India Notifies First-Ever AI & Cloud Standards

The new standards are deeply intertwined with India's broader push for "digital sovereignty," a strategy that has been gaining momentum through policies like the Digital Personal Data Protection (DPDP) Act. For founders, this means navigating a complex and sometimes ambiguous regulatory landscape where sector-specific rules, such as those from the Reserve Bank of India for fintech, operate in parallel with broader data governance laws. This creates overlapping compliance burdens that can be particularly challenging for early-stage startups to manage. A key provision driving infrastructure decisions for SaaS and AI startups is data localization. While the government has moved away from a hard mandate for all data, the rules still require sensitive data to be stored within India and give the government power to restrict cross-border data flows. This is forcing founders to choose cloud providers with local data centers and design their architecture to comply, which can increase costs and complexity, especially for those targeting global markets from day one. For startups building for the Indian public sector or large enterprises, Ministry of Electronics and Information Technology (MeitY) empanelment of cloud service providers is a critical factor. Major global cloud providers like AWS, Google Cloud, and Microsoft have achieved this accreditation, which involves a rigorous audit by the Standardization Testing and Quality Certification (STQC) directorate, ensuring that services are hosted within India and meet government standards for security and quality. The government is also actively trying to build a domestic AI ecosystem through the IndiaAI Mission, which aims to provide startups and researchers with access to more affordable GPU capacity. There's a push to create "sovereign AI" capabilities, with Indian companies like Sarvam AI training their own large language models on domestic infrastructure. This signals a long-term vision of reducing dependency on foreign-owned AI stacks. Despite these compliance hurdles, the sentiment among many Indian founders is that building for the world from India is more viable than ever. The playbook, however, is shifting. As DevRev's co-founder Dheeraj Pandey has noted, the focus for AI startups is now on integrating siloed enterprise data to create value, a complex task that requires deep engineering and domain expertise. The challenge is less about the initial build, which AI is commoditizing, and more about navigating the go-to-market complexities and compliance requirements of a global customer base. For technical founders, this new regulatory landscape makes compliance a day-one product and architecture consideration. The era of "we'll handle it later" is over, as enterprise clients are increasingly demanding adherence to standards like GDPR and now, India's own data protection laws, as a prerequisite for closing deals. Building trust through transparent data practices is becoming as important as the technology itself.