iSPIRT works to transform India into a hub for new generation software products, by addressing crucial government policy, creating market catalysts and grow the maturity of product entrepreneurs. Welcome to the Official Insights!
We held an impromptu Open Session on Balloon Volunteering on 20th September 2020. Watch the recorded video and presentation below to learn if iSPIRT volunteering is right for you.
This session will cover some of the available volunteer opportunities and tell you how to engage with us.
Last month, an expert committee chaired by Kris Gopalakrishnan submitted a report on a framework for regulating Non-Personal Data in India. The rest of this blogpost contains iSPIRT’s response to this report.
At iSPIRT Foundation, our view on data laws stems from three fundamental beliefs:
Merits of adata democracy (that is, the user must be in charge),
Competitive effects must be well understood, for creation of a level playing field amongst all Indian companies, and some ring-fencing must exist to protect against global data monopolies
Careful design enables both high compliance and high convenience
It is with these three perspectives that we have analyzed the Non-Personal Data report in our response.
The report makes a well-cited and articulate case for regulating data in India, such that “[data’s] benefits accrue to India, and Indians”. It defines and outlines the roles of various entities relating to the capture, processing and governance of Non-Personal Data. Whereas we are wholeheartedly aligned with the vision of the committee and its members in creating an Aatmanirbhar Bharat and the importance of facilitating a robust AI-industry in the country, we find that the report is sound in premise but murky in detail. Where an overarching legal framework surrounding NPD is proposed, on closer inspection it falls short of achieving the aforementioned goals of protection for Indians and prosperity for Indian businesses. Therefore, more work must be done before a final version of this report can be released.
In what follows, we take the example of one industry that will be affected by the new Non-Personal Data framework and attempt to understand the report in relation to it.
Case Study: X-ray Data
Consider the case of a (fictional) health-tech startup called rad.ai that seeks to generate radiology summaries from lung X-rays. These summaries will help pulmonologists (lung-specialist doctors) identify various pulmonary diseases or early signs of cancer. Such a company requires two things to succeed – data about X-rays and technology to build models.
Under the tenets of the NPD report, it would seem that (given the right technology foundations) such a startup would be well placed to succeed. In particular, the report suggests that the X-ray data as described above will be classified as community data and outlines mechanisms for collecting and sharing it. It suggests that the dual goal of enabling rad.ai while protecting the subjects of the data can be accomplished in the following framework –
rad.ai will first be able to identify that appropriately anonymized lung X-rays, termed community data, are available for access through meta-data that is published by radiology labs engaging in collecting such data.
rad.ai will then be able to access this data for free through a data trust (presumably a virtual API on the cloud) which is created by the radiology labs.
This will all happen with the consent and oversight of a data trustee, an entity that is a representative of the persons from whom this data is collected.
While this sets a broad-strokes framework with the right intentions, there are a few key problems that arise when we dive deeper into the proposed solution. We have outlined some areas where clarifications are needed and details must be made available. These include the definition & value of community data, obligations of the data custodian, access for data users and rights of the data principal. Towards the end, we also discuss the question of NPD’sinterplay with personal data and the definition and use of public data.
Definition and Value of Community Data
While the case of X-ray data seems straightforward, the scope of community data in the report appears to be vast. However, it also seems to suggest that while data explicitly extracted from users is classified as community data, data generated in the course of a business’s activities may be considered private business data – and this may not be mandated to be shared. In that case, it would appear that e-commerce, delivery and employee data fall under private business data – although an argument could be made for classifying this as community data.
Further, the report makes a distinction between raw and processed data. In particular, raw data must be shared free of cost, whereas the price of processed data could be determined based on market or FRAND (fair, reasonable and non-discriminatory) principles. In the case of lung X-ray data, labs obtain such data from anonymizing raw personal data, so presumably it is now processed and need not be shared without remuneration. In the general case, however, we recommend that the lines between raw and (various levels of) processed data should be clearly demarcated.
Data Custodian Perspective
Consider next, the situation from the perspective of the diagnostic labs. There are about 70,000 labs and hospitals offering radiology services in the country [ref]. Each of these has its own technology implementations or third-party TSPs (technical service providers) for collecting and storing any patient data. How can all of these labs and hospitals be mandated to provide control of this data to the data trustee in order to share the X-ray information with companies like rad.ai? Who is/are the data trustee in this case anyway – the MoHWF, the NHA, an NGO serving the interests of cancer patients? If there are multiple data trustees that have an interest in the same underlying data, how is it ensured that every decision that each of them takes is in the best interests of the user? How are labs supposed to even publish the meta-data (meta-information about what data they have collected) in a standard, machine-readable format, so that companies like rad.ai can discover it seamlessly? Finally, considering that such compliance comes with associated costs, what are the concrete benefits for making this data available?
Data User Perspective
Then there is the case of rad.ai itself. Let us assume, for now, the provisions of the previous paragraph and overlook the contentions raised. Say that because of access to this X-ray data, the startup rad.ai has been able to create excellent ML models to predict the early risks of major diseases and help pulmonologists. It has done well and begins to expand across the country. A few years later, a foreign health-tech giant (again, fictional) called Hooli enters the fray by investing in rad.ai. Backed by foreign investment, rad is now stronger than ever. However, the report identifies “to promote and encourage the development of domestic industry and startups that can scale” as one of its key objectives. While rad.ai was originally a fully Indian company, it was allowed access to the community data from radiology labs to develop its models. Now that rad.ai has foreign investment, should it still be allowed to benefit from Indian community data? What if Hooli owns a majority stake? What if Hooli acquires rad.ai outright?
Data Principal Perspective
Finally, consider this from the perspective of the patient herself – the “data principal”. How is she guaranteed that her interests are protected and the aforementioned data is impervious to de-anonymization? As discussed above health data is considered sensitive data and the patient has every right to ensure that it is handled with extreme care. The report also recommends that consent must be taken from the actors in the community before the anonymization and use of their data – but what form will this consent take? How will its purpose be determined and collection be enforced before any data is anonymized and utilized? How can anonymisation be assured when multiple anonymised datasets are capable of being combined together? Finally, the report acknowledges that all sharing of community data should be based on the concept of “beneficial ownership” where the benefits of this data sharing also accrue to the data principal. How is the patient directly benefiting from such a data-sharing mechanism? What mechanisms are in place to enable such benefits?
Interplay With PDP Bill
Consider next, the case of the health-tech giant Hooli and assume that it also operates a search engine. As per the suggestions of the Srikrishna PDP Bill [Clause 14], Hooli could be allowed to collect personal user data and use it directly since its operation of search engines falls under “other reasonable uses of personal data”. When combined with the fact that under the provisions of the Non-Personal Data report sharing of all raw NPD becomes mandatory, Hooli is actually disincentivized from anonymizing its personal search data. By keeping this data personally identifiable, it is prevented from having to share it with competing search engines and startups. Can misaligned incentives such as these hinder progress towards the report’s stated goals?
On Public Data
Consider finally that some of the labs and hospitals conducting X-rays will be government-owned. The report recommends that all data generated through government and government-funded activities are classified as Public data, which is in turn classified as a national resource. There is no guidance on the compliance requirements of the government controlling this public data under such a scenario. Will government hospitals still be required to make it available? More importantly, does the community (i.e. patients) have no claim to their data in this case merely because it was collected by the government instead of a private entity?
Concluding Remarks
In summary, the report importantly conceives a legal notion of community, private and public non-personal data and outlines a framework in which such data might be shared for the advancement of economic, sovereign and core public interests. However, more work must be done to detail compliance requirements and standardize the mechanisms of sharing such data before the final version of the report is released. In its current state, the report only touches upon the rights of the data principal, the obligations of the data trustee and the compliance requirements of the data custodian. In a State with limited regulatory capacity for creating standards and enforcing bodies, these rights, obligations and compliance requirements should be comprehensively and clearly defined before a law ordaining them can come to pass. Custodians must be incentivized to share, industry startups must be enabled to access and the community must be empowered to self-preserve before the vision of an Aatmanirbhar Bharat with a booming AI industry can be realized.
India is starved of affordable, formal credit. Only 11 % of the 60 million MSMEs* have access to capital from organised lenders today. This under-penetration has shackled our economic growth and economic woes of our growth drivers, the MSMEs has only worsened in wake of the current pandemic.
There is a massive market opportunity to be tapped here that has been inhibited because the current rails for flow of capital to the untapped market are broken.
They are broken for the lenders, to be able to reach out to these prospective borrowers. Few of the many reasons include high cost of borrower acquisition and time consuming custom third party tie-ups with loan originators.
They are broken for the marketplaces to connect their customers with lenders. The custom integrations and manual processes are costly and time consuming. The Turnaround Time to get loans deposited to customers is high and their ability to provide custom financial products quickly is restricted, owing to implementation challenges.
These broken rails needed to be fixed and the solution must solve the problem at scale.
The fix for this is a ‘Fixed Line to Mobile Telephony’ moment for ‘Credit Borrower’.
In a complete re-imagination of the credit rails, we recently witnessed a loan disbursement :
Instantly in borrower’s bank account
From application to disbursement in less than 5 minutes, with no human decisioning involved!
The next chapter in the story of ‘India Stack’ that brought this to life is the new ‘Open Credit Enablement Network’. It is a common language for lenders and marketplaces to utilise and create innovative, financial credit products at scale.
In this new credit paradigm, the marketplaces/aggregators using these APIs to embed credit offerings in their applications are called ‘Loan Service Providers’ (LSPs).
How are these ‘Loan Service Providers’ playing a vital role in democratizing access to credit?
How are they enabling more choices, better credit products and lower interest rates for their customers?
Why are they exuberant about this new ‘Plug and Play’ architecture and what does it mean for their core business and driving additional revenue?
What do they mean when they say ‘every marketplace will now become a Fintech company’?
Some of the top lenders in the country such as State Bank of India, HDFC Bank, ICICI Bank, IDFC First Bank, Axis Bank and Bajaj Finserv have come onboard and will soon be in a state of readiness to usher in this new credit paradigm.
Just as UPI presented an opportunity for massive companies to be built and delightful customer experiences to be created, we are excited to see entrepreneurs capitalise on this massive opportunity.
We are excited to share with you :
Answers to all the questions above
A product demo depicting the ‘5-minute digital credit journey’
Introduction to ‘Open Credit Enablement Network’
When: 5 pm to 6:30 pm, IST on Friday, 24th July
Where: Online virtual session on Zoom. Webinar details will be shared with the registered participants.
To confirm your participation and receive the virtual link, please click here: https://bit.ly/LSPOpenHouse1 (same form has been embedded below)
The DigiSahamati Foundation, the non-profit Self Regulatory Organization responsible for evangelizing the nascent Account Aggregator (AA) ecosystem, is organizing a hackathon featuring lots of masterclasses for the public to attend and learn from.
As a refresher, an AA is a new kind of legal entity defined in this RBI circular. The basic idea is that the average Indian today generates lots of financial data. Each credit card payment, sale of a mutual fund, repayment of a loan, and filing of an invoice generates some new data about users, be they individuals or businesses.
This data trail is actually very valuable – understanding a person’s financial activity can tell you a lot about that individual’s behaviour, preferences, and profile as a consumer. Today, banks use this data about customers to sell them various kinds of products (insurance, loans, savings products), and they also sell the customer’s data to marketers and advertisers. This is not necessarily a bad thing, as long as it happens in a secure way, with the customer’s consent and in such a way that the customer gets some value out of it too.
This is where the AA comes in. In today’s world, the customer doesn’t have any say nor cut of revenue when the bank shares their data with marketers. It is also difficult to extract the valuable financial data outside of a bank’s database to share with a third party provider such as a lender, insurer, or wealth manager. Until now, the only ways customers could get their data out of the bank today is through physical passbooks, downloaded PDF statements, or by giving access to their SMS/emails/netbanking account.
These methods are painful and unsafe, and they don’t help a customer get the best deals. If the customer could easily and cheaply move their data to third parties, then maybe they would get better interest rates and prices, and their existing bank would also have to offer more competitive products and pricing.
Fortunately, the banks and RBI have figured out that in order for India’s financial sector to really grow, individuals and companies need a more safe and efficient way to maximize the value of their ever growing data. This will not only benefit consumers, it will also result in a richer and more innovative banking landscape with a larger customer base. The AA is the entity which helps users give their consent to move data outside their bank account to a third party in a safe and easy manner. The customer gets to choose exactly what data to share, with who, for how long, and under what conditions. This consent is granularly programmable and revocable. Detailed information about this new system can be found on the Sahamati blog.
The AA framework is about to go live in the next months with some of the country’s largest financial institutions including SBI, HDFC, ICICI, IndusInd, Axis, IDFC First, Bajaj Finance, and others. Given this timing, Sahamati decided to organize a hackathon in order to spread awareness of this powerful new infrastructure.
The response so far has been excellent for them. More than 600 hackers were accepted to take part in this four-week long virtual hackathon. During these four weeks, participants in the hackathon will learn about all the different facets of this new technology, from UI/UX to security to product innovations in fields like lending, insurance, personal finance management, and more.
All of these masterclasses, as well as the final presentations by hackathon participants, are open to the public. The list of masterclass presents can be found here.
Information-technology Promotion Agency, Japan (IPA), Japan External Trade Organization (JETRO), and the Indian Software Product Industry Roundtable (iSPIRT) have shared common views that (i) our society will be transformed into a new digital society where due to the rapid and continued development of new digital technologies and digital infrastructure including digital public platforms, real-time and other data would be utilized for the benefit of people’s lives and industrial activities, (ii) there are growing necessities that digital infrastructure, together with social system and industrial platforms should be designed, developed and utilized appropriately for ensuring trust in society and industry along with a variety of engaged stakeholders and (iii) such well-designed digital infrastructure, social system and industrial platforms could have a great potential to play significant roles to improve efficiencies of societal services, facilitate businesses, realize economic development and solve social issues in many countries.
Today, we affirm our commitment to launching our cooperation and collaboration through the bringing together of different expertise from each institution in the area of digital infrastructure, including mutual information sharing of development of digital infrastructure, in particular, periodic communication and exchange of views to enhance the capability of architecture design and establishment of digital infrastructure. We further affirm that as a first step of our cooperation, we will facilitate a joint study on digital infrastructure, such as (i) the situation of how such digital infrastructures have been established and utilized in India, Japan and/or other countries in Africa or other Asian regions (the Third Countries) as agreed among the parties, (ii) how the architecture was or can be designed for digital infrastructure as a basis for delivering societal services in the Third Countries and (iii) what kind of business collaboration could be realized, to review and analyze the possibility of developing digital infrastructure in the Third Countries through Japan-India cooperation. We may consider arranging a workshop or business matching as a part of the joint study to figure out realistic use cases.
Our cooperation is consistent with the “Japan-India Digital Partnership” launched between the Ministry of Economy Trade and Industry, Government of Japan and the Ministry of Electronics and Information Technology, Government of India in October 2018. We will work closely together and may consider working with other parties to promote and accelerate our cooperation if necessary.
Data protection and privacy have been a topic of hot debates and discussion in recent times in India. It had become extremely important as India is progressing to a be a “Digital economy” to address this issues relating to the use of personal data.
iSPIRT has been in forefront of developing Consent Framework and called as Data Protection & Empowerment Architecture (DEPA). The Account Aggregator Policy of RBI revolves around this consent architecture.
Whereas the bill is of interest to almost all the sectors of the economy, it is extremely important for businesses in Information Technology sector and especially in Software product Industry to understand the law as it is seeded and further as it evolves.
The bill has many aspects to it in the legal framework. It is not possible to cover the entire understanding of the bill in one blog. We have attempted to cover some salient features that may be important for the Software Product Industry as well as how it contacts with the techno-legal aspects of DEPA as it stands in financial sector, perhaps to be replicated in other important sectors of the economy.
This blog is again posted in a Question and answer format both as a video and as a transcript of the video. You can use the one you like.
Questions have been asked by iSPIRT volunteer and Policy expert Mr Sudhir Singh and answered by Supratim Chakraborty (Data Privacy and Protection expert from Khaitan & Co.) and Siddharth Shetty (leading the DEPA initiative at iSPIRT).
What are the most important aspects of the bill?
Supratim answered, “What we have seen is through this draft bill, there is an attempt to establish the relationship of trust between the data subject and data controller. The nomenclature has been changed in this bill and It is data fiduciary and data principles. It puts a lot of onus on the data fiduciary to take care of data care protection.”
“There are several important aspects of the bill that needs attention such as localisation of data, cross-border transfer and also some other aspects such as privacy by design, transparency requirement, security safeguard, breach notification, grievance redressal mechanism, the requirement of Data protection officer, record keeping requirements”, as elaborated Supratim.
Is there some restriction on data fiduciary? Is the state exempted?
Supratim said, “this bill is equally applicable to private parties and the Government unlike earlier provisions of section 43A and 72A of IT ACT. 43A will be scrapped after this bill comes into existence. There has been a lot of debate on this aspect of bringing Govt. under the purview of the law.”
Is right to be forgotten covered in a similar way as GDPR?
Supratim explained, “Our Govt. has looked at this in a more business-friendly way by covering the right to be forgotten by provisioning that any further dissemination of data should be stopped, once the data principal chooses to withdraw the consent or ask for the right to be forgotten.”
He described four governing aspect that explains how to determine the aspect of keeping Data local, as described below.
You could have certain pockets of personal data that can be transferred outside.
There could be certain pockets of data that could be transferred outside but a serving copy of the data has to be within the country
The third category is sensitive personal data ambit of sensitive personal data which has been widened considerably compared to what we saw under the 43A of IT ACT. For this, if sent out of
The fourth category is data that cannot be sent outside country at all.
“On Cross border transfer of data in addition to ‘consent’ there has to be standard contractual clauses (approved/prescribed by authority) or the transfer to a jurisdictions is approved by the central government”, he further explained.
What is the Data Protection Authority?
Supratim answered, “In the draft bill this seems to be all encompassing all powerful authority from rulemaking to advisory to enforcement. Therefore it is important to see how this really shapes up. In “IT Act”, section 43 A and 72A were largely there to cover the aspects of data privacy but enforcement and implementation.”
What are other important aspects to consider?
“There are many aspects but let us touch upon two given below”, said Supratim.
One is the requirement of having notices in multiple languages, which is not a very hard obligation the way it has been put. But in a country like India for say an e-commerce platform imaging the cost that one has to incur for putting multiple language notices. Also, we need to see are we able to really address the point of informed consent through this, because you also have a section of people who may be illiterates. Justice Srikrishna report suggest that we should have short videos or graphical representation which make it very easy for someone to understand the critical aspects of privacy.
Another important aspect is applicability of the law. This law is applicable to all processing that is happening in India and also to foreign bodies. Section 2(2) talks about applicability to foreign bodies, the first part says that “in connection with any business carried out in India”. This means a global platform that is accessible from India has to have the entire requirement of this law.
Are we going in direction of GDPR?
Supratim answered, “Whereas we are trying to follow the Gold standard and many countries are trying to follow the path set by GDPR, India is quite different country and we are not following everything the way it is in GDPR, we have to be mindful of our requirements. But the idea is slowly and surely reach a zone where we can have our laws quite akin to laws of matured jurisdictions.”
How does Bill address iSPIRT DEPA initiative?
Siddharth, sees this draft bill as a unique India first approach. He feels that apart from addressing privacy and data protection aspects it empowers Indians on having control on the use of their data for better financial services, better health services, education etc.
Siddharth goes on to explain that at iSPIRT for past 3-4 years we have been working at Consent layer of IndiaStack or Consent framework and it is great to see that bedrock of draft bill is actually based on consent and in that way it is somewhat similar to GDPR. But, one of the biggest problem they are facing in EU today is it is very difficult to operationalise consent. It is for the first time India has a unique infrastructure to operationalise consent.
“DEPA is nothing but a set of two tools that helps to operationalise consent, explains Siddharth.
One is known as Digital Locker system which allows to the federated exchange of data and second is known as electronic data consent, which is nothing but an electronic representation of user Consent.
“This means, if you want to share or allow your data from some provider to say another consumer, then you must be able to express what date you want to share with whom for what time period in some codified manner. This codified information or consent is known as consent artefact”, says Siddharth further.
As explained by Siddharth, the ‘consent artefact’ became a national standard in 2016 adopted by four financial sector regulator RBI, PFRDA, IRDA and SEBI and they adopted it for their entire eco-system.
Based on consent artefact every individual has an access to financial data and has a mechanism to share that data to gain access to a loan or any other services provider. This has been through an institutional mechanism called Account aggregator.
Siddharth further elaborated that, “the ‘Account aggregator’ (AA) is a class of entities known as data access fiduciaries. The AA unlike other parts of world decouples the institution that collecting consent from an institution that either consuming data or providing data. In EU e.g. as per of PSP2 directive the account information service provider which consumes data is also responsible for collecting the data.”
In India, 3 AA have been approved. Technical standard drafts are also out for ecosystem. And through AA you actually have an entity that’s working toward creating an informed consent experience. Going forward just like UPI you receive your consent for a payment, through AA you will have an entity that helps you provide and control consent. Based on Financial sector we have proposed a similar concept to TRAI for the telecom sector and health sector to NITI Ayog.
Has the AA concept been addressed in the bill?
Siddharth explains further, “The bill makes bedrock of most processing of data based on consent. AA model is nothing but your consent collector or Consent manager. Every data principle they have outlined right to confirmation and access, right to correction, most importantly the right to data portability. As a data principle from data fiduciary, you have the right to request and port machine structured non-reputable transaction history or any other user-generated data to other service providers. AA is nothing but a framework to operationalise this right.”
He further explained that in the report preceding the bill, they talk about a concept consent dashboard. AA is nothing but a consent dashboard. They had 2 tech innovation consent dashboard and data dashboard. You can log consent flows and data flows.
Will, there be consent dashboards concept like AA in other sectors also or will there be one single point authority under DPA?
Siddharth, “it would be a combination of both. If you see the draft bill, it allows sectoral regulators to write rules. For data the falls under private data sets category such as data pertaining to social media etc, DPA would prescribe an standard.”
The report talks about that dashboard can be maintained by each data fiduciary or it can be a common dashboard that everyone else agrees and follows. If you look at the account aggregator dashboard it is a common dashboard for the entire financial sector. But for social media companies can follow their won dashboards.
For any Software product companies that does not lie in any of the regulated sector can create their own consent dashboards, where the user can come see their dashboard correct their data, port the data, manage their consent.
Unlike the IT act, this regulation will have a direct bearing on any businesses processing data irrespective of being in a Software product or other domain. And hence there is a need to be attentive. How right is this aspect?
“Yes, the ambit increases quite a bit. Wherever there is sensitive personal data interface involved, the level of compliance requirement has gone up several times. In the IT Act, there was a mention of personal data in section 72A. The present draft bill does not talk about the deletion of 72A. The draft bill have a parallel mechanism set out in the IT Act”, mentioned Supratim.
Siddharth, “it is just not limited to compliance, this law unlocks the whole host of business models around data sharing around consented data sharing that you haven’t yet seen in any other country and it will be really interesting to space to see what companies get a build out there.”
Question from Participants.
What is the definition of data processing? Or what is the differentiation between Data Storage and Data Processing. E.g. if you are an email service provider, is it Data Storage or Data Processing? (asked by Chintan)
Supratim answered, “definition of data processing is extremely wide enough to make businesses fall in to ‘data processing category’ without being a processor.”
What is the timeline? (Asked by Chintan)
MeitY has asked for public comments by 10th of September on the draft bill, thereafter it will be presented to parliament and after promulgation, there will be more work in framing Authority, the rules by DPA etc. The law is not expected to be in implementable form only after 18 Months or so, minimum.
What happens to the Existing customer? Do we go back to them and get their consent? (Karthik)
Supratim answered, “whilst the it is not a retrospective legislation, if you continue processing without taking consent, you will fall foul of the requirement of law.”
Are there any fines defined here? (Karthik)
Yes, it has been taken care. Just like other aspects the draft bill he highly inspired by GDPR on this aspect also. We have 4% and 2% of annual turnover. There are 2 buckets 4% and 15 Cr and other is 2% and 5 Crore.
Do we need to appoint an DPO?
“There is a segregation which has been made of has significant Data Fiduciary under certain conditions will have to have DPO. Also, this law has an immense amount of significant rulemaking power, answered Supratim.
Hence, it will be seen in future how rules are framed by Authority. So, it has to be seen how business friendly the authority remains in rulemaking e.g. section 43A in IT ACT gave rule making power to define what is sensitive data and information and set out what is reasonable practices and procedure. In the rule made in future, we saw a plethora of requirements set out, over legislated and sometimes badly drafted.
The rules will go through an evolutionary cycle. Hence, the legislation has to be tested over a period of time as it unfolds, after crystallisation of this draft promulgation by parliament in to an ACT and rules being made after that on different aspects.
Disclaimer
PolicyHacks, and publications thereunder, are intended to provide a very basic understanding of legal/policy issues that impact Software Product Industry and the startups in the eco-system.
PolicyHacks, therefore, do not necessarily set out views of subject matter experts, and should under no circumstances be substituted for legal advice, which, of course, requires a detailed analysis of the relevant fact situation and applicable laws by experts in the subject matter on the case to case basis.
If you are facing an issue, we recommend you take expert professional advice on the case to case basis.
We intend to provide the best transcripts in the text part of the blog. However, it may not be an exact replica and maybe approximation, more standardised, normalised or moderated version of the expert view presented in the video.
iSPIRT volunteers are strivers. We seek the good for our nation and our ecosystem. We brainstorm, ideate, experiment, build, and evangelize to fulfill our mission of making India a Product Nation. Every volunteer draws us into an ever-enlarging realm of intellectual possibilities and purposeful engagements.
Take Nikhil Kumar for instance. He stepped up almost two years ago to evangelize UPI and handhold its early adopters. He set out to create winning implementations that would put traditional payment systems to shame. Needless to say, this wasn’t an easy thing to do. There was no template to follow. And, most didn’t believe in the potential of this new breakthrough payment system. But this didn’t faze Nikhil. He had chosen his adventure inside iSPIRT and nothing could hold him back.
Today, UPI is a success story. However, that’s not the full story.
Nikhil showed us how to stay cool under fire, to foster affinity, and skillfully navigate diverse opinions amongst many stakeholders. His all-hands-on-deck work ethic came with an ability to take decisive action when the situation demanded it. He showed that a young volunteer can be a visionary with big plans and the capacity to bring them to life. He has set an example for all of us on how to pay-forward and serve a cause bigger than all of us. All this makes him an iSPIRT Volunteer Hero.
From tomorrow, Nikhil is shifting gears. He is stepping away from being a volunteer-in-residence. He is taking a few months break. After that, he plans to create a startup. This is great news for iSPIRT. While our India Stack and other technology public platforms create possibilities, it is the products and services that create value. We need all elements of a healthy society – sarkar, samaj, bazaar – to come together to solve population scale problems sustainably. So, we wish him all the very best in this new pursuit of excellence.
All shifts require an adjustment. While Nikhil will remain a part-time iSPIRT volunteer working on WANI, he will no longer be the iSPIRT voice on payments for media, policymakers, startups and financial institutions.
Nikhil’s lasting legacy is that he opened up iSPIRT volunteering for talented youngsters under-30s. Today we have more than a dozen young power volunteers. He has helped all of us see the particular gifts that these young volunteers bring to the cause. His spirit will live on!
By Sharad Sharma, Pramod Varma and Sanjay Khan Nagra for Volunteer Fellow Council
Technology has been a boon to healthcare. Minimally-invasive procedures have significantly increased safety and recovery time of surgeries. Global collaboration between doctors has improved diagnosis and treatment. Rise in awareness of patients has increased the demand for good quality healthcare services. These improvements, coupled with the growing penetration of IT infrastructure, are generating huge volumes of digital health data in the country.
However, healthcare in India is diverse and fragmented. During an entire life cycle, an individual is served by numerous healthcare providers, of different sizes, geographies, and constitutions. The IT systems of different providers are often developed independently of each other, without adherence to common standards. This fragmentation has the undesirable consequence of the systems communicating poorly, fostering redundant data collection across systems, inadequate patient identification, and, in many cases, privacy violations.
We believe that this can be addressed through two major steps. Firstly, open standards have to be established for health data collection, storage, sharing and aggregation in a safe and standardised manner to keep the privacy of patients intact. Secondly, patients should be given complete control over their data. This places them at the centre of their healthcare and empowers them to use their data for value-based services of their choice. As the next wave of services is built atop digital health data, data protection and empowerment will be key to transforming healthcare.
Numerous primary health care services are already shifting to smartphones and other electronic devices. There are apps and websites for diagnosing various common illnesses. This not only increases coverage but also takes the burden away from existing infrastructures which can then cater to secondary and tertiary services. Data shared from devices that track steps, measure heartbeats, count calories or analyse sleeping patterns can be used to monitor behavioural and lifestyle changes – a key enabler for digital therapeutic services. Moreover, this data can not only be used for monitoring but also for predicting the onset of diseases! For example, an irregular heartbeat pattern can be flagged by such a device, prompting immediate corrective measures. Thus, we see that as more and more people generate digital health data, control it and utilise it for their own care, we will gradually transition to a better, broader and preventive healthcare delivery system.
In this context, we welcome the proposed DISHA Act that seeks to Protect and Empower individuals in regards to their electronic health data. We have provided our feedback on the DISHA Act and have also proposed technological approaches in our response. This blog post lays out a broad overview of our response.
As our previous blog post articulates the principles underlying our Data Empowerment and Protection Architecture, we have framed our response keeping these core principles in mind. We believe that individuals should have complete control of their data and should be able to use it for their empowerment. This requires laying out clear definitions for use of data, strict laws to ensure accountability and agile regulators; thus, enabling a framework that addresses privacy, security and confidentiality while simultaneously improving transparency and interoperability.
While the proposed DISHA Act aligns broadly with our core principles, we have offered recommendations to expand certain aspects of the proposal. These include a comprehensive definition of consent (open standards, revocable, granular, auditable, notifiable, secure), distinction between different forms of health data (anonymization, deidentification, pseudonymous), commercial use of data (allowed for benefit but restricted for harm) and types and penalties in cases of breach (evaluation based on extent of compliance).
Additionally, we have outlined the technological aspects for implementation of the Act. We have used learnings from the Digital Locker Framework and Electronic Consent Framework (adopted by RBI’s Account Aggregator), previously published by MeitY. This involves the role of Data Fiduciaries – entities that not only manage consent but also ensure that it aligns with the interests of the user (and not with those of the data consumer or data provider). Data Fiduciaries only act as messengers of encrypted data without having access to the data – thus their prime task remains managing the Electronic Data Consent. Furthermore, we have highlighted the need to use open and set standards for accessing and maintaining health records (open APIs), consented sharing (consent framework) and maintaining accountability and traceability through digitally verified documents. We have also underscored the need for standardisation of data through health data dictionaries, which will open up the data for further use cases. Lastly, we have alluded to the need to create aggregated anonymised datasets to enable advanced analytics which would drive data-driven policy making.
We look forward to the announcement and implementation of the DISHA Act. As we move towards a future with an exponential rise in digital health data, it is critical that we build the right set of protections and empowerments for users, thus enabling them to become engaged participants and better managers of their health care.
We have submitted our response. You can find the detailed document of our response to DISHA Act below
Increasing penetration of smartphones, Aadhaar-linked bank accounts and a host of powerful open and programmable capabilities is set to create the ‘WhatsApp moment’ for Indian banking.
Once in a while a major disruption or discontinuity happens which has huge consequences. In 2007, the internet and the mobile phone came together in a whole new product called the smartphone. This phone, with its own operating system, such as the iOS or Android, could support over the top (OTT) applications. The messaging solution for the smartphone did not come from the giant telecom or internet companies. Instead, it came from WhatsApp, a start-up. WhatsApp does 30 billion messages a day, whereas all the telecom companies put together do 20 billion SMS messages per day. Such is the power of disruption!
Such a “WhatsApp moment” is now upon us in Indian banking. This discontinuity has been caused by several things coming together. Smartphones are growing dramatically and are expected to reach a penetration of 700 million by 2020. Over 1 billion Indian residents now have Aadhaar, an online biometric identity. The government promoting financial inclusion through the Jhan Dhan Yojana has led to over 200 million new bank accounts being opened. With the RBI giving licences to over 20 new banks, including small banks and payment banks, the competitive intensity of the sector is set to increase. One can visualise a future where every adult Indian has an Aadhaar number, a smartphone and a bank account. Already over 280 million Indian residents have an Aadhaar-linked bank account and around 1 billion direct benefit transfer (DBT) transactions have happened, whose value is in the billions of dollars.
On top of this, a set of powerful open and programmable capabilities, that are collectively referred to as the “India Stack” by the think-tank iSPIRT, has been created over the last seven years. Aadhaar provides online authentication using one’s fingerprint or iris, which can be done from anywhere. This can make transactions “presence less”. The e-KYC (know your customer) feature of Aadhaar enables a bank account to be opened instantly, just by using the Aadhaar number and one’s biometric. The e-sign feature enables online documents to be digitally signed with Aadhaar. The “digital locker” system enables the storage of such electronic documents safely and securely. All this can make the entire banking process “paperless”.
The final two layers of the “India Stack” have great relevance to the future of banking. The Unified Payment Interface (UPI) layer, a product built by the National Payment Corporation of India (NPCI), a non-profit company collectively owned by banks and set up in 2009, will revolutionise payments and accelerate the move towards a “cashless” economy. So “pushing” or “pulling” money from a smartphone will be as easy as sending or receiving an email. This product from NPCI is the latest in several payment systems that they have developed, from the National Financial Switch, National Automated Clearing House, and RuPay cards, to the Aadhaar Payment Bridge, the Aadhaar-enabled Payment System and IMPS, a real-time payment system.
The move to a “cashless” economy will be accelerated by the Aadhaar-enabled biometric smartphones. So credential checking in banking will move from “proprietary” approaches (debit card and PIN) to “open” approaches (mobile phone and Aadhaar authentication). As such, the holy grail of one-click two-factor authentication, now available only to giants like Apple, will be available to kids in a garage to develop innovative solutions.
Finally, as India goes from being a data-poor to a data-rich economy in the next two to three years, the electronic consent layer of the “India Stack” will enable consumers and businesses to harness the power of their own data to get fast, convenient and affordable credit. Such a use of digital footprints will bring millions of consumers and small businesses (who are in the informal sector) to join the formal economy to avail affordable and reliable credit.
As data becomes the new currency, financial institutions will be willing to forego transaction fees to get rich digital information on their customers. The elimination of these fees will further accelerate the move to a cashless economy as merchant payments will also become digital.
This will also shift the business models in banking from low-volume, high-value, high-cost, and high fees, to high-volume, low-value, low-cost, and no fees. This will lead to a dramatic upsurge in accessibility and affordability, and the market force of customer acquisition and the social purpose of mass inclusion will converge.
These gale winds of disruption and innovation brought upon by technology, regulations and government action, will fundamentally alter the banking industry. Payments, liabilities and assets will undergo a dramatic transformation as switching costs reduce and incumbents are threatened. As the insightful report from Credit-Suisse has so well explained, there is a $ 600 billion market capitalisation opportunity waiting to be created in the next 10 years. This will be shared between existing public and private banks, the new banks and new-age NBFCs. It may even go to non-banking platform players, which use the power of data to fine-tune credit risk and pricing, and make money from customer ownership and risk arbitrage.
The public sector banks, which occupy the commanding heights of the economy with a 70 per cent market share, will be particularly challenged. Even as they deal with the inheritance of their losses, they will have to cope with, and master, enormous digital disruption. This will require their owners, the government, to give them the autonomy and freedom to experiment and innovate.
To quote Shakespeare, “There is a tide in the affairs of men, which, taken at the flood, leads on to fortune”. The $ 600-billion opportunity is here. The WhatsApp revolution went unnoticed by incumbents. Normally such disruptive changes (like bubbles) are only recognised after they have happened. In this case, the forces of change are evident and can be anticipated. The opportunity for the banking sector has been called, and it is equally accessible to incumbents, both in the public and private sector, to the new banks, to the NBFCs and the tech companies. The future will belong to those who show speed, imagination and the boldness to embrace change.
This article was written as foreword to a Credit-Suisse report on the Indian banking sector
IndiaStack can enable the government, the citizens and entrepreneurs to interact with each other through an open digital platform.
At a time when financial technology is changing the face of Indian banking, the government is looking to bridge the digital divide.
The biggest hurdle here is paper-based authentication and approvals. To bridge this gap iSpirt is working with various government agencies to develop IndiaStack.
What is IndiaStack?
IndiaStack is a paperless and cashless service delivery system being conceived by a digital think tank iSpirt. It can enable the government, the citizens and entrepreneurs to interact with each other through an open digital platform. It is the largest application programming interface that is being developed in order to enable 1.2 billion Indians to get access to goods and services digitally.
When was it started?
It was conceived by the government of India in 2012 when they realised, in order to help services reach the last mile of the Indian population, it needed private technology solutions to be built on the Aadhaar database. The project is being pedalled forward by Nandan Nilekani the ex-chief of Unique Identification Database Authority of India, who describes it as the “Whatsapp moment for Indian banking”.
Why is it essential?
The government has been striving for a less cash economy to prevent pilferages and last mile connectivity of financial services. While the Aadhaar database allows users to complete all KYC requirements, there is still a gap in getting approvals because of the need for a signature on paper.
IndiaStack will be able to bridge that gap through its digital lockers which will allow for digital signatures and seamless API (Application programming interface) integration for authentication through eKYC.
How will it be designed?
IndiaStack is conceived as a pyramidal structure based on the Aadhaar database as the base and unified payments interface (UPI) that is being developed by NPCI (National Payments Corporation of India) as the top. The two middle stacks comprise digital signatures and eKYC.
Nilekani has explained that with the help of digital signatures customers will not need to actually sign a paper document, instead it can digitally sign it by using a smartphone. eKYC will also enable the identity of the customer to be determined digitally as well.
How will it be beneficial?
The biggest benefits could be completely digital payments through the UPI infrastructure for a less cash economy. Also, loan approval through eKYC and digital signatures could be done faster in a paperless fashion. Both these steps can bring people without access to digital payments to come within the digital fold.
Just over 12 years ago, I sat on the sofa outside my office in Infosys, and explained to Tom Friedman about how the playing field was getting levelled through technology. This inspired him to write ‘The World is Flat,’ an international bestseller that sold millions of copies and captured the zeitgeist of the era.
It was an era where technology and political change brought everyone closer. The Dissolution of the Soviet Union in Dec, 1995 was presaged by the fall of the Berlin Wall on the 9th of Nov, 1989. And, the Berlin Wall incident was set in motion by the invasion of the communist Grenada in Oct, 1983. Grenada’s regime change marked the beginning of the end of the Soviet empire. The design of the containerized ‘box’ laid the foundation for global trade in goods and the massive investment in telecommunication capacity and undersea cables as part of the ’dotcom’ boom and bust, laid the foundation for global trade in services.
In this context, last Friday’s Brexit is a momentous development. It marks the turning point in the Wests’ 35 years of globalization. It is truly a ‘Grenada’ moment, but in the opposite direction.
Over the next few years, the West will slowly turn back on immigration, outsourcing and economic integration. This will have major consequences for everybody in the world. India will have to focus on its own domestic market and not on exports. Automation and Chinese overcapacity will hit manufacturing, and growth will come in services. Employment and entrepreneurship will happen through platforms that aggregate – farmers, retailers, truckers and vendors. This will result in the formalization of the economy in a big way, as finally the benefit of being in the system thanks to affordable and reliable credit will be higher than staying out. India has the potential of many years of high growth as millions of Indians join the organized society. India Stack will be a key enabler for this to happen!
We have been thinking a lot about this scenario at iSPIRT. This presentation (pasted below) captures our view of such a future. Hope you enjoy it!
You can also catch my talk on the future of India in the age of technological disruption at Think Next 2016 in Bangalore (video pasted below the presentation here).
India’s digital startups have an analog problem. They face a kagaz ka pahad. Literally. Many of them are designing for the digital desh of Bunty, the 37-yearold Udaipur shoe-seller who gets 40% of his business on his smartphone. Or, Chaitanya Bharti, Guntur’s 30-year-old single-room school teacher who gets remittances on her basic phone.
But every time they collect and store paper records, scrutinise “wet signatures”, and handle lots of physical cash, they can’t grow as fast, be as affordable or innovate to create the digital desh Bunty aur Bharti aspire to.
Nowhere is this more visible than in financial services where the kagaz ka pahad unwittingly aids what Prime Minister Modi called “financial untouchability”.
There is good news. The JAM trinity — a basic account like Jan Dhan, Aadhaar and mobile phones — makes it possible for digital services to reach every Indian. JAM is much more than aslogan — it is the result of public policy and technology that made this foundation a reality. With that foundation in place, public policy can go further. It must go further.
We don’t just give digital pioneers wings, we strap on booster rockets to launch them well over and past that kagaz ka pahad.
Incredible and necessary win for Aadhar in today's budget ! Cheers & Kudos to @India_Stack and @NandanNilekani
India Stack is just that. It is a series of new-age digital infrastructure which, when used together, makes it easier for digital pioneers to run faster, reach more people.
The Stack has four layers: (1) a presence-less layer where a universal biometric digital identity allows people to participate in any service from anywhere in the country; (2) a paper-less layer where digital records move with an individual’s digital identity eliminating the kagaz ka pahad; (3) cashless layer where a single interface to all the country’s bank accounts and wallets democratises payments; and (4) a consent layer which allows data to move freely and securely to democratise the market for data.
Each layer has a specific technology — Aadhaar authentication and eKYC, eSign and Digilocker, Unified Payments Interface, and consent architecture — with corresponding public APIs, under India’s Open API policy.
The National Payments Corporation of India released APIs for the Unified Payments Interface and is now running a hackathon for businesses to experiment.
You can go to indiastack-.org to participate. Each layer is managed as a public good. This is important. This makes the India Stack not just new-age technology but a smart policy. Technology stacks are not new. Uber, the highest valued startup on the planet, rose to success on GPS, Google maps, electronic payments and more.
In Kenya, the mobile payment service of M-PESA is like the cashless layer enabling a whole slew of digital businesses. What is different about the India Stack is that it is designed to level the playing field for newer, smaller entrants.
There is no one company or a handful of companies controlling access, behaving like bottleneck monopolies.
India Stack sets a global precedent. It is of Indian origin but not India-specific. Bits and pieces exist elsewhere in the world but nowhere under such a common frame and vision. For example, globally, data has become a battleground for the future of business.
The consent architecture, arguably, is a breakthrough to democratise the market for data without compromising on security. The India Stack is designed to propel the digital world forward in India or anywhere.
Guest Post by Kabir Kumar leads FinTech initiatives at CGAP. Sanjay Jain is a volunteer with iSPIRT Open API team.
On Saturday, I was going to attend 3rd year anniversary event of iSPIRT On the way on my bus to meeting, my mind was filled with varied thoughts about 2010 or earlier, when I was outsourced product start-up employee. Looks like little time ago, 6 years has passed from 2010 when I met the volunteers of NPC. Sharing comments to volunteers (Avinash, Rajan, Vijay, Manju, Suresh) on lack of “Made in India” products, I learnt that their thoughts were similar and more advanced. In addition, while I was talking, they had larger dream to create ecosystem where tech geeks are proud of creating products and the first baby step to create pride to come with products was NPC event.
For a regular visitor in technical meetups of BLR and volunteer for education and health activities in the weekends, their volunteering style spoke more about the volunteer’s real intent. More interaction made me realize that contribution mattered more than the person’s experience or position. This was firs time I heard people work selflessly as part of industry forum and became curious to understand their concept better, leading to a sense of respect for volunteers, motivating myself to volunteer for NPC 2013. In 2013, iSPIRT was formed as new initiative with focus to create a product nation and volunteers drive the vision of iSPIRT. Today, I continue to see the volunteering spirt even today to be similar or better than my experience in early 2010. Hence I have planned to spend whole day to attend 3 In 2013, iSPIRT was formed as new initiative with focus to create a product nation and volunteers drive the vision of iSPIRT. Today, I continue to see the volunteering spirt even today to be similar or better than my experience in early 2010. Hence I have planned to spend whole day to attend 3rd year anniversary function of iSpirit. This blog represents what I learnt about growth of iSPIRT in 3 years. When the first session on “PlayBooks” started, I started to recall that iSPIRT had started to offer Playbooks as first learning program. Playbooks used to represent all programs offered to start-up entrepreneurs. Targeted entrepreneurs on application were invited to participate in playbooks based on specific stage of their start-up. Being in the ecosystem, I am aware of
All programs and events are free for participants. Participants apply to attend program or event with details about their startup and applicant registration is approved based on their suitability to programs theme and approved participants attend event for free.
Programs and events focus to impart learning for a category of start-ups that are present in specific stage of their journey namely start-up enthusiasts, Discovery, Product Market Fit and finally Scale To Grow.
The session shared that iSPIRT is offering 3 learning programs and 3 knowledge events. I did not realize that I myself have been attending some of these events. I still see absence of programs and events for the Discovery stage yet, difficult and tricky stage to cross.
iSPIRT has come with a matured structure around programs and events termed KASH Playbook Framework. Playbook are no more a program and had become umbrella representation for all programs. What does KASH represents?
K – Knowledge
A – Attitude (Mindset)
S – Skills
H – Habit
Been an entrepreneur, I can relate with KASH as learning theme for programs offered to entrepreneur’s because all programs aims to impart entrepreneur to gain knowledge, develop a mindset, learn skills, identify habits and practice the same to empowers entrepreneur in current stage to create/generate KASH leading to transition from current stage to next stage.
My view of RoundTable is to help happy & confused startups with product market to scale business. I learnt RoundTable (K, S) continues to be an informal closed door interaction (~4 hour) among entrepreneurs and practitioners facilitated by saddle entrepreneur to learn tacit knowledge & skill. Roundtable started as first program of iSPIRT in 2013.
My view of PNGrowth is to help scaled startups with product market fit to grow leaps and bounds. I learnt PNGrowth (A) is 3 day bootcamp to shake up and instill ‘Panga’ Mindset requisite for category leadership, followed by a 1 year community support. The first program was in 2016 at Mysore The 3 learning events Innofest, SaaSx, InTech50 are focused on large participants. My view of Innofest is to help creators to explore possibility to transform their creation/hobby in to business. I attended the first I attended the first Innofest (A) that happened in Aug 2015 in Bangalore and nice to hear the event travelled to Hyderabad. I wish that sure more cities are eager to conduct event to help innovators take pride in their products and show case them, get feedback of their application in reality. This is “No copy paste entrepreneurship”. My view of SaaSx is that new entrants gain insights in to the tribal knowledge of experienced SaaS folks which helps them to make their offering better more efficient. SaaSx(K) event is to create & nurture community of SaaS entrepreneurs in India at the SaaS capital of India – Chennai. The first event happened in Chennai in 2014, followed in 2015, which I attended and can vouch for the fact that SaaS entrepreneur’s shared their deep intimate learning with others. My view of InTech50 is as experiment with difference. Instead of startups working hard to engage and partner with large corporates with their product offerings, can we make corporates to come together and engage with startups and share feedback and evolve in to partnership. Reversing approach of startup Push model to build relationship and engagement to Corporate Pull model.InTech50 showcases software products created by Indian entrepreneurs, with aim to help software product companies to enter global markets via our network of early adopters, partners, co-innovators and investors. Companies apply and Chosen companies receive advice, on-going mentoring, product marketing support, and funding to scale in the global markets. This program comes with a cost cover expenses for two attendees and event logistics.
Another session I focused was on “India Stack: Powering thousands of experiments”. Before jumping to understand India Stack and session contents, it is good to start with some history in India of how absence of legacy era in telecom and internet has become Indian advantage over time. With absence of telecom legacy, India skipped analog era and leapfrog to digital era of STDs, leading to leapfrog to mobile usage. With absence of internet legacy, India skipped PC based internet and had leapfrog to era where internet technology is available to every Indian via mobile (computing device of choice). Look at the money savings for India from not having to spend to build legacy infrastructure that becomes obsolete with advent of new technologies and money goes waste.
This enables every Indian to access and consume service offered by internet software and mobile apps over internet. It is time to dream and create experiments to leverage this leapfrog benefit to enable Indians to leapfrog to make use of digital applications and the Indian government has jumped in to same with Digital India campaign. One see two fundamental changes happening.
Every Indian can access and use mobile apps, with mobile phones in hands of every Indian.
Every Indian is getting used to electronic banking and payments fueled by e-commerce players.
iSPIRT wants to dreams along with Indian government with belief that this is right time that Indian entrepreneur’s need to leverage Digital explosion wave expected in India soon. One can dream in terms of how technology can be leveraged to create financial inclusion, how apps can create positive interventions in areas of education and health care. When you dream, you are motivated with the potential to leapfrog tech-starved Indians to tech- savvy Indian. Dreams are ideas to start with. Dreams need to follow with action to reality. For such a dream to happen, iSPIRT has seen itself a role to contribute to seamless working between entrepreneurs and with government agencies and regulators and has started to proactively engage with government. This joint engagement with stakeholders of Indian government enabled iSPIRT to propose 4 recommendation to serve as backbone for Indian government to realize the dream of Digital India.
OpenAPI Policy objectives recommended for Digital India programs
7 key principles for to be adhered for implementing Digital India programs.
Technology Stack to serve as baseline for developing apps for Digital India
India Stack to serve as baseline for implementing Digital India.
iSPIRT has recommended these OpenAPI policy objectives
Software interoperability: APIs are recommended for all e-governance applications and systems, enabling quick and transparent integration across these applications and systems.
No Government Silos: Information and data shall be shared through a secure and reliable sharing mechanism across various e-Governance applications and systems.
Data available to public: Make people’s data public. Provide APIs to enable people to view data.
Baseline guidelines for Implementers Provide guidance to Government Organizations to develop, publish and use these Open APIs
iSPIRT has recommended these 7 key principles to be followed in developing application by government and integration layer with government applications.
The 3 learning programs IKEN, RoundTable and PNGrowth are focused on limited participants.
My view of IKEN to help startup enthusiasts aware of challenges to enable self-assess of their strengths and to identify needed self-improvements. I learnt IKEN (S, H) is a 10 weekend boot-camp for early/Novice entrepreneurs and startup enthusiasts and focuses on life skills of an Entrepreneur along with business skills. The first program was created in 2015 in consultation with effectuation with Prof Saras and happened multiple times in Bangalore.
Based on OpenAPI Policy and guideline principles, here is robust technology stack recommended for creating innovative solutions to India’s hard problems.
With payments being accelerated by regulatory Innovation and a continuous rise of smart phones, here is robust solution stack recommended for developing Digital India applications.
What I liked about iSPIRT is
Supporting entrepreneur’s with learning that they need and that is not easily available.
Focus to get feedback for their initiatives and working to bring a structure to their work.
Contribute by promoting and facilitating the use of IndiaStack creating curiosity and real interest.
If APIs are made open, secure and available for developers (through sandbox), I am sure iSpirt would jump to volunteer to evangelize IndiaStack APIs and promote IndiaStack APIs through Hackathons and developer Events.
To end with, Saturday meeting made me realize that iSpirt has matured from an unstructured volunteer initiative for entrepreneurs and is on the path to become think tank to create product nation. Guest Post by G. Srinivasan,
It is time for us to embrace new-age start-ups and local think tanks for India to prosper.
Human development indicators improve rapidly when countries learn to provide health, education and financial inclusion more effectively. Incremental increases in expenditure on welfare schemes and subsidies do not bring about this change. Plugging the leakages in government distribution helps, but it is not a panacea. What we need are game-changing innovations that can tackle India-scale challenges.
In the past 30 years, it has become clear that game-changing solutions do not follow a prescribed path to discovery. Instead, they are born out of hundreds of experiments. These experiments can’t be limited to the labs of a few resource-rich incumbents.
We need to widen the funnel to include the new-age entrepreneurs and innovators. To do this, the government needs to adopt and evangelize pro-challenger tools and policies that reduce barriers to experimentation, create level playing fields and encourage innovating around national issues.
There is some good news on this front. In the past few years, a collaborative effort between several government agencies and the Indian Software Products Industry Round Table (iSPIRT), a non-profit think tank, have helped create key enablers for hundreds of experiments.
A digital infrastructure for cashless, paperless and presence-less (on smartphone) service delivery is now in place. It is colloquially called the India Stack. It offers all the building blocks that are needed as public goods. And the rapid adoption of Jan Dhan Yojana, Aadhaar and mobile numbers (JAM) has created a ready pool of citizens to try out these services.
This enables new-age start-ups to do more complex things than they could do before, making them transformation agents for real India.
These new-age start-ups will deliver 10x gains that we need in health, education and financial inclusion to make India successful.
But we must think beyond start-ups. The Indian state must evolve too. It must learn faster, change faster and implement faster.
A 2013 paper by Luke Jordan of the World Bank and Sebastien Turban and Laurence Wilse-Samson of Columbia University shows that the Indian state performs poorly on these dimensions compared to the Chinese state. They identify many factors for this.
For instance, China has undertaken reform once every five years since 1978, while India has only attempted it twice in 65 years. Therefore, China has been continuously tuning up its capacity to learn and deliver.
In India, substantial administrative reforms are overdue. (The reforms recommended by the Second Administrative Reforms Commission still remain unimplemented.)
It turns out that think tanks have an important role to play too. A dense network of think tanks is necessary to conduct and spread research.
Indian think tanks are mostly central or foreign, with only a few having strong links into the policy system. China has think tanks observing and explaining change. This is a structural gap.
Because of this, the Indian state is conspicuously lacking in its capacity to generate new knowledge, transmit it across the system and act on that.
It is time for us to embrace the two new players—new-age start-ups and local think tanks—for India to prosper. Only then will we able to break free from our current trajectory to meet the aspirations of our young citizens.
Jay Pullur is founder and CEO of Pramati Technologies. He is also a co-founder and governing council member of iSPIRT.
Shashank N.D. is founder and CEO of Practo Technologies. He is part of iSPIRT’s Founder Circle.
India is the third largest smartphone and mobile internet user market in the world with over 200 million internet users in 2013. The figures are expected to touch a staggering 500 million users by 2017, including 314 million mobile internet users according to a report by IAMAI and KPMG. Clearly, mobile phones are the ‘computing device of choice’ for the country. To keep up the momentum, the Government of India is keen on developing the digital infrastructure of the country under the Digital India program.
Digital India is a revolutionary program that will empower the masses and leapfrog India into the next generation of government services. Fortunately, the lower level of investment in earlier generation technology means India has skipped the legacy era and waited for the right technology to arrive at its doorstep. To kick-start and empower the Digital India program in a very democratized form and involve the great innovation talent of the nation, the Government of India has launched an open API policy. An open API, often referred to as a public API, is a publicly available Application Programming Interface (API) that provides programmers with programmatic access to a propriety software application. This set of open API is known as the India Stack and these would enable the ease in integration of mobile applications with the data securely stored and provided by the government to authenticated Apps.
India Stack is a complete set of API for developers and includes the Aadhaar for Authentication (Aadhaar already covers over 940 million people and will quickly cover the population of the entire nation), e-KYC documents (safe deposit locker for issue, storage and use of documents), e-Sign (digital signature acceptable under the laws), unified payment interface (for financial transactions) and privacy-protected data sharing within the stack of API. Together, the India Stack enables Apps that could open up many opportunities in financial services, healthcare and education sectors of the Indian economy. What this essentially means is that developers and tech startups can now build software and create businesses around the readily available infrastructure offered through India Stack, thus opening a huge potential to tap into the booming smartphone market in the country. Since the consumer market in India is very large, such startups could also hope for institutional funding and gain from the early mover advantage.
Through the digitized elements like e-KYC, e-Sign, digitized Aadhaar information and digital locker, the entire ecosystem has now become a presence less, paperless and cashless based system. A Digital Locker enables users to have all their legal documents in a digitized format that is stored online and can be accessed from any part of the country. The e-Sign makes it simple for people to sign deals, contracts and legal documents through their phones and the Unified Payment Interface lets people make payments with ease through their smartphones from anywhere.
India Stack makes a user base of over a billion people readily available through its API. This means that startups and tech companies can build over this to be able to integrate various functions for their businesses or for larger enterprises. Every bank or telecom operator scans through tons of paperwork every day to be able to verify customers and generate KYC documents. Now imagine the impact if this entire process could be digitized by building an application which would integrate India Stack and the user base of over a billion Indians!
With the technology, documentation and sample code available, entrepreneurs and startups can get started with innovating, prototyping as well as building India Stack enabled applications. The commercial applications are endless with multiple opportunities, as the large user base opened up by India Stack is nascent, solution-hungry and largely untouched by technology. Now even a local vegetable trader can take an intra-day loan almost instantly through his mobile phone and pay it back the very same or next day without even physically visiting the bank or wasting any time (time is money when earnings are proportional to time spent)! With their e-KYC documents and digital signatures, a loan can be processed almost instantly and the money transferred through the Unified Payment Interface. Long queues at banks, telecom offices and all other government and non-governmental processes should be the thing of the past, through proper integration of India Stack.
The nation is looking for “a transition from technology-poor to innovation-rich society” and entrepreneurs have a good role to play. The problems (read opportunities) in financial services, healthcare and education are all so large that only the right technology can cost-effectively solve them. Solving these scale problems would mean great business sense too.
iSPIRT, the non-profit software product industry think tank powered by industry veterans, has been actively involved in the development of India Stack and is helping entrepreneurs make the best use of business opportunities provided by India Stack, while building their startups. iSPIRT believes that India Stack creates a whole new generation of business opportunities around the mobile phone and early movers would have tremendous market advantages.
On a recent visit to India, Bill Gates commented on India Stack saying, “India is on the cusp of leapfrogging!” And it truly is; considering it is the only country in the world offering such an open and secure API, India is certainly looking at taking the Digital India campaign to a whole new level.