As AI moves from experiments into real decisions, governance becomes the difference between a controlled capability and a liability. Here’s a practical guide for Indian enterprises. (dgm implements osFoundry, a separate company’s platform — dgm is an independent integration partner, not osFoundry, and not a compliance or law firm. General information, not legal advice.)
What to govern
- Data control — where data goes, who can access it.
- Model use — which models, with what controls.
- Output review — human oversight of AI decisions.
- Access controls — the AI uses only data users may see.
- Auditability — show what data and models produced a result.
The Indian regulatory context
- DPDP Act — personal data, all sectors.
- RBI — financial-data localisation.
- SEBI Regulation 16C — entities responsible for AI/ML outputs.
- IRDAI — bias testing and explainability in insurance.
No single binding AI law yet, but these set real expectations, especially in BFSI and healthcare.
Accountability can’t be outsourced
A core point: under SEBI Reg 16C, the entity is responsible for AI outputs — not the vendor or tool. So governance must keep humans accountable, outputs reviewable, and deployments auditable. A black-box external tool you can’t audit is itself a governance weakness (see compliance AI).
Make governance practical, not just paper
Governance lives in the deployment, not only a policy document: auditable, self-hostable AI makes it real. Pair with an AI usage policy and security measures.
How dgm helps
dgm builds governance into implementation — controlled, auditable, self-hostable AI on osFoundry, so you can show what produced results and keep humans accountable, aligned to DPDP and sectoral expectations. We don’t replace your compliance function or legal advice. Pricing: $399 assessment, $3,999/month (INR approximate; 18% GST domestic).
General information, not legal or compliance advice. Regulatory determinations rest with qualified professionals.