Centre’s AI Governance Body Forms Without Enterprise Risk Framework

The Centre announced formation of a high-level inter-ministerial body for AI governance strategy while releasing no framework for enterprise AI risk assessment. The nodal body includes secretaries from IT, electronics, defence, and home ministries but provides no guidance on how Indian companies should evaluate AI deployment risks or board oversight responsibilities.

This gap matters because Indian enterprises are already deploying AI systems across operations, from customer service automation to supply chain optimization, without standardized risk assessment protocols. The government’s announcement mentions “coordinated approach” and “strategic direction” but avoids specifics on enterprise compliance obligations or board-level AI risk governance.

The timing suggests regulatory catch-up rather than proactive governance. Major Indian IT services companies have been integrating AI capabilities into client deliveries for over two years. Manufacturing companies are using AI for predictive maintenance and quality control. Financial services firms are deploying AI for fraud detection and credit assessment.

What the announcement omits is more telling than what it includes. No mention of mandatory AI risk disclosure requirements for listed companies. No reference to board-level AI oversight committees or director competency requirements for AI governance. No framework for third-party AI vendor risk assessment, despite most Indian companies sourcing AI capabilities from external providers.

The inter-ministerial structure itself reveals the coordination challenge. Defence and home ministries suggest national security considerations. IT and electronics ministries indicate industrial policy priorities. Missing from this configuration: corporate affairs ministry representation, which would signal focus on enterprise governance and director responsibilities.

European companies operating in India already face AI governance obligations under the EU AI Act. Their Indian subsidiaries must implement AI risk management systems and board oversight mechanisms. Meanwhile, purely Indian companies operate without comparable domestic requirements, creating a governance arbitrage that regulatory bodies haven’t addressed.

My Boardroom Takeaway: Directors should anticipate AI governance requirements emerging from this inter-ministerial process, likely within 12-18 months. A prudent approach would be establishing board-level AI risk assessment protocols before regulatory mandates appear. Companies deploying AI systems may wish to document risk evaluation processes and vendor oversight mechanisms, as these will likely become disclosure requirements once the governance framework materializes.