iSPIRT works to transform India into a hub for new generation software products, by addressing crucial government policy, creating market catalysts and grow the maturity of product entrepreneurs. Welcome to the Official Insights!
At the Fourth National Startup Advisory Council Meet held on 17.05.2022 under Hon’ble Minister of Commerce and Industry, Consumer Affairs, Food & Public Distribution, and Textiles Shri Piyush Goyal, the NavIC Grand Challenge (GC) was launched. The GC seeks to mainstream the use of NavIC and establish it as a domestic mapping solution.
iSPIRT has contributed to the development of this Grand Challenge. During the Third NSAC Meet, Sharad Sharma, Co-founder of iSPIRT and a member of the National Startup Advisory Council (NSAC), proposed the concept of prominence to NavIC as a domestic mapping solution.
Later, the iSPIRT Team, led by Captain Amit Garg and our volunteers Sayandeep Purkayastha, Captain George Thomas, and Tanuvi Thakur, presented the concept note and working paper on the GC to DPIIT (Dept for Promotion of Industry and Internal Trade).
Multiple rounds of discussion among the Department for Promotion of Industry and Internal Trade, Indian Space Research Organisation (ISRO), and iSPIRT Foundation brought the final shape to the working paper. All of this culminated in the launch of GC-NavIC on the 17th of May.
What is NavIC?
NavIC or Navigation of Indian Constellation is India’s independent regional satellite navigation system created by DOS/ISRO. Its signals are inter-operable with the civilian signals of the other navigation satellite systems namely GPS, Galileo, Glonass, and BeiDou. NavIC has made in-roads into civilian applications in India like vehicle tracking, power grid synchronization, location-based services (using mobile phones), disaster alert dissemination, etc. Efforts are being made to enable the incorporation of NavlC into drones, the maritime sector, wearable devices, time dissemination, geodesy, etc. The applications are being promoted by the availability of NavlC-enabled off-the-shelf chipsets & devices at competitive rates and by the adoption of NavlC in national and international industry standards.
The GC is a step towards taking NavIC adoption further into the future, i.e. the future of AtmaNirbhar Mapping Solution. The GC brings together the triumvirate of NavIC, Agriculture, and Drones by becoming a big-bang thrust for the Kisan Drones Project as well.
The GC-NavIC
The GC-NavIC has an intersection with GOI’s Project Drone Shakti. It seeks to promote:
The use of drones to solve the problem of agriculture insurance, i.e., the integration of the product to solve cases under the Pradhan Mantri Fassal Bima Yojana, is in line with the Government’s steps to harness technology for agricultural growth;
Building a digital database of agricultural data that will supplement the digitization of land records and crop assessment measures of Drone Shakti;
The use of ISRO’s homegrown NavIC technology in developing drones under the GC will promote the use of NavIC in the commercial drone landscape for remote sensing, imagery, mapping, etc.
The GC has invited innovative solutions that will utilize NavIC-enabled drones to capture data related to farm field topography, process this data, and make it available for use for commercial purposes. Ideas should be such that the product can be deployed across all terrain types in the country. Further, the captured and processed data should be viable and efficient for use within the Pradhan Mantri Fasal Bima Yojana (PMFBY) framework.
A detailed application process (here) calls for a detailed proposal of the tech specs of the participants’ product solution. This will be the basis for 25 participants selected for a presentation of their product before the Experts Panel. 7 selected participants on the basis of an objective and transparent selection criteria will compete in Phase 1 of the GC – the prototype deployment stage. In phase 2, the top 3 participants will compete towards fulfilling the problem statement by deploying their fully functioning product.
Transformative Powers of Challenge Grants
Challenge Grants have transformative powers and scalability opportunities that can serve as an impetus to quality innovation. Treatment Adherence for TB was the first challenge launched under the Grand Challenges in TB Control program. The aim was to devise solutions for improving tuberculosis screening, detection, and treatment outcomes. One of the participants, 99Dots, came up with a novel solution for low-cost monitoring and medication adherence program by using a combination of basic mobile phones and augmented blister packaging to provide real-time medication monitoring at a drastically reduced cost. By 2017-18, 99Dots was used across all districts in India and is now listed as a treatment program on the Government’s Nikshay portal.
The GC-NavIC through its intersection with Project Drone Shakti and the revamped operational guidelines of the PMFBY that emphasize tech-based solutions will help harness technology for agriculture and create opportunities for commercial utilization of NavIC. The recent ban on foreign drones by the Government will move the focus to domestic manufacturing. Encouraging local drones with local technology will increase the AtmaNirbhar potential in the drone and navigation ecosystem and enable Indian Startups to unlock the $5 billion drone market.
Conclusion
The GC-NavIC is touted to deliver three essential outcomes – better regulations in the drone and mapping space, ecosystem development, and channel of public money for private innovation. All three will lead to transformative innovations that will push India into modern agricultural practices and domestic mapping-navigation solutions.
The post is authored by our volunteer fellow, Tanuvi Thakur. She can be reached at tanuvi@ispirt.in.
The internet connected the average Indian to millions of sources of information. Could crypto protocols connect Indians to millions of sources of capital?
To achieve its goal of a five trillion dollar economy by 2025, India needs to close an enormous financing gap for its small and medium-size enterprises (SMEs). It already has important assets with which to attract global capital: the youth of its population, the energy of its tech sector, the growth of its internet connectivity, and the rising acceptance of so-called informational collateral in lieu of traditional physical collateral. But what hasn’t yet been done is to integrate these assets into the new multi-trillion dollar cryptoeconomy, which may have the most risk-tolerant, internationally oriented, growth-seeking pool of investors in the world.
In this piece we begin by reviewing India’s need for SME and startup capital. We then tick through India’s existing assets, with particular focus on informational collateral, which combines the previously separate concepts of due diligence and physical collateral into an internet-friendly financing package. Finally, we discuss why global crypto investors could help meet India’s capital needs.
India’s need for SME and startup financing
India is home to more than 60 million businesses, 10 million of which have unique GST registration numbers, most of them SMEs. However, of the one trillion USD worth of total commercial lending exposure of the banking system, only ~25% of it is provided to SMEs, which are considered less creditworthy than larger corporates or multinationals. This has resulted in a financing gap estimated to be between 250-500 billion USD, where meritorious businesses without national profiles aren’t able to access the capital they need to finance their growth. India’s next trillion in GDP growth depends upon solving this problem, but the incumbent financial system may not have the resources to fix it alone. Despite ever-increasing bank branches, India’s legacy financial system is still slow, costly, and unwieldy for borrowers— in sharp contrast to the databases, online KYC systems and intelligent lending apps of new-age fintech companies. And in addition to this high cost of capital for MSMEs, India also has a low baseline level of financial inclusion.
The baseline issue is being partially addressed with low-frill Jan Dhan accounts, which are providing partial banking support for millions of previously excluded individuals. Many of these Jan Dhan accounts are held by small businesses, entrepreneurs, students and self-employed people in rural India, the same folks who are running India’s SMEs. But these accounts have only inflow data, with outflows typically in cash. Even though cash still plays a big role in the self-organized and informal sectors, it’s not easy to provide business-related financing in cash. The so-called JAM trinity (Jan Dhan accounts, Aadhaar digital identities, and Mobile phones) offers a partial solution for this under-banked population, but it only supports what we might think of as consumer-grade applications like basic peer-to-peer payments and individual savings accounts. Access to capital sufficient to finance a business — a true measure of financial inclusion — is still not yet present for these low-income, mostly feature-phone possessing groups.
On the other end of the spectrum from rural SMEs are India’s tech startups. Over the last decade, India has broken into the ranks of global technology and is now the #3 generator of unicorns in the world. Supportive governmental policies, combined with a young, creative, and aspirational workforce has helped reimagine large swathes of the economy including diverse industries such as e-commerce, logistics, SAAS, education, food, healthcare etc. This rise has attracted global equity and loan-funds that could in turn help many start-ups become world beating players in their respective domains. But the startup sector is just as hungry for capital as the rural SMEs, and India’s startup economy is still somewhat disconnected from global venture capitalists and financial markets.
India’s assets: youth, growth, connectivity, and informational collateral
India does have assets with which to close the capital gap. It has a youthful population. It has a fast-growing economy, even given the setbacks of COVID-19. It has an enormous population of hundreds of millions of new internet users. And it has something new, which is the possibility of informational collateral as a sort of combination of traditional concepts of due diligence and physical collateral.
Specifically, the SME funding gap is most pressing for the Indian cash-flow businesses that don’t have the physical assets to take out loans, which are the mainstay of the current, hard-collateral-backed credit system.
One alternative is to use trustworthy digital records to ascertain whether a business is worthy of credit or equity investment. India’s Goods and Services Tax (GST) helps to address this by generating invoice and payment data in a format suitable for credit underwriting and risk analysis. The GST data also enables a small enterprise in a large value system to provide data and visibility across the supply chain; for example, one can track the progress of parts from a small parts supplier to an auto component manufacturer to a large passenger car maker all the way through to distributors, sub-dealers, and retail sales.
The digital version of an SME’s sales and purchase invoices ledger thus amounts to informational collateral on both the company and the larger ecosystem within which it sits, that could become the basis for extending credit, as an alternative to the hard asset or collateral-based financial system. This is similar to how Square Capital and Stripe Capital already function in the West.
In addition to credit-based financing, the trustworthy records furnished by GST’s informational collateral can also support equity or quasi-equity financing, to support growth without increasing debt. These might take the form of direct equity investments in small businesses, or even personal micro-equity investments in individual consultants or students.
India’s innovation: use new pools of crypto capital to address long-standing financing needs
So, we understand that (a) Indian SMEs need capital, and that (b) IndiaStack’s UPI and Aadhaar can help GST generate informational collateral for potential investors and lenders.
Now the question arises: what class of investors is most willing to use this newfangled type of informational collateral to invest in potentially high-risk businesses outside of the proven venues of America, Europe, East Asia and the large Indian enterprises? Who are the most risk-tolerant, international, forward-looking, class of investors in the world — willing to risk millions of dollars purely on the basis of internet diligence alone?
It may turn out to be the new class of wealthy, globally-minded crypto investors. After all, the 10-year old cryptoeconomy is now worth trillions of dollars, there are more than a hundred million crypto holders around the world, and there are at least fifty crypto protocols valued over one billion dollars, a “unicoin” analog to the traditional tech unicorn. While still small in comparison to global capital markets, a sector worth $2T that is growing at more than 100% per annum could become a much larger piece of the global financial puzzle in short order. This is a new source of risk-tolerant digital capital that could flow into India to help close the SME financing gap, if we can make it an attractive proposition for the global investor.
Specifically, India could offer a viable path to deploy this new crypto wealth in a controlled manner, while solving for SME financial inclusion. Inflows of cryptocurrencies from KYC-ed investors through approved Indian and global exchanges can potentially be allowed into India for the purposes of enhancing SME access to low-cost global capital. GST-registered companies could, for instance, receive capital against their issued e-invoices and other information collateral in special accounts opened via a controlled conduit such as GIFT city, which is one of India’s favored bridges to international markets. The companies benefiting will need to explicitly consent to sharing their information and receiving funds into a new account at system-level while capturing cash flows against invoices for repayment. Inflows of global crypto-capital into Indian SMEs could also enable the rest of the credit system to migrate to informational collateral-based lending. And the special account could eventually be ported to a wallet backed by a national digital currency, such as the proposed digital rupee.
For more detail on this possibility, we invite your attention to Balaji S. Srinivasan’s companion piece on the subject, where he proposes to Add Crypto To IndiaStack. Balaji makes the case for crypto-powered extension of IndiaStack, which broadens IndiaStack from its current mostly domestic remit into an international platform for attracting capital from around the world. He describes several case studies by which the emerging world of decentralized finance or “defi” could help enrich the Indian economy, without competing with the digital rupee. For example, Indian startups could benefit from crypto crowdfunding, Indian SMEs as discussed could access global defi lending pools, and Indian students might even be funded with the emerging concept of personal tokens, like an equity-based version of microfinance. As the former CTO of Coinbase, the $100B crypto goliath, and a former General Partner at Andreessen Horowitz, the $16B venture capital firm, Balaji’s proposals have technical and social support from the very class of investors we’d seek to attract. At least insofar as they relate to the issue of plugging the SME financing gap, we believe they deserve serious consideration by policymakers in India.
In short, India has a unique opportunity to close the SME financing gap by attracting the new class of global crypto investors, by using everything the IndiaStack team has helped build over the last decade — particularly UPI, Aadhaar, GST, and the informational collateral they generate — to help connect the trillion-dollar cryptoeconomy to capital-hungry Indian entrepreneurs.
We held an impromptu Open Session on Balloon Volunteering on 20th September 2020. Watch the recorded video and presentation below to learn if iSPIRT volunteering is right for you.
This session will cover some of the available volunteer opportunities and tell you how to engage with us.
Last month, an expert committee chaired by Kris Gopalakrishnan submitted a report on a framework for regulating Non-Personal Data in India. The rest of this blogpost contains iSPIRT’s response to this report.
At iSPIRT Foundation, our view on data laws stems from three fundamental beliefs:
Merits of adata democracy (that is, the user must be in charge),
Competitive effects must be well understood, for creation of a level playing field amongst all Indian companies, and some ring-fencing must exist to protect against global data monopolies
Careful design enables both high compliance and high convenience
It is with these three perspectives that we have analyzed the Non-Personal Data report in our response.
The report makes a well-cited and articulate case for regulating data in India, such that “[data’s] benefits accrue to India, and Indians”. It defines and outlines the roles of various entities relating to the capture, processing and governance of Non-Personal Data. Whereas we are wholeheartedly aligned with the vision of the committee and its members in creating an Aatmanirbhar Bharat and the importance of facilitating a robust AI-industry in the country, we find that the report is sound in premise but murky in detail. Where an overarching legal framework surrounding NPD is proposed, on closer inspection it falls short of achieving the aforementioned goals of protection for Indians and prosperity for Indian businesses. Therefore, more work must be done before a final version of this report can be released.
In what follows, we take the example of one industry that will be affected by the new Non-Personal Data framework and attempt to understand the report in relation to it.
Case Study: X-ray Data
Consider the case of a (fictional) health-tech startup called rad.ai that seeks to generate radiology summaries from lung X-rays. These summaries will help pulmonologists (lung-specialist doctors) identify various pulmonary diseases or early signs of cancer. Such a company requires two things to succeed – data about X-rays and technology to build models.
Under the tenets of the NPD report, it would seem that (given the right technology foundations) such a startup would be well placed to succeed. In particular, the report suggests that the X-ray data as described above will be classified as community data and outlines mechanisms for collecting and sharing it. It suggests that the dual goal of enabling rad.ai while protecting the subjects of the data can be accomplished in the following framework –
rad.ai will first be able to identify that appropriately anonymized lung X-rays, termed community data, are available for access through meta-data that is published by radiology labs engaging in collecting such data.
rad.ai will then be able to access this data for free through a data trust (presumably a virtual API on the cloud) which is created by the radiology labs.
This will all happen with the consent and oversight of a data trustee, an entity that is a representative of the persons from whom this data is collected.
While this sets a broad-strokes framework with the right intentions, there are a few key problems that arise when we dive deeper into the proposed solution. We have outlined some areas where clarifications are needed and details must be made available. These include the definition & value of community data, obligations of the data custodian, access for data users and rights of the data principal. Towards the end, we also discuss the question of NPD’sinterplay with personal data and the definition and use of public data.
Definition and Value of Community Data
While the case of X-ray data seems straightforward, the scope of community data in the report appears to be vast. However, it also seems to suggest that while data explicitly extracted from users is classified as community data, data generated in the course of a business’s activities may be considered private business data – and this may not be mandated to be shared. In that case, it would appear that e-commerce, delivery and employee data fall under private business data – although an argument could be made for classifying this as community data.
Further, the report makes a distinction between raw and processed data. In particular, raw data must be shared free of cost, whereas the price of processed data could be determined based on market or FRAND (fair, reasonable and non-discriminatory) principles. In the case of lung X-ray data, labs obtain such data from anonymizing raw personal data, so presumably it is now processed and need not be shared without remuneration. In the general case, however, we recommend that the lines between raw and (various levels of) processed data should be clearly demarcated.
Data Custodian Perspective
Consider next, the situation from the perspective of the diagnostic labs. There are about 70,000 labs and hospitals offering radiology services in the country [ref]. Each of these has its own technology implementations or third-party TSPs (technical service providers) for collecting and storing any patient data. How can all of these labs and hospitals be mandated to provide control of this data to the data trustee in order to share the X-ray information with companies like rad.ai? Who is/are the data trustee in this case anyway – the MoHWF, the NHA, an NGO serving the interests of cancer patients? If there are multiple data trustees that have an interest in the same underlying data, how is it ensured that every decision that each of them takes is in the best interests of the user? How are labs supposed to even publish the meta-data (meta-information about what data they have collected) in a standard, machine-readable format, so that companies like rad.ai can discover it seamlessly? Finally, considering that such compliance comes with associated costs, what are the concrete benefits for making this data available?
Data User Perspective
Then there is the case of rad.ai itself. Let us assume, for now, the provisions of the previous paragraph and overlook the contentions raised. Say that because of access to this X-ray data, the startup rad.ai has been able to create excellent ML models to predict the early risks of major diseases and help pulmonologists. It has done well and begins to expand across the country. A few years later, a foreign health-tech giant (again, fictional) called Hooli enters the fray by investing in rad.ai. Backed by foreign investment, rad is now stronger than ever. However, the report identifies “to promote and encourage the development of domestic industry and startups that can scale” as one of its key objectives. While rad.ai was originally a fully Indian company, it was allowed access to the community data from radiology labs to develop its models. Now that rad.ai has foreign investment, should it still be allowed to benefit from Indian community data? What if Hooli owns a majority stake? What if Hooli acquires rad.ai outright?
Data Principal Perspective
Finally, consider this from the perspective of the patient herself – the “data principal”. How is she guaranteed that her interests are protected and the aforementioned data is impervious to de-anonymization? As discussed above health data is considered sensitive data and the patient has every right to ensure that it is handled with extreme care. The report also recommends that consent must be taken from the actors in the community before the anonymization and use of their data – but what form will this consent take? How will its purpose be determined and collection be enforced before any data is anonymized and utilized? How can anonymisation be assured when multiple anonymised datasets are capable of being combined together? Finally, the report acknowledges that all sharing of community data should be based on the concept of “beneficial ownership” where the benefits of this data sharing also accrue to the data principal. How is the patient directly benefiting from such a data-sharing mechanism? What mechanisms are in place to enable such benefits?
Interplay With PDP Bill
Consider next, the case of the health-tech giant Hooli and assume that it also operates a search engine. As per the suggestions of the Srikrishna PDP Bill [Clause 14], Hooli could be allowed to collect personal user data and use it directly since its operation of search engines falls under “other reasonable uses of personal data”. When combined with the fact that under the provisions of the Non-Personal Data report sharing of all raw NPD becomes mandatory, Hooli is actually disincentivized from anonymizing its personal search data. By keeping this data personally identifiable, it is prevented from having to share it with competing search engines and startups. Can misaligned incentives such as these hinder progress towards the report’s stated goals?
On Public Data
Consider finally that some of the labs and hospitals conducting X-rays will be government-owned. The report recommends that all data generated through government and government-funded activities are classified as Public data, which is in turn classified as a national resource. There is no guidance on the compliance requirements of the government controlling this public data under such a scenario. Will government hospitals still be required to make it available? More importantly, does the community (i.e. patients) have no claim to their data in this case merely because it was collected by the government instead of a private entity?
Concluding Remarks
In summary, the report importantly conceives a legal notion of community, private and public non-personal data and outlines a framework in which such data might be shared for the advancement of economic, sovereign and core public interests. However, more work must be done to detail compliance requirements and standardize the mechanisms of sharing such data before the final version of the report is released. In its current state, the report only touches upon the rights of the data principal, the obligations of the data trustee and the compliance requirements of the data custodian. In a State with limited regulatory capacity for creating standards and enforcing bodies, these rights, obligations and compliance requirements should be comprehensively and clearly defined before a law ordaining them can come to pass. Custodians must be incentivized to share, industry startups must be enabled to access and the community must be empowered to self-preserve before the vision of an Aatmanirbhar Bharat with a booming AI industry can be realized.
India is starved of affordable, formal credit. Only 11 % of the 60 million MSMEs* have access to capital from organised lenders today. This under-penetration has shackled our economic growth and economic woes of our growth drivers, the MSMEs has only worsened in wake of the current pandemic.
There is a massive market opportunity to be tapped here that has been inhibited because the current rails for flow of capital to the untapped market are broken.
They are broken for the lenders, to be able to reach out to these prospective borrowers. Few of the many reasons include high cost of borrower acquisition and time consuming custom third party tie-ups with loan originators.
They are broken for the marketplaces to connect their customers with lenders. The custom integrations and manual processes are costly and time consuming. The Turnaround Time to get loans deposited to customers is high and their ability to provide custom financial products quickly is restricted, owing to implementation challenges.
These broken rails needed to be fixed and the solution must solve the problem at scale.
The fix for this is a ‘Fixed Line to Mobile Telephony’ moment for ‘Credit Borrower’.
In a complete re-imagination of the credit rails, we recently witnessed a loan disbursement :
Instantly in borrower’s bank account
From application to disbursement in less than 5 minutes, with no human decisioning involved!
The next chapter in the story of ‘India Stack’ that brought this to life is the new ‘Open Credit Enablement Network’. It is a common language for lenders and marketplaces to utilise and create innovative, financial credit products at scale.
In this new credit paradigm, the marketplaces/aggregators using these APIs to embed credit offerings in their applications are called ‘Loan Service Providers’ (LSPs).
How are these ‘Loan Service Providers’ playing a vital role in democratizing access to credit?
How are they enabling more choices, better credit products and lower interest rates for their customers?
Why are they exuberant about this new ‘Plug and Play’ architecture and what does it mean for their core business and driving additional revenue?
What do they mean when they say ‘every marketplace will now become a Fintech company’?
Some of the top lenders in the country such as State Bank of India, HDFC Bank, ICICI Bank, IDFC First Bank, Axis Bank and Bajaj Finserv have come onboard and will soon be in a state of readiness to usher in this new credit paradigm.
Just as UPI presented an opportunity for massive companies to be built and delightful customer experiences to be created, we are excited to see entrepreneurs capitalise on this massive opportunity.
We are excited to share with you :
Answers to all the questions above
A product demo depicting the ‘5-minute digital credit journey’
Introduction to ‘Open Credit Enablement Network’
When: 5 pm to 6:30 pm, IST on Friday, 24th July
Where: Online virtual session on Zoom. Webinar details will be shared with the registered participants.
To confirm your participation and receive the virtual link, please click here: https://bit.ly/LSPOpenHouse1 (same form has been embedded below)
The DigiSahamati Foundation, the non-profit Self Regulatory Organization responsible for evangelizing the nascent Account Aggregator (AA) ecosystem, is organizing a hackathon featuring lots of masterclasses for the public to attend and learn from.
As a refresher, an AA is a new kind of legal entity defined in this RBI circular. The basic idea is that the average Indian today generates lots of financial data. Each credit card payment, sale of a mutual fund, repayment of a loan, and filing of an invoice generates some new data about users, be they individuals or businesses.
This data trail is actually very valuable – understanding a person’s financial activity can tell you a lot about that individual’s behaviour, preferences, and profile as a consumer. Today, banks use this data about customers to sell them various kinds of products (insurance, loans, savings products), and they also sell the customer’s data to marketers and advertisers. This is not necessarily a bad thing, as long as it happens in a secure way, with the customer’s consent and in such a way that the customer gets some value out of it too.
This is where the AA comes in. In today’s world, the customer doesn’t have any say nor cut of revenue when the bank shares their data with marketers. It is also difficult to extract the valuable financial data outside of a bank’s database to share with a third party provider such as a lender, insurer, or wealth manager. Until now, the only ways customers could get their data out of the bank today is through physical passbooks, downloaded PDF statements, or by giving access to their SMS/emails/netbanking account.
These methods are painful and unsafe, and they don’t help a customer get the best deals. If the customer could easily and cheaply move their data to third parties, then maybe they would get better interest rates and prices, and their existing bank would also have to offer more competitive products and pricing.
Fortunately, the banks and RBI have figured out that in order for India’s financial sector to really grow, individuals and companies need a more safe and efficient way to maximize the value of their ever growing data. This will not only benefit consumers, it will also result in a richer and more innovative banking landscape with a larger customer base. The AA is the entity which helps users give their consent to move data outside their bank account to a third party in a safe and easy manner. The customer gets to choose exactly what data to share, with who, for how long, and under what conditions. This consent is granularly programmable and revocable. Detailed information about this new system can be found on the Sahamati blog.
The AA framework is about to go live in the next months with some of the country’s largest financial institutions including SBI, HDFC, ICICI, IndusInd, Axis, IDFC First, Bajaj Finance, and others. Given this timing, Sahamati decided to organize a hackathon in order to spread awareness of this powerful new infrastructure.
The response so far has been excellent for them. More than 600 hackers were accepted to take part in this four-week long virtual hackathon. During these four weeks, participants in the hackathon will learn about all the different facets of this new technology, from UI/UX to security to product innovations in fields like lending, insurance, personal finance management, and more.
All of these masterclasses, as well as the final presentations by hackathon participants, are open to the public. The list of masterclass presents can be found here.
Information-technology Promotion Agency, Japan (IPA), Japan External Trade Organization (JETRO), and the Indian Software Product Industry Roundtable (iSPIRT) have shared common views that (i) our society will be transformed into a new digital society where due to the rapid and continued development of new digital technologies and digital infrastructure including digital public platforms, real-time and other data would be utilized for the benefit of people’s lives and industrial activities, (ii) there are growing necessities that digital infrastructure, together with social system and industrial platforms should be designed, developed and utilized appropriately for ensuring trust in society and industry along with a variety of engaged stakeholders and (iii) such well-designed digital infrastructure, social system and industrial platforms could have a great potential to play significant roles to improve efficiencies of societal services, facilitate businesses, realize economic development and solve social issues in many countries.
Today, we affirm our commitment to launching our cooperation and collaboration through the bringing together of different expertise from each institution in the area of digital infrastructure, including mutual information sharing of development of digital infrastructure, in particular, periodic communication and exchange of views to enhance the capability of architecture design and establishment of digital infrastructure. We further affirm that as a first step of our cooperation, we will facilitate a joint study on digital infrastructure, such as (i) the situation of how such digital infrastructures have been established and utilized in India, Japan and/or other countries in Africa or other Asian regions (the Third Countries) as agreed among the parties, (ii) how the architecture was or can be designed for digital infrastructure as a basis for delivering societal services in the Third Countries and (iii) what kind of business collaboration could be realized, to review and analyze the possibility of developing digital infrastructure in the Third Countries through Japan-India cooperation. We may consider arranging a workshop or business matching as a part of the joint study to figure out realistic use cases.
Our cooperation is consistent with the “Japan-India Digital Partnership” launched between the Ministry of Economy Trade and Industry, Government of Japan and the Ministry of Electronics and Information Technology, Government of India in October 2018. We will work closely together and may consider working with other parties to promote and accelerate our cooperation if necessary.
For any clarification, please reach out to sanjay.anandaram@ispirt.in
Data protection and privacy have been a topic of hot debates and discussion in recent times in India. It had become extremely important as India is progressing to a be a “Digital economy” to address this issues relating to the use of personal data.
iSPIRT has been in forefront of developing Consent Framework and called as Data Protection & Empowerment Architecture (DEPA). The Account Aggregator Policy of RBI revolves around this consent architecture.
Whereas the bill is of interest to almost all the sectors of the economy, it is extremely important for businesses in Information Technology sector and especially in Software product Industry to understand the law as it is seeded and further as it evolves.
The bill has many aspects to it in the legal framework. It is not possible to cover the entire understanding of the bill in one blog. We have attempted to cover some salient features that may be important for the Software Product Industry as well as how it contacts with the techno-legal aspects of DEPA as it stands in financial sector, perhaps to be replicated in other important sectors of the economy.
This blog is again posted in a Question and answer format both as a video and as a transcript of the video. You can use the one you like.
Questions have been asked by iSPIRT volunteer and Policy expert Mr Sudhir Singh and answered by Supratim Chakraborty (Data Privacy and Protection expert from Khaitan & Co.) and Siddharth Shetty (leading the DEPA initiative at iSPIRT).
What are the most important aspects of the bill?
Supratim answered, “What we have seen is through this draft bill, there is an attempt to establish the relationship of trust between the data subject and data controller. The nomenclature has been changed in this bill and It is data fiduciary and data principles. It puts a lot of onus on the data fiduciary to take care of data care protection.”
“There are several important aspects of the bill that needs attention such as localisation of data, cross-border transfer and also some other aspects such as privacy by design, transparency requirement, security safeguard, breach notification, grievance redressal mechanism, the requirement of Data protection officer, record keeping requirements”, as elaborated Supratim.
Is there some restriction on data fiduciary? Is the state exempted?
Supratim said, “this bill is equally applicable to private parties and the Government unlike earlier provisions of section 43A and 72A of IT ACT. 43A will be scrapped after this bill comes into existence. There has been a lot of debate on this aspect of bringing Govt. under the purview of the law.”
Is right to be forgotten covered in a similar way as GDPR?
Supratim explained, “Our Govt. has looked at this in a more business-friendly way by covering the right to be forgotten by provisioning that any further dissemination of data should be stopped, once the data principal chooses to withdraw the consent or ask for the right to be forgotten.”
He described four governing aspect that explains how to determine the aspect of keeping Data local, as described below.
You could have certain pockets of personal data that can be transferred outside.
There could be certain pockets of data that could be transferred outside but a serving copy of the data has to be within the country
The third category is sensitive personal data ambit of sensitive personal data which has been widened considerably compared to what we saw under the 43A of IT ACT. For this, if sent out of
The fourth category is data that cannot be sent outside country at all.
“On Cross border transfer of data in addition to ‘consent’ there has to be standard contractual clauses (approved/prescribed by authority) or the transfer to a jurisdictions is approved by the central government”, he further explained.
What is the Data Protection Authority?
Supratim answered, “In the draft bill this seems to be all encompassing all powerful authority from rulemaking to advisory to enforcement. Therefore it is important to see how this really shapes up. In “IT Act”, section 43 A and 72A were largely there to cover the aspects of data privacy but enforcement and implementation.”
What are other important aspects to consider?
“There are many aspects but let us touch upon two given below”, said Supratim.
One is the requirement of having notices in multiple languages, which is not a very hard obligation the way it has been put. But in a country like India for say an e-commerce platform imaging the cost that one has to incur for putting multiple language notices. Also, we need to see are we able to really address the point of informed consent through this, because you also have a section of people who may be illiterates. Justice Srikrishna report suggest that we should have short videos or graphical representation which make it very easy for someone to understand the critical aspects of privacy.
Another important aspect is applicability of the law. This law is applicable to all processing that is happening in India and also to foreign bodies. Section 2(2) talks about applicability to foreign bodies, the first part says that “in connection with any business carried out in India”. This means a global platform that is accessible from India has to have the entire requirement of this law.
Are we going in direction of GDPR?
Supratim answered, “Whereas we are trying to follow the Gold standard and many countries are trying to follow the path set by GDPR, India is quite different country and we are not following everything the way it is in GDPR, we have to be mindful of our requirements. But the idea is slowly and surely reach a zone where we can have our laws quite akin to laws of matured jurisdictions.”
How does Bill address iSPIRT DEPA initiative?
Siddharth, sees this draft bill as a unique India first approach. He feels that apart from addressing privacy and data protection aspects it empowers Indians on having control on the use of their data for better financial services, better health services, education etc.
Siddharth goes on to explain that at iSPIRT for past 3-4 years we have been working at Consent layer of IndiaStack or Consent framework and it is great to see that bedrock of draft bill is actually based on consent and in that way it is somewhat similar to GDPR. But, one of the biggest problem they are facing in EU today is it is very difficult to operationalise consent. It is for the first time India has a unique infrastructure to operationalise consent.
“DEPA is nothing but a set of two tools that helps to operationalise consent, explains Siddharth.
One is known as Digital Locker system which allows to the federated exchange of data and second is known as electronic data consent, which is nothing but an electronic representation of user Consent.
“This means, if you want to share or allow your data from some provider to say another consumer, then you must be able to express what date you want to share with whom for what time period in some codified manner. This codified information or consent is known as consent artefact”, says Siddharth further.
As explained by Siddharth, the ‘consent artefact’ became a national standard in 2016 adopted by four financial sector regulator RBI, PFRDA, IRDA and SEBI and they adopted it for their entire eco-system.
Based on consent artefact every individual has an access to financial data and has a mechanism to share that data to gain access to a loan or any other services provider. This has been through an institutional mechanism called Account aggregator.
Siddharth further elaborated that, “the ‘Account aggregator’ (AA) is a class of entities known as data access fiduciaries. The AA unlike other parts of world decouples the institution that collecting consent from an institution that either consuming data or providing data. In EU e.g. as per of PSP2 directive the account information service provider which consumes data is also responsible for collecting the data.”
In India, 3 AA have been approved. Technical standard drafts are also out for ecosystem. And through AA you actually have an entity that’s working toward creating an informed consent experience. Going forward just like UPI you receive your consent for a payment, through AA you will have an entity that helps you provide and control consent. Based on Financial sector we have proposed a similar concept to TRAI for the telecom sector and health sector to NITI Ayog.
Has the AA concept been addressed in the bill?
Siddharth explains further, “The bill makes bedrock of most processing of data based on consent. AA model is nothing but your consent collector or Consent manager. Every data principle they have outlined right to confirmation and access, right to correction, most importantly the right to data portability. As a data principle from data fiduciary, you have the right to request and port machine structured non-reputable transaction history or any other user-generated data to other service providers. AA is nothing but a framework to operationalise this right.”
He further explained that in the report preceding the bill, they talk about a concept consent dashboard. AA is nothing but a consent dashboard. They had 2 tech innovation consent dashboard and data dashboard. You can log consent flows and data flows.
Will, there be consent dashboards concept like AA in other sectors also or will there be one single point authority under DPA?
Siddharth, “it would be a combination of both. If you see the draft bill, it allows sectoral regulators to write rules. For data the falls under private data sets category such as data pertaining to social media etc, DPA would prescribe an standard.”
The report talks about that dashboard can be maintained by each data fiduciary or it can be a common dashboard that everyone else agrees and follows. If you look at the account aggregator dashboard it is a common dashboard for the entire financial sector. But for social media companies can follow their won dashboards.
For any Software product companies that does not lie in any of the regulated sector can create their own consent dashboards, where the user can come see their dashboard correct their data, port the data, manage their consent.
Unlike the IT act, this regulation will have a direct bearing on any businesses processing data irrespective of being in a Software product or other domain. And hence there is a need to be attentive. How right is this aspect?
“Yes, the ambit increases quite a bit. Wherever there is sensitive personal data interface involved, the level of compliance requirement has gone up several times. In the IT Act, there was a mention of personal data in section 72A. The present draft bill does not talk about the deletion of 72A. The draft bill have a parallel mechanism set out in the IT Act”, mentioned Supratim.
Siddharth, “it is just not limited to compliance, this law unlocks the whole host of business models around data sharing around consented data sharing that you haven’t yet seen in any other country and it will be really interesting to space to see what companies get a build out there.”
Question from Participants.
What is the definition of data processing? Or what is the differentiation between Data Storage and Data Processing. E.g. if you are an email service provider, is it Data Storage or Data Processing? (asked by Chintan)
Supratim answered, “definition of data processing is extremely wide enough to make businesses fall in to ‘data processing category’ without being a processor.”
What is the timeline? (Asked by Chintan)
MeitY has asked for public comments by 10th of September on the draft bill, thereafter it will be presented to parliament and after promulgation, there will be more work in framing Authority, the rules by DPA etc. The law is not expected to be in implementable form only after 18 Months or so, minimum.
What happens to the Existing customer? Do we go back to them and get their consent? (Karthik)
Supratim answered, “whilst the it is not a retrospective legislation, if you continue processing without taking consent, you will fall foul of the requirement of law.”
Are there any fines defined here? (Karthik)
Yes, it has been taken care. Just like other aspects the draft bill he highly inspired by GDPR on this aspect also. We have 4% and 2% of annual turnover. There are 2 buckets 4% and 15 Cr and other is 2% and 5 Crore.
Do we need to appoint an DPO?
“There is a segregation which has been made of has significant Data Fiduciary under certain conditions will have to have DPO. Also, this law has an immense amount of significant rulemaking power, answered Supratim.
Hence, it will be seen in future how rules are framed by Authority. So, it has to be seen how business friendly the authority remains in rulemaking e.g. section 43A in IT ACT gave rule making power to define what is sensitive data and information and set out what is reasonable practices and procedure. In the rule made in future, we saw a plethora of requirements set out, over legislated and sometimes badly drafted.
The rules will go through an evolutionary cycle. Hence, the legislation has to be tested over a period of time as it unfolds, after crystallisation of this draft promulgation by parliament in to an ACT and rules being made after that on different aspects.
Disclaimer
PolicyHacks, and publications thereunder, are intended to provide a very basic understanding of legal/policy issues that impact Software Product Industry and the startups in the eco-system.
PolicyHacks, therefore, do not necessarily set out views of subject matter experts, and should under no circumstances be substituted for legal advice, which, of course, requires a detailed analysis of the relevant fact situation and applicable laws by experts in the subject matter on the case to case basis.
If you are facing an issue, we recommend you take expert professional advice on the case to case basis.
We intend to provide the best transcripts in the text part of the blog. However, it may not be an exact replica and maybe approximation, more standardised, normalised or moderated version of the expert view presented in the video.
iSPIRT volunteers are strivers. We seek the good for our nation and our ecosystem. We brainstorm, ideate, experiment, build, and evangelize to fulfill our mission of making India a Product Nation. Every volunteer draws us into an ever-enlarging realm of intellectual possibilities and purposeful engagements.
Take Nikhil Kumar for instance. He stepped up almost two years ago to evangelize UPI and handhold its early adopters. He set out to create winning implementations that would put traditional payment systems to shame. Needless to say, this wasn’t an easy thing to do. There was no template to follow. And, most didn’t believe in the potential of this new breakthrough payment system. But this didn’t faze Nikhil. He had chosen his adventure inside iSPIRT and nothing could hold him back.
Today, UPI is a success story. However, that’s not the full story.
Nikhil showed us how to stay cool under fire, to foster affinity, and skillfully navigate diverse opinions amongst many stakeholders. His all-hands-on-deck work ethic came with an ability to take decisive action when the situation demanded it. He showed that a young volunteer can be a visionary with big plans and the capacity to bring them to life. He has set an example for all of us on how to pay-forward and serve a cause bigger than all of us. All this makes him an iSPIRT Volunteer Hero.
From tomorrow, Nikhil is shifting gears. He is stepping away from being a volunteer-in-residence. He is taking a few months break. After that, he plans to create a startup. This is great news for iSPIRT. While our India Stack and other technology public platforms create possibilities, it is the products and services that create value. We need all elements of a healthy society – sarkar, samaj, bazaar – to come together to solve population scale problems sustainably. So, we wish him all the very best in this new pursuit of excellence.
All shifts require an adjustment. While Nikhil will remain a part-time iSPIRT volunteer working on WANI, he will no longer be the iSPIRT voice on payments for media, policymakers, startups and financial institutions.
Nikhil’s lasting legacy is that he opened up iSPIRT volunteering for talented youngsters under-30s. Today we have more than a dozen young power volunteers. He has helped all of us see the particular gifts that these young volunteers bring to the cause. His spirit will live on!
By Sharad Sharma, Pramod Varma and Sanjay Khan Nagra for Volunteer Fellow Council
Technology has been a boon to healthcare. Minimally-invasive procedures have significantly increased safety and recovery time of surgeries. Global collaboration between doctors has improved diagnosis and treatment. Rise in awareness of patients has increased the demand for good quality healthcare services. These improvements, coupled with the growing penetration of IT infrastructure, are generating huge volumes of digital health data in the country.
However, healthcare in India is diverse and fragmented. During an entire life cycle, an individual is served by numerous healthcare providers, of different sizes, geographies, and constitutions. The IT systems of different providers are often developed independently of each other, without adherence to common standards. This fragmentation has the undesirable consequence of the systems communicating poorly, fostering redundant data collection across systems, inadequate patient identification, and, in many cases, privacy violations.
We believe that this can be addressed through two major steps. Firstly, open standards have to be established for health data collection, storage, sharing and aggregation in a safe and standardised manner to keep the privacy of patients intact. Secondly, patients should be given complete control over their data. This places them at the centre of their healthcare and empowers them to use their data for value-based services of their choice. As the next wave of services is built atop digital health data, data protection and empowerment will be key to transforming healthcare.
Numerous primary health care services are already shifting to smartphones and other electronic devices. There are apps and websites for diagnosing various common illnesses. This not only increases coverage but also takes the burden away from existing infrastructures which can then cater to secondary and tertiary services. Data shared from devices that track steps, measure heartbeats, count calories or analyse sleeping patterns can be used to monitor behavioural and lifestyle changes – a key enabler for digital therapeutic services. Moreover, this data can not only be used for monitoring but also for predicting the onset of diseases! For example, an irregular heartbeat pattern can be flagged by such a device, prompting immediate corrective measures. Thus, we see that as more and more people generate digital health data, control it and utilise it for their own care, we will gradually transition to a better, broader and preventive healthcare delivery system.
In this context, we welcome the proposed DISHA Act that seeks to Protect and Empower individuals in regards to their electronic health data. We have provided our feedback on the DISHA Act and have also proposed technological approaches in our response. This blog post lays out a broad overview of our response.
As our previous blog post articulates the principles underlying our Data Empowerment and Protection Architecture, we have framed our response keeping these core principles in mind. We believe that individuals should have complete control of their data and should be able to use it for their empowerment. This requires laying out clear definitions for use of data, strict laws to ensure accountability and agile regulators; thus, enabling a framework that addresses privacy, security and confidentiality while simultaneously improving transparency and interoperability.
While the proposed DISHA Act aligns broadly with our core principles, we have offered recommendations to expand certain aspects of the proposal. These include a comprehensive definition of consent (open standards, revocable, granular, auditable, notifiable, secure), distinction between different forms of health data (anonymization, deidentification, pseudonymous), commercial use of data (allowed for benefit but restricted for harm) and types and penalties in cases of breach (evaluation based on extent of compliance).
Additionally, we have outlined the technological aspects for implementation of the Act. We have used learnings from the Digital Locker Framework and Electronic Consent Framework (adopted by RBI’s Account Aggregator), previously published by MeitY. This involves the role of Data Fiduciaries – entities that not only manage consent but also ensure that it aligns with the interests of the user (and not with those of the data consumer or data provider). Data Fiduciaries only act as messengers of encrypted data without having access to the data – thus their prime task remains managing the Electronic Data Consent. Furthermore, we have highlighted the need to use open and set standards for accessing and maintaining health records (open APIs), consented sharing (consent framework) and maintaining accountability and traceability through digitally verified documents. We have also underscored the need for standardisation of data through health data dictionaries, which will open up the data for further use cases. Lastly, we have alluded to the need to create aggregated anonymised datasets to enable advanced analytics which would drive data-driven policy making.
We look forward to the announcement and implementation of the DISHA Act. As we move towards a future with an exponential rise in digital health data, it is critical that we build the right set of protections and empowerments for users, thus enabling them to become engaged participants and better managers of their health care.
We have submitted our response. You can find the detailed document of our response to DISHA Act below
Increasing penetration of smartphones, Aadhaar-linked bank accounts and a host of powerful open and programmable capabilities is set to create the ‘WhatsApp moment’ for Indian banking.
Once in a while a major disruption or discontinuity happens which has huge consequences. In 2007, the internet and the mobile phone came together in a whole new product called the smartphone. This phone, with its own operating system, such as the iOS or Android, could support over the top (OTT) applications. The messaging solution for the smartphone did not come from the giant telecom or internet companies. Instead, it came from WhatsApp, a start-up. WhatsApp does 30 billion messages a day, whereas all the telecom companies put together do 20 billion SMS messages per day. Such is the power of disruption!
Such a “WhatsApp moment” is now upon us in Indian banking. This discontinuity has been caused by several things coming together. Smartphones are growing dramatically and are expected to reach a penetration of 700 million by 2020. Over 1 billion Indian residents now have Aadhaar, an online biometric identity. The government promoting financial inclusion through the Jhan Dhan Yojana has led to over 200 million new bank accounts being opened. With the RBI giving licences to over 20 new banks, including small banks and payment banks, the competitive intensity of the sector is set to increase. One can visualise a future where every adult Indian has an Aadhaar number, a smartphone and a bank account. Already over 280 million Indian residents have an Aadhaar-linked bank account and around 1 billion direct benefit transfer (DBT) transactions have happened, whose value is in the billions of dollars.
On top of this, a set of powerful open and programmable capabilities, that are collectively referred to as the “India Stack” by the think-tank iSPIRT, has been created over the last seven years. Aadhaar provides online authentication using one’s fingerprint or iris, which can be done from anywhere. This can make transactions “presence less”. The e-KYC (know your customer) feature of Aadhaar enables a bank account to be opened instantly, just by using the Aadhaar number and one’s biometric. The e-sign feature enables online documents to be digitally signed with Aadhaar. The “digital locker” system enables the storage of such electronic documents safely and securely. All this can make the entire banking process “paperless”.
The final two layers of the “India Stack” have great relevance to the future of banking. The Unified Payment Interface (UPI) layer, a product built by the National Payment Corporation of India (NPCI), a non-profit company collectively owned by banks and set up in 2009, will revolutionise payments and accelerate the move towards a “cashless” economy. So “pushing” or “pulling” money from a smartphone will be as easy as sending or receiving an email. This product from NPCI is the latest in several payment systems that they have developed, from the National Financial Switch, National Automated Clearing House, and RuPay cards, to the Aadhaar Payment Bridge, the Aadhaar-enabled Payment System and IMPS, a real-time payment system.
The move to a “cashless” economy will be accelerated by the Aadhaar-enabled biometric smartphones. So credential checking in banking will move from “proprietary” approaches (debit card and PIN) to “open” approaches (mobile phone and Aadhaar authentication). As such, the holy grail of one-click two-factor authentication, now available only to giants like Apple, will be available to kids in a garage to develop innovative solutions.
Finally, as India goes from being a data-poor to a data-rich economy in the next two to three years, the electronic consent layer of the “India Stack” will enable consumers and businesses to harness the power of their own data to get fast, convenient and affordable credit. Such a use of digital footprints will bring millions of consumers and small businesses (who are in the informal sector) to join the formal economy to avail affordable and reliable credit.
As data becomes the new currency, financial institutions will be willing to forego transaction fees to get rich digital information on their customers. The elimination of these fees will further accelerate the move to a cashless economy as merchant payments will also become digital.
This will also shift the business models in banking from low-volume, high-value, high-cost, and high fees, to high-volume, low-value, low-cost, and no fees. This will lead to a dramatic upsurge in accessibility and affordability, and the market force of customer acquisition and the social purpose of mass inclusion will converge.
These gale winds of disruption and innovation brought upon by technology, regulations and government action, will fundamentally alter the banking industry. Payments, liabilities and assets will undergo a dramatic transformation as switching costs reduce and incumbents are threatened. As the insightful report from Credit-Suisse has so well explained, there is a $ 600 billion market capitalisation opportunity waiting to be created in the next 10 years. This will be shared between existing public and private banks, the new banks and new-age NBFCs. It may even go to non-banking platform players, which use the power of data to fine-tune credit risk and pricing, and make money from customer ownership and risk arbitrage.
The public sector banks, which occupy the commanding heights of the economy with a 70 per cent market share, will be particularly challenged. Even as they deal with the inheritance of their losses, they will have to cope with, and master, enormous digital disruption. This will require their owners, the government, to give them the autonomy and freedom to experiment and innovate.
To quote Shakespeare, “There is a tide in the affairs of men, which, taken at the flood, leads on to fortune”. The $ 600-billion opportunity is here. The WhatsApp revolution went unnoticed by incumbents. Normally such disruptive changes (like bubbles) are only recognised after they have happened. In this case, the forces of change are evident and can be anticipated. The opportunity for the banking sector has been called, and it is equally accessible to incumbents, both in the public and private sector, to the new banks, to the NBFCs and the tech companies. The future will belong to those who show speed, imagination and the boldness to embrace change.
This article was written as foreword to a Credit-Suisse report on the Indian banking sector
IndiaStack can enable the government, the citizens and entrepreneurs to interact with each other through an open digital platform.
At a time when financial technology is changing the face of Indian banking, the government is looking to bridge the digital divide.
The biggest hurdle here is paper-based authentication and approvals. To bridge this gap iSpirt is working with various government agencies to develop IndiaStack.
What is IndiaStack?
IndiaStack is a paperless and cashless service delivery system being conceived by a digital think tank iSpirt. It can enable the government, the citizens and entrepreneurs to interact with each other through an open digital platform. It is the largest application programming interface that is being developed in order to enable 1.2 billion Indians to get access to goods and services digitally.
When was it started?
It was conceived by the government of India in 2012 when they realised, in order to help services reach the last mile of the Indian population, it needed private technology solutions to be built on the Aadhaar database. The project is being pedalled forward by Nandan Nilekani the ex-chief of Unique Identification Database Authority of India, who describes it as the “Whatsapp moment for Indian banking”.
Why is it essential?
The government has been striving for a less cash economy to prevent pilferages and last mile connectivity of financial services. While the Aadhaar database allows users to complete all KYC requirements, there is still a gap in getting approvals because of the need for a signature on paper.
IndiaStack will be able to bridge that gap through its digital lockers which will allow for digital signatures and seamless API (Application programming interface) integration for authentication through eKYC.
How will it be designed?
IndiaStack is conceived as a pyramidal structure based on the Aadhaar database as the base and unified payments interface (UPI) that is being developed by NPCI (National Payments Corporation of India) as the top. The two middle stacks comprise digital signatures and eKYC.
Nilekani has explained that with the help of digital signatures customers will not need to actually sign a paper document, instead it can digitally sign it by using a smartphone. eKYC will also enable the identity of the customer to be determined digitally as well.
How will it be beneficial?
The biggest benefits could be completely digital payments through the UPI infrastructure for a less cash economy. Also, loan approval through eKYC and digital signatures could be done faster in a paperless fashion. Both these steps can bring people without access to digital payments to come within the digital fold.
Just over 12 years ago, I sat on the sofa outside my office in Infosys, and explained to Tom Friedman about how the playing field was getting levelled through technology. This inspired him to write ‘The World is Flat,’ an international bestseller that sold millions of copies and captured the zeitgeist of the era.
It was an era where technology and political change brought everyone closer. The Dissolution of the Soviet Union in Dec, 1995 was presaged by the fall of the Berlin Wall on the 9th of Nov, 1989. And, the Berlin Wall incident was set in motion by the invasion of the communist Grenada in Oct, 1983. Grenada’s regime change marked the beginning of the end of the Soviet empire. The design of the containerized ‘box’ laid the foundation for global trade in goods and the massive investment in telecommunication capacity and undersea cables as part of the ’dotcom’ boom and bust, laid the foundation for global trade in services.
In this context, last Friday’s Brexit is a momentous development. It marks the turning point in the Wests’ 35 years of globalization. It is truly a ‘Grenada’ moment, but in the opposite direction.
Over the next few years, the West will slowly turn back on immigration, outsourcing and economic integration. This will have major consequences for everybody in the world. India will have to focus on its own domestic market and not on exports. Automation and Chinese overcapacity will hit manufacturing, and growth will come in services. Employment and entrepreneurship will happen through platforms that aggregate – farmers, retailers, truckers and vendors. This will result in the formalization of the economy in a big way, as finally the benefit of being in the system thanks to affordable and reliable credit will be higher than staying out. India has the potential of many years of high growth as millions of Indians join the organized society. India Stack will be a key enabler for this to happen!
We have been thinking a lot about this scenario at iSPIRT. This presentation (pasted below) captures our view of such a future. Hope you enjoy it!
You can also catch my talk on the future of India in the age of technological disruption at Think Next 2016 in Bangalore (video pasted below the presentation here).
India’s digital startups have an analog problem. They face a kagaz ka pahad. Literally. Many of them are designing for the digital desh of Bunty, the 37-yearold Udaipur shoe-seller who gets 40% of his business on his smartphone. Or, Chaitanya Bharti, Guntur’s 30-year-old single-room school teacher who gets remittances on her basic phone.
But every time they collect and store paper records, scrutinise “wet signatures”, and handle lots of physical cash, they can’t grow as fast, be as affordable or innovate to create the digital desh Bunty aur Bharti aspire to.
Nowhere is this more visible than in financial services where the kagaz ka pahad unwittingly aids what Prime Minister Modi called “financial untouchability”.
There is good news. The JAM trinity — a basic account like Jan Dhan, Aadhaar and mobile phones — makes it possible for digital services to reach every Indian. JAM is much more than aslogan — it is the result of public policy and technology that made this foundation a reality. With that foundation in place, public policy can go further. It must go further.
We don’t just give digital pioneers wings, we strap on booster rockets to launch them well over and past that kagaz ka pahad.
Incredible and necessary win for Aadhar in today's budget ! Cheers & Kudos to @India_Stack and @NandanNilekani
India Stack is just that. It is a series of new-age digital infrastructure which, when used together, makes it easier for digital pioneers to run faster, reach more people.
The Stack has four layers: (1) a presence-less layer where a universal biometric digital identity allows people to participate in any service from anywhere in the country; (2) a paper-less layer where digital records move with an individual’s digital identity eliminating the kagaz ka pahad; (3) cashless layer where a single interface to all the country’s bank accounts and wallets democratises payments; and (4) a consent layer which allows data to move freely and securely to democratise the market for data.
Each layer has a specific technology — Aadhaar authentication and eKYC, eSign and Digilocker, Unified Payments Interface, and consent architecture — with corresponding public APIs, under India’s Open API policy.
The National Payments Corporation of India released APIs for the Unified Payments Interface and is now running a hackathon for businesses to experiment.
You can go to indiastack-.org to participate. Each layer is managed as a public good. This is important. This makes the India Stack not just new-age technology but a smart policy. Technology stacks are not new. Uber, the highest valued startup on the planet, rose to success on GPS, Google maps, electronic payments and more.
In Kenya, the mobile payment service of M-PESA is like the cashless layer enabling a whole slew of digital businesses. What is different about the India Stack is that it is designed to level the playing field for newer, smaller entrants.
There is no one company or a handful of companies controlling access, behaving like bottleneck monopolies.
India Stack sets a global precedent. It is of Indian origin but not India-specific. Bits and pieces exist elsewhere in the world but nowhere under such a common frame and vision. For example, globally, data has become a battleground for the future of business.
The consent architecture, arguably, is a breakthrough to democratise the market for data without compromising on security. The India Stack is designed to propel the digital world forward in India or anywhere.
Guest Post by Kabir Kumar leads FinTech initiatives at CGAP. Sanjay Jain is a volunteer with iSPIRT Open API team.
On Saturday, I was going to attend 3rd year anniversary event of iSPIRT On the way on my bus to meeting, my mind was filled with varied thoughts about 2010 or earlier, when I was outsourced product start-up employee. Looks like little time ago, 6 years has passed from 2010 when I met the volunteers of NPC. Sharing comments to volunteers (Avinash, Rajan, Vijay, Manju, Suresh) on lack of “Made in India” products, I learnt that their thoughts were similar and more advanced. In addition, while I was talking, they had larger dream to create ecosystem where tech geeks are proud of creating products and the first baby step to create pride to come with products was NPC event.
For a regular visitor in technical meetups of BLR and volunteer for education and health activities in the weekends, their volunteering style spoke more about the volunteer’s real intent. More interaction made me realize that contribution mattered more than the person’s experience or position. This was firs time I heard people work selflessly as part of industry forum and became curious to understand their concept better, leading to a sense of respect for volunteers, motivating myself to volunteer for NPC 2013. In 2013, iSPIRT was formed as new initiative with focus to create a product nation and volunteers drive the vision of iSPIRT. Today, I continue to see the volunteering spirt even today to be similar or better than my experience in early 2010. Hence I have planned to spend whole day to attend 3 In 2013, iSPIRT was formed as new initiative with focus to create a product nation and volunteers drive the vision of iSPIRT. Today, I continue to see the volunteering spirt even today to be similar or better than my experience in early 2010. Hence I have planned to spend whole day to attend 3rd year anniversary function of iSpirit. This blog represents what I learnt about growth of iSPIRT in 3 years. When the first session on “PlayBooks” started, I started to recall that iSPIRT had started to offer Playbooks as first learning program. Playbooks used to represent all programs offered to start-up entrepreneurs. Targeted entrepreneurs on application were invited to participate in playbooks based on specific stage of their start-up. Being in the ecosystem, I am aware of
All programs and events are free for participants. Participants apply to attend program or event with details about their startup and applicant registration is approved based on their suitability to programs theme and approved participants attend event for free.
Programs and events focus to impart learning for a category of start-ups that are present in specific stage of their journey namely start-up enthusiasts, Discovery, Product Market Fit and finally Scale To Grow.
The session shared that iSPIRT is offering 3 learning programs and 3 knowledge events. I did not realize that I myself have been attending some of these events. I still see absence of programs and events for the Discovery stage yet, difficult and tricky stage to cross.
iSPIRT has come with a matured structure around programs and events termed KASH Playbook Framework. Playbook are no more a program and had become umbrella representation for all programs. What does KASH represents?
K – Knowledge
A – Attitude (Mindset)
S – Skills
H – Habit
Been an entrepreneur, I can relate with KASH as learning theme for programs offered to entrepreneur’s because all programs aims to impart entrepreneur to gain knowledge, develop a mindset, learn skills, identify habits and practice the same to empowers entrepreneur in current stage to create/generate KASH leading to transition from current stage to next stage.
My view of RoundTable is to help happy & confused startups with product market to scale business. I learnt RoundTable (K, S) continues to be an informal closed door interaction (~4 hour) among entrepreneurs and practitioners facilitated by saddle entrepreneur to learn tacit knowledge & skill. Roundtable started as first program of iSPIRT in 2013.
My view of PNGrowth is to help scaled startups with product market fit to grow leaps and bounds. I learnt PNGrowth (A) is 3 day bootcamp to shake up and instill ‘Panga’ Mindset requisite for category leadership, followed by a 1 year community support. The first program was in 2016 at Mysore The 3 learning events Innofest, SaaSx, InTech50 are focused on large participants. My view of Innofest is to help creators to explore possibility to transform their creation/hobby in to business. I attended the first I attended the first Innofest (A) that happened in Aug 2015 in Bangalore and nice to hear the event travelled to Hyderabad. I wish that sure more cities are eager to conduct event to help innovators take pride in their products and show case them, get feedback of their application in reality. This is “No copy paste entrepreneurship”. My view of SaaSx is that new entrants gain insights in to the tribal knowledge of experienced SaaS folks which helps them to make their offering better more efficient. SaaSx(K) event is to create & nurture community of SaaS entrepreneurs in India at the SaaS capital of India – Chennai. The first event happened in Chennai in 2014, followed in 2015, which I attended and can vouch for the fact that SaaS entrepreneur’s shared their deep intimate learning with others. My view of InTech50 is as experiment with difference. Instead of startups working hard to engage and partner with large corporates with their product offerings, can we make corporates to come together and engage with startups and share feedback and evolve in to partnership. Reversing approach of startup Push model to build relationship and engagement to Corporate Pull model.InTech50 showcases software products created by Indian entrepreneurs, with aim to help software product companies to enter global markets via our network of early adopters, partners, co-innovators and investors. Companies apply and Chosen companies receive advice, on-going mentoring, product marketing support, and funding to scale in the global markets. This program comes with a cost cover expenses for two attendees and event logistics.
Another session I focused was on “India Stack: Powering thousands of experiments”. Before jumping to understand India Stack and session contents, it is good to start with some history in India of how absence of legacy era in telecom and internet has become Indian advantage over time. With absence of telecom legacy, India skipped analog era and leapfrog to digital era of STDs, leading to leapfrog to mobile usage. With absence of internet legacy, India skipped PC based internet and had leapfrog to era where internet technology is available to every Indian via mobile (computing device of choice). Look at the money savings for India from not having to spend to build legacy infrastructure that becomes obsolete with advent of new technologies and money goes waste.
This enables every Indian to access and consume service offered by internet software and mobile apps over internet. It is time to dream and create experiments to leverage this leapfrog benefit to enable Indians to leapfrog to make use of digital applications and the Indian government has jumped in to same with Digital India campaign. One see two fundamental changes happening.
Every Indian can access and use mobile apps, with mobile phones in hands of every Indian.
Every Indian is getting used to electronic banking and payments fueled by e-commerce players.
iSPIRT wants to dreams along with Indian government with belief that this is right time that Indian entrepreneur’s need to leverage Digital explosion wave expected in India soon. One can dream in terms of how technology can be leveraged to create financial inclusion, how apps can create positive interventions in areas of education and health care. When you dream, you are motivated with the potential to leapfrog tech-starved Indians to tech- savvy Indian. Dreams are ideas to start with. Dreams need to follow with action to reality. For such a dream to happen, iSPIRT has seen itself a role to contribute to seamless working between entrepreneurs and with government agencies and regulators and has started to proactively engage with government. This joint engagement with stakeholders of Indian government enabled iSPIRT to propose 4 recommendation to serve as backbone for Indian government to realize the dream of Digital India.
OpenAPI Policy objectives recommended for Digital India programs
7 key principles for to be adhered for implementing Digital India programs.
Technology Stack to serve as baseline for developing apps for Digital India
India Stack to serve as baseline for implementing Digital India.
iSPIRT has recommended these OpenAPI policy objectives
Software interoperability: APIs are recommended for all e-governance applications and systems, enabling quick and transparent integration across these applications and systems.
No Government Silos: Information and data shall be shared through a secure and reliable sharing mechanism across various e-Governance applications and systems.
Data available to public: Make people’s data public. Provide APIs to enable people to view data.
Baseline guidelines for Implementers Provide guidance to Government Organizations to develop, publish and use these Open APIs
iSPIRT has recommended these 7 key principles to be followed in developing application by government and integration layer with government applications.
The 3 learning programs IKEN, RoundTable and PNGrowth are focused on limited participants.
My view of IKEN to help startup enthusiasts aware of challenges to enable self-assess of their strengths and to identify needed self-improvements. I learnt IKEN (S, H) is a 10 weekend boot-camp for early/Novice entrepreneurs and startup enthusiasts and focuses on life skills of an Entrepreneur along with business skills. The first program was created in 2015 in consultation with effectuation with Prof Saras and happened multiple times in Bangalore.
Based on OpenAPI Policy and guideline principles, here is robust technology stack recommended for creating innovative solutions to India’s hard problems.
With payments being accelerated by regulatory Innovation and a continuous rise of smart phones, here is robust solution stack recommended for developing Digital India applications.
What I liked about iSPIRT is
Supporting entrepreneur’s with learning that they need and that is not easily available.
Focus to get feedback for their initiatives and working to bring a structure to their work.
Contribute by promoting and facilitating the use of IndiaStack creating curiosity and real interest.
If APIs are made open, secure and available for developers (through sandbox), I am sure iSpirt would jump to volunteer to evangelize IndiaStack APIs and promote IndiaStack APIs through Hackathons and developer Events.
To end with, Saturday meeting made me realize that iSpirt has matured from an unstructured volunteer initiative for entrepreneurs and is on the path to become think tank to create product nation. Guest Post by G. Srinivasan,