Can India be open, interoperable, and sovereign, at the same time?
Over the last decade, India has attempted something rare in the digital world: a fusion of public infrastructure, regulatory frameworks, and market-driven innovation that keeps systems open and competitive while ensuring strategic control over critical capabilities.
From foundational ID and payment rails to policies on data localization, indigenous cloud infrastructure, and homegrown AI models, the country has been building its own model of Digital Swaraj. This is not a status to be declared once, but a posture to be maintained through constant choices, deciding where to stay open and interoperable, and where to exercise sovereign control over compute, sensitive datasets, and foundational technologies.
The Policy Bedrock: Privacy, Localization, Safety
India’s push toward digital sovereignty rests heavily on its legislative and regulatory architecture. The Digital Personal Data Protection Act, passed in August 2023, created a formal privacy framework for the country, though its full enforcement is pending final notification. This has left enterprises preparing for compliance, consent frameworks, age-verification, breach protocols, without knowing the exact day it will take effect. Data localization has already taken root in the financial sector, where RBI’s 2018 circular requires payment system data to be stored within India, influencing how fintech companies choose their cloud providers.
Cybersecurity has also been given teeth through CERT-In’s directive mandating that specified incidents be reported within six hours, along with synchronized server clocks and record-keeping for VPN and VPS providers. Even competition laws are being rethought, with proposals to curb platform dominance still in flux. For companies handling consumer data, especially in finance, health, and mobility, the direction is clear: prepare now for stricter privacy, residency, and incident response requirements, because the enforcement window is closing fast.
The Physical Foundation: Data Centers & Sovereign Cloud
Behind the software and policy lies the hard physical layer of digital sovereignty. India’s data center capacity has surged past the 1.25–1.6 GW range, fueled by demand from hyperscalers, BFSI-driven localization, and the growing appetite for AI workloads. Major players such as Airtel Nxtra, Reliance, and Adani are in expansion mode, though the real bottleneck may be reliable power supply and grid stability. Government cloud infrastructure has existed for years in the form of NIC’s MeghRaj, which supports e-governance workloads and sensitive citizen data.
Now a new category is emerging: sovereign AI clouds. Yotta’s Shakti Cloud, equipped with NVIDIA’s DGX systems, promises AI compute physically located in India, with Microsoft tying Azure AI capabilities to the same stack. These developments signal a future in which workload placement becomes strategic, sensitive datasets and AI training may move to sovereign clouds, while less regulated functions remain on global hyperscalers.
The Public Rails: DPI as India’s Leverage
If data centers and laws are the foundation, then India’s Digital Public Infrastructure is the connective tissue of Digital Swaraj. The India Stack, Aadhaar for identity, UPI for payments, Account Aggregator and OCEN for consented data-sharing, Beckn and ONDC for open commerce protocols, and emerging digital address initiatives, creates an environment where market entry barriers are dramatically lowered.
These rails reduce customer acquisition costs, enhance trust, and make interoperability the default. ONDC’s expansion, from interoperable QR codes to category-wide e-commerce, shows the potential of open networks to challenge closed commercial ecosystems. For startups, the implication is simple: building with DPI integration is not an optional extra; it is the shortest route to trust and scale in India.
The AI Layer: From India-trained to India-controlled
Artificial intelligence is now central to digital sovereignty, and India is moving quickly to ensure it has domestic capacity in this field. The IndiaAI Mission, approved by the Union Cabinet, sets out to provide domestic compute infrastructure, foundational model development, open datasets, and an AI-as-a-Service marketplace. Private efforts are accelerating this vision.
Sarvam AI is working on a sovereign LLM tuned for India’s linguistic diversity, while Ola’s Krutrim team has released Krutrim-2, a 12B parameter multilingual model optimized for Indic languages and coding. The BharatGPT/Hanooman initiative aims to cover 11–22 Indian languages across sectors like governance, health, and education. Meanwhile, Bhashini is embedding multilingual AI directly into citizen services, such as Indian Railways’ passenger systems.
Together, these efforts mark a shift from merely training AI models on Indian data to fully controlling the underlying architecture, licensing, and deployment environments.
The Hard Trade-offs of Digital Sovereignty
Achieving Digital Swaraj involves delicate balancing acts. Open networks such as ONDC create contestable markets and spur innovation, but sovereignty requires local control over data, compute, and models to reduce geopolitical and supply-chain risks. Strong privacy protections enhance citizen trust but may slow product iteration, and excessive localization can fragment global architectures. On the infrastructure side, India’s data center boom is promising, but its sustainability hinges on reliable power and cost-competitive compute for AI workloads. Navigating these trade-offs requires clear national priorities: openness where it multiplies value, control where it shields critical interests.
What Founders Should Do (Now)
For founders, the path forward begins with mapping their sovereignty perimeter, classifying workloads and datasets by criticality, and matching each to the right mix of sovereign cloud and global hyperscalers. Preparing for the DPDP Act’s operational requirements should start immediately, from consent management to breach playbooks rehearsed for CERT-In’s six-hour window.
Building for Bharat also means adopting Indic language capabilities by default, leveraging platforms like Bhashini or fine-tuned local LLMs. Integration with DPI components such as UPI, Account Aggregator, and Beckn will not only streamline compliance but also compress customer acquisition costs. Finally, incident readiness should be treated not as a compliance checkbox but as a core product feature, embedded into engineering and operations from day one.
What Investors Should Ask
For investors, evaluating startups in the Digital Swaraj era means asking harder questions about digital sovereignty. Can the product seamlessly migrate between sovereign and global cloud environments without major rewrites? Are privacy and consent flows operational in staging, not just on slides?
What is the AI bill of materials in terms of model choice, licensing, fine-tuning datasets, and data residency? Is the scaling plan realistic given India’s power and infrastructure constraints? And finally, how effectively does the product leverage India’s public digital rails to reduce customer acquisition cost and accelerate trust-building?
A Realistic Vision of Digital Swaraj
Digital Swaraj does not mean cutting India off from the global internet. Rather, it is a choreography of openness and control, open protocols to keep markets competitive, public rails to embed trust, local compute and data where the stakes demand it, and homegrown models to ensure cultural and linguistic fit. The aim is to protect citizens and empower entrepreneurs without severing the flow of global knowledge. If this balance is struck, India’s digital independence will not be about isolation, but about agency, the ability to set its own terms in the digital age.
