There is an urgent need to re-design our energy grid to take better advantage of all that digital has to offer. A recent paper describes how we can add a digital layer to existing infrastructure and use this digital energy grid to unlock greater efficiencies. But in order to realise this goal we will need a shift in our regulatory mindset.

Even though the number of users online has steadily increased over the years, conversations have grown increasingly stilted and subdued. This is the Fermi’s Paradox of the online world - even though there are so many of us are online we chose to keep our heads down, knowing that if we don’t, we run the risk of becoming a target for trolls.

Last week the UIDAI initiated a process by which private-sector access to the authentication infrastructure would be restored. I have every hope that this will create a new ecosystem of identity service providers that will enable a range of different services - in particular in relation to obligations under the Digital Personal Data Protection Act.

Narrowly targeting laws to specific countries or companies can have unintended consequences. They can push customers in different directions or serve as an unanticipated impetus for entrepreneurs to think of new and innovative approaches. In both instances, the outcomes are unexpected.

It has been over a year since we started to deploy DPI across the globe and it has not been easy. Despite global endorsements and multilateral commitments, actual deployment is hard. But looking back it is quite remarkable how much we have actually managed to achieve.

The Report on the Regulatory Framework for AI in India strikes the right mix of agile governance and light-touch supervision. However, its reliance on regulatory principles from the Global North could end up stifling innovation. We need to develop a framework that aligns more closely with our interests.

The much awaited Digital Personal Data Protection Rules are finally with us and, with that the final piece of the puzzle is in place. While there is a lot to unpack, overall, the Rules follow the Act in terms of simplicity - adding just enough to make it complete without complicating things unduly. That said, there are a few issues that still need to be sorted out.

My last column of the year has traditionally been a review of technology policy developments of the year gone by. Even though I had hoped to see the data protection law come into force, at the time of writing it still has not. And so, instead of privacy, the year was dominated by developments in DPI and AI.

While it is generally advisable to anonymise health data, doing so at population scale would allow us benefit from secondary usese of data. The ABDM envisages this but by additionally deploying Secure Data Environments it should be possible to augment the level of data protection.

There are many who claim that the harms AI can cause can only be addressed by a new legislation specifically designed to address them. That said existing laws have, more often than not, been framed in terms that are broad enough to deal with these harms regardless of the technology that caused them.