iSPIRT works to transform India into a hub for new generation software products, by addressing crucial government policy, creating market catalysts and grow the maturity of product entrepreneurs. Welcome to the Official Insights!
Can public-tech usher in cash-flow lending at scale for small businesses? We will soon find out. Early pilots of the Open Credit Enablement Network (OCEN) have gone well. But they were without a key ingredient – the Account Aggregator (AA) system. Last September, AA went live for the public. Since then, it’s been doing well. More than a million consents have happened and growing at a good clip of ~60-65% MoM. Many banks are now connected to the system. SEBI-regulated entities are also joining in. Goods and Services Tax Network (GSTN) data should come in soon. All this augurs well for cash-flow lending for GST-paying MSMEs.
One significant learning from this India Stack effort is that public-tech has a dual role. It has to help innovators innovate better while simultaneously assisting regulators in regulating more effectively. Of course, this is easier said than done! But this is what good design of public-tech is about. For instance, OCEN helps regulators bring much-needed discipline to the wild world of digital lending by helping each type of market player stay in their lane. At the same time, OCEN also powers innovation by these market players in underwriting, disbursement control, and collections.
The public-tech in AA is the Data Empowerment and Protection Architecture (DEPA). Unsurprisingly, DEPA also plays a dual role by helping regulators regulate better, and market players innovate faster. We need thoughtful interaction between the market players and the regulator to leverage this. Sahamatiis an answer to this need. It was incubated in 2019 to be a market collective of AA players with the expectation that it will become a Self-Regulating Organization (SRO) one day. It is a market catalyst for the AA ecosystem to grow better.
Sahamati Flying the Nest
Today we are announcing that Sahamati is exiting iSPIRT’s incubation and assuming an independent role. For the past three years, BG Mahesh and his team have steered Sahamati with diligence and a sense of mission. As a result, it has now built its own credibility amongst market participants.
Sahamati becoming independent is a big moment for the AA ecosystem. Sahamati has been making exemplary contributions to the ecosystem. Despite not having a formal status of an SRO, Sahamati has crafted a certification framework and empaneled certifiers to enhance the AA system’s interoperability. It has also harmonized legal agreements through a common participation terms and a dispute resolution system.
One of our core volunteers in the DEPA/AA effort – Siddharth Shetty (also a Co-Founder of Sahamati) – has moved full-time to Sahamati. This shift improves the odds of Sahamati success.
This is also a big moment for iSPIRT.
iSPIRT is as much about building public-tech as it is about creating new ecosystem institutions to bring playgrounds to life. Having Sahamati become independent at this time releases iSPIRT volunteer cycles for the unfinished data agenda of getting the Public Credit Registry (PCR) and the system for Non-Personal Data (NPD, also referred to as the Training Data Cycle) in place for cash-flow lending. We will now be able to focus on these items better.
In our incubation of Sahamati, we have benefitted from the learnings of two early attempts in setting up SROs. Our first market collective incubation was Digital India Collective for Empowerment (DICE) for Drones. DICE never took off despite the efforts of a committed and enthusiastic anchor volunteer. We were also actively involved in the creation of DLAI. Sadly, DLAI pivoted away from its mission to serve India-2 and ended up focusing on India-1. While this was good for its members in the short term, it didn’t address the larger mission of bringing cash-flow lending to small businesses. So, we had to restart our SRO efforts there, and now CredAll is being incubated as an MSME cash-flow lending SRO.
Happily, thanks to Reserve Bank of India, Securities and Exchange Board of India, Insurance Regulatory and Development Authority of India, and Pension Fund Regulatory and Development Authority, the AA system has momentum today. Sahamati is plugged into this momentum. As long as it doesn’t make any unforced errors by failing to prevent mission capture by donors and market participants, its contribution to the AA ecosystem will only grow. We are excited about its prospects and fully confident in its ability to foster a healthy AA ecosystem.
Who owns Yoga?
Yoga is owned by yogis and ashrams, not by AYUSH Ministry or market players. Likewise, public-tech is often a result of no-greed and no-glory volunteering rather than a creation of a Ministry or market participants. DEPA is an example of this. iSPIRT recognizes its responsibility to keep evolving DEPA. This is also crucial for globalization of DEPA.
There is much to learn from MOSIP in this regard. Today, it is the most successful global Digital Public Good from India. More than 70m citizens in various countries have received their country ID using this system, which is snowballing. MOSIP is based in IIIT Bangalore, and its institutional structure has been instrumental to its successful globalization. Why does this matter?
Take Electronic Voting Machines (EVMs) as an example. Despite their extraordinary success in India, they haven’t been adopted by any other country. The main reason is that the creation and governance of public-tech are in the hands of the Govt. of India, and this worries other Governments. MOSIP breaks this jinx. The MOSIP experience has given us a ton of learnings on how to take our DPGs global. Our decision to make Sahamati independent gives us more cycles to apply these learnings to DEPA going global.
Cautious Optimism
Human spirit is the ability to face the uncertainty of the future with curiosity and optimism – Bernard Beckett
Sahamati will now fly on its own. I will admit that there was some trepidation in our iSPIRT core group about whether this is the right time to make Sahamati independent. Getting the timing right is never easy.
We wish Sahamati the best and hope that it becomes a model market collective for the financial industry. We, at iSPIRT, will of course, always be available for guidance or help at all times.
Within iSPIRT, there is much that remains to be done. Many other things in the pipeline need to be brought to life. We have two decades of work before us to fully ‘rewrite the script of the nation’!
“The best way to find yourself is to lose yourself in the service of others” ~ Mahatma Gandhi
This is one of the core values that we cherish at iSPIRT.
We started an open process of bringing in Balloon Volunteers by kicking off our First Volunteer Open House session in September 2020. We did this with slight trepidation, unsure about what to expect. Till then, almost all our Balloon Volunteers had come in through referrals by existing volunteers. However, nearly two years in, we are happy that we opened up the process. Five of the many Balloon Volunteers who came in through this open process have become regular volunteers.
The expertise, dedication, and willingness to share knowledge of these five volunteers have humbled us. Romita has built protocols for dispute resolution. Vineet is building the reference model for OCEN underwriting. Siddarth is applying future-back thinking to Drones. Palak and Harsha are designing an open, modular, and interoperable system for digital consultation for Bharat.
They have become part of this mission to build public goods for Bharat and, in so doing, create a Product Nation. If you want to be part of this movement, check out some of the areas you can contribute to on this page: volunteers.ispirt.in
Eight of India’s major banks (State Bank of India, ICICI Bank, Axis Bank, IDFC First Bank, Kotak Mahindra Bank, HDFC Bank, IndusInd Bank, and Federal Bank) have joined the Account Aggregator network. Together, these banks cover nearly 40 percent of India’s banking customers. This move ushers in India’s open banking moment and empowers millions of customers with the ability to digitally access and share their financial data across institutions in a secure and efficient manner. AA reduces the need for individuals to wait in long bank branch queues, use complicated internet banking portals, share their passwords, or seek out physical notarisation to access and share their financial documents securely. Just as UPI, NEFT, or IMPS are key financial utilities for secure flow of money, Account Aggregator is an urgent and powerful financial utility for the flow of data controlled by the individual. AA is one of the most sophisticated open banking infrastructures in the world, and has attracted interest from other countries who are interested in implementing similar infrastructures, including the EU, the UK, Japan, and Australia.
AA creates secure, digital access to personal data at a time when COVID 19 has imposed restrictions on physical interactions for services. It also reduces the fraud associated with physical data tampering by introducing secure digital signatures and end to end encryption for data sharing. These capabilities in turn open up many possibilities. For instance, whereas physical collateral is usually required for an MSME loan, with secure data sharing via AA ‘information collateral’ – or data on future MSME income – can be used to access a small formal loan. The industry will see much needed innovation as improved access to data helps meet critical financial needs like small-ticket MSME working capital loans, affordable micro-insurance products, better savings and money management, and others. HDFC Bank and Axis Bank have been using AA for auto loans, LendingKart has been using AA for MSME loans, while IndusInd Bank has been using it for Personal Finance Management. Secure access to financial data via open banking infrastructure was estimated by a McKinsey report to create up to 5% of GDP in value for India by 2030.
Four banks are already live with data accessible for consumers via Account Aggregators, and the rest will shortly go live. Many more banks are expected to join the AA ecosystem in the coming months to allow all customers, regardless of bank, to access their data. Four NBFC-AAs have received operational licenses (Finvu, OneMoney, CAMS Finserv, NESL), three more have received in-principle approval (PhonePe, Perfios, Yodlee), and many more are in different stages of application. Consumers using the AA financial utility will benefit not only from ease of access to data but also from greater choice of products, better pricing, and increased financial inclusion. With the Personal Data Protection Bill likely to become law soon, the AA framework will become essential for regulatory compliance and access to consented data flows.
The AA journey started six years ago in July 2015 when the Financial Sector Development Committee (FSDC) — chaired by the Finance Minister and comprising the key financial sector regulators RBI, SEBI, PFRDA, and IRDAI — came together in a visionary call for a unified, consented, data sharing abilityfor consumers across banking, securities, pensions, and insurance.
The innovative AA network includes Banks, NBFCs, RIAs, and other regulated entities as Financial Information Users and Providers with Account Aggregators as individual-facing consent managers.
=======================================
Quotes from ecosystem members
Shri M Rajeshwar Rao, Deputy Governor, Reserve Bank of India
“India is a world leader in building Public Digital Infrastructure, and the Account Aggregator framework follows that tradition. AAs enable secure, consented data flows while protecting user privacy. In conjunction with other platforms like the Unified Payment Interface, Account Aggregator creates in India the most cutting edge digital financial infrastructure in the world. It is encouraging to observe that more entities are seeing value in this initiative for furthering financial inclusion and cultivating innovation in financial services.”
Shri Anjani Rathor, Chief Digital Officer, HDFC Bank
“As India goes digital, data becomes a significant driver of growth. And, data belongs to the citizens. Enterprises are merely custodians of data. It is only right that we build this digital infrastructure of ‘account aggregators’ through which citizens can safely share data.
With AA, enterprises can both contribute and leverage data to create amazing experiences for their customers. This will lay a strong foundation for a data-driven society in India and HDFC Bank is proud to be a part of this journey.”
iSPIRT Foundation welcomes you to the virtual launch of the industry-wide Account Aggregator (AA) ecosystem on September 2, 2021.
This event announces the major financial institutions that have gone live, and demonstrates the powerful use cases of AA. It will be a major milestone for the AA framework for consented data access and sharing in the financial sector.
Time (IST)
Session
Speaker(s)
4:00-4:10 PM
A Regulatory Framework for Account Aggregators and the Path Ahead
Shri M Rajeshwar Rao, Deputy Governor, Reserve Bank of India
4:10-4:30 PM
The Account Aggregator Leapfrog is Here!
– Presentation by Shri Nandan Nilekani, Chairman, RBI Committee on Deepening Digital Payments (2019) and Volunteer, iSPIRT – Workflow demonstration by Shri Siddharth Shetty
4:30-4:35 PM
The Early Builders on AA
Hear from a cross-section of ‘early mover’ CEOs and leaders of major Banks/NBFCs, Account Aggregators, and Technology Service Providers
4:35-4:45 PM
A Global Perspective on India’s Account Aggregator Model
Shri Siddharth Tiwari, Chief Representative for Asia and the Pacific, Bank for International Settlements
4:50-5:35 PM
Fintech Roundtable: Innovating on AA for Improved Financial Services
Panel discussion moderated by Shri Rajesh Bansal, CEO RBI Innovation Hub.
Fireside Chat on the Future of Cross-Sectoral Data Sharing
Moderator: Shri Amitabh Kant, CEO, NITI Aayog; Panellists: Dr RS Sharma (Chairman, National Health Authority); Shri Ajay Seth, Secretary, Department of Economic Affairs and Member, Financial Stability and Development Council (FSDC)
5:55-6:00 PM
Designing User Control over Data for India
Hear from current and future Account Aggregators on innovating for control over our personal data
This is our response to the Draft Drone Rules 2021 published by the Ministry of Civil Aviation on 14 July 2021.
Introduction
The potential commercial benefits that unmanned aviation can bring to an economy has been well established in several countries. A primary and immediate use-case for drones is in Geospatial data acquisition for various applications such as infrastructure planning, disaster management, resource mapping etc. In fact, as argued in the recently announced guidelines for Geospatial data, the availability of data and modern mapping technologies to Indian companies is crucial for achieving India’s policy aim of Atmanirbhar Bharat and the vision for a five trillion-dollar economy.
The current situation in India, however, is that the drone ecosystem is at a point of crisis where civilian operations are possible in theory, but extremely difficult in practice. Because the regulations in place are not possible to comply with, they have led to the creation of a black market. Illegally imported drones are not only significantly faster, cheaper and easier to fly but also far more easily acquired than attempting to go through the red tape of the previous regulations to acquire approved drones. Thus, rather than creating a system that incentivises legal use of drones, albeit imported, we’ve created a system that makes it near impossible for law-abiding citizens to follow the law of the land and discourages them from participating in the formal system. This not only compromises on the economic freedom of individuals and businesses but it also poses a great national security risk as evidenced in the recent spate of drone attacks. If we do not co-opt the good actors at the earliest, we are leaving our airspaces even more vulnerable to bad actors. This will also result in a failure to develop a world-class indigenous drone & counter-drone industry, thus not achieving our goals of an Atmanirbhar Bharat.
The Draft Drone Rules (henceforth the draft) have addressed some of these problems by radically simplifying and liberalising the administrative process but haven’t liberalised the flight operations. Unfortunately, closing only some of the gaps will not change the outcome. The draft rules leave open the same gaps that cause the black market to be preferred over the legal route.
With the three tenets of Ease-of-Business, Safety and Security in mind, it is our view that while the intention behind the draft rules is laudable, we feel that the following areas must be addressed to enable easy & safe drone operations in India:
Remove Requirement of Certificate of Airworthiness: The draft mandates airworthiness certification for drones whereas, no appropriate standards have been developed, thus, making the mandate effectively impossible to comply with.
Lack of Airspace segregation, zoning and altitude restrictions: The draft doesn’t mention any progressive action for permitting drone operations in controlled airspaces.
Business confidentiality must be preserved: The prescribed rules for access to data is not in consonance with the Supreme Court Right to Privacy Judgement
Lack of transparent Import Policy: This results in severe restrictions on the import of critical components thus disincentivizing indigenous development of drones in India
Insurance & Training must be market-driven and not mandated: We must let market forces drive the setting up of specialised training schools & insurance products & once mature they may be mandated & accredited. This will result in the creation of higher quality services & a safer ecosystem.
Fostering innovation and becoming Atmanirbhar: A. Encouraging R&D: by earmarking airspace for testing for future drones B. Encouraging the domestic drone manufacturing industry: through a system of incentives and disincentivizing imports should be inherent in the Drone Rules. C. Recognition of Hobby flying: Hobbyists are a vital part of the innovation ecosystem; however, they are not adequately recognised and legitimized
Encouraging A Just Culture: Effective root cause analysis would encourage a safety-oriented approach to drone operations. Penal actions should be the last resort and dispute resolution should be the focus.
Enabling Increased Safety & Security: NPNT and altitude restrictions would enhance safety and security manifold.
No Clear Institutional Architecture: Like GSTN, NPCI, NHA, ISRO, and others a special purpose vehicle must be created to anchor the long-term success of Digital Sky in India based on an established concept of operations
Lack of a Concept of Operations: Although drone categories have been defined, they have not been used adequately for incremental permissions, as in other countries; rather the draft appears to prefer a blank slate approach. The failure to adopt an incremental approach can arguably be considered as one of the root causes of the drone policy failures till date in India as regulations are being framed for too many varied considerations without adequate experience in any.
1. Airworthiness
In the long term, it is strategically crucial to India’s national interest to develop, own and promulgate standards, to serve as a vehicle for technology transfer and export. The mandatory requirement for certification of drone categories micro and up is the key to understanding why the draft does not really liberalise the drone industry. It would not be too out of place to state that the draft only creates the facade of liberalising drone operations – it is actually as much of a non-starter as the previous versions of regulations.
The standards for issuance of airworthiness certificates have not been specified yet the requirement has been stipulated as mandatory for all operations above nano category in the draft (pts 4-6). However, most of the current commercial operations are likely to happen in the micro and small categories. And for these categories, no standards have been specified by either EASA or FAA. EASA’s approach has been to let the manufacturer certify the drone-based on minimum equipment requirements. On the other hand, It is only fairly recently that the FAA has specified airworthiness criteria for BVLOS operations for a particular drone type of 40kg, and which it expanded to 10 drone types in November. Building standards is an onerous activity that necessitates a sizable number of drones having been tested and criteria derived therefrom. The only other recourse would be adopting standards published elsewhere, and as of date these are either absent (not being mandated in other countries) or actively being developed (cases noted earlier). Given the lack of international precedent, the stipulation for certificate of airworthiness in the draft needs to be eliminated, at least for micro and small category drones.
2. Airspace
One of the major concerns since the early days of policy formulation in India has been the definition of airspace and its control zones. All regulations till date, including the draft, require prior air traffic control approvals for drone operations in controlled zones. However, given that controlled airspace in India starts from the ground level for the controlled zones upto 30 nm around most airports (unlike many other countries where it starts at higher levels), it effectively means no drone operations are possible in the urban centres in the vicinity of airports in India. While the Green/Yellow/Red classification system is a starting point for Very Low-Level airspace classification, the draft does not move to enable the essential segregated airspace for drone operations up to an altitude limit of 500ft above ground level.
3. Business Confidentiality
In the domain of Privacy Law, India has taken significant strides to ensure protection of individual and commercial rights over data. The draft (pt 23.) in its current form seems to be out of alignment with this, allowing government and administrations access to potentially private and commercially sensitive information with carte blanche. The models of privacy adopted in other countries in unmanned aviation are often techno-legal in nature. It is recommended that DigitalSky/UTM-SP network data access be technically restricted to certain Stakeholder-Intent mappings: executing searches for Law Enforcement, audit for the DGCA, aviation safety investigations and for Air Traffic Control/ Management. This would need due elaboration in the detailed UTM policy complemented with a legal framework to penalise illegitimate data access.
4. Insurance
One constant hindrance to compliance is the requirement of liability transfer. While the principle of mitigating pilot and operator liability in this fashion is sound, the ground reality is that as of date, very few insurance products are available at reasonable prices. The reason behind it is that insurance companies have not been able to assess the risks of this nascent industry. Assuming the regulation is notified in its current form (pt 28), arguably affording a clean start at scaling up drone operations, we will continue in this vicious dependency loop in the absence of incentives to either end. Again, market forces will drive the development of this industry with customers driving the need for drone operators to obtain insurance for the respective operations. Therefore it is recommended that initially, insurance should not be mandated for any category or type of drone operations, and instead be driven by market or commercial necessity. Over a period of time, insurance may be mandated within the ecosystem.
Similar feedback has been shared by Insurers: “Though the regulator (aviation regulator) has made mandatory the third party insurance, the compensation to be on the lines of the Motor Vehicles Act is somewhat not in line with international practices,” the working group set up by Insurance Regulatory and Development Authority of India (IRDAI) said.”
5. Training
Currently, there’s a requirement of training with an authorized remote pilot training organization (RPTO) (pt 25), applicable for micro-commercial purposes and above (pt 24). While the intent is right, it should not be mandated at the initial stage. The reality is that there are very few RPTO’s that offer training and the cost of such training is often higher than the cost of the drones themselves, while quality is inconsistent. While the current draft rules try to address this problem, they do this with the assumption that liberalizing the requirements for establishing RPTO’s will solve this problem. While this incentivizes more RPTO’s to be established, it still does not incentivize quality and leaves in place the same bureaucratic process for registration. This has been the experience of the ecosystem so far. While it is certainly reasonable to expect that remote pilots should receive training, the goal of better informed and equipped pilotry is better achieved, at this time, if left to manufacturers and market participants to drive it.
There are currently two types of training – Type training and Airspace training. Type training can be driven by manufacturers in the early days, as is the current practice, and Airspace training can be achieved through an online quiz, based on a Concept of Operations. It is our view that customers of drones will have a natural incentive to seek training for their pilots, thereby creating the market need for better quality training schools. Furthermore, as manufacturers establish higher levels of standardization and commoditization, they will partner with training schools directly to ensure consistent quality. In the upcoming years, as the drone ecosystem grows more mature, it will become reasonable to revisit the need for mandating pilot training at approved training schools, and DGCA may create a program that accredits the various RPTOs.
6. Fostering innovation and becoming Atmanirbhar
6A. R&D
To encourage institutional research and development further, we recommend authorised R&D zones be designated, particularly where low population and large areas (like deserts, etc) are available, some key areas of experimentation being long range and logistics operations which might require exemptions from certain compliance requirements.
6B. Import policy
Rather than simply delegating the entire import policy to DGFT (pt 8), there needs to be a clear statement of the import guidelines in the rules based on the following principles in the current draft:
No barriers for the importation of components and intermediary goods for local assembly, value addition and R&D activities
Disincentivising import of finished drone products, both pre-assembled and Completely Knocked Down. Possible avenues could be imposition of special import duty as part of well-considered policy of “infant industry protection”, a policy used successfully in the recent past in South Korea and is considered a part of the policy of Atmanirbhar Bharat by the Principal Economic Advisor to the PM, Sanjeev Sanyal.
Incentivising investments in the indigenous manufacturing industry by aligning public drone procurement with the Defence Acquisition Procedure (2020) and supplemented by targeted government programs such as PLI schemes and local component requirements, which will help realise the PM’s vision of ‘Make in India’ and “Atmanirbhar Bharat’.
In the long term, developing incentives for assemblers to embed themselves into global value chains and start moving up the value chain by transitioning to local manufacturing and higher value addition in India, to be in line with the PM’s vision of Atmanirbhar Bharat. Some suggestions here would be prioritisation for locally manufactured drones for government contracts, shorter registration validity for non-locally manufactured drones etc.
6C. Hobby Fliers
While research and development within the confines of institutions is often encumbered by processes and resource availability, hobby and model flying has enjoyed a long history in manned aviation as a key type of activity where a large amount of innovation happens. Hobby clubs such as The Homebrew Computer Club, of which Steve Jobs and Wozniak were members, and NavLab at Carnegie Mellon University are instances out of which successful industries have taken off. Far from enabling hobby or recreational fliers, they are not even addressed in the draft, which would only limit indigenous technology development. Legally speaking, it would be bad in law to ban hobby flying activities considering hobby fliers enjoy privilege under the grandfathering rights. A solution could lie in recognising hobbyists & establishing hobby flying green zones which may be located particularly where low population and large areas are available. Alternatively, institution-based hobby flying clubs could be authorised with the mandate to regulate the drone use of members while ensuring compliance with national regulations. The responsibility of ensuring safe flying would rest with these registered hobby clubs as is the case in Europe and USA.
7. Encouraging A Just Culture
Implementation is the key to the success of any policy. One of the key factors in encouraging voluntary compliance is an effective means of rewarding the compliant actors while suitably penalising any intentional or harmful violations. Therefore, arguably, an important step could be to build such rewards and punishments. In the context of aviation safety and security, the key lies in effective investigation of any violation while fostering a non-punitive culture. Effective investigations enable suitable corrective actions whilst minimal penal actions encourage voluntary reporting of infringements and potential safety concerns. ICAO encourages a just and non-punitive culture to enhance safety. Penal actions, if considered essential, should be initiated only after due opportunity and should have no criminal penalties except for deliberate acts of violence or acts harming India’s national security. However, considering the fallout from any unintentional accident as well, there should be adequate means for dispute resolution including adjudication.
8. Enabling Increased Safety & Security
The draft while taking a blank slate approach clearly aims to reduce hurdles in getting drones flying. However, we argue that lack of clarity on several issues or not recognising certain ground realities actually reduces the chance of achieving this. We list the details of these issues in the subsections below.
Points 13-14 acknowledge the existence of non-NPNT (No Permission No Takeoff) compliant drones and makes airworthiness the sole criteria for legally flying, provided such drone models are certified by QCI and are imported before the end of this year and registered with DigitalSky. This is a great step forward, however, keeping in mind the win-for-security that NPNT provides through trusted permissioning and logs, it is recommended that NPNT be phased back in with an adoption period of 6 months from the date of notification.
To bring back a semblance of safety to the thought process and keeping in mind that manned aviation would be operating above 500 ft except for takeoff, landing and emergencies, it would be pragmatic to enforce altitude fencing in addition to two-dimensional fencing going forward. Permissive regulation has the effect of encouraging good and bad actors alike, and this measure ensures the correct footing for the looming problem of interaction between manned and unmanned traffic management systems, where risk of mid-air collisions may be brought back within acceptable limits.
9. Institutional Architecture
The draft indicates that institutions such as QCI and Drone Promotion Council (DPC), along with the Central Government, would be authorised to specify various standards and requirements. However, no details have been specified on the means for notification of such standards as in the case of the Director-General (Civil Aviation) having the powers to specify standards in the case of manned aircraft. Such enabling provisions are essential to be factored in the policy so as to minimise constraints in the operationalisation of regulations e.g. as was observed in the initial operationalisation of CAR Section 3 Series X Part I which did not have a suitable enabling provision in the Aircraft Rules.
Further, effective implementation demands that responsibility for implementation be accompanied by the authority to lay down regulations which is sadly missed out in the draft. In the instant draft, the authority to lay down standards rests with QCI/ DPC but the responsibility for implementation rests with DGCA which creates a very likely situation wherein the DGCA may not find adequate motivation or clarity for the implementation of policy/ rules stipulated by QCI/ DPC.
It is not clear that setting up a DPC would advance policy-making and be able to effect the changes needed in the coming years to accelerate unmanned aviation without compromising safety and security. We argue that for effective policy and making a thriving drone ecosystem, Digital Sky is a unique and vital piece of digital infrastructure that needs to be developed and nurtured. In the domain of tech-driven industries, the track record of Special Purpose Vehicles (SPV) is encouraging in India, the NSDL, NPCI and GSTN being shining examples.
The field of unmanned aviation has its own technical barriers to policy making. Its fast-evolving nature makes it extremely difficult for regulators who might not have enough domain knowledge to balance the risks and benefits to a pro-startup economy such as that of India. With the context formed through the course of this paper, it is our view that an SPV with a charter that would encompass development of a concept of operations, future standards, policy, promotion and industry feedback, would be the best step forward. A key example of success to model on would be that of ISRO, which is overseen by the Prime Minister. This would remove inter-ministerial dependencies by overburdening the existing entrenched institutions.
10. Lack of a Concept of Operations
The difference in thought processes behind this draft and the rules notified on 12th March 2021 is significant and is indicative of the large gap between security-first and an efficiency-first mindsets; keeping in mind that mature policymaking would balance the three tenets. It also points to the lack of a common picture of how a drone ecosystem could realistically evolve in terms of technology capability and market capacity while keeping balance with safety and security. The evolving nature of unmanned aviation requires an incremental risk-based roadmap; the varied interests of its many stakeholders makes reaching consensus on key issues a multi-year effort. To this end, taking inspiration from various sources and focusing on the harsh realities peculiar to India, we are in the process of drafting a Concept of Operations for India.
Concluding remarks
With the goal of raising a vibrant Indian drone ecosystem, we recommend the following actionable steps be taken by policy makers:
Immediate Term – Enabling The Ecosystem
Changes to the draft
Airworthiness Compliance requirements for all drone categories be removed till such standards are published
Hobby flying and R&D Green zones be designated in low risk areas
Guiding principles for Import policy formulation be laid out to incentivise import drone parts and de-incentivise drone models
A privacy model be applied to DigitalSky ecosystem data access that technically restricts abuse while laying a foundation for a legal framework for penalties
Insurance be not mandated for any drone categories
The provision for setting up the Drone Promotion Council be subsumed by a SPV as discussed below
Next six months – Setting the ecosystem up for long-term success
A) NPNT be re-notified as a bedrock requirement for security
B) An SPV outside of entrenched institutions be set up with a charter to
1. Envision India’s concept of aviation operations for the next few decades
2. Formulate Future Policy and institutionalize some aspects of key enablers of operations currently missing in India:
Development / update of ConOps
Monitor / develop / customize International standards
Establish Standards for Airworthiness and Flight Training
3. Develop and operationalise DigitalSky in an open, collaborative fashion with oversight and technical governance mechanisms
4. Redefine control zones and segregate airspace for drone operations
5. Establish an advisory committee with equitable membership of stakeholders
6. Address all charter items of the Drone Promotion Council
iSPIRT (Indian Software Product Industry Round Table) is a technology think tank run by passionate volunteers for the Indian Software Product Industry. Our mission is to build a healthy, globally competitive and sustainable product industry in India.
The Pandemic had decided much of the flow of financial planning in a country like India. The emphasis on Atma Nirbhar Bharat right at the outset in PART A of speech is on expected lines in a changed scenario post pandemic. Health being given importance forming the first pillar of six pillars was also expected based on ongoing developments.
For decades, India has underinvested (both in public and private spend) in the overall health of the population, and it took a global pandemic to dedicate a new Pillar of the budget to improving health outcomes and increase funding by 130%. It is heartening to see a substantial budget allocation of 64,000 Crore towards the Aatmanirbhar Swasth Yojana to improve primary, secondary and tertiary care. With the National Health Authority getting veteran RS Sharma (former Chairperson of TRAI and UIDAI) as its new CEO, this scheme could be implemented in a digital-first manner taking advantage of the advanced architecture of the National Digital Health Mission.
At iSPIRT we are pleased to see this development, and look forward to a year of accelerated efforts to establish key public digital infrastructure that could improve healthcare.
It was also encouraging to see Innovation and R&D mentioned as one of the pillars; this is a sign the Government is keen on supporting an innovation driven economy and the Indian products eco-system. The National Research Foundation outlay of 50,000 crores over 5 years is applicable across all sectors. Production linked incentive (PLI) schemes were announced for 13 sectors. This is a welcome move to bring in a thinking of promoting Indian Product Champions. However, the details of structure and which sectors and playgrounds the Government is attempting to promote will determine the success in the global landscape.
At iSPIRT we have been advocating development of niche playgrounds in sectors where India has a competitive advantage such as Software products in all sectors including defense, telecom etc. Whether the outlay of 1.97 lakh crores, over 5 years starting FY 2021-22 will be enough is to be tested.
The Continued emphasis on digital payment promotion with a new proposal of 1,500 crores and not losing sight of startups movement is heartening for the Software product industry. Improving norms to formation of a 1 person company will encourage innovation, entrepreneurship and startups. The Government seems to also be inclined to use technology to improve compliance via faceless assessment and a reduced limit on reopening of assessment limits, which are also efforts in a positive direction.
The biggest missed opportunity was around support to MSMEs – which are the key to driving scalable innovation. The MSME sector continues to need life support post the pandemic. While the Government slotted in a 2X budget estimate for MSMEs, it is not clear what this will go towards or that it will help the sector at scale. What remains to be addressed is critical changes that could MSMEs, ease frictions to accelerate growth.
We wanted to see more action on Ease of doing business, especially around removing bottlenecks for tech companies across sectors. In a digital economy, the small business sector is the lifeblood of future growth, and the government will need to think hard about the true means of galvanising this sector.
About iSPIRT Foundation
We are a non-profit think tank that builds public goods for Indian product startup to thrive and grow. iSPIRT aims to do for Indian startups what DARPA or Stanford did in Silicon Valley.
iSPIRT builds four types of public goods – technology building blocks (aka India stack), startup-friendly policies, market access programs like M&A Connect and Playbooks that codify scarce tacit knowledge for product entrepreneurs of India. visit www.ispirt.in
A Committee of Experts under the Chairmanship of Shri. Kris Gopalakrishnan has been constituted vide OM No. 24(4)2019- CLES on 13.09.2019 to deliberate on Non-Personal Data Governance Framework. Based on the public feedback/suggestions, the Expert Committee has revised its earlier report and a revised draft report (V2) has been prepared for the second round of public feedback/suggestions. iSPIRT had provided a past response to the previous report and in this blog post contains a response to the revised report.
At the iSPIRT Foundation, our view on data laws stems from the following fundamental beliefs:
Merits of a data democracy (that is, the user must be in charge)
Competitive effects must be well understood, for creation of a level playing field amongst all Indian companies, and some ring-fencing must exist to protect against global data monopolies
Careful design enables both high compliance and high convenience
It is with these perspectives that we have analyzed the revised Non-Personal Data report in our response.
Key Sources of Ambiguity in the NPD Report
The key sources of ambiguity in the report are:
Purpose of techo-legal framework for Non Personal Data: The non personal data framework is meant to provide the right legal and technology foundations for world class artificial intelligence to be created out of India for the betterment of financial, health, and other socio-economically important services. The current version of the report sidesteps this completely by constraining the applicability to only “public good” purposes rather than taking a holistic approach to “business & public good purposes”
Data Business entities need a harmonised definition (given the interplay with data fiduciaries as proposed in the MeitY Personal Data Protection Bill) and clear incentives for participation. The current report relies excessively on regulation & processes for data businesses to achieve the outcome.
Institutional structure for Data Trustees: The report restricts Data Trustees to government agencies and non-profit organisations; however, in a domain consisting of fast evolving technology by excluding the private sector in offering the base infrastructure creates a severe limitation on the ecosystem of modellers that can be created.
Technology Architecture: The illustrated technology architecture is unclear around the public infrastructure (through the form of open standards, public platforms, and others) that need to be created & adopted to bring to life the non-personal data ecosystem in an accelerated manner.
Conclusion
While we’re aligned with the vision of the committee, it’s critical that the above ambiguities are resolved in order to create a strong non-personal data ecosystem created in India. Till these ambiguities are resolved, the recommendations of the Report should not be operationalized.
For any press or further queries, please drop us an email at [email protected]
Two Cs are extremely critical for startups: Capital and Customers. In India, with a population of 1.3B, customers for B2C or B2B2C startups is not an issue. For B2B startups, although the market in India is promising, global markets are still very important. Capital on the other hand is trickier. The total capital raised by startups India from 2010-2020 is around $100B. In the same period, startups in China have raised 4x and startups in the US have raised 10x the capital raised by startups in India. India needs to have a stronger mechanism to enable more Capital. There is a need to increase Capital availability in India.
IGP platform proposed by SEBI is a very refreshing initiative that aims to address the Capital issue. It provides another great avenue for startups looking to raise series B and beyond. This platform can double the available capital over the next 5 years. It addresses a key pain point of Capital availability for startups raising between INR 70 to INR 200 Cr. There is a chasm in this space- there are early-stage VC funds and there are PE funds for growth companies. However, there is not enough growth stage VC funds in India to fill this gap. IGP has the potential to be the platform to bridge this void.
The design of IGP has been very thoughtful with the key focus is on technology startups. The precursor to IGP was ITP (Institutional Trading Platform). Due to various reasons including the maturity of the startup ecosystem, the response to this platform was tepid. IGP addresses a few key pitfalls of ITP.
IGP restricts the listing to technology-focused companies with a proven Product-Market Fit and entering its growth phase. The revenue of the companies listing on this platform is expected to exceed INR 50 Cr. This will greatly help in mitigating the risk of listing by ensuring a good understanding of Product-Market Fit beforehand.
The governance issues are well balanced – protects the investor interests but at the same time provides enough flexibility for the founders to have control over strategy and execution. The companies listing on this platform cannot be burdened with the same rules of the public markets as they need to be very nimble. A balance between taking risks and moving fast with financial discipline as against governance practices such as quarterly reporting and stability is advised.
As in the case of investments in Alternative Investment Fund, the platform is selective about its investors. The companies listing on this platform need to operate as startups and not as mature companies. The risks are much greater with these companies and hence it is very critical to have investors who understand these risks and who can understand these nuances.
M&As have been a key hurdle for startups in India. This is one of the key reasons for companies opting to flip. The platform is designed to simplify the process of M&As, post-listing. Simplifying the M&A process encourages corporates and PEs to participate on the platform. However, this spirit should be maintained in the implementation of the platform as well. This is one of the critical success factors for the platform.
For the Indian startup ecosystem to become one of the major contributors to the economy, key policy changes are needed. IGP is one such platform that has the promise to increase capital availability significantly. IGP has the added advantage of enabling exits for early stage investors. This increases the liquidity in the market that will further spur the startup ecosystem- a much needed virtuous cycle.
NASDAQ encouraged and enabled technology startups to list because of its adaptability and easier listing and governance guidelines. This accelerated technology startups in the US. IGP has the potential to be that platform in India. India can build products for the world and has the potential to be startup capital, but it needs a perfect storm of- Capital, Liquidity, Policy, Customers, and Entrepreneurs. IGP certainly has the promise to address the Capital and Liquidity aspects. Most importantly it enables Indian startups to stay in India!
Last month, an expert committee chaired by Kris Gopalakrishnan submitted a report on a framework for regulating Non-Personal Data in India. The rest of this blogpost contains iSPIRT’s response to this report.
At iSPIRT Foundation, our view on data laws stems from three fundamental beliefs:
Merits of adata democracy (that is, the user must be in charge),
Competitive effects must be well understood, for creation of a level playing field amongst all Indian companies, and some ring-fencing must exist to protect against global data monopolies
Careful design enables both high compliance and high convenience
It is with these three perspectives that we have analyzed the Non-Personal Data report in our response.
The report makes a well-cited and articulate case for regulating data in India, such that “[data’s] benefits accrue to India, and Indians”. It defines and outlines the roles of various entities relating to the capture, processing and governance of Non-Personal Data. Whereas we are wholeheartedly aligned with the vision of the committee and its members in creating an Aatmanirbhar Bharat and the importance of facilitating a robust AI-industry in the country, we find that the report is sound in premise but murky in detail. Where an overarching legal framework surrounding NPD is proposed, on closer inspection it falls short of achieving the aforementioned goals of protection for Indians and prosperity for Indian businesses. Therefore, more work must be done before a final version of this report can be released.
In what follows, we take the example of one industry that will be affected by the new Non-Personal Data framework and attempt to understand the report in relation to it.
Case Study: X-ray Data
Consider the case of a (fictional) health-tech startup called rad.ai that seeks to generate radiology summaries from lung X-rays. These summaries will help pulmonologists (lung-specialist doctors) identify various pulmonary diseases or early signs of cancer. Such a company requires two things to succeed – data about X-rays and technology to build models.
Under the tenets of the NPD report, it would seem that (given the right technology foundations) such a startup would be well placed to succeed. In particular, the report suggests that the X-ray data as described above will be classified as community data and outlines mechanisms for collecting and sharing it. It suggests that the dual goal of enabling rad.ai while protecting the subjects of the data can be accomplished in the following framework –
rad.ai will first be able to identify that appropriately anonymized lung X-rays, termed community data, are available for access through meta-data that is published by radiology labs engaging in collecting such data.
rad.ai will then be able to access this data for free through a data trust (presumably a virtual API on the cloud) which is created by the radiology labs.
This will all happen with the consent and oversight of a data trustee, an entity that is a representative of the persons from whom this data is collected.
While this sets a broad-strokes framework with the right intentions, there are a few key problems that arise when we dive deeper into the proposed solution. We have outlined some areas where clarifications are needed and details must be made available. These include the definition & value of community data, obligations of the data custodian, access for data users and rights of the data principal. Towards the end, we also discuss the question of NPD’sinterplay with personal data and the definition and use of public data.
Definition and Value of Community Data
While the case of X-ray data seems straightforward, the scope of community data in the report appears to be vast. However, it also seems to suggest that while data explicitly extracted from users is classified as community data, data generated in the course of a business’s activities may be considered private business data – and this may not be mandated to be shared. In that case, it would appear that e-commerce, delivery and employee data fall under private business data – although an argument could be made for classifying this as community data.
Further, the report makes a distinction between raw and processed data. In particular, raw data must be shared free of cost, whereas the price of processed data could be determined based on market or FRAND (fair, reasonable and non-discriminatory) principles. In the case of lung X-ray data, labs obtain such data from anonymizing raw personal data, so presumably it is now processed and need not be shared without remuneration. In the general case, however, we recommend that the lines between raw and (various levels of) processed data should be clearly demarcated.
Data Custodian Perspective
Consider next, the situation from the perspective of the diagnostic labs. There are about 70,000 labs and hospitals offering radiology services in the country [ref]. Each of these has its own technology implementations or third-party TSPs (technical service providers) for collecting and storing any patient data. How can all of these labs and hospitals be mandated to provide control of this data to the data trustee in order to share the X-ray information with companies like rad.ai? Who is/are the data trustee in this case anyway – the MoHWF, the NHA, an NGO serving the interests of cancer patients? If there are multiple data trustees that have an interest in the same underlying data, how is it ensured that every decision that each of them takes is in the best interests of the user? How are labs supposed to even publish the meta-data (meta-information about what data they have collected) in a standard, machine-readable format, so that companies like rad.ai can discover it seamlessly? Finally, considering that such compliance comes with associated costs, what are the concrete benefits for making this data available?
Data User Perspective
Then there is the case of rad.ai itself. Let us assume, for now, the provisions of the previous paragraph and overlook the contentions raised. Say that because of access to this X-ray data, the startup rad.ai has been able to create excellent ML models to predict the early risks of major diseases and help pulmonologists. It has done well and begins to expand across the country. A few years later, a foreign health-tech giant (again, fictional) called Hooli enters the fray by investing in rad.ai. Backed by foreign investment, rad is now stronger than ever. However, the report identifies “to promote and encourage the development of domestic industry and startups that can scale” as one of its key objectives. While rad.ai was originally a fully Indian company, it was allowed access to the community data from radiology labs to develop its models. Now that rad.ai has foreign investment, should it still be allowed to benefit from Indian community data? What if Hooli owns a majority stake? What if Hooli acquires rad.ai outright?
Data Principal Perspective
Finally, consider this from the perspective of the patient herself – the “data principal”. How is she guaranteed that her interests are protected and the aforementioned data is impervious to de-anonymization? As discussed above health data is considered sensitive data and the patient has every right to ensure that it is handled with extreme care. The report also recommends that consent must be taken from the actors in the community before the anonymization and use of their data – but what form will this consent take? How will its purpose be determined and collection be enforced before any data is anonymized and utilized? How can anonymisation be assured when multiple anonymised datasets are capable of being combined together? Finally, the report acknowledges that all sharing of community data should be based on the concept of “beneficial ownership” where the benefits of this data sharing also accrue to the data principal. How is the patient directly benefiting from such a data-sharing mechanism? What mechanisms are in place to enable such benefits?
Interplay With PDP Bill
Consider next, the case of the health-tech giant Hooli and assume that it also operates a search engine. As per the suggestions of the Srikrishna PDP Bill [Clause 14], Hooli could be allowed to collect personal user data and use it directly since its operation of search engines falls under “other reasonable uses of personal data”. When combined with the fact that under the provisions of the Non-Personal Data report sharing of all raw NPD becomes mandatory, Hooli is actually disincentivized from anonymizing its personal search data. By keeping this data personally identifiable, it is prevented from having to share it with competing search engines and startups. Can misaligned incentives such as these hinder progress towards the report’s stated goals?
On Public Data
Consider finally that some of the labs and hospitals conducting X-rays will be government-owned. The report recommends that all data generated through government and government-funded activities are classified as Public data, which is in turn classified as a national resource. There is no guidance on the compliance requirements of the government controlling this public data under such a scenario. Will government hospitals still be required to make it available? More importantly, does the community (i.e. patients) have no claim to their data in this case merely because it was collected by the government instead of a private entity?
Concluding Remarks
In summary, the report importantly conceives a legal notion of community, private and public non-personal data and outlines a framework in which such data might be shared for the advancement of economic, sovereign and core public interests. However, more work must be done to detail compliance requirements and standardize the mechanisms of sharing such data before the final version of the report is released. In its current state, the report only touches upon the rights of the data principal, the obligations of the data trustee and the compliance requirements of the data custodian. In a State with limited regulatory capacity for creating standards and enforcing bodies, these rights, obligations and compliance requirements should be comprehensively and clearly defined before a law ordaining them can come to pass. Custodians must be incentivized to share, industry startups must be enabled to access and the community must be empowered to self-preserve before the vision of an Aatmanirbhar Bharat with a booming AI industry can be realized.
We have an exciting announcement for you all today!
We are publishing a draft of the technical standards of the Personal Health Records (PHR) component of the National Health Stack (NHS)!
As a refresher, these standards govern the consented sharing of health information between Health Information Providers (HIPs) – like hospitals, pathology labs, and clinics – and Health Information Users (HIUs) like pharmacies, medical consultants, doctors, and so on. The user’s consent to share their health data is issued via a new entity called a Health Data Consent Manager (HDCM).
This is a big deal. The problem today is that the electronic health records listed in one app or ecosystem are not easily portable to other systems. There is no common standard that can be used to discover, share, and authenticate data between different networks or ecosystems. This means that the electronic medical records generated by users end up being confined to many different isolated silos, which can result in frustrating and complex experiences for patients wishing to manage data lying across different providers.
With the PHR system, a user is able to generate a longitudinal view of their health data across providers. The interoperability and security of the PHR architecture allows users to securely discover, share, and manage their health data in a safe, convenient, and universally acceptable manner. For instance, a user could use a HDCM to discover their account at one hospital or diagnostic lab, and then select certain electronic reports to share with a doctor from another hospital or clinic. The flow of data would be safe, and the user would have granular control over who can access their data and for how long. Here is a small demo of the PHR system in action.
The standards document released today offers a high level description of the architecture and flows that make this possible. You can find version 0.5 of the document embedded below.
All the exciting progress we are making on this new digital public infrastructure for healthcare is all thanks to you, the community. We are grateful for your support and look forward to engaging with you further!
Powered by data-led scientific rigor, the India COVID-19 SEIR Model delivers early infection trends for every district in India. The model is geared to help Indians from all walks of life plan life and work decisions around their region’s projected trends over the next 15-30 days. Hospitals can use the model to plan for a surge in demand for resources (beds, ICUs, ventilators); local and national level leaders across private and public sectors can use the model to decide how best to contain the spread of the disease and re-open safely. Epidemiologists can use the model to define how different behavioural and environmental factors affect disease transmission. We introduce 3 use cases in this blog post—the first in a series aimed at promoting scientific and modelling capability.
Wherever the Coronavirus curve has bent to our will, it has happened on the back of behaviour changes based on data-led insights. Everywhere, simple shifts in behavior—staying at home, wearing masks, sanitizing hands—have been informed by predictive models that showed us the mirror to a dystopian future if we didn’t edit our lifestyles. As a digital public good for a billion Indians, the value of the India COVID-19 SEIR Model lies in its reach and widespread use.
Until a vaccine is developed, we have to make sense of today’s numbers in the context of all our tomorrows. Individuals, policymakers—and everyone in between—can make smarter decisions if they know the evolving shape of the outbreak, and the India COVID-19 SEIR Model aims to do just that by enabling identification of potential trends and patterns in the next 15-30 days.
The approach taken by the model provides flexibility and utilisation from both a view of trends as core model adoption/enhancement.
We can all use it to bend India’s curve. That’s the ultimate use case, really — where the model tells us where it’s going and we, in turn, steer it in an entirely other direction. Models will change and that’s a good thing. It means we are responding. The power of models and data science in this particular moment is the ability to assist a very scientific approach to scenario planning during an ongoing pandemic.
We can turn the course of this pandemic and transform what this model tells us, every 24 hours. We are already watching the shape-shifting in real-time. It’s in your hands. Go on, try it.
The National Health Stack is a set of foundational building blocks that will be built as shared digital infrastructure, usable by both public sector and private sector players.
Healthcare delivery in India faces multiple challenges today. The doctor-patient ratio in the country is extremely poor, a problem that is exacerbated by the uneven distribution of doctors in certain states and districts. Insurance penetration in India remains low, leading to out-of-pocket expenses of over 80% (something that is being addressed by the Ayushman Bharat program). Additionally, the current view on healthcare amongst citizens as well as policymakers is largely around curative care.
Preventive care, which is equally important for the health of individuals, is generally overlooked. The leapfrog we envision is that of public, precision healthcare. This means that not only would every citizen have access to affordable healthcare, but the care delivered would be holistic (as opposed to symptomatic) and preventive (and not just curative) in nature. This will require a complete redesign of operations, regulations, and incentives – a transformation that, we believe, can be enabled by the Health Stack.
iSPIRT Foundation in partnership with Swasth Allianceis hosting an Open House Discussion on the following building blocks of the Health Stack
Doctor Registry
The ability for doctors to digitally authenticate themselves and share their electronic credentials with a third-party application such as a telehealth provider
Personal Health Record (PHR) System
The ability for every Indian to be empowered with control over their health data such that they can share it with trustworthy clinical providers to access a digital service
Open Health Services Network
A unified health services network that comprises of a common set of protocols and APIs to allow health services to be delivered seamlessly across any set of health applications, doctors, and providers.
The virtual session will be from 11:30 AM to 1:00 PM on Saturday 23rd May.
To confirm your participation and receive the virtual link, please click here.
In the interest of transparency, here is our entire exchange with The Ken.
Our first email response to The Ken
Dear Sanjay and Siddharth,
Hope you are safe and doing well.
I’m a reporter with The Ken and I’m working on a story looking at the now pulled-back launch of Sahay on May 21 by PM Modi and the involvement of iSpirt in this project. I had some questions about the iSpirt’s roles and responsibilities with respect to Sahay and the account aggregator framework. And also examine the potential conflicts of interest it opens up. Could you help with responses by Thursday end of the day please, as this is a newsbreak.
When did iSpirt feel the need to roll out an app like Sahay, was it always part of the account-aggregator roadmap? What have been the roles and responsibilities of iSpirt to get this off the ground?
Who is responsible for owning and operating Sahay when it was scheduled for launch?
We understand iSpirt is conceptualizing and designing the APIs and SDKs for this. Can you confirm?
Why was Juspay given the mandate to make the proof of concept this time around too given that the AA framework is something that has been in the works for over 3 years. Why not let the market players come up with such an app?
With Sahay, IDFC Bank, Axis Bank, Bajaj Finserv are among the first banks to take part, but these banks are also a financial donor to iSpirt. This raises questions on what basis banks can become part of the network. Could you explain the connection here?
We learnt that Setu, which is run by former iSpirt volunteers has applied for an account aggregator license. Given iSpirt’s active involvement in this project, it opens up possibilities for conflicts of interest in terms of preferential treatment when it comes to choosing an iSpirt backed AA when you evangelise the concept. Please comment on that?
Setu is funded by Sanjay Jain-founded Bharat Innovation Fund (BIF). By virtue of being an iSpirt member, Jain’s visibility and roadmap of iSpirt’s projects allow funds like the BIF to back the right horses. This again brings up questions of conflict of interest. Can you comment on this, please?
Thanks in advance.
Dear Arundhati,
Thank you for reaching out to us.
To help you understand iSpirt’s roles and responsibilities with respect to Sahay and the account aggregator framework and to equip you to examine potential conflicts of interest you thinkit opens up,let me first explain the iSPIRT model as described here: iSPIRT Playgrounds coda. This document sets context for our answers, and many of your questions can be answered by referencing this code. It lays out in detail iSPIRT’s design for working on hard societal problems of India and how we engage with the market and the government actors in that journey.
Now to answer your questions:
1. When did iSpirt feel the need to roll out an app like Sahay, was it always part of the account-aggregator roadmap? What have been the roles and responsibilities of iSpirt to get this off the ground?.
The idea behind Project Sahay is nearly as old as iSPIRT itself. This is one of our earliest depictions of the idea of a credit marketplace from 2015 on the left. Over time this idea was more popularly encapsulated in the “Rajni” use case depicted on the right. Despite our evangelism, in the 6 years since this slide was made, no market player has built something like Sahay (Referring to your Q4 here).
When the economic slowdown hit in August of last year, our conviction was that the need for cash flow lending was urgent. Since a credit marketplace needs many moving parts to work well, it would require many market and government participants to accelerate their plans as well. The UK Sinha Committee on MSMEs had done the important groundwork of laying out the basic architecture of what needed to be done.
Technical documents like API specs do not capture people’s imaginations. In our experience, the simplest and quickest way to unlock the imaginations of market participants and current and potential future entrepreneurs is to build an operational implementation and highlight its capabilities.
We have encouraged building of operational implementations in the past as well. Sometimes we build it with our partners (e.g. Credit Marketplaces), sometimes market participants do (as showcased on 25th July 2019 for Account Aggregators by Sahamati), sometimes government partners do (as NPCI did with UPI).
To this end we chose the temporary working title for an ongoing initiative “Sahay” and gave it a realistic but ambitious deadline of May 21st. The outcome of Project Sahay, was not one app, as you have assumed, but to catalyse several credit marketplaces to come up to help MSMEs access formal credit. We do not see this reflecting in any of your questions.
Many players who did not opt in to be market partners with iSPIRT (reference 4.b “On market partners”) would opt in once they see the Wave 1 markeplace implementations in operation. We call this Wave 2, and have a model to support them as well.
2. Who is responsible for owning and operating Sahay when it was scheduled for launch?
At iSPIRT, we try to imagine a future and work backwards from there. Project Sahay helped develop early adopters of an ecosystem to come together in a coordinated way.
For cash flow lending, we needed many marketplace implementations. Each marketplace needs multiple lenders to encourage competition and not give any one player a significant head start. Unlike, say BHIM (the reference app for UPI) this marketplace needs much more groundwork and plumbing to come together in time. We used Project Sahay as a forcing function towards this aim.
Project Sahay was about many marketplace implementations. One of them would have been adopted by government partners like NPCI or PSB59. However, the marketplace implementations are still under development. So this question is premature.
Post COVID19, our view is that Cash Flow based lending as an idea itself may get pushed out by a quarter or two in the market, so our efforts on Project Sahay, will also get pushed out. We recently posted a blog (COVID19 strikes cash flow lending for small businesses in the country) about this.
3. We understand iSpirt is conceptualizing and designing the APIs and SDKs for this. Can you confirm?
In regards to the Account Aggregator component of Project Sahay, the specifications for Financial Information Providers, Financial Information Users, and Accounts Aggregators have been designed & published by ReBIT and are publicly available here: https://api.rebit.org.in/It was notified by RBI on November 8th 2019: https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11729&Mode=0
In regards to the design of the APIs & SDKs for the credit marketplace component of Project Sahay, please refer to our iSPIRT Playgrounds Code (Reference 4b. “Market Partners”).
4. Why was Juspay given the mandate to make the proof of concept this time around too given that the AA framework is something that has been in the works for over 3 years. Why not let the market players come up with such an app?
Refer Q1, no market player had built this in 6 years.
JusPay is an active market participant in this ecosystem. They volunteered to build an open-source implementation so that many marketplaces can come up quickly. We saw no conflict, in fact we appreciate this gesture on their part to open-source.
We see the framing here includes “this time around too”. If by this you mean BHIM for UPI, that was entirely a NPCI decision. We do not advise on procurement. (reference 4.c “On government partners”)
The AA framework and thinking has been around for 3 years. Sahamati (https://sahamati.org.in/) is a collective for the AA ecosystem. All the required resources to guide new AAs to develop are available at Sahamati website.
5. With Sahay, IDFC Bank, Axis Bank, Bajaj Finserv are among the first banks to take part, but these banks are also a financial donor to iSpirt. This raises questions on what basis banks can become part of the network. Could you explain the connection here?
We want to answer your question at two levels. First, your question implies pay-for-play. We want to categorically deny this. Please understand our donor model first. (reference 5. “How does iSPIRT make money”)
Any allegation of pay-for-play is baseless. We engage with many more market partners who are NOT donors than donors who are market players. Their donor relationship and “market partner” relationship with us are independent.
Clause 3 (1) xi – any bank, banking company, non-banking financial company, asset management company, depository, depository participant, insurance company, insurance repository, pension fund and such other entity as may be identified by the RBI for the purposes of these directions may become a Financial Information Provider (FIP).
Clause 3 (1) xii – Any entity that’s registered with and regulated by any financial sector regulator can become a Financial Information User.
Clause 3 (1) x – “Financial Sector regulator” refers to the Reserve Bank of India, Securities and Exchange Board of India, Insurance Regulatory and Development Authority and Pension Fund Regulatory and Development Authority
On July 25th last year, Sahamati was launched with 5 early adopter banks who had conducted proof of concept of the Account Aggregator network. Please see here for media coverage.
6. We learnt that Setu, which is run by former iSpirt volunteers has applied for an account aggregator license. Given iSpirt’s active involvement in this project, it opens up possibilities for conflicts of interest in terms of preferential treatment when it comes to choosing an iSpirt backed AA when you evangelise the concept. Please comment on that?
We object to use of the term “iSPIRT backed” in relation to Setu. We ‘back’ every startup that seeks to build for India. iSPIRT has no financial interests in any of these companies. Setu does not enjoy any special status.
A note on your reporting: I recommend revisiting your phrasing here and ensure you substantiate the claims you make. Our volunteers are employees of many startups and large institutions in the country. We knew this reality and designed governance structures accordingly
Please refer to our model and feel free to report on when we have departed from our stated model. Please avoid sensationalising our regular course of work, by cherry-picking two volunteers and attempting only a tenuous link.
iSPIRT enjoys the confidence of many of its market partners and government partners only because we take a ‘non interested party’ stance to all our work. We are committed to staying this way. It is an existential threat if we do not live up to this principle. So we take these allegations extremely seriously.
Therefore, if you’re going to imply we gave any preferential treatment, I hope you and your editors realise you carry the burden of proof on this allegation. We also believe that sunlight is the best disinfectant. Hence, we do not want to stop you from doing your job, we welcome the criticism. However, in exchange, we request you meet the highest standards and have credible evidence on any allegations or even insinuations you make about us.
7. Setu is funded by Sanjay Jain-founded Bharat Innovation Fund (BIF). By virtue of being an iSpirt member, Jain’s visibility and roadmap of iSpirt’s projects allow funds like the BIF to back the right horses. This again brings up questions of conflict of interest. Can you comment on this, please?
To back the right horses, VCs are meant to be on top of trends. Sanjay Jain is not on top of trends because he was a volunteer at iSPIRT Foundation. iSPIRT is on top of trends because Sanjay Jain is a volunteer. We would ask you to look at his history of work, his thoughtful and original comments on many forums (which often diverge from the iSPIRT view, specially in the last 3 years since he has transitioned into becoming a full-time VC)
Think Tanks like us put out bold visions for the country, and Sanjay Jain is not the only VC who keeps an eye on our activity. We often even invite VCs for sessions and encourage them to back all players without recommending any specific one. Most often the locus of this engagement is the public sessions we hold. Some examples:
Public Presentations by Pramod Varma, Sharad Sharma, Nikhil Kumar on India Stack
Siddharth Shetty explaining AA at an event at @WeWork Bangalore
2019 Sahamati Launch with a presentation by Nandan Nilekani and representatives from MeiTY, SEBI, multiple Bank CEOs, and AA entrepreneurs.
Sahamati conducts multiple public workshops on the AA ecosystem as published on its website and twitter accounts.
All the Setu founders who were iSPIRT volunteers and Sanjay Jain have been subject to the prescribed process for managing conflict of interest. We stand by this and ask you once again to demonstrate greater proof than simply Sanjay Jain was once a volunteer, and is now a VC.
We want to add some more perspective on the people & organisations you’ve named:
Sanjay Jain is a beloved volunteer at iSPIRT who we think is one of the best design thinkers in the country. When he moved to BIF, iSPIRT’s Volunteer Fellows Council designed him and his activity within iSPIRT to be conflict-free. He therefore does not participate in any of the Sahay related work.
JusPay is a supremely talented engineering company with a strong “build for India” bias. They have been market players who embrace some of our big ideas and have demonstrated willingness to pay-it-forward. We are ready to work with any such actors who share our commitment and mission towards solving for Rajni.
Setu and many other startups like them all have a grand vision for India and these are the very private innovators we help co-create public infrastructure for. The more of these there are, and the better they and their competitors innovate, India and Rajni ultimately gain.
We trust this response gives you ample context to review and assess your allegations of conflicts of interest. You have not reached out once to clarify our plans or ambitions, except this questionnaire 30 hours before your deadline. We have answered these questions even in this aggressive timeline. A more frank and open discussion could have been easily arranged if you had reached out to us earlier, rather than at the end. Given the framing of your questions, and the tight response time you offered us, we can no longer brush this aside as simple oversight.
Your questions frame all iSPIRT engagements with the govt. and market players as potential conflicts of interest. It takes the very essence of what we do – help co-create public infrastructure for private innovation – and attempts to cast a doubtful light on it. To protect ourselves from being misquoted, we intend to publish this email exchange on our blog so people may see the whole exchange in context and decide for themselves.
Our second email response to the The Ken.
Sources allege that when iSpirt was involved in designing the APIs and SDKs for Sahay, there were no inputs taken from the market participants.
Please refer to Q3 of your previous email. iSPIRT’s code of coordination with market participants is available here: Reference 4b. “Market Partners”)
Please understand that we first announce our vision in public. Then we co-create with partners who express conviction at an early stage. We call them early adopters or Wave 1. We work with them and iterate till we surface an MVP for wider review. At this point, the path to go live is clear, as is the ‘ownership'(reference your question #2), and it invariably involves a public review phase. After Wave 1, we work with Wave 2 participants as well for scaling adoption.
The mental model you should have for iSPIRT Vision/Wave 1/ Wave 2 is those of Alpha/closed Beta/Public beta in the technology world. This is not an uncommon practice.
I can tell you that I have personally been in multiple feedback sessions on the APIs with Wave 1 market participants. It constitutes a large part of my work. Therefore, I can categorically deny these allegations. I can understand the confusion if your sources are not from Wave 1. They are open to participate in Wave 2. Before you allege that our process is not collaborative, please clarify with your source if they are confused about Wave 1/Wave 2.
Also once iSPIRT hands over the tech platform to the operating units, who guarantees end-use limitation of data, and who is accountable for breaches? Who answers to the Data Protection Authority when it eventually comes up? Also, who will end up owning Sahay?
There will be many marketplace implementations each using common APIs and building blocks. Some of these standards will be de-jure standards (like Account Aggregators). Others, like between Banks and marketplaces will be de-facto standards. Page 125 of the UK Sinha MSME Committee Report provides details of this. Please consult this and feel free to ask further questions.
As you may have heard from us or read about in our publications, iSPIRT takes the long view on problems. We call ourselves 30 year architects for India’s hard problems. The critical insight to a 30-year journey of success is that it requires one to be able to work with and grow the ecosystem, rather than grow itself. An iSPIRT with more than 150 volunteers would collapse under its own weight. Instead we work tirelessly to build capacity in our partners and help them on their journeys. We remain committed to being in the background, taking pride in the success of our partners who are solving for India’s hard problems.
However, many people think we’re trying to square a circle here. Why would anybody, that too, folks in Tech jobs who get paid tremendously well, volunteer their time for the success of others?
The motivation for volunteering is hard to explain to those who have not experienced the joy volunteering brings. Our story is not unique. Most famously, when the Open source movement was taking root, Microsoft’s then CEO, Steve Ballmer, called Open Source “cancer”.
We have published all of our thinking on our model as and when it crystallised. However, we realised a compendium was needed to put our answers to the most commonly expressed doubts about iSPIRT in one place. This is that compendium for our volunteers, partners, donors and beyond.
1. What is iSPIRT?
a) iSPIRT is a not-for-profit think tank, staffed mostly by volunteers from the tech world, who dedicate their time, energy and expertise towards India’s hard problems.
b) iSPIRT believes that India’s hard problems are larger than the efforts of any one market player or any one public institution or even any one think-tank like ourselves. These societal problems require a whole-of-society effort. We do our part to find market players and government entities with the conviction in this approach and help everyone work together.
c) In practical terms, this means that the government builds the digital public infrastructure, and the market participants build businesses on top of it. We support both of them with our expertise. We have iterated this model and continue to improve and refine this model.
d) To play this role we use our mission to align with the Government partners, Market partners and our own volunteers. We believe those who have seen us work up close place their trust in us to work towards our mission. Our long-term survival depends on this trust. All our actions and processes are designed to maintain this trust, and so far if we have any success at all, it can only be seen as a validation of this trust.
2. What is our volunteering model?
a) Anyone can apply to be a balloon volunteer, and we work with them to see if there is a fit.
b) The ideal qualities of a volunteer are publicly available in our Volunteering Handbook, the latest one was published in December 2017.
c) We require every volunteer to declare their conflicts, and ask them to select a pledge level. This pledge level determines their access to policy teams and information that can lead to potential conflict of interest. For every confirmed volunteer, we make available this pledge level publicly on our website.
d) We are often asked what’s in it for our volunteers. We let all our volunteers know this is “No Greed, No Glory” work. Wikipedia is maintained by thousands of volunteers, none of them get individual author credits. What volunteers get is the joy of working on challenging problems a sense of pride in building something useful for society a community of like-minded individuals who are willing to work towards things larger than themselves
e) There are not too many people who would do this for no money, but it does not take a lot of people to do what we do. All of this is given in much greater detail in our Volunteer Handbook.
3. How does iSPIRT decide the initiatives it works on?
a) We have seen success due to the quality of our work and the commitment to our mission. We only take on challenges related to societal problems where technology can make a difference.
b) Even within those problems, our expertise and focus is in solving the subclass of problems where the hard task of coordination between State and Market, between public infra and private innovation is crucial to the task at hand.
4. How does it work with State and Market partners
a) On the hard problems we select in #3 above we assemble a team of volunteers. These volunteers outline a vision for the future. We begin by sharing this vision in multiple forums and creating excitement around them. Examples of these forums are:
Many different public appearances by Pramod Varma, Sharad Sharma, Sanjay Jain, Nikhil Kumar
2019: Siddharth Shetty explaining AA at an event at @WeWork Bangalore
2019 Sahamati Launch with a presentation by Nandan Nilekani and representatives from MeiTY, SEBI, multiple Bank CEOs, and AA entrepreneurs.
b) On market partners
i. We work with any market partner who shows conviction towards the idea, and are willing to commit their own resources to take the vision forward. Previous and current partners include banks, startups, tech product and service companies. These early adopter partners form part of our Wave 1 cohort.
ii. We dive deeper with this wave 1 cohort and iterate together to build on the “private innovation” side of the original vision with their feedback. This is developed with the mutual commitment to sharing our work in the public domain, for public use, once we have matured the idea. We work with them and iterate till we surface a MVP for wider review.
iii. At iSPIRT, we don’t like mission capture. There are no commercial arrangements between iSPIRT and any individual market participants.
iv. We never recommend specific vendors to any of our partners.
v. New infrastructure/ new frameworks often require the creation of a new type of entity. We engage with these through domain specific organizations such as Sahamati for Account aggregators, as an example.
vi. After Wave 1 partners co-create an MVP, we open up for wider public review and participation. We make public all of our learnings to help the creation of Wave 2 of market participants.
vii. The mental model you should have for iSPIRT Vision/Wave 1/ Wave 2 is those of Alpha/closed Beta/public Beta in the tech world.
c) On government partners
i. We work together with any government partners who show conviction towards the idea, and are willing to commit their own resources to take the vision forward. Previous partners have been RBI, NPCI, MeiTY, TRAI, etc.
ii. We dive deeper with these partners and iterate together to build on the “public infrastructure” side of the original vision with their feedback. As part of the government process, many authorities have their own process to finalize documents, etc. Many of these involve publishing drafts, APIs etc. for feedback, and potential improvement from market participants. We publish the work we do together and invite public comments. Examples: UPI Payment Protocol; MeITY Electronic Consent Artefact; ReBIT Account Aggregator specifications
iii. We only advise government partners on technology standards and related expertise.
iv. There are no commercial arrangements between iSPIRT and government partners, not even travel expenses.
v. We never recommend any specific market players for approval towards any licenses or permissions. Both iSPIRT and our partners would suffer greatly if this process was tarnished.
With UPI we did not recommend any individual PSPs for inclusion in the network. This was entirely RBI and NPCI prerogative.
Similarly for AA, RBI alone manages selection of AAs for approvals of licenses.
vi. We also respond to public comments wherever they are invited. The following are some examples of our transparent engagement on policy issues.
a) iSPIRT’s expenses includes a living wage for some of its full-time volunteers, travel expenses and other incidental expenses related to our events. This is still a relatively small footprint and we are able to sustain entirely on donations.
b) These donations come from both individuals and institutions who want to support iSPIRT’s long-term vision for India’s hard problems. Sometimes, donor institutions include our market partners who have seen our work up close.
c) Partnerships do not require donations. We engage with many more market partners who are NOT donors than donors who are market players.
6. How does iSPIRT protect against conflict of interest?
We see two avenues of conflict of interest, and have governance mechanisms to protect against both
a) First is Donor Capture. We try to structure donation amounts and partners such that we are not dependent on any one source of funds and can maintain independence
i. We maintain a similar separation of concerns as do many news organizations with their investors.
ii. Our volunteers may have a cursory knowledge of who our donors are. However, this knowledge makes no difference to their outcomes.
b) Second is Volunteer conflicts, where they may get unfair visibility or information to make personal gains.
i. We screen for this risk extensively in the balloon volunteering period.
ii. We have hard rules around this that are strictly enforced and constantly reminded to all our volunteers in all our meetings.
iii. For volunteers who need advice whether a potential interaction could constitute conflict we provide an easy avenue through our Volunteer Fellows Council. The council will advise on whether there is conflict and if yes, how to mitigate it.
iv. To prevent a “revolving door” situation, we require that volunteers from the policy team leaving to continue their careers in the industry undergo a “cooling-off” period.
Many ongoing industry efforts to bring cash flow lending to life for MSMEs are now on hiatus
COVID19 strikes cash flow lending too
At iSPIRT, with our long-cherished dream of democratising credit in this country, we advocated for and built public infrastructure to enable market players to offer cash flow based lending solutions to small businesses.
Pre-COVID: We argued that small businesses needed this new breed of products because they were unable to access formal credit otherwise.
During-COVID: As we process, accept and adapt to our new reality as a country, we realise small businesses need something much more urgently than cash flow based solutions from the market – they need rescue and stimulus packages from the government to survive the health and economic distress brought on by COVID19.
Post-COVID: When the lending cycle picks up again in the market (and we will watch it diligently!) we will revive our efforts to bring cash flow based lending products to the market. For now, we are putting these efforts on a hiatus. This is because we think there’s a while for “Post-COVID” to come and many uncertainties are unfolding every day. So for now, we want to wear a “During-COVID” hat for the foreseeable future.
This is disappointing for many parallel efforts that were underway in the market
Since July last year, after the U.K. Sinha chaired expert committee on MSMEs submitted its report to the RBI, many parallel efforts including Sahay, revamping of TReDS, PSB59, etc. by different market players were underway to bring cash flow lending ideas in this report to life. iSPIRT engaged with market players to design a digital public infrastructure first approach encapsulated in Sahay. The government was supportive of all of these, highlighting the importance of MSMEs within the economy.
Cash Flow Lending – The idea whose time will come
This slow down in the momentum is obviously disheartening for many iSPIRT volunteers and to all the market players we were working with. Months of hard work may not come to life in the next quarter or two. But these same months of hard work were possible only because we saw ourselves as architects with a 10-20 year horizon to solve India’s hard problems.
Cash Flow lending is a powerful idea to democratise credit in our country. It’s time will come, and come soon. Right now, we need to pace ourselves to our new realities and revive the energy again when lending picks up in this country.
About the Author: Meghana is a core volunteer and orchestrating our efforts in Democraticising credit at iSPIRT. She can be reached at [email protected]