Who Are These 'Tech Advisors'?
The term ‘mandate’ suggests a law has been passed, but the reality is more nuanced and just as significant. The push for these rules comes not from a single government body, but from a powerful consensus forming within various national and international
AI safety commissions. These groups—comprising technologists, ethicists, and policymakers—are appointed by governments in the US, UK, EU, and elsewhere to provide guidance on managing AI risks. Their recommendations are not yet legally binding laws but serve as the blueprint for future regulation. When these advisory bodies speak in unison, tech companies and lawmakers listen, as their reports often directly precede formal legislation and international standards that will eventually govern the industry.
What Do 'Strict Encryption Rules' Mean?
This isn't about the basic encryption that protects your WhatsApp messages. The proposed rules target the entire AI lifecycle with a multi-layered security approach. First is ‘data in transit and at rest,’ meaning all the information fed into an AI for training must be securely encrypted. This prevents unauthorised access to the raw data, which could include everything from personal information to corporate secrets. Second, the advisors are calling for the encryption of the AI models themselves. These models are incredibly valuable intellectual property, and stealing one could be catastrophic for a company. Finally, the rules cover the outputs and queries, ensuring that interactions with an AI system cannot be easily intercepted or manipulated. It's about building a secure fortress around the AI, not just putting a lock on the front door.
The 'AI Violations' Everyone Fears
The recommendations are a direct response to a new class of threats that have emerged with the rise of generative AI. The primary concern is 'data poisoning,' where malicious actors intentionally feed corrupted or biased data into an AI during its training phase. This could be used to make a financial model give bad advice or a content moderation AI to ignore hate speech. Another major risk is 'model theft,' where hackers steal a company’s proprietary AI—a digital asset that could be worth billions. There are also profound privacy concerns. An AI trained on sensitive user data could be tricked into revealing it, a phenomenon known as 'model inversion.' Without robust encryption, these violations are not just possible; they are probable.
Why This Push Is Happening Now
For years, these risks were largely theoretical, discussed in academic papers and security conferences. However, the explosion of large language models (LLMs) like those powering ChatGPT and other generative tools has moved the threat from the lab to the real world. As millions of people and businesses integrate AI into their daily operations, the potential attack surface has grown exponentially. Governments and advisory panels recognise that the window to establish foundational safety protocols is closing. They are acting now to ensure that basic security measures like encryption are built into the fabric of AI development, rather than being patched on as an afterthought once a major disaster strikes.
The Impact on India's Tech Ecosystem
For India's booming tech industry and its aspirations to be a global AI hub, these developments are a double-edged sword. On one hand, complying with stringent new encryption standards will require significant investment in infrastructure and expertise. Startups and established companies alike will need to overhaul their security practices. On the other hand, this presents a massive opportunity. Companies that can build and demonstrate verifiably secure and trustworthy AI will have a competitive advantage in the global market. With India's own Digital Personal Data Protection Act and discussions around the upcoming Digital India Act, aligning with these global best practices isn't just good security—it's smart business. It positions India not just as a consumer of AI, but as a leader in creating the safe and reliable AI of the future.
