attestation bundles — Evidence packages allowing independent verification of system properties without trusting the provider

Key Research/Policy Instruments:

  • EY & CII Report — 91% of enterprises cite deployment speed as critical
  • Comprehensive Test Ban Treaty (CTBT) — Referenced as historical example of verification-enabled international agreements (and cautionary tale: political moment passed before full implementation)
  • Nuclear arms control precedents — Cited as the only known successful case of geopolitical coordination on powerful dual-use technologies

Context & Significance

This panel synthesizes perspectives from AI safety researchers (Russell), policymakers (Secretary Krishna, Donahoe), international governance experts (Traver, Dwan), and technical builders (Lucid Computing) to address a critical gap: how the Global South can safely, verifiably deploy AI at scale without building isolated infrastructure or ceding sovereignty to Northern tech companies.

The session moves beyond abstract principles to concrete deployable solutions (Lucid's demo) while grounding those solutions in geopolitical realities (the game theory of arms races), safety imperatives (10-million-factor improvement needed), and strategic questions (what is AI for in your context?). A unifying theme is that hardware-enabled verification is technically feasible today and addresses enterprise deployment bottlenecks immediately, while also laying groundwork for future international coordination on existential-risk-level AI systems.