iSPIRT works to transform India into a hub for new generation software products, by addressing crucial government policy, creating market catalysts and grow the maturity of product entrepreneurs. Welcome to the Official Insights!
iSPIRT has been actively engaged in pursuing the favourable policy for the Cloud Telephony sector in Telecom Industry, an amalgamation of the various IT and Communications technologies.
National Digital Communication Policy has been announced recently and it is encouraging to see the announcements in the policy on some common issues to do with Startup ecosystem and digital communication aspects of the Cloud Telephony Players.
We are expecting the Department of Telecom (DOT) to further work on implementation and framing of rules and regulation in light of policy in near future. Despite many positive directional changes, there is a need to develop a regulatory framework for the Cloud Telephony players. Cloud Telephony players are adding value to communication and hence to the economy in several innovative ways. In addition, they also add a good revenue stream to licenses Telecom Service Providers (TSPs).
This PolicyHacks session is devoted to the critical analysis of the NDCP for this sub-sectoral player. Some of the entrepreneurs involved in the discussion are Gurumurthy Konduri of Ozonetel, Ujwal Makhija of PhoneOn, Gaurav Agrawal of Exotel and Gaurav Sawhney of Knowlarity.
A recording of this discussion is given below. Please feel free to click and watch. (About 20 seconds lost in the opening frame, apologises for the error)
The main point covered in the discussion is summed up below as are the some of our recommendations and good work is done (while the Policy was in the draft stage and during various consultation processes), which have been reflected in the policy under respective sections as under:
Page 7
1.1.(f) – Encourage and facilitate sharing of active infrastructure by enhancing the scope of Infrastructure Providers (IP) and promoting and incentivising the deployment of common sharable, passive as well as active, infrastructure
1.1.(g).iv. – Allowing benefits of convergence in areas such as IP-PSTN switching.
Both of these are encouraging moves however it is to be seen how further rules and framework make easy for Small and Startup companies to use them without licensed TSPs creating a barrier for them.
Page 8
1.1.(j) – By encouraging innovative approaches to infrastructure creation and access including through resale and Virtual Network Operators (VNO)
This is a very encouraging announcement for the Cloud Telephony startups.
Page 14
2.1. (c ) iv. – Improving the Terms and Conditions for ‘Other Service Providers’, including definitions, compliance requirements and restrictions on inter-connectivity
2.1.(c ).viii. – Creating a regime for fixed number portability to facilitate one nation – one number including portability of toll-free number, Universal Access numbers and DID numbers
Again very encouraging but needs some boost up. Audiotex regime must go most speakers feel and all the players in Cloud telephony are treated as ASP. These provisions will help cloud telephony to deliver better value propositions in their offerings.
Page 15
2.2.(a) iv: – Encourage use of Open APIs for emerging technologies
2.2. (b) – Promoting innovation in the creation of Communication services and network infrastructure by Developing a policy framework for ‘Over The Top’ (OTT) services.
2.2.(f) ii. – Enabling a light touch regulation for the proliferation of cloud-based systems
2.2.(f).iii. – Facilitating Cloud Service Providers to establish captive fibre networks.
A welcome move to encourage Open APIs. However, licenses TSP should be given one standard that is governed by DOT to implement any APIs that let them monitor cloud telephony or ASPs on their network, instead of allowing them to create a regime of their own.
Generally, an OTT policy is recommended in reforming the sector. However, OTT framework should not be mixed with ASP or Cloud Telephony providers. It is better to keep a distinction between the two.
Page 17:
2.4.(a).ii: – Promoting participation of Start-ups and SMEs in government procurement
2.4.(b). – Reducing the entry barriers for start-ups by reducing the initial cost and compliance burden, especially for new and innovative segments and services.
Acceptance of these issues is very encouraging. The Government can be a very big user of the Cloud Telephony industry also. And we hope this will turn out to be a winning proposition for the Cloud Telephony industry in near future.
Conclusion
Whereas this policy announcement reflects a positive change, it is yet to be seen how DOT look at Cloud Telephony and provides it with a recognition as a sub-sector with easy and proper regulatory framework for same.
Note: The above article is co-authored by Gurumurthy Konduri of Ozonetel with Sudhir Singh of iSPIRT
One would think that the new sexy in the startup capital of the world is self-driving cars, AI/ML… I got news for you! AI/ML (esp. Machine Learning) is not listed in Gartner’s hype cycle for 2018.
This was corroborated on my recent trip to the valley and the US east coast, where I met several investors, founders, corp dev and other partners of the startup community. It was evident that the AI/ML hype which peaked in 2016 & 2017 is no longer considered a buzzword. It is assumed to be table stakes. What you do with AI/ML is something everyone is willing to listen to. Using AI/ML to solve a high-value B2B SaaS problem is Sexy! (Gartner trends for 2018).
As the hype with AI/ML settles down, B2B startups across the globe are discovering the realities of working the AI/ML shifts for SaaS. Many AI tools & frameworks in the tech stack are still evolving and early pioneers are discovering constraints in the stack and creatively building workarounds as they build their products.
Many entrepreneurs are watching from the sidelines the unfolding of the AI/ML hype, wondering on many valid questions like these (and more):
Q: Do I have to stop what we are building and jump onto the AI bandwagon? No. Q: Are the AI/ML resources mature & stable to build better value products? No, they are still evolving. Q: Do I need expensive investments in constrained resources? No, not until you have a high-value problem to solve.
B2B SaaS startups go through 2 key struggles. How to find market-fit and survive? And how to stay relevant and grow. And if you don’t evolve or reinvent as the market factors change, there are high chances for an upstart to come by and disrupt you. The iSPIRT entrepreneur playbooks look to help entrepreneurs get clarity on such queries and more. Our goal is to help our startups navigate such market shifts, stay relevant and grow. Our mini roundtables Playing with AI/ML are focused on WhyAI for SaaS discussions in multiple cities. If you or a startup you know may benefit do register
The MiniRT Agenda
Seeding & creating an active discussion on Why AI/ML? What is the higher order value being created? How to identify the value & opportunities to leverage AI? How to get started with an AI playground (if not already running)? How to think of data needs for AI/ML investments, How to address the impact on Product & Business… Insights from these sessions are meant to help refine our approach & readiness to leverage AI/ML for building higher order value products. And in doing so building a vibrant community focused around navigating this shift.
Upcoming PlaybookRTs on AI/ML
6-Oct (Chennai) 10 am – 1 pm – MiniRoundTable on WhyAI for B2B SaaS – Shrikanth Jagannathan, PipeCandy Inc 18-Oct (Bangalore) 6 pm – 8 pm – MiniRoundTable with Dr Viral Shah on AI/ML Tools & discuss your ML/DeepLearning challenges 27-Oct (Delhi/Gurgaon) 2 pm – 6 pm – MiniRoundTable on WhyAI for B2B SaaS, Adarsh Natarajan, CEO & Founder – Aindra Systems TBD (Bangalore) – MiniRoundTable on WhyAI for B2B SaaS, (based on registered interest) TBD (Mumbai) – MiniRoundTable on WhyAI for B2B SaaS, (based on registered interest)
The AI+SaaS game has just begun and it is the right time for our hungry entrepreneurs to Aspire for the Gold, on a reasonable level playing field.
Please note: All iSPIRT playbooks are pro-bono, closed room, founder-level, invite-only sessions. The only thing we require is a strong commitment to attend all sessions completely and to come prepared, to be open to learning & unlearning, and to share your context within a trusted environment. All key learnings are public goods & the sessions are governed by the Chatham House Rule.
On behalf of iSPIRT, Sanjay Jain recently published an opinion piece regarding the recent supreme court judgement on the validity of Aadhaar. In there, we stated that section 57 had been struck down, but that should still allow some usage of Aadhaar by the private sector. iSPIRT received feedback that this reading may have been incorrect and that private sector usage would not be allowed, even on a voluntary basis. So, we dug deeper, and analyzed the judgement once again, this time trying to disprove Sanjay’s earlier statement. So, here is an update:
Section 57 of the Aadhaar act has NOT been struck down!
Given the length of the judgement, our first reading – much like everyone else’s was driven by the judge’s statement and confirmed by quickly parsing the lengthy judgement. But in this careful reanalysis, we reread the majority judgement at leisure and drilled down into the language of the operative parts around Section 57. Where ambiguities still remain, we relied on the discussions leading up to the operative conclusions. Further, to recheck our conclusions, we look at some of the other operative clauses not related to Section 57. We tested our inference against everything else that has been said and we looked for inconsistencies in our reasoning. Having done this, we are confident in our assertion that the judges did not mean to completely blockade the use of Aadhaar by private parties, but merely enforce better guardrails for the protection of user privacy. Let’s begin!
Revisiting Section 57
Here is the original text of section 57 of the Aadhaar Act
Nothing contained in this Act shall prevent the use of Aadhaar number for establishing the identity of an individual for any purposea purpose backed by law, whether by the State or any body corporate or person, pursuant to any law, for the time being in force, or any contract to this effect:
Provided that the use of Aadhaar number under this section shall be subject to the procedure and obligations under section 8 and Chapter VI.
Now, let us simply read through the operating part of the order with reference to Section 57, ie. on page 560. This is a part of paragraph 447 (4) (h). The judges broke this into 3 sections, and mandated changes:
‘for any purpose’ to be read down to a purpose backed by law.
‘any contract’ is not permissible.
‘any body corporate or person’ – this part is struck down.
Applying these changes to the section, we get:
Nothing contained in this Act shall prevent the use of Aadhaar number for establishing the identity of an individual for any purposea purpose backed by law, whether by the State or any body corporate or person, pursuant to any law, for the time being in force, or any contract to this effect:
Provided that the use of Aadhaar number under this section shall be subject to the procedure and obligations under section 8 and Chapter VI.
Cleaning this up, we get:
Nothing contained in this Act shall prevent the use of Aadhaar number for establishing the identity of an individual pursuant to any law, for the time being in force:
Provided that the use of Aadhaar number under this section shall be subject to the procedure and obligations under section 8 and Chapter VI.
It is our opinion that this judgement does not completely invalidate the use of Aadhaar by private players, but rather, specifically strikes down the use for “any purpose [..] by any body corporate or person [..] (under force of) any contract”. That is, it requires the use of Aadhaar be purpose-limited, legally-backed (to give user rights & protections over their data) and privacy-protecting. As an exercise, we took the most conservative interpretation – “all private use is struck down in any form whatsoever” – and reread the entire judgement to look for clues that support this conservative view.
Instead, we found that such an extreme view is inconsistent with multiple other statements made by the judges. As an example, earlier discussions of Section 57 in the order (paragraphs 355 to 367). The conclusion there – paragraph 367 states:
The respondents may be right in their explanation that it is only an enabling provision which entitles Aadhaar number holder to take the help of Aadhaar for the purpose of establishing his/her identity. If such a person voluntary wants to offer Aadhaar card as a proof of his/her identity, there may not be a problem.
Some pointed out that this is simply a discussion and not an operative clause of the judgement. But even in the operative clauses where the linking of Aadhaar numbers with bank accounts and telecom companies is discussed, no reference was made to Section 57 and the use of Aadhaar by private banks and telcos.
The court could have simply struck down the linking specifically because most banks and telcos are private companies. Instead, they applied their mind to the orders which directed the linking as mandatory. This further points to the idea that the court does not rule out the use of Aadhaar by private players, it simply provides stricter specifications on when and how to use it.
What private players should do today
In our previous post, we had advised private companies to relook at their use of Aadhaar, and ensure that they provide choice to all users, so that they can use an appropriate identity, and also build in better exception handling procedures for all kinds of failures (including biometric failures).
Now, in addition to our previous advice, we would like to expand the advice to ask that each company look at how their specific use case draws from the respective acts, rules, regulations and procedural guidelines to ensure that these meet the tests used by this judgement. That is, they contain adequate justification and sufficient protections for the privacy of their users.
For instance, banks have been using Aadhaar eKyc to open a bank account, Aadhaar authentication to allow operation of the bank accounts, and using the Aadhaar number as a payment address to receive DBT benefits. Each of these will have to be looked at how they derive from the RBI Act and the regulations that enable these use cases.
These reviews will benefit from the following paragraphs in the judgement.
The judgement confirmed that the data collected by Aadhaar is minimal and is required to establish one’s identity.
Paragraph 193 (and repeated in other paras):
Demographic information, both mandatory and optional, and photographs does not raise a reasonable expectation of privacy under Article 21 unless under special circumstances such as juveniles in conflict of law or a rape victim’s identity. Today, all global ID cards contain photographs for identification alongwith address, date of birth, gender etc. The demographic information is readily provided by individuals globally for disclosing identity while relating with others and while seeking benefits whether provided by government or by private entities, be it registration for citizenship, elections, passports, marriage or enrolment in educational institutions …
The judgement has a lot to say in terms of what the privacy tests should be, but we would like to highlight two of those paragraphs here.
Paragraph 260:
Before we proceed to analyse the respective submissions, it has also to be kept in mind that all matters pertaining to an individual do not qualify as being an inherent part of right to privacy. Only those matters over which there would be a reasonable expectation of privacy are protected by Article 21…
Paragraph 289:
‘Reasonable Expectation’ involves two aspects. First, the individual or individuals claiming a right to privacy must establish that their claim involves a concern about some harm likely to be inflicted upon them on account of the alleged act. This concern ‘should be real and not imaginary or speculative’. Secondly, ‘the concern should not be flimsy or trivial’. It should be a reasonable concern…
Hence, the privacy risk in these use cases must be evaluated in terms of the data in the use case itself, as well as in relation to biometrics, and the Aadhaar number in the context of the user’s expectations, and real risks. Businesses must evaluate their products, and services – particularly those which use Aadhaar for privacy risks. It is helpful that the UIDAI has provided multiple means of mitigating risks, in the form of Registered Devices, Virtual Ids, Tokenization, QR Codes on eAadhaar, etc. which must be used for this purpose.
What private players should do tomorrow
In the future, the data protection bill will require a data protection impact assessment before deploying large scale systems. It is useful for businesses to bring in privacy and data protection assessments early in their development processes since it will help them better protect their users, and reduce potential liability.
This is a useful model, and we would hope that, in light of the Supreme Court judgement, the Government will introduce a similar privacy impact review, and provide a mechanism to regulate the use of Aadhaar for those use cases, where there are adequate controls to protect the privacy of the users and to prevent privacy harms. Use cases, and an audit/enforcement mechanism matter more than whether the entity is the state, a public sector organization, or a private sector organization.
Note: This is in continuation of Sanjay Jain’s previous op-ed in the Economic Times which is available here and same version on the iSPIRT blog here.
The writer is currently Partner, Bharat Innovation Fund, and Chief Innovation Officer at the Centre for Innovation, Incubation and Entrepreneurship, IIM Ahmedabad. As a volunteer at iSPIRT, he helped define many of the APIs of the India Stack. He was the Chief Product Manager of UIDAI till 2012
Data protection and privacy have been a topic of hot debates and discussion in recent times in India. It had become extremely important as India is progressing to a be a “Digital economy” to address this issues relating to the use of personal data.
iSPIRT has been in forefront of developing Consent Framework and called as Data Protection & Empowerment Architecture (DEPA). The Account Aggregator Policy of RBI revolves around this consent architecture.
Whereas the bill is of interest to almost all the sectors of the economy, it is extremely important for businesses in Information Technology sector and especially in Software product Industry to understand the law as it is seeded and further as it evolves.
The bill has many aspects to it in the legal framework. It is not possible to cover the entire understanding of the bill in one blog. We have attempted to cover some salient features that may be important for the Software Product Industry as well as how it contacts with the techno-legal aspects of DEPA as it stands in financial sector, perhaps to be replicated in other important sectors of the economy.
This blog is again posted in a Question and answer format both as a video and as a transcript of the video. You can use the one you like.
Questions have been asked by iSPIRT volunteer and Policy expert Mr Sudhir Singh and answered by Supratim Chakraborty (Data Privacy and Protection expert from Khaitan & Co.) and Siddharth Shetty (leading the DEPA initiative at iSPIRT).
What are the most important aspects of the bill?
Supratim answered, “What we have seen is through this draft bill, there is an attempt to establish the relationship of trust between the data subject and data controller. The nomenclature has been changed in this bill and It is data fiduciary and data principles. It puts a lot of onus on the data fiduciary to take care of data care protection.”
“There are several important aspects of the bill that needs attention such as localisation of data, cross-border transfer and also some other aspects such as privacy by design, transparency requirement, security safeguard, breach notification, grievance redressal mechanism, the requirement of Data protection officer, record keeping requirements”, as elaborated Supratim.
Is there some restriction on data fiduciary? Is the state exempted?
Supratim said, “this bill is equally applicable to private parties and the Government unlike earlier provisions of section 43A and 72A of IT ACT. 43A will be scrapped after this bill comes into existence. There has been a lot of debate on this aspect of bringing Govt. under the purview of the law.”
Is right to be forgotten covered in a similar way as GDPR?
Supratim explained, “Our Govt. has looked at this in a more business-friendly way by covering the right to be forgotten by provisioning that any further dissemination of data should be stopped, once the data principal chooses to withdraw the consent or ask for the right to be forgotten.”
He described four governing aspect that explains how to determine the aspect of keeping Data local, as described below.
You could have certain pockets of personal data that can be transferred outside.
There could be certain pockets of data that could be transferred outside but a serving copy of the data has to be within the country
The third category is sensitive personal data ambit of sensitive personal data which has been widened considerably compared to what we saw under the 43A of IT ACT. For this, if sent out of
The fourth category is data that cannot be sent outside country at all.
“On Cross border transfer of data in addition to ‘consent’ there has to be standard contractual clauses (approved/prescribed by authority) or the transfer to a jurisdictions is approved by the central government”, he further explained.
What is the Data Protection Authority?
Supratim answered, “In the draft bill this seems to be all encompassing all powerful authority from rulemaking to advisory to enforcement. Therefore it is important to see how this really shapes up. In “IT Act”, section 43 A and 72A were largely there to cover the aspects of data privacy but enforcement and implementation.”
What are other important aspects to consider?
“There are many aspects but let us touch upon two given below”, said Supratim.
One is the requirement of having notices in multiple languages, which is not a very hard obligation the way it has been put. But in a country like India for say an e-commerce platform imaging the cost that one has to incur for putting multiple language notices. Also, we need to see are we able to really address the point of informed consent through this, because you also have a section of people who may be illiterates. Justice Srikrishna report suggest that we should have short videos or graphical representation which make it very easy for someone to understand the critical aspects of privacy.
Another important aspect is applicability of the law. This law is applicable to all processing that is happening in India and also to foreign bodies. Section 2(2) talks about applicability to foreign bodies, the first part says that “in connection with any business carried out in India”. This means a global platform that is accessible from India has to have the entire requirement of this law.
Are we going in direction of GDPR?
Supratim answered, “Whereas we are trying to follow the Gold standard and many countries are trying to follow the path set by GDPR, India is quite different country and we are not following everything the way it is in GDPR, we have to be mindful of our requirements. But the idea is slowly and surely reach a zone where we can have our laws quite akin to laws of matured jurisdictions.”
How does Bill address iSPIRT DEPA initiative?
Siddharth, sees this draft bill as a unique India first approach. He feels that apart from addressing privacy and data protection aspects it empowers Indians on having control on the use of their data for better financial services, better health services, education etc.
Siddharth goes on to explain that at iSPIRT for past 3-4 years we have been working at Consent layer of IndiaStack or Consent framework and it is great to see that bedrock of draft bill is actually based on consent and in that way it is somewhat similar to GDPR. But, one of the biggest problem they are facing in EU today is it is very difficult to operationalise consent. It is for the first time India has a unique infrastructure to operationalise consent.
“DEPA is nothing but a set of two tools that helps to operationalise consent, explains Siddharth.
One is known as Digital Locker system which allows to the federated exchange of data and second is known as electronic data consent, which is nothing but an electronic representation of user Consent.
“This means, if you want to share or allow your data from some provider to say another consumer, then you must be able to express what date you want to share with whom for what time period in some codified manner. This codified information or consent is known as consent artefact”, says Siddharth further.
As explained by Siddharth, the ‘consent artefact’ became a national standard in 2016 adopted by four financial sector regulator RBI, PFRDA, IRDA and SEBI and they adopted it for their entire eco-system.
Based on consent artefact every individual has an access to financial data and has a mechanism to share that data to gain access to a loan or any other services provider. This has been through an institutional mechanism called Account aggregator.
Siddharth further elaborated that, “the ‘Account aggregator’ (AA) is a class of entities known as data access fiduciaries. The AA unlike other parts of world decouples the institution that collecting consent from an institution that either consuming data or providing data. In EU e.g. as per of PSP2 directive the account information service provider which consumes data is also responsible for collecting the data.”
In India, 3 AA have been approved. Technical standard drafts are also out for ecosystem. And through AA you actually have an entity that’s working toward creating an informed consent experience. Going forward just like UPI you receive your consent for a payment, through AA you will have an entity that helps you provide and control consent. Based on Financial sector we have proposed a similar concept to TRAI for the telecom sector and health sector to NITI Ayog.
Has the AA concept been addressed in the bill?
Siddharth explains further, “The bill makes bedrock of most processing of data based on consent. AA model is nothing but your consent collector or Consent manager. Every data principle they have outlined right to confirmation and access, right to correction, most importantly the right to data portability. As a data principle from data fiduciary, you have the right to request and port machine structured non-reputable transaction history or any other user-generated data to other service providers. AA is nothing but a framework to operationalise this right.”
He further explained that in the report preceding the bill, they talk about a concept consent dashboard. AA is nothing but a consent dashboard. They had 2 tech innovation consent dashboard and data dashboard. You can log consent flows and data flows.
Will, there be consent dashboards concept like AA in other sectors also or will there be one single point authority under DPA?
Siddharth, “it would be a combination of both. If you see the draft bill, it allows sectoral regulators to write rules. For data the falls under private data sets category such as data pertaining to social media etc, DPA would prescribe an standard.”
The report talks about that dashboard can be maintained by each data fiduciary or it can be a common dashboard that everyone else agrees and follows. If you look at the account aggregator dashboard it is a common dashboard for the entire financial sector. But for social media companies can follow their won dashboards.
For any Software product companies that does not lie in any of the regulated sector can create their own consent dashboards, where the user can come see their dashboard correct their data, port the data, manage their consent.
Unlike the IT act, this regulation will have a direct bearing on any businesses processing data irrespective of being in a Software product or other domain. And hence there is a need to be attentive. How right is this aspect?
“Yes, the ambit increases quite a bit. Wherever there is sensitive personal data interface involved, the level of compliance requirement has gone up several times. In the IT Act, there was a mention of personal data in section 72A. The present draft bill does not talk about the deletion of 72A. The draft bill have a parallel mechanism set out in the IT Act”, mentioned Supratim.
Siddharth, “it is just not limited to compliance, this law unlocks the whole host of business models around data sharing around consented data sharing that you haven’t yet seen in any other country and it will be really interesting to space to see what companies get a build out there.”
Question from Participants.
What is the definition of data processing? Or what is the differentiation between Data Storage and Data Processing. E.g. if you are an email service provider, is it Data Storage or Data Processing? (asked by Chintan)
Supratim answered, “definition of data processing is extremely wide enough to make businesses fall in to ‘data processing category’ without being a processor.”
What is the timeline? (Asked by Chintan)
MeitY has asked for public comments by 10th of September on the draft bill, thereafter it will be presented to parliament and after promulgation, there will be more work in framing Authority, the rules by DPA etc. The law is not expected to be in implementable form only after 18 Months or so, minimum.
What happens to the Existing customer? Do we go back to them and get their consent? (Karthik)
Supratim answered, “whilst the it is not a retrospective legislation, if you continue processing without taking consent, you will fall foul of the requirement of law.”
Are there any fines defined here? (Karthik)
Yes, it has been taken care. Just like other aspects the draft bill he highly inspired by GDPR on this aspect also. We have 4% and 2% of annual turnover. There are 2 buckets 4% and 15 Cr and other is 2% and 5 Crore.
Do we need to appoint an DPO?
“There is a segregation which has been made of has significant Data Fiduciary under certain conditions will have to have DPO. Also, this law has an immense amount of significant rulemaking power, answered Supratim.
Hence, it will be seen in future how rules are framed by Authority. So, it has to be seen how business friendly the authority remains in rulemaking e.g. section 43A in IT ACT gave rule making power to define what is sensitive data and information and set out what is reasonable practices and procedure. In the rule made in future, we saw a plethora of requirements set out, over legislated and sometimes badly drafted.
The rules will go through an evolutionary cycle. Hence, the legislation has to be tested over a period of time as it unfolds, after crystallisation of this draft promulgation by parliament in to an ACT and rules being made after that on different aspects.
Disclaimer
PolicyHacks, and publications thereunder, are intended to provide a very basic understanding of legal/policy issues that impact Software Product Industry and the startups in the eco-system.
PolicyHacks, therefore, do not necessarily set out views of subject matter experts, and should under no circumstances be substituted for legal advice, which, of course, requires a detailed analysis of the relevant fact situation and applicable laws by experts in the subject matter on the case to case basis.
If you are facing an issue, we recommend you take expert professional advice on the case to case basis.
We intend to provide the best transcripts in the text part of the blog. However, it may not be an exact replica and maybe approximation, more standardised, normalised or moderated version of the expert view presented in the video.
The government of India had announced a Preferred Market Access (PMA) policy for Cyber Security products through an order notifying the Public Procurement (Preference to Make in India).
MeitY shall be the nodal Ministry to monitor and administer this PMA policy.
iSPIRT has been pursuing with MietY, application of PMA for all Indian Software Products to promote the Indian Software product industry and it is heartening to note that at least one important sub-sector of Cybersecurity has caught the Government’s attention.
iSPIRT organised a PolicyHacks session to understand this policy announcement with Ashish Tandon Founder & CEO of Indusface and Mohan Gandhi of Entersoftsecurity.
You can watch the discussion with Ashish and Mohan at below given YouTube video, in a question and answer format with Sudhir Singh.
What are the essential features of this Policy?
Ashish described the main features stating that this is a policy that is going to help boost Cybersecurity products in India. Govt. of India identified areas that require boosting ‘make in India’ products for the sensitive areas of cybersecurity.
Is there a way product companies can register or Government is going to keep a registry of ‘made in India’ products?
Ashish explains the policy has provided for the formation of a committee that will further provide for a process for empanelment of Indian Cybersecurity products and Indian Cybersecurity product companies with some defined key aspects that would qualify for empanelment.
Ashish further explained that as the empanelment aspects are decided there may also come up with a process for testing and meeting standards and quality norms etc.
Are there are enough product companies in ‘Cyber Security’ space for empanelment?
Mohan Gandhi answered that there are several product companies, but this policy should further strengthen the ‘make in India’ aspect and companies based out of India with deep tech product can look at getting this advantage of this policy.
Whether the Policy will be applicable to “productized services”?
Ashish answered, that this policy is applicable to the only product and at best give preference to made in India products in turnkey projects wherein a large project cybersecurity product is involved.
How will this policy help Start-up companies in Indian Market?
Mohan mentioned, that one interesting thing about this policy is that, it clearly talks about intellectual property. There is a need to register and prove that the IP belongs to India. It will encourage small companies to register the IP and leverage the Indian IP even when they are selling abroad.
Is there enough clarity exist on process and enplanement etc.?
Ashish feels the policy has already prescribed setting up of an empowered committee who will look at these aspects and it is MeitY that will be responsible for doing this.
Ashish further also elaborated that this Policy will get further push once some companies start getting empanelled and processes and rules are framed under MeitY by the empowered committee.
In concluding remarks, both Ashish and Mohan felt that Cybersecurity ecosystem will get a boost by this policy as the policy is furthering the cause by advising Government departments for preferring Indian products. With Digital economy on anvil, there should be a huge demand in Government and Public sector enterprises for cybersecurity. Cybersecurity product market is today dominated by players from the US, Europe and Israel.
The policy has to be pushed hard to further encourage and coupled with StartupIndia policy, there should be all-out effort to promote the Indian Cybersecurity product companies.
iSPIRT volunteers are strivers. We seek the good for our nation and our ecosystem. We brainstorm, ideate, experiment, build, and evangelize to fulfill our mission of making India a Product Nation. Every volunteer draws us into an ever-enlarging realm of intellectual possibilities and purposeful engagements.
Take Nikhil Kumar for instance. He stepped up almost two years ago to evangelize UPI and handhold its early adopters. He set out to create winning implementations that would put traditional payment systems to shame. Needless to say, this wasn’t an easy thing to do. There was no template to follow. And, most didn’t believe in the potential of this new breakthrough payment system. But this didn’t faze Nikhil. He had chosen his adventure inside iSPIRT and nothing could hold him back.
Today, UPI is a success story. However, that’s not the full story.
Nikhil showed us how to stay cool under fire, to foster affinity, and skillfully navigate diverse opinions amongst many stakeholders. His all-hands-on-deck work ethic came with an ability to take decisive action when the situation demanded it. He showed that a young volunteer can be a visionary with big plans and the capacity to bring them to life. He has set an example for all of us on how to pay-forward and serve a cause bigger than all of us. All this makes him an iSPIRT Volunteer Hero.
From tomorrow, Nikhil is shifting gears. He is stepping away from being a volunteer-in-residence. He is taking a few months break. After that, he plans to create a startup. This is great news for iSPIRT. While our India Stack and other technology public platforms create possibilities, it is the products and services that create value. We need all elements of a healthy society – sarkar, samaj, bazaar – to come together to solve population scale problems sustainably. So, we wish him all the very best in this new pursuit of excellence.
All shifts require an adjustment. While Nikhil will remain a part-time iSPIRT volunteer working on WANI, he will no longer be the iSPIRT voice on payments for media, policymakers, startups and financial institutions.
Nikhil’s lasting legacy is that he opened up iSPIRT volunteering for talented youngsters under-30s. Today we have more than a dozen young power volunteers. He has helped all of us see the particular gifts that these young volunteers bring to the cause. His spirit will live on!
By Sharad Sharma, Pramod Varma and Sanjay Khan Nagra for Volunteer Fellow Council
Since SaaSx second edition, I have never missed a single edition of SaaSx. The 5th edition – SaaSx was recently held on the 7th of July, and the learnings and experiences were much different from the previous three that I had attended.
One primary topic this year was bootstrapping, and none other than Sridhar Vembu, the CEO and Founder of Zoho, was presenting. The session was extremely relevant and impactful, more so for us because we too are a bootstrapped organisation. Every two months of our 4.5 year-long bootstrapped journey, we have questioned ourselves on whether we have even got it right! If we should go ahead and raise funds. Sridhar’s session genuinely helped us know and understand our answers.
However, as I delved deeper, I realised that the bigger picture that Sridhar was making us aware of was the entrepreneurial journey of self-discovery. His session was an earnest attempt to promote deep thinking and self-reflection amongst all of us. He questioned basic assumptions and systematically dismantled the traditional notions around entrepreneurship. Using Zoho as an example, he showed how thinking from first principles helped them become successful as a global SaaS leader.
What is it that drives an entrepreneur? Is it the pursuit of materialistic goals or the passion to achieve a bigger purpose? The first step is to have this clarity in mind, as this can be critical in defining the direction your business would take. Through these questions, Sridhar showed that business decisions are not just driven by external factors but by internal as well.
For example, why should you chase high growth numbers? As per him, the first step to bootstrapping is survival. The top 5 goals for any startup should be Survive, Survive, Survive, Survive, Survive. Survival is enough. Keep your costs low and make sure all your bills are paid on time. Cut your burn rate to the lowest. Zoho created 3 lines of business. The current SaaS software is their 3rd. They created these lines during their journey of survival and making ends meet.
Why go after a hot segment (with immense competition) instead of a niche one? If it’s hot, avoid it i.e. if a market segment is hot or expected to be hot, it will be heavily funded. It will most likely be difficult to compete as a bootstrapped organisation and is henceforth avoidable. Zoho released Zoho docs in 2007, but soon as he realized that Google and Microsoft had entered the space, he reoriented the vision of Zoho to stay focused on business productivity applications. Zoho docs continues to add value to Zoho One, but the prime focus is on Applications from HR, Finance, Support, Sales & Marketing and Project Management. Bootstrapping works best if you find a niche, but not so small that it hardly exists. You will hardly have cut throat competition in the niche market and will be able to compete even without heavy funding.
Most SaaS companies raise funds for customer acquisition. Even as a bootstrapped company customer acquisition is important. As you don’t have the money, you will need to optimise your marketing spend. Try and find a cheaper channel first and use these as your primary channel of acquisition. Once you have revenue from the these channels, you can start investing in the more expensive one. By this time you will also have data on your life time value and will be able to take better decisions.
Similarly, why base yourself out of a tier 1 city instead of tier 2 cities (with talent abound)? You don’t need to be in a Bangalore, Pune, or a Mumbai to build a successful product. According to Sridhar, if he wanted to start again, he would go to a smaller city like Raipur. Being in an expensive location will ends up burning your ‘meager monies’ faster. This doesn’t mean that being in the top IT cities of India is bad for your business, but if your team is located in one of the smaller cities, do not worry. You can still make it your competitive advantage.
Self-discipline is of utmost importance for a bootstrapped company. In fact, to bootstrap successfully, you need to ensure self-discipline in spends, team management, customer follow-ups, etc. While bootstrapping can demand frugality and self-discipline, the supply of money from your VC has the potential to destroy the most staunchly disciplined entrepreneurs as well. Watch out!
And last but not the least – It takes time to build something successful. It took Zoho 20 years to make it look like an overnight success.
As a first time attendee of iSPIRT‘s annual SaaSx conference, I didn’t know what to expect as we drove along the western coast of India towards Mahabalipuram – the venue for SaaSx5. From all the chatter around the event on Twitter, it looked like the who’s who of SaaS leaders in India were attending. Upon arrival, I took my seat with my colleague and looked around. There were only about 100 people in the room, very different from most conferences I’d attended in the past – a lot more exclusive, and a melting pot of SaaS founders building a diverse set of products. It had all the markings of an inspiring day, and it did not disappoint.
Starting with a keynote from the estimable founder of Zoho, Sridhar Vembu, the day was packed with talks and discussions focused on growing one’s SaaS company in the current technology landscape, primarily led by founders of notable SaaS companies of the country. One such event was an unconference on “Setting up and Scaling Sales across Segments and Geographies”, led by Ashwin Ramasamy from PipeCandy.
Picture this: about 80 founders seated in a room, circled around Ashwin who was leading the conversation about setting up and scaling your sales team. Since the flat organizational hierarchy at SignEasy, and the culture of openness at the company provide me with a wonderful vantage point of all functions across our company, including sales, I was eager to listen to the different perspectives that the founders brought to the table. At the start of the discussion, Ashwin graciously asked the audience for talking points they’d like covered, and the discussion began. A plethora of topics were discussed, starting from the very definition of inside sales, leading up to when and why to deploy an inside-sales team. Hiring and putting together the right sales team, including whether it should be in-house or outsourced, was another hot topic of debate with many founders offering their own experiences and perceptions.
The conversation then steered towards outbound sales and the mechanics and economics of that, which contributed to some of the biggest takeaways for me – things that cannot be found in a book and are only learned through experience.
The success rate of outbound sales peaks at 2%, as opposed to the 40-50% success rate you come to expect with inbound sales. This was an interesting insight, as it’s easy to assume your outbound effort is underperforming when it could actually be doing quite well. Also, you should use the interest you’re receiving through the inbound channel to refine your outbound strategy – your inbound interests are a goldmine of information on the kind of industries, company sizes, and job functions your potential customers represent. At SignEasy, we are constantly honing our outbound target by capturing as much information as possible from our inbound requests.
Further, the efficacy of your outbound sales effort is a direct function of the maturity of the market you’re in – for a saturated market with tens of other competitors, outbound usually fails to make a mark because it’s difficult to grab a potential customer’s attention. This is a great rule of thumb to decide if outbound is for you, depending on the market your product serves.
Outbound sales also requires dedicated effort rather than a ‘spray and pray approach’ – a minimum 6-month commitment is crucial to the success of your outbound strategy. Founders should be deeply involved in this initial effort, sending out 500 emails a day for at least 3 months, and tweaking and iterating through them as they get to the most effective email. It’s also important to dedicate yourself to a channel when experimenting, but also experiment and exhaust numerous channels over time to zero in on the most effective ones.
The value of this discussion, and indeed the day, was best expressed by the ferocity with which my colleague and I took notes and wrote down every piece of advice that was being dropped around the room. Being product leads of the SMB business and mobile products respectively, Phalgun and I were amazed at how much we could relate to each point being discussed, having been through and living the journey first-hand ourselves at SignEasy.
SaaSx5 was nothing short of inspiring, and we emerged from it feeling uber-optimistic about SaaS in India, and what the future holds
2 days to go for #SaaSx5 and we are reaching our limits for this year. I had missed a few folks in the first batch of 50 announced, so including them along with the next 20+ (in no particular order).
For people who are have attended earlier SaaSx I don’t need to tell this, but for all those who are attending the event for the first time – SaaSx is an informal event for knowledge sharing by SaaSprenuers for SaaSprenuers. This is why we have it on the beach for the last 3 years. 🙂
If you don’t know what this is about, SaaSx5, iSPIRT Foundation flagship event for software entrepreneurs of India, is being held in Chennai on 7, July 2018 (Saturday). SaaSx has been instrumental in shaping Global Software from India in the last 3 years. This year the theme is to help SaaS entrepreneurs setup for growth over the next 1-2 years.
So the first 50 confirmed list #SaaSx5 companies is here. It has been a slog for us going through all the applications we received, especially the initial drive to set extremely fair criteria and process. Listening to feedback from earlier SaaSx this year we decided to allow Founder and +1 (from their leadership team). Having a tag team we believe is extremely helpful to the founders in learning, assimilating and taking it back to their teams. This also meant that given the small limited space we had to be strict in our curation to ensure most SaaS product startups had an opportunity.
By the time this post goes live many other invites will have been sent and confirmed. We will continue to announce the companies finalized as we go along, so they can start preparing for the amazing sessions.
There are still spots, so if you have not registered or confirmed your invite (check your email), please do it quickly.
In no particular order, here are the first 50 (based on their confirmations).
Thanks to our many behind the scenes volunteers who have been tirelessly working on getting us this far and continuing on. Thanks to Chirantan & team from Software Suggest for crafting this post.
Here are concerns and curiosity about European Union General Data Protection Regime (GDPR) and there is a related issue in India being covered under Data Empowerment and Protection Architecture (DEPA) layer of India Stack being vigorously followed at iSPIRT.
iSPIRT organised a Policy Hacks session on these issues with Supratim Chakraborty (Data Privacy and Protection expert from Khaitan & Co.), Sanjay Khan Nagra (Core Volunteer at iSPIRT and M&A / corporate expert from Khaitan & Co) and Siddharth Shetty (Leading the DEPA initiative at iSPIRT).
Sanjay Khan interacted with both Siddharth and Supratim posing questions on behalf of Industry.
A video of the discussion is posted here below. Also, the main text of discussion is given below. We recommend to watch and listen to the video.
GDPR essentially is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU.
Since it affects all companies having any business to consumer/people/individual interface in European Union, it will be important to understand this legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU).
Supratim mentioned in the talk that GDPR is mentioned on following main principles.
Harmonize law across EU
Keep pace with technological changes happening
Free flow of information across EU territory
To give back control to Individual about their personal data
Siddharth explained DEPA initiative of iSPIRT. He mentioned that Data Protection is as important as Data empowerment. What this means is that individual has the ability to share personal data based on one’s choice to have access to services, such as financial services, healthcare etc. DEPA deal with consent layer of India Stack.
This will help service providers like account aggregators in building a digital economy with sufficient control of privacy concerns of the data. DEPA essentially is about building systems so that individual or consumer level individual is able to share data in a protected manner with service provider for specified use, specified time etc. In a sense, it addresses the concern of privacy with the use of a technology architecture.
DEPA is being pursued India and has nothing to do with EU or other countries at present.
Sanjay Khan poses a relevant question if GDPR is applicable even on merely having a website that is accessible of usable from EU?
Supratim explains, GDPR applicable, if there is involvement of personal data of the Data subjects in EU. Primarily GDPR gets triggered in three cases
You have an entity in EU,
You are providing Goods and services to EU data subjects whether paid for or not and
If you are tracking EU data subjects.
Many people come in the third category. The third category will especially apply to those websites where it is proved that EU is a target territory e.g. websites in one of the European languages, payment gateway integration to enable payments in EU currency etc.
What should one do?
Supratim, further explains that the important and toughest task is data management with respect to personal data. How it came? where all it is lying? where is it going? who can access? Once you understand this map, then it is easier to handle. For example, a mailing list may be built up based on business cards that one may have been collected in business conferences, but no one keeps a track of these sources of collections. By not being able to segregate data, one misses the opportunity of sending even legitimate mailers.
Is a data subject receives and gets annoyed with an obnoxious email in a ‘subject’ that has nothing do with the data subject, the sender of email may enter into the real problem.
Siddharth mentioned that some companies are providing product and services in EU through a local entity are shutting shops.
Supratim, mentions that taking a proper explicit and informed consent in case of email as mentioned GDPR is a much better way to handle. He emphasised the earlier point of Data mapping mentioned above, on a question by Sanjay khan. Data mapping, one has to define GDPR compliant policies.
EU data subjects have several rights, edit date, port data, erase data, restrict data etc. GDRP has to be practised with actually having these rights enabled and policies and processed rolled out around them. There is no one template of the GDPR compliant policies.
Data governance will become extremely important in GDPR context, added Siddharth. Supratim added that having a Data Protection officer or an EU representative may be required as we go along in future based upon the complexity of data and business needs.
Can it be enforced on companies sitting in India? In absence of treaties, it may not be directly enforceable on Indian companies. However, for companies having EU linkages, it may be a top-down effect if the controller of a company is sitting there.
Sanjay asked, how about companies having US presence and doing business in EU. Supratim’s answer was yes these are the companies sitting on the fence.
How about B2B interactions? Will official emails also be treated as personal? Supratim answers yes it may. Again it has to be backed by avenues where data was collected and legitimate use. Supratim further mentions that several aspects of the law are still evolving and idea at present is to take a conservative view.
Right now it is important to start the journey of complying with GDPR, and follow the earlier raised points of data mapping, start defining policy and processes and evolve. In due course, there will be more clarity. And if you are starting a journey to comply with GDPR, you will further be ready to comply with Indian privacy law and other global legal frameworks.
“There is no denying the fact that one should start working on GDPR”, said Sanjay. “Sooner the better”, added Supratim.
We will be covering more issues on Data Protection and Privacy law in near future.
Author note and Disclaimer: PolicyHacks, and publications thereunder, are intended to provide a very basic understanding of legal/policy issues that impact Software Product Industry and the startups in the eco-system. PolicyHacks, therefore, do not necessarily set out views of subject matter experts, and should under no circumstances be substituted for legal advice, which, of course, requires a detailed analysis of the relevant fact situation and applicable laws by experts in the subject matter on the case to case basis.
Taking a line from the popular Brown Bear children’s book, I believe that our SaaS startups have a real opportunity to leverage some leading shifts in the global SaaS evolution. While there are many areas of change – and none less worthy than the other – I am highlighting 3 shifts for SaaS (tl;dr) which our entrepreneurs can actually work with and help change their orbit:
Market shifts with AI/ML for SaaS to build meaningful product & business differentiation,
Platform Products shift to transform into a multi-product success strategy,
Leveraging Partnerships for strategic growth and value co-creation.
Some background
I joined iSPIRT with a goal to help our community build great global products. I believed (and still do) that many entrepreneurs struggle with the basics of identifying a strong value proposition and build a well thought out product. They need strong support from the community to develop a solid product mindset & culture. My intent was to activate a product thinkers community and program leveraging our lean forward playbooks model.
I had several conversations with community members & mavens on playbooks outcomes and iterating our playbook roundtables for better product thinking. I realized that driving basic product thinking principles required very frequent and deeper engagement with startups. But our playbooks approach model – working in a distributed volunteer/maven driven model – is not set up to activate such an outcome. Through our playbooks model, our mavens had helped startups assimilate best practices on topics like Desk Sales & Marketing, something that was not well understood some years back. This was not a basic topic. The power of our playbook RTs was in bringing the spotlight on gaps & challenges that were underserved but yet highly impactful.
As a product person, I played with how to position our playbooks for our entrepreneur program. I believe our playbooks have always been graduate-level programs and our entrepreneurs are students with an active interest to go deep with these playbooks, build on their basic undergraduate entrepreneurship knowledge, and reach higher levels of growth.
The product thinking and other entrepreneurial skills are still extremely relevant, and I am comforted by the fact that there are many community partners from accelerators like Upekkha to conclaves like NPC and event-workshop formats like ProductGeeks which are investing efforts to build solid product thinking & growth skills.
As the SaaS eco-system evolves, and as previous graduate topics like desk sales & marketing are better understood, we need to build new graduate-level programs which address critical & impactful market gaps but are underserved. We need to help startups with meaningful & rapid orbit shifts over the next 2-3 years.
Discovering 3 Shifts for SaaS
Having come to this understanding I began to explore where our playbooks could continue to be a vibrant graduate-level program and replicate our success from the earlier playbooks. Similar to an entrepreneur’s journey, these three shifts became transparent through the many interactions and explorations of SaaS entrepreneurs.
Market Shift with AI/ML for SaaS
There is no doubt that AI is a tectonic shift. The convergence of big data availability, maturity of algorithms, and affordable cloud AI/ML platforms, has made it easy for SaaS startups to leverage AI/ML. During a chance roundtable learning session on Julia with Dr. Viral Shah & Prof Alan Edelman, it was clear that many entrepreneurs – head down into their growth challenges – were not aware of the realities behind the AI hype. Some thought AI/ML should be explored by their tech team, others felt it required a lot of effort & resources. The real challenge, however, is to discover & develop a significantly higher order AI-enabled value to customers than was feasible 2 years ago. While AI is a technology-driven shift, the implications for finding the right product value and business model are even greater.
As I explored the AI trend I saw a pattern of “gold rush” – build a small feature with rudimentary AI, market your product as an AI product… – making early claims with small changes which do not move the needle. It became clear that a step-by-step pragmatic thinking by our SaaS startups was required to build an AI-based leapfrog value proposition. This could help bring our startups to be at “par” and potentially even leap ahead of our global brethren. Here was an opportunity to create a level playing field, to compete with global players and incumbents alike.
To validate my observations, I did quick small research on SaaS companies outside of India on their approach with AI. I found quite a few startups where AI was already being leveraged intrinsically and others who were still trying to make sense. Investments varied from blogging about the AI trend, branding one as a thought leader, to actually building and delivering a strongly differentiated product proposition. E.g.:
There are no successes, yet! Our startups like Eka, Wingify, FreshWorks, WebEngage… have all been experimenting with AI/ML, stumbling and picking themselves up to build & deliver a higher level of value. Some others are setting up an internal playground to explore & experiment. And many others are waiting on the shore unsure of how to board the AI ship.
How do we enable our companies to create new AI playgrounds to analyze, surface, validate and develop higher order customer values & efficiencies? To chart a fruitful journey with AI/ML there are many challenges that need to be solved. And doing it as a group running together has a better chance of success.
The AI+SaaS game has just begun and it is the right time for our hungry entrepreneurs to Aspire for the Gold on a reasonable level playing field.
Shift to Platform Products
As market needs change, the product needs a transform. As new target segments get added different/new product assumptions come into play. In both these scenarios existing products begin to age rapidly and it becomes important for startups to re-invent their product offerings. To deal with such changes startups must experiment and iterate with agility. They require support from a base “internal” platform to allow them to transform from a single product success strategy to scaling with multiple products strategy.
This “internal” base platform – an infrastructure & layout of technology components to interconnect data & horizontal functional layers – would help to build & support multiple business specific problem-solution products (vertical logics). The products created on such a platform provide both independent as well as a combined value proposition for the customers.
Many startups (Zendesk, Freshdesk, Eka, WebEngage…) have undertaken the painful approach of factoring an internal platform to transform their strategy & opportunity. Zoho has been constantly reinventing itself and launching new products on a common platform, some of which are upending incumbent rivals in a very short period of time. WebEngage transformed itself from a “tool” into an open platform product.
“As the dependency on our software grew, customers needed more flexibility to be able to use their data to solve a wide range of business problems…significant difference in the way we build products now. We have unlocked a lot of value by converting ourselves into an open platform and enabling customer data to flow seamlessly across many products.” – Avlesh Singh, WebEngage
The effort to build an internal platform appropriately architected to support growing business needs (many yet unknown) is non-trivial and requires a platform thinking mindset for increased business development. It must be architected to allow rapid co-creation of new & unique product values in collaboration with external or market platforms. This can help the startup be a formidable player in the growing “platform economy”.
Leveraging Potential Strategic Partnerships
A strategic partner offers 2 benefits for startups. First is the obvious ability to supercharge the startup’s GTM strategy with effective distribution & scale. How does one make a strategic partnership? Pitching to a strategic partner is very different from pitching to a customer or investor. PSPs look for something that is working and where they can insert themselves and make the unit economics even better.
“I thought I knew my pitch and had the details at my fingertips. But then I started getting really valuable, thought-out feedback…I had to focus on pitching to partners, not customers.” – Pallav Nadhani, FusionCharts
The second leverage with a partner is the ability to innovate in the overlap of the partner’s products & offerings and the startup’s product values. A good partner is always looking for startups which can co-create a unique value proposition and impact an extremely large customer base.
“…we still have only three four percent market share when it comes to customers. So if we have to participate we have to recognize that we are not gonna be able to do it alone we’re going to have to have a strategy to reach out to the entire marketplace and have a proposition for the entire marketplace…you need to (do it) through partnerships.” – Shikha Sharma, MD Axis Bank
Both these partnership intents if nurtured well can bring deep meaningful relationship which can further transcend scale into a more permanent model (investment, M&A…).
Working with the 3 Shifts of SaaS
While each shift is independent in its own importance, they are also inter-related. E.g. an internal platform can allow a startup to co-create with a partner more effectively. Partners are always interested in differentiated leading-edge values such as what is possible with leveraging AI/ML. Magic is created when a startup leverages an internal platform, to co-create a strong AI-enabled value, in the overlap & gap with potential strategic partners.
And that’s what I see
I see a vibrant eco-system of SaaS startups in India working on creating leading global products. Vibrancy built on top of the basic product thinking skills and catapulted into a new orbit by navigating the 3 shifts.
“Reading market shifts isn’t easy. Neither is making mindset shifts. Startups are made or unmade on their bets on market/mindset shifts. Like stock market bubbles, shifts are fully clear only in hindsight. At iSPIRT, we are working to help entrepreneurs navigate the many overlapping yet critical shifts.” – Sharad Sharma, iSPIRT
Through our roundtables, we have selected six startups as the first running group cohort for our AI/ML for SaaS playbooks (Acebot, Artoo, FusionCharts, InstaSafe, LegalDesk & SignEasy).
If you are hungry and ready to explore these uncharted shifts, we are bringing these new playbooks tracks for you.
Also, if you are interested in volunteering for our playbook tracks, we can really use your support! There is a lot to be done to structure and build the playbook tracks and the upcoming SaaSx5 for these shifts for SaaS. Please use the same form to indicate your support.
Ending this note with a sense of beginning, I believe that our startups have a real opportunity to lead instead of fast-follow, create originals instead of clones. They need help to do this as a running group instead of a solo contestant. It is with this mission – bring our startups at par on the global arena – that I am excited to support the ProductNation.
There is confusion about how iSPIRT engages with entrepreneurs. This post explains to our engagement model so that the expectations are clear. iSPIRT’s mission is to make India into a Product Nation. iSPIRT believes that startups are a critical catalyst in this mission. In-line with the mission, we help entrepreneurs navigate market and mindset shifts so that some of them can become trailblazers and category leaders.
Market Shifts
Some years back global mid-market business applications, delivered as SaaS, had to deal with the ubiquity of mobile. This shift upended the SaaS industry. Now, another such market shift is underway in global SaaS – with AI/ML being one factor in this evolution.
Similar shifts are happening in the India market too. UPI is shaking up the old payments market. JIO’s cheap bandwidth is shifting the digital entertainment landscape. And, India Stack is opening up Bharat (India-2) to digital financial products.
At iSPIRT, we try to help market players navigate these shifts through Bootcamps, Teardowns, Roundtables, and Cohorts (BTRC).
We know that reading market shifts isn’t easy. Like stock market bubbles, market shifts are fully clear only in hindsight. In the middle, there is an open question whether this is a valid market shift or not (similar to whether the stock market is in a bubble or not). There are strong opinions on both sides till the singularity moment happens. The singularity moment is usually someone going bust by failing to see the shift (e.g. Chillr going bust due to UPI) or becoming a trailblazer by leveraging the shift (e.g. PhonePe’s meteoric rise).
Startups are made or unmade on their bets on market shifts. Bill Gates’ epiphany that browser was a big market shift saved Microsoft. Netflix is what it is today on account of its proactive shift from ground to cloud. Closer home, Zoho has constantly reinvented itself.
Founders have a responsibility to catch the shifts. At iSPIRT, we have a strong opinion on some market shifts and work with the founders who embrace these shifts.
Creating Trailblazers through Winning Implementations
We are now tieing our BTRC work to specific market-shifts and mindset-shifts. We will only work with those startups that have a conviction about these market/mindset-shifts (i.e., they are not on the fence), are hungry (and are willing to exploit the shift to get ahead) and can apply what they have learned from iSPIRT Mavens to make better products.
Another change is that we will work with young or old, big or small startups. In the past, we worked with only startups in the “happy-confused” stage.
We are making these changes to improve outcomes. Over the last four years, our BTRC engagements have generated very high NPS (Net Promoter Scores) but many of our startups continue to struggle with their growth ceilings, be it an ARR threshold of $1M, $5M, $10M… or whether it is a scalable yet repeatable product-market fit.
What hasn’t changed is our bias for working with a few startups instead of many. Right from the beginning, iSPIRT’s Playbooks Pillar has been about making a deep impact on a few startups rather than a shallow impact on many. For instance, our first PNGrowth had 186 startups. They had been selected from 600+ that applied. In the end, we concluded that we needed even better curation. So, our PNGrowth#2 had only 50 startups.
The other thing that hasn’t changed is we remain blind to whether the startup is VC funded or bootstrapped. All we are looking for are startups that have the conviction about the market/mindset-shift, the hunger to make a difference and the inner capacity to apply what you learn. We want them to be trailblazers in the ecosystem.
Supported Market/Mindset Shifts
Presently we support 10 market/mindset-shifts. These are:
AI/ML Shift in SaaS – Adapt AI into your SaaS products and business models to create meaningful differentiation and compete on a global level playing field.
Shift to Platform Products – Develop and leverage internal platforms to power a product bouquet. Building enterprise-grade products on a common base at fractional cost allows for a defensible strategy against market shifts or expanding market segments.
Engaging Potential Strategic Partners(PSP) – PSPs are critical for scale and pitching to them is very different from pitching to customers and investors. Additionally, PSPs also offer an opportunity to co-create a growth path to future products & investments.
Flow-based lending – Going after the untapped “largest lending opportunity in the world”.
Bill payments – What credit and corporate cards were to West, bill payments will be to India due to Bharat Bill Pay System (BBPS).
UPI 2.0 – Mass-market payments and new-age collections.
Mutual Fund democratization – Build products and platforms that bring informal savings into the formal sector.
From License Raj to Permissions Artefact for Drones – Platform approach to provisioning airspace from the government.
Microinsurance for Bharat – Build products and platforms that reimagine Agri insurance on the back of India Stack and upcoming Digital Sky drone policy.
Data Empowerment and Protection Architecture (DEPA) – with usage in financial, healthcare and telecom sectors.
This is a fluid list. There will be additions and deletions over time.
Keep in mind that we are trying to replicate for all these market/mindset-shifts what we managed to do for Desk Marketing and Selling (DMS). We focussed on DMS in early 2014 thanks to Mavens like Suresh Sambandam (KissFlow), Girish Mathrubootham (Freshworks), and Krish Subramaniam (Chargebee). Now DMS has gone mainstream and many sources of help are available to the founders.
Seeking Wave#2 Partners
The DMS success has been important for iSPIRT. It has given us the confidence that our BTRC work can meaningfully help startups navigate the market/mindset-shifts. We have also learned that the market/mindset-shift happens in two waves. Wave#1 touches a few early adopters. If one or more of them create winning implementations to become trailblazers, then the rest of the ecosystem jumps in. This is Wave#2. Majority of our startups embrace the market-shift in Wave#2.
iSPIRT’s model is geared to help only Wave#1 players. We falter when it comes to supporting Wave#2 folks. Our volunteer model works best with cutting-edge stuff and small cohorts.
Accelerators and commercial players are better positioned to serve the hundreds of startups embracing the market/mindset-shift in Wave#2. Together, Wave#1 and Wave#2, can produce great outcomes like the thriving AI ecosystem in Toronto.
To ensure that Wave#2 goes well, we have decided to include potential Wave#2 helpers (e.g., Accelerators, VCs, boutique advisory firms and other ecosystem builders) in our Wave#1 work (on a, needless to say, free basis). Some of these BTRC Scale Partners have been identified. If you see yourself as a Wave#2 helper who would like to get involved in our Wave#1 work, please reach out to us.
Best Adopters
As many of you know, iSPIRT isn’t an accelerator (like TLabs), a community (like Headstart), a coworking space (like THub) or a trade body. We are a think-and-do-tank that builds playbooks, societal platforms, policies, and markets. Market players like startups use these public goods to offer best solutions to the market.
If we are missing out on helping you, please let us know by filling out this form. You can also reach out to one of our volunteers here:
Chintan Mehta: AI shift in SaaS, Shift to Platform Products, Engaging PSPs
Praveen Hari: Flow-based lending
Jaishankar AL: Bill payments
Tanuj Bhojwani: Permissions Artefact for Drones
Nikhil Kumar: UPI2.0, MF democratization, Microinsurance for Bharat
Siddharth Shetty: Data Empowerment and Protection Architecture (DEPA)
Meghana Reddyreddy: Wave#2 Partners
We are always looking for high-quality volunteers. In case you’re interested in volunteering, please reach out to one of the existing volunteers or write to us at [email protected]
[Update 6-Apr] New April Session Dates – Symposium RT is being scheduled on Saturdays for Bangalore & Chennai (21st & 28th April).
Playbooks for Electrifying SaaS and more.
This is what we call the fourth industrial revolution…And companies are really transforming and bringing all these new technologies to connect with their customers in new ways.
– Dreamforce 2017 Keynotes, Marc Benioff.
There is no doubt that Artificial Intelligence (AI), is one of the recent “tectonic” market shifts, creating a change in landscape, market, and opportunity. AI and Machine Learning (ML), now in its eternal spring, has a deep impact on SaaS evolution. While the incumbent companies like Salesforce, Zendesk, Workday, have all invested heavily in AI, also global challengers across many verticals from Sales, BPM, CRM… to Security are focused on building higher order efficiencies and automation through AI/ML.
Over the last few years, our Indian SaaS entrepreneurs trumped the global SaaS growth by leveraging mobile first as there was no baggage of desktop, reduced sales & onboarding cost by perfecting the art of Inside Sales & Inbound Marketing, and efficient after sales support & service byleveraging remote success representatives. Our SaaS Mavens helped disseminate these leverages by sharing the best practices & modeling internal flywheels & experimentations. Many SaaS entrepreneurs successfully assimilated and got a significant boost in their growth journey. These levers are now basic table stakes for most SaaS startups.
AI has no breakthrough success stories, but it is helping create a level playing field – especially for our Indian entrepreneurs – to compete with global players and incumbents alike. Startups willing to make the jump, adapt AI into their products & business models to create meaningful differentiation, will experience a strong wind in their sails to leapfrog over the players who don’t.
Our entrepreneurs have a rare opportunity to be early adopters & global trailblazers.
To take advantage of this our entrepreneurs ask very valid questions.
Q. Why & How should we entrepreneurs navigate this AI market shift?
Q. How should we, given that we are untrained in AI, grapple with the 360° impact of AI on product, business, and technology?
Q. What AI leverage can we develop without requiring expensive investments for constrained resources?
How do we enable our companies to create new AI playgrounds to analyze, surface, validate and develop higher order customer values & efficiencies?
AI Playbooks
Since adapting to the AI “tectonic” shift requires a new paradigm of thinking, we have launched a multi-step playbooks track focused on Playing with AI/ML for Indian entrepreneurs. In line with iSPIRT’s mission, our playbooks purpose is to help market players navigate market shifts. The goal is to bring the practitioner knowledge from AI Mavens –AI-first entrepreneurs who are further ahead in their AI journey – to the AI-hungry startups and help them perfect the model of working with AI, get traction towards a meaningful AI-enhanced value, and become trailblazers for the community. If you are an AI-hungry startup who has either taken the plunge with AI/ML but early in your journey, or are actively looking to leverage AI/ML for your current products, then following the stepped approach below may help:
Step 1 – Attend an AI/ML Symposium RT – Getting prepared with Why AI and How AI. In our first kickoff session on 10-Mar, we had great discussions on AI data maturity, what can drive your AI approach, and more with our AI Mavens and ten startups (read more).
Step 2 – A cohort of startups from step 1 will be taken through multiple AI/ML Playbook RT for How AI – deep dives on topics to help with structuring an internal AI playground, competency with data product management, product positioning & branding, business model shifts, and more. • These playbook RTs will help the startups carve out a lean playground for rapid experimentation and analysis, with a 3-4 person team of a data PM, & engineers. The team, actively lead by the founder, runs regular sprints (business/product/engineering sprints) of experimentation and validation, and have review touchpoints at intervals with AI-Mavens and the cohort as a running group. • There is also an optional Tech Training Lab to build internal ML competency with a multi-day workshop with Julia experts.
We are working to set up the 5th version of our marquee SaaSx to engage with the larger SaaS startup community. We will definitely focus on the impact of AI/ML on SaaS and have workshops based on our momentum of the playbooks track on various topics above. Date & details to be announced shortly.
The AI+SaaS game has just begun and it is the right time for our hungry entrepreneurs to Aspire for the Gold, on a reasonable level playing field.
* All iSPIRT playbooks are pro-bono, closed room, founder-level, invite-only sessions. The only thing we require is a strong commitment to attend all sessions completely, to come prepared, to be open to learning & unlearning, and to share your context within a trusted environment. All key learnings are public goods & the sessions are governed by the Chatham House Rule.
Featured image modified from source: https://www.flickr.com/photos/jedimentat/7557276684
This is a Guest post by Krupesh Bhat (LegalDesk) and Ujjwal Trivedi (Artoo).
AI is seen as the new electricity that will power the future. How do we make the best of the opportunity that advancements in AI technology brings about? With this thought in mind iSPIRT conducted a symposium roundtable at the Accel Partners premises in Bengaluru on March 10th. Accel’s Sattva room was a comfortable space for 20+ participants from 11 startups. There were deep discussions and a lot of learning happened through subject matter experts as well as peers discussion. Here’s a quick collection of some pearls, that some of us could pick, from the ocean of the deep discussions that happened there.
Products that do not use AI will die soon. Products that use AI without natural intelligence (read common sense) will die sooner.
– Manish Singhal, Pi Ventures
Starting with that pretext, it isn’t hard to gather that AI is not just a promising technology, it is going to be an integral part of our lives in near future. So, what does it mean for existing products? Should everyone start focusing on how they can use AI? Are you an AI-first company? If not, do you need to be one? After all, it does not make sense to build the tech just because it appears to be the next cool thing to do. If you are building AI, can you tell your value proposition without mentioning the word AI or ML? have you figured out your data strategy? Is the need driven by the market or the product?
Before we seek answers we must clarify that there are two types of products/startups in the AI world:
First, an AI-first startup – a startup which cannot exist without AI. Their solution and business model is completely dependent on use of Artificial intelligence (or Machine Learning at least). Some examples of such startups in local ecosystem are Artifacia and Locus.sh.
Second, AI-enabled startup – startups with existing products or new products which can leverage AI to enhance their offering by a significant amount (5x/10x anyone?). Manish has a very nifty way of showing the AI maturity of such companies.
The session was facilitated by several AI experts including Manish Singhal of pi Ventures, Nishith Rastogi of Locus.sh, Shrikanth Jagannathan of PipeCandy, Deepak Vincchi of Julia Computing.
Maturity Levels of AI Startups
After a brief introduction by Chintan to set the direction and general agenda for the afternoon, Manish took over and talked about the various stages of AI based companies. Based on his interactions with many startups in the space, he said there are roughly four growth stages where different companies fall into:
Level 1 – No Data, No AI: An entity that solves a business problem and is yet to collect sufficient data to build a sustainable AI business. The AI idea will die down if the company fails to move to state 2 quickly. Business may be capturing data but not storing it. Level 2 – Dark data, No AI: The company holds data but is yet to build solid AI/ML capabilities to become an AI company. There is a huge upside for such companies but the data strategy needs to be developed and AI capabilities are not mature enough to be considered as an AI/ML company. Level 3 – Higher automation driven by data and AI: These are the companies that have built AI to make sense out of data and provide valuable insights into the data using AI/ML, possibly with some kind of human assistance. Level 4 – Fully autonomous AI companies: These are the companies at the matured stage where they possess AI products that can run autonomously with no human intervention.
Manish also noted that most companies they meet as a VC are in level 1 and 2, while the ideal level would be 3 and 4. He noted that AI comprises of three important components: Data, Algorithm & the Rest of the System that includes UI, API & other software to support the entire system. While it is important to work on all three components, oftentimes, the data part doesn’t get enough importance.
Do You Really Need Artificial Intelligence?
A whole bunch of solutions are smart because they are able to provide additional value based on past data. These are not AI solutions. They are merely rule based insights. Nishith from Locus added that there is nothing really wrong with rule based systems and in a lot of cases AI is actually an overkill. However, there are two cases where it seems apt for startups to look at AI for their predicament:
Data is incomplete: An example of this is Locus who gets limited mapping for gps coordinates and addresses.
Data is changing constantly: A typical case was of ShieldSquare where bots are continuously evolving and improving and the system deployed to identify them also needs to learn new patterns and evolve with them.
It is important to have clarity on your AI model especially when you communicate with your internal teams. Figure out what is the core component of your product – AI, ML, Deep Learning or Computer Vision.
What’s Driving Your AI Approach?
There are two major driving forces that can help one in deciding whether to AI or not to AI.
PUSH: The internal force when decision can largely be taken if your business is sitting on a lot of useful data, may be as a side effect of your key proposition.
PULL: The external market driven force where clients expect or ask for it e.g chatbots. We are already observing that AI can be a great pricing mechanism.
However, take great caution when using Customer data or Derived data, it depends on legal agreement with clients and can get you into legal troubles if it violates any terms.
Is Your Data Acquisition Strategy in Place?
Anyone interested in AI should have a data acquisition strategy in place. Here are a few points that can help you get one in place:
What data do you collect, How do you validate it, Clean it and store it for further analysis?
Surveys and chatbots can provide a steady stream of data if built correctly
Think of data as a separate entity (has its own lifecycle), it may help to think of it as a currency and plan how you would earn, store and utilise it
Capturing location, user interaction data can be insightful. This may include the interactions user has committed and the ones they have not committed (deleted/skipped/hidden)
It makes sense to invest time, resources and people to gather data properly
Have a unified warehouse (can start with economical options like Google Analytics and AWS)
It is also important to give some thoughts on how you are using aggregate data across the platform. In case, if your AI model uses a combination of customer specific data and the sanitised aggregate data available in the platform (“Derived Work”), then you should make sure that you have the permission to use such data. Without such clarity, you may run into legal issues.
Deepak Vincchi explained how Julia Computing is emerging as the programming language of choice for data scientists. The platform can process 1.3 million threads in parallel and is used by large organizations to crunch data problems.
In all this was an extremely engaging 3 hours without break. Guiding the session with real examples by Nishith, Shrikanth and also shared learnings from Navneet and others really helped bring to life Why AI and How AI. This symposium is part of an AI playbooks track was aimed at kickstarting cohorts of startups ready to jump with AI and help them get traction with AI, more will emerge on this shortly.
Thanks to volunteers Rinka Singh and Adam Walker for their notes from the session and Ankit Singh (Mypoolin/Wibmo) for helping coordinate the blog post & note
* All iSPIRT playbooks are pro-bono, closed room, founder-level, invite-only sessions. The only thing we require is a strong commitment to attend all sessions completely, to come prepared, to be open to learning & unlearning, and to share your context within a trusted environment. All key learnings are public goods & the sessions are governed by the Chatham House Rule.
Featured photo by Matan Segev from Pexels https://www.pexels.com/photo/action-android-device-electronics-595804/
As market needs change, the product needs a transform. As new target segments get added different/new product assumptions come into play. In both these scenarios existing products begin to age rapidly and it becomes important for startups to re-invent their product offerings. To deal with such changes startups must experiment and iterate with agility. They require support from a base “internal” platform to allow them to transform from a single product success strategy to scaling with multiple products strategy.
A strategic partner offers 2 benefits for startups. First is the obvious ability to supercharge the startup’s GTM strategy with effective distribution & scale. How does one make a strategic partnership? Pitching to a strategic partner is very different from pitching to a customer or investor. PSPs look for something that is working and where they can insert themselves and make the unit economics even better. 
