India’s path to digital trust lies in combining indigenous innovation, strong governance, and privacy-driven cybersecurity frameworks
As India accelerates its digital transformation, the question of how to secure data, build trust, and preserve privacy has moved from boardroom discussions to the heart of national strategy. With millions of citizens engaging daily through Aadhaar, UPI and ONDC, the country’s digital backbone now demands a resilient, home-grown framework that protects personal information while enabling innovation. The goal is not just compliance, but the creation of an “India Model” of digital trust.
The Digital Personal Data Protection (DPDP) Act has ushered in a new phase of accountability and responsibility in the way Indian organisations manage data. It signals a shift from reactive to proactive governance, aligning India’s privacy outlook with global standards while retaining contextual relevance. Rather than treating compliance as a tick-box exercise, it calls for cultural change — where digital ethics become as critical as legal adherence.
Nikhil Jhanji, Product & Growth Lead at IDfy (Privy), called the DPDP Act a turning point. “The DPDP Act is not just a compliance tool but a chance to reimagine trust,” he said, adding that Indian companies now have the opportunity to set a global benchmark in responsible data use. Tejas Shah, Head of IT Infrastructure and Security at Prince Pipes and Fittings Ltd., echoed the sentiment. “It’s about accountability — not fear of penalty,” he noted. “We are finally moving from a compliance-driven to a trust-driven approach.”
As India develops its own frameworks, aligning them with established international benchmarks remains key. Standards such as ISO/IEC 27001 and 27701 provide robust structures for information and privacy management, but their effectiveness lies in contextual integration with indigenous models like MeitY’s Cyber Security Guidelines and CERT-In advisories.
Jhanji said that while global standards provide the foundation, “India’s diversity requires adaptive localisation.” He explained that every sector — from finance to manufacturing — faces unique challenges, so frameworks must evolve around real business contexts. Shah added that ISO standards should not remain confined to large corporations alone. “The challenge is to make these frameworks accessible to mid-sized companies and startups,” he said. “That’s where India’s cyber resilience story will be written — in its inclusivity.”
Artificial Intelligence has emerged as both an enabler and a disruptor in cybersecurity. On one hand, AI-driven systems enhance threat detection, automate response and manage complex risk landscapes in real time. On the other, they introduce new vulnerabilities, from data poisoning to algorithmic bias. India’s challenge lies in designing governance systems that use AI responsibly while maintaining human oversight.
“AI is a double-edged sword,” said Jhanji. “It gives us unmatched speed and intelligence, but we must ensure it aligns with privacy-first design principles.” He added that the intersection of AI and privacy offers an exciting opportunity for Indian innovators to create privacy-enhancing technologies indigenously. Shah agreed, saying the solution lies in greater awareness and transparency. “AI should augment human decision-making, not replace it,” he said, underscoring the importance of continuous learning and internal audits within organisations.
Building digital trust is not a one-department mandate — it demands close coordination between the Chief Information Security Officer (CISO) and the Data Protection Officer (DPO). As digital infrastructures expand, these roles must function in tandem, bridging compliance, technology and culture.
Both speakers underscored that the DPO–CISO collaboration remains a critical but often overlooked pillar of cyber resilience. Jhanji observed that privacy and security teams traditionally operate in silos. “That has to change,” he said. “Privacy by design is only possible when DPOs and CISOs speak the same language.” Shah likened cyber resilience to a team sport, saying, “It’s not just about strong systems; it’s about strong coordination. The more synchronised the roles, the stronger the trust ecosystem.”
As India deepens its digital footprint, these insights point toward a holistic model — one where privacy, innovation and accountability coexist. The path to digital trust will not be built through imported templates but through indigenous thinking that balances openness with protection, and speed with safety.
The remarks came as Jhanji and Shah shared their perspectives during the BW Businessworld Privacy Event panel discussion on Cyber Resilience & Digital Trust – Building the India Model.
