Looking Back

A reflection on the tech policy developments in India during 2022. While my initial predictions about data protection laws and tech sector reforms didn’t unfold as expected, there have been positive strides in India’s digital public infrastructure, like the UPI payment system and Account Aggregator ecosystem. India’s upcoming G20 presidency could further spotlight its techno-legal approach to regulation.

This article was first published in The Mint. You can read the original at this link.

In my very first article of the year I predicted that 2022 would be a busy year for tech policy. I was basing my prediction on the progress that had been made so far on our draft privacy law - the fact that now that the Joint Parliamentary Committee had finally submitted its draft, it seemed inevitable that the bill was well on its way to becoming a law. I saw the immediate next steps as being crucial - the establishment of the Data Protection Authority, the creation of rules, regulations and codes of practice and the daunting task of orienting commercial practice around a new culture of compliance. Which is why I was sure that the year was going to get be busy.

I was also bullish on tech sector reform. Given the liberalisation we had witnessed in telecoms, the opening up of the drone sector and the radical shift in our approach to map regulations, I was confident that we were going to see a lot more where that came from. There was more to be done and given the government’s appetite for tech reform I was sure we would see new areas open up.

But I was most bullish on India’s digital public infrastructure and how it was going to develop over the course of the year. Things had built steadily up to that point and I was convinced we stood at the threshold of radical growth.

Right for the Wrong Reasons

As I sit down to write the final article of the year I think it is safe to say that my overall prediction came true though not for the reasons I had anticipated.

To start with, the JPC draft of the data protection law never made it to the floor of the Parliament. It was, instead withdrawn and a new, simpler version proposed. While this appeared, to many, to be a step back, I actually prefer the simplicity of the new version. I’ve long believed that this is was what we needed at this stage of the development of our privacy jurisprudence.

We didn’t really see much in the way of tech sector reform, along the lines of the drone and map reforms that had taken place last year. Instead, the government set about undertaking a massive overhaul of the 137 year old Indian Telegraph Act - aiming to replace it with a modern regulation that brought many of the compliance obligations that had so far been imposed through licenses into the main body of the legislation. Consultations on the new telecom law have been concluded and we are awaiting the new revised version that will be tabled before Parliament.

Throughout the course of the year there was talk of a rumoured third legislation aimed at rounding out the troika of laws that would apply to regulate the digital space but, till the time of writing, there has been no sign of even an early draft of the Digital India Act.

Be that as it may, based on the two laws that are already in the public domain, it is clear that the new regulatory framework, once in place, will radically alter the way in which digital businesses are regulated in the country. At the heart of this new regulatory design is the idea that simple, principle based laws must lay down the broad parameters according to which the sector will be governed. This in turn needs to be augmented by strong regulatory capabilities in order to ensure agile governance.

I have long believed that this is the only way to regulate fast moving technologies and I am glad to see the government take important first steps in this direction. What, remains to be seen is what sort of regulator is appointed and the amount of autonomy it is given to operate.

DPI - India Style

But what was most exciting to witness, over the course of the year, was the evolution of India’s digital public infrastructure. Today, India’s fast payments system, UPI, clocks in excess of 7 billion transactions per month and is ubiquitous across the length and breadth of the country. As a result people across a wide cross-section of society have easy access to affordable and efficient digital payment systems allowing them to transfer money amongst themselves and engage in all manner of commercial activities. But as impressive as all this is the really exciting story is one level up the stack.

Just 11 months after its launch, over 1.1 billion account holders can use the [[account aggregator]] ecosystem. As many as 96 entities registered and regulated by one or the other of the four financial sector regulators are live and actively using its consented data sharing workflow to process over 3 million data transfer requests. This has, till the date of writing, resulted in as much as Rs. 17 billion worth of loans being disbursed - more than 50% of which have been granted to MSMEs at an average ticket size of just Rs. 400,000, suggesting that they are going to those sections of industry that really need them.

But what is most heartening to see is the excitement with which India’s digital public infrastructure is being examined around the world. Across a number of fora and in countries around the world, there is growing interest in understanding how India has managed to build such robust infrastructure and seeing how lessons from the India experience can be applied more broadly to other use cases.

This is particularly relevant considering that, for most of 2023, India will be the President of the G20 and have the ability to set the agenda on a number of key conversations between influential nations. This will be an interesting opportunity to showcase India’s techno-legal approach to regulation and I look forward to seeing whether it will result in more widespread adoption of these principles in the coming years.