December 26, 2023




Categories: Digital India Act, IT Act

Themes for DIA: Fair Markets and Innovation

Access the full report here.

1. Research analysis – Emerging Technologies

 Summary of Recommendations

  1. Establish a regulatory sandbox model imbibing principles of an;
    • Adaptive-outcome based approach,
    • Risk-weighted approach
    • Collaborative approach.
  1. Utilise the sandbox framework to establish liability standards for emerging technologies.



Emerging technologies are new technological innovations that break new ground in a particular field. They can revolutionise how we live and work, create new markets, and displace existing ones. Over centuries, innovative technologies have been developed and have opened new avenues for lifestyle and market transformation. Emerging technologies have already had an impact on our everyday lives by providing opportunities to ease the quality of our everyday life. Digital trade and finance are opening economic opportunities. Digital health and education are providing cost-effective solutions from a social perspective. In smart cities, EVs are posing as alternative models for protecting the environment and enhancing sustainability.

These new technological capabilities are evolving faster than the law’s ability to keep up. As a result, new and rapidly evolving technologies and sectors will present formidable challenges to traditional regulatory regimes and will necessitate the formulation of new governance processes.[1]


Importance of Emerging Technologies

New technologies hold the potential to fundamentally transform the way the economy and society function. Emerging technologies are disruptive because they can change the way we live and work in fundamental ways. They have also created new markets and displaced existing ones, by making significant impacts in various industries. For example, the invention of the printing press led to the spread of knowledge, while the development of the internet has revolutionised the way we communicate and do business.

Emerging technologies are the drivers of economic growth. India is a prime example of this, as its economy has grown rapidly in recent years due to its embrace of new technologies. These technologies have helped businesses to become more productive and efficient, which has led to higher profits and more jobs. In addition, new technologies have also created new industries and markets, which has further boosted economic growth. India is now prepping for cutting-edge technologies including 5G, AI, blockchain, augmented reality & virtual reality, machine learning & deep learning, robots, natural language processing, etc as per MeiTY.[2] The Digital India Act (DIA) aims to foster this by supporting the development of these new products and services.


Incorporating Emerging Technologies

The Internet is the essential infrastructure that connects various devices like smartphones, tablets, game consoles, PCs, and servers. These devices collect and transmit large volumes of data for storage, processing, decision-making, monitoring, and management purposes. The backbone of this connection is broadband Internet along with other connectivity tools. The demand from consumers for these devices and services leads to investments in broadband, which in turn spurs innovation in infrastructure technologies like 4G, 5G, fiber optics, and satellite communication.

In the healthcare industry, India’s growth has been fueled by Emerging Technologies. The importance of this was also highlighted by the MoS Mr. Rajeev Chandrashekhar in the Digital Bharat Summit, on digital infrastructure.[3] Importance of leveraging digital public infrastructure in a significant manner, to attain Sustainable Development Goals (SDGs) was highlighted. Most countries are also trying to harness emerging technologies, examples include;
The European union in its European Innovation Council WORKING PAPER 1/2022[4] identified the use of emerging technologies and breakthrough innovations in the field of digital technologies, healthcare and climate neutrality. The identified areas underwent a validation process by cross- referencing with other reports and methodologies, including the “100 Radical Innovation Breakthroughs[5]” report. In 2023, the Infocomm Media Development Authority (IMDA) Singapore, established that it aims to foster both the business and research communities to continually push the frontiers of technology, driving digital transformation and enabling innovations within its digital economy. Focusing on supporting three key emerging technology domains – AI, Communications and Connectivity, and Trust.[6]

The United States and India announced the launch of the Initiative on Critical and Emerging Technology (iCET), which will focus on cooperation in areas of Emerging Technologies such as quantum computing, artificial intelligence, and biotechnology.[7] Under iCET a technology partnership and defence cooperation between governments, businesses and academic institutions was committed. Ensuring that an open accessible and secure technology ecosystem on mutual trust and confidence is to be fostered.

This clearly portrays the idea that innovation is at the center of incorporating emerging technologies, but these idea incubation tools make us realise that there is no model method to regulate such emerging technologies.


Who does the liability fall on?

Because of the nature of disruptive models that emerging technologies create, it can be difficult to assign liability for the harm caused.

For instance, 3D printing is a new technology that is changing the way we build things. Certain challenges posed are that traditional liability laws are not always clear-cut when it comes to 3D printed products. For example, if a 3D printed house collapses, who is to blame? Is it the supplier who provided the design, the manufacturer who 3D printed the house parts, or the manufacturer of the 3D printer?

Similarly, in the case of blockchains, since it is a decentralised model and there is no central authority that executes this model, it is difficult to determine who is liable in case of a breach, because of the very importance of anonymity that it revolves around.

With the growth of Artificial Intelligence, these systems have the ability to act autonomously. Although the set of objectives of the AI models are set by humans. Which gives rise to questions of risks imposed by an AI model, for instance if a healthcare worker follows the recommendation of an AI-based tool to treat a patient, who would bear liability for any treatment injury?

Tools such as ChatGPT and Bard are being used extensively by employees of various companies to tackle redundancy in work. In April 2023 a report was released, that Samsung employees accidentally leaked confidential data into ChatGPT[8]. Would this constitute a breach on the employees’ part or negligence of duty on the company’s part?

Incorporating Emerging technologies make it challenging for regulators to keep up and assess the risks associated with these new technologies. Additionally, regulators may lack the necessary expertise to effectively regulate them.


Regulatory sandboxes for Emerging Technologies

To address these issues, a regulatory sandbox offers a secure space for businesses to test and evaluate new technologies, identifying and mitigating risks in the process. Enacting a regulatory sandbox model can both help to answer the “what to regulate”, “when to regulate” and “how to regulate” by encompassing principles of adaptive and outcome based, risk-weighted, and collaborative regulations. It can be adaptive by allowing rule adjustments based on new information. It can be outcome-based, focusing on results rather than specific methods. It can be risk-weighted, tailoring regulations to technology-specific risks. Additionally, it can be collaborative, involving businesses, regulators, and academics to discuss technology risks and benefits for fair and accountable regulation development. Emerging technology has the potential to transcend regulatory and national boundaries. It is not feasible to confine different technological platforms within the jurisdiction of a single regulator or nation.

  • Adaptive and Outcome-based regulation Unlike traditional regulations that can quickly become outdated, this approach suggests a shift towards a responsive approach instead of a static one, focusing on desired outcomes rather than specific methods, of achieving this change. This can help businesses to identify and mitigate risks, and to develop new products and services that can benefit society. emphasises focusing on results and performance rather than rigid forms. Additionally, it enables a proportionate response to risk. A regulatory sandbox will help recognise how a desired adaptive outcome of an emerging technology can be recognised identifying it’s potential risks in a controlled environment by regulators.
  • Risk-weighted regulation advocates for a segmented approach tailored to different risks posed by different emerging technologies. This approach ensures proportionate allocation of regulatory resources by matching them to the risks associated with different emerging technologies. It offers flexibility, enabling regulators to adapt their approach based on the specific risks posed by each technology. This balance between effective regulation and flexibility encourages innovation while still providing protection against high-risk activities. Liability rules create incentives to reduce risk and avoid engaging in risky activities.

This was addressed in Germany[9], where the Federal Government proposed rules for decision- making to promote ethical behaviour by systems guiding crash scenarios for driverless cars. These rules prioritise human life above property damage and do not discriminate between human lives. Ensuring fairness and prioritising the risks associated with such technology.

  • Collaborative Regulation aims to align regulations nationally by involving a wider range of stakeholders. This approach would allow different levels of legislation to collaborate on the same level rather than being addressed by different jurisdictions in their own capacity. Furthermore, it builds trust and cooperation among regulators, businesses, and stakeholders, facilitating responsible and beneficial development and adoption of emerging technologies.

Similarly, the Regulatory sandbox approach has been implemented within the Indian ambit at various stages of regulatory bodies including the Reserve Bank of India (RBI), Insurance Regulatory and Development Authority of India (IRDAI), Securities and Exchange Board of India (SEBI) and the Telecommunication Regulatory Authority of India (TRAI). As per the RBI, the first and foremost benefit of the regulatory sandbox is that it fosters ‘learning by doing’ on all sides.[10] The central bank has identified four areas of monitoring financial related activities – Retail payments, cross border payments, MSME lending and mitigation of financial fraud. This was an outcome-based approach. The question of “what” is being addressed by identifying the goal it aims to achieve and the “how” will be answered by the practice conducted within the regulatory sandbox. It also fosters a sense of collaboration within this framework, where fintech’s are to comply with various regulatory requirements regulated under one body (RBI).

From a DIA perspective the sandbox model must be inclusive, catering to businesses of all sizes. It should offer clear regulatory guidance tailored to each product or service, and not exclude small emerging tech businesses. Stakeholder feedback, including from consumers, regulators, and industry experts, should be gathered. Additionally, the sandbox should undergo monitoring and evaluation to ensure its effectiveness in fostering innovation and managing risks.


Sandboxing Process

The need to identify the sectors in which emerging technologies are utilised is important to establish to what extent experimentation within the framework would be allowed. Focusing on the objective this regulatory sandbox model aims to foster is necessary. Once a sector specific threshold is in place, the sandbox model would focus on what must be exempted from being regulated in a clause-by-clause nature. [11]

A recent sandbox test by the Consumer Financial Protection Bureau (CFPB) in the US, found that this technology resulted in: Approval of 27% more applicants, 16% lower average annual percentage rates (APRs) overall, substantially higher approval rates for applicants under age 25 and consumers with incomes under $50,000, No discrimination in approvals.[12]

In order to be future ready, a regulatory sandbox approach must conduct a feasibility assessment:

The assessment should be linked to the overall objectives of the program and help identify the eligibility criteria of business, wherein it would define who can participate in the sandbox. Eligibility should be articulated clearly to ensure a level playing field across all market participants. Post which a regulatory sandbox unit must be put in place, with key roles and responsibilities, and key operational processes, coordinating sandbox inquiries with other units of the regulator. A threshold must be put in place, assessing the duration of the test. Followed by tests restrictions in order to gauge to the scope, scale, and/or conduct of the sandbox test to minimise potential harm. The Assessment would also include an exit strategy for businesses, which would incorporate individual test outcomes and the integration of insights and lessons learned to inform the broader regulatory agenda.



Emerging Technologies have the potential to fundamentally affect our day-to-day lives. They offer economic growth opportunities and have already made significant impacts in various sectors such as trade, finance, healthcare, education, and sustainability. However, the rapid pace of technological advancements often surpasses the ability of existing regulations to keep up. Assigning liability for harm caused by emerging technologies can be challenging due to the disruptive nature of these innovations. Traditional liability laws may not provide clear answers, especially in cases where multiple parties are involved or where decentralised models like blockchain are used. As technologies like AI become more autonomous, questions arise regarding who bears responsibility for any negative outcomes, or rather what do negative outcomes construe?

To address these challenges, regulatory sandboxes can emerge as a potential solution. These sandboxes provide a controlled environment for businesses to test and evaluate new technologies, identifying and mitigating risks while fostering innovation. Adaptive and outcome- based regulations focus on desired results rather than rigid methods, allowing for responsiveness to changing circumstances. Risk-weighted regulations tailor the approach to the specific risks associated with different emerging technologies, striking a balance between innovation and protection. Collaborative regulation involves stakeholders from various levels, promoting alignment and cooperation to effectively govern emerging technologies.

Examples from around the world, such as Germany’s ethical rules for driverless cars and India’s regulatory sandboxes for financial technology, showcase the benefits of these approaches. However, it is crucial to ensure that regulatory sandboxes are inclusive, providing guidance for businesses of all sizes and involving stakeholder feedback. Monitoring and evaluation are also essential to assess the effectiveness of the sandbox model in managing risks and fostering innovation. By striking a balance between innovation and protection, we can foster the responsible and sustainable development of these technologies while addressing societal concerns and upholding ethical standards.


2. Principles for Digital Competition and Emerging Technology

  1. Principle of Transparency

1.1. Accountability in regulating platforms and allowing them a choice to moderate content in a transparent manner. Identifying intermediaries as large platforms aids transparency, by allowing targeted regulatory interventions, including the enforcement of anti-trust laws, to ensure fair competition.

1.2.       Data controller must be obliged to inform data users.

1.2.1.    Scope of processing of personal data.

1.2.2.  Potential consequences of the processing.

1.3.       Ensure user trust and safety through transparency.

1.3.1     Identify key stakeholders.

1.3.2.    Establish a grievance redressal mechanism.

  1. Principle of Accountability – Prescribing performance reporting mechanisms ensures accountability.

2.1.       Accountability of regulators.

2.2.       Accountability of Intermediaries (Platforms).

2.2.       Accountability towards end-users.

  1. Principle of User Empowerment and Autonomy Users’ best interests should be catered by platforms, through

3.1.       Provide technical measures enabling users to manage their safety.

3.2.       Establish light-touch protocols for service violations.

3.3.       Leverage the use of technical measures to mitigate risks and harms, which can be flagged to users timely.

This is possible when digital markets are accessible to large and small market players equally. This ensures users have a choice to choose between different players in the digital market.


Principles for Emerging Technology

  1. Principle of Solidarity – Benefits and burdens of Emerging technologies must be shared across stakeholders.

1.1         Deploy emerging technologies after its potential implications have been assessed by an empowered committee

1.2.       Implement mechanisms of redressing the risks of AI to curb inequality.

  1. Principle of Proportionality – Emerging technology should be regulated in a proportionate manner to promote innovation and establish relevant guardrails.









[7] official-state-visit-to-the-united-states/


[9] driving.pdf? blob=publicationFile

[10] fintechs-disruption-in-bfsi/87098591

[11] Jeník, Ivo, and Schan Duff. 2020. “How to Build a Regulatory Sandbox: A Practical Guide for Policy Makers.”

Technical Guide. Washington, D.C.: CGAP.