Regulation and Risk Mitigation in the Age of AI | India
The exciting possibilities of AI come with their fair share of risks. In this Expert Focus interview with Rolanda Yung-Hoi, Hemant Krishna, a partner in Shardul Amarchand Mangaldas & Co’s Technology and Corporate M&A practice, throws light on how regulations address these and how risks associated with AI can be mitigated.
Defining AI and the Risks It Poses
Hemant begins by addressing the challenge of defining artificial intelligence (AI) for regulatory purposes. He highlights various international perspectives on AI definitions, including those from the OECD, the United States, the EU AI Act, and the United Kingdom’s National Security and Investment Act of 2021. In India, despite the absence of specific legislation, the National Strategy for AI conceptualises AI as a constellation of technologies enabling machines to act with higher intelligence levels.
The discussion then delves into the risks associated with AI, such as privacy concerns arising from vast data requirements, biases in algorithms, explainability and transparency issues, accountability challenges, intellectual property-related risks, fake content generation, and concentration of power leading to antitrust issues.
India’s Approach to AI Regulation
When examining the regulatory landscape in India, Hemant notes that, currently, there is no specific AI law. However, he points out the government’s long-standing interest in promoting AI and mentions committees and approach documents that have paved the way for potential future regulation. Hemant also touches upon sector-specific frameworks and the impending Digital India Act, which aims to define and regulate high-risk AI systems.
The discussion turns to the Indian judiciary’s stance on AI, with Hemant highlighting instances where AI has been referenced in court cases, albeit incidentally. He anticipates that substantive AI-related legal issues will emerge in Indian courts given the increasing adoption of AI.
Data, Intellectual Property and AI
The conversation then explores the intersection between AI and data, emphasising the pivotal role of data in AI functionality. Hemant discusses the three types of data crucial to AI: training data, input data, and output data. He also notes the upcoming Digital Personal Data Protection Act, 2023, which will govern the processing of personal data in India.
Hemant sheds light on the challenges associated with protecting works generated with AI, particularly in the context of intellectual property. Copyright and patent protection for AI-generated content face hurdles, but he mentions potential legislative modifications recommended by the Parliamentary Standing Committee.
AI and Cybersecurity
The podcast concludes with a discussion on AI’s impact on cybersecurity, including risks associated with phishing attacks and data poisoning. Hemant suggests multi-dimensional risk mitigation strategies, including advanced AI-based detection tools, encryption methods, and employee training programmes.