Building Trusted and Rights-Respecting AI Infrastructure

Contents

Executive Summary

This panel discussion at an AI summit explores the foundational infrastructure, regulatory frameworks, and organizational structures required to build secure, resilient, and trustworthy AI ecosystems in India. Panelists emphasize that AI resilience requires a multidisciplinary approach combining technical infrastructure investment, policy clarity, cross-functional organizational governance, and a long-term (20-year) perspective on development rather than short-term project cycles.

Key Takeaways

Think "Enterprise-Grade Infrastructure," Not "Compliance Projects": Frame AI governance as a core architectural and operational imperative from inception, not an afterthought audit requirement. This shifts organizational culture from resistance to resilience-as-competitive-advantage.
Align Organizational Incentives Across Functions: AI governance cannot succeed when business, tech, legal, and finance teams optimize independently. Organizations need empowered, cross-functional AI governance bodies with unified KPIs and board-level authority.
India's AI Future Requires Long-Term Infrastructure & Policy Commitment: Realistic AI deployment timelines span 20 years, not quarters. This demands sustained investments in renewable energy for data centers, talent development, standards-setting, and hybrid cloud architectures—alongside phased regulatory clarity that doesn't prematurely constrain innovation.
Global Norms Must Reflect Local Contexts: One-size-fits-all AI regulation (like the EU AI Act) risks stifling innovation in developing markets. Effective governance evolves through evidence-based dialogue among diverse stakeholders and adapts to sectoral, regional, and institutional realities.
Trust Is Built Through Transparency & Capacity Building: Technical "black box" governance alone fails. Organizations and governments must invest in demystifying AI systems, building stakeholder understanding, and creating constitutional frameworks (governance templates) that enable auditability and human oversight at scale.

Key Topics Covered

Data Center Resilience & Physical Infrastructure: High-density computing, power availability (renewable energy), connectivity, and mission-critical infrastructure requirements
Regulatory & Policy Frameworks: Tax incentives, resource availability, liability allocation, and the balance between light-touch regulatory approaches vs. sectoral intervention
Enterprise Organizational Barriers: Misaligned KPIs across business, technical, legal, risk, and finance teams; ROI measurement challenges; talent gaps
Hybrid AI Architecture Models: Balancing hyperscale AI infrastructure with distributed, edge, and sovereign computing architectures
Governance Integration: Embedding resilience, compliance, and governance throughout the AI system lifecycle from ideation to production
Global Coordination & Standards: Role of multistakeholder platforms (Internet Governance Forum) in developing context-appropriate, interoperable approaches
Capacity Building & Knowledge Transfer: Demystifying AI governance and building stakeholder trust through structured dialogue

Key Points & Insights

AI as a Journey, Not a Project: Raju Gupta (Infrastructure Provider) frames AI development as a continuous, 20-year evolution comparable to how the internet transformed society—not a discrete project with defined endpoints. This requires sustained, long-term infrastructure and policy investment rather than short-term pilots.
Structural Misalignment Within Enterprises: Ankit Bos identifies that enterprise teams operate with conflicting KPIs—business units want rapid ROI and minimal cost; technical teams want optimal implementation; legal/risk teams want risk mitigation; finance wants cost containment. This structural fragmentation prevents coherent governance implementation.
Hybrid Model as India's Path: Rather than choosing between hyperscale public cloud or private infrastructure, Raju advocates a hybrid approach (hyperscalers + private cloud) as the appropriate model for India's current maturity phase, with eventual domestic hyperscaler development as a long-term goal.
Light-Touch Regulatory Approach with Sectoral Specificity: Shahana Korde (Legal Expert) argues against premature comprehensive AI regulation like the EU AI Act, which may stifle innovation. Instead, India should maintain horizontal light-touch requirements while allowing sectoral regulators (BFSI, telecom, energy) to develop context-specific governance.
Evidence-Based, Principle-Based Standards Over Prescriptive Rules: The Internet Governance Forum promotes interoperable approaches based on shared principles (openness, security, inclusiveness) rather than identical regulations, preventing ecosystem fragmentation while respecting regional context differences.
ROI Clarity Must Precede Implementation: Rishi Kaneer (Energy Sector) emphasizes upfront Total Cost of Ownership (TCO) analysis across infrastructure, talent, model tokens, and operations—compared against business process improvement value—before writing any code. ROI should be measured in specific units (e.g., cost per LLM query, talent development costs, infrastructure contribution).
Compliance as Code & Embedded Governance: Rather than imposing governance top-down post-deployment, governance and compliance mechanisms should be built into code architecture from the outset, making them transparent to both technical and business stakeholders.
Data Sovereignty Paradox: Enterprises need to scale globally while governments increasingly restrict data flows for sovereignty reasons. The IGF helps stakeholders navigate this tension by encouraging technological transfer, support for local business environments, and development of public policy instruments that encourage local infrastructure investment.
Resilience Requires Contextual Risk Assessment: Organizations should apply differentiated resilience and governance standards based on risk/impact level—minimal viable standards for low-risk use cases; stringent human-in-the-loop oversight for high-risk, mission-critical applications (e.g., medical, energy, financial systems).
Tier-2/Tier-3 City Infrastructure Critical for Inclusive Growth: Beyond metro-centric AI development, building AI infrastructure in secondary and tertiary cities is essential for serving distributed industries (manufacturing, agriculture) with low-latency requirements and democratizing AI benefits across India.

Notable Quotes or Statements

"AI is a journey, not a project. It's going to be continuous evolution, like how humans are intelligent. This is not an endpoint; it's going to continuously evolve." — Raju Gupta (Infrastructure Provider)

"Pre-AI and Post-AI. The way we talk about pre-internet and post-internet now, we will talk about pre-AI and post-AI in the next 20 years." — Raju Gupta

"The structural issue is that when you're running at 120 miles per hour trying to implement guardrails and governance, everyone has their own KPI—they don't have a joint KPI. That's the first problem." — Ankit Bos (NASSCOM AI Head)

"It's not about regulatory intervention for all things—some require best practices development, shared contractual mechanisms, and support in interpreting existing laws like the DPDP Act." — Shahana Korde (Legal Practitioner)

"Don't call it a pilot. Call it an MLP—Minimum Lovable Product. Start with guardrails, data integration, and the evaluation-iteration loop from day one." — Rishi Kaneer (Nara Energy)

"The IGF is a bottom-up process that ensures developing countries are not just policy takers but co-creators of norms on an equal footing." — Jangita Gupta (IGF Representative)

"Think of resilience as a core, central piece when building a product or service—not an afterthought. Shift left." — Ankit Bos

"India has to invest in digital infrastructure in parallel with physical infrastructure. That's the leap frog India needs." — Raju Gupta

Speakers & Organizations Mentioned

Speaker	Organization/Role	Expertise Area
Raju	Infrastructure Provider	Data center resilience, physical AI infrastructure, India's hyperscaler strategy
Ankit Bos	NASSCOM (National Association of Software and Services Companies)	Enterprise AI governance, cross-functional organizational challenges
Shahana Korde	Legal Practitioner / Lawyer	Regulatory frameworks, DPDP Act (India's privacy law), policy intervention criteria
Rishi Kaneer	Nara Energy	Energy sector AI implementation, TCO analysis, operational resilience, mission-critical AI
Jangita Gupta	Internet Governance Forum (IGF)	Global AI governance coordination, multistakeholder dialogue, developing country capacity
Amita (Moderator)	Summit Host	Session facilitation

Technical Concepts & Resources

Frameworks & Standards

DPDP Act: India's Digital Personal Data Protection Act (yet to be implemented); raises questions about data use in model training
IGF (Internet Governance Forum): UN-facilitated multistakeholder platform for developing evidence-based, context-appropriate AI governance
EU AI Act: Referenced as comprehensive but potentially innovation-constraining regulatory model; contrasted with light-touch alternatives
WS Plus 20 Resolution: UN declaration reaffirming developing countries' participation in digital governance and equitable AI development

Technical Architecture Concepts

Hybrid Model: Combination of public hyperscaler cloud + private enterprise cloud infrastructure (identified as appropriate for India's maturity phase)
MLP (Minimum Lovable Product): Preferred iteration methodology over traditional "pilot" projects; includes guardrails, data integration, and evaluation loops from inception
Agent-to-Agent Protocols & MCP (Model Context Protocol): Governance frameworks for agentic AI systems and how agents interact with LLM layers
DCDR (Data Center Disaster Recovery) → Multiple Jones: Evolution from single DR site to multiple redundancy for mission-critical applications
Compliance as Code: Embedding governance and compliance mechanisms into system architecture rather than post-hoc audit

Key Metrics & Measurement

Cost Per Token: LLM inference cost metric (noted as ~25% of total AI TCO)
Uptime SLAs: Service-level availability standards (critical for mission-critical AI in energy, finance, infrastructure)
Latency Requirements: Low-latency needs for distributed industries (e.g., factories require <30ms for edge AI)
Data Drift Monitoring: Continuous feedback loops validating model performance degradation and triggering retraining

Infrastructure & Sustainability

Renewable Energy Integration: Solar and wind power availability for data center operations
Distributed Edge Computing: Decentralized AI inference at tier-2/tier-3 cities to serve low-latency requirements
Data Sovereignty: Compliance with national data residency requirements while enabling global scaling

Governance & Organizational Models

Cross-Functional Governance Bodies: Empowered teams with representation from business, technology, legal, risk, and finance—unified KPIs
Risk-Based Differentiation: Minimal viable standards for low-risk use cases; stringent oversight (human-in-the-loop) for high-risk applications
Constitutional Frameworks for AI Systems: Auditable governance templates enabling trust and transparency at scale

Additional Context

Industry Representation

Energy/Oil & Gas: Nara Energy representing mission-critical infrastructure requirements (8.5% of India's power generation)
IT Services: NASSCOM representing enterprise AI adoption challenges
Legal/Policy: Private practitioners and international governance forums
Infrastructure: Data center operators and hyperscaler architecture planning

Geographic Focus

Emphasis on India's unique context: scale, cost-effectiveness, long-term sustainability, and tier-2/tier-3 city development
International coordination through IGF while maintaining locally-contextualized governance
Recognition of differences in digital maturity, institutional capacity, and data ecosystems between developed and developing nations

This panel discussion was recorded at an AI summit with subsequent report launches. The talk emphasizes that trusted, resilient AI infrastructure requires simultaneous progress across technical infrastructure, regulatory clarity, organizational alignment, and global norm-setting—executed over a multi-decade timeline.