• Data as the New Currency: Control over physical assets (like oil or chokepoints) is yielding to the power derived from data and digital capabilities. A nation's digital footprint is now a primary source of wealth and influence.
• Geopolitical Rivalries: Escalating tensions, particularly the technological competition between the US and China, are accelerating the push for self-reliance. The Ukraine war also highlighted the strategic importance of digital infrastructure as a core object of global rivalries.
• National Security Concerns: The use of cyberattacks as instruments of statecraft and the fear of foreign surveillance (underscored by the Snowden revelations) have heightened the emphasis on securing national digital assets and supply chains.
• Dominance of Big Tech: A small number of corporations, primarily from the US and China (e.g., Google, Amazon, Microsoft, Alibaba, Tencent), have amassed significant influence, sometimes exceeding that of many states. This has led to concerns about "data colonialism" and a lack of market choice. 

• Data reshapes power through targeted applications:
• Surveillance and cyber warfare for intelligence and disruption.
• Influence operations via social media algorithms and deepfakes.
• Economic espionage to steal IP and manipulate markets.
• Resource management for optimizing supply chains and military logistics.

• As digital governance becomes central to power and welfare delivery, India must balance three objectives: enabling innovation and economic growth through Digital Public Infrastructure (DPI), protecting citizens’ privacy and rights, and retaining strategic control over data and digital markets for security and sovereignty.?
• The “trilemma” idea is that strongly maximising any two of these tends to compromise the third (for example, high surveillance plus high innovation may erode privacy; strong privacy plus strong sovereignty tools like localisation can slow innovation).?

• India’s DPI architecture (Aadhaar for digital identity, UPI for payments, DigiLocker and data-exchange/account-aggregator frameworks) is designed to create an open, low-cost, interoperable digital rails layer on which both the state and private sector can innovate.?
• Policy and industry reports estimate that these digital rails could contribute close to 1% of GDP already and are projected to help drive India toward a multi-trillion-dollar digital economy by 2030, making rapid, inclusion-oriented innovation one corner of the trilemma.?

• The Digital Personal Data Protection (DPDP) Act 2023 and draft rules aim to give individuals rights over their personal data (consent, purpose limitation, data minimisation) while setting compliance duties on data fiduciaries, including start-ups and large tech firms.?
• However, critiques highlight tensions: heavy reliance on consent without a clear “legitimate interest” ground may hinder AI training and data-driven innovation, while exemptions for the state and broad powers for data localisation or processing orders raise concerns about rights protection and regulatory predictability.?

• As data becomes a strategic resource, India seeks “data sovereignty” through measures like localisation requirements, sectoral restrictions on cross-border data flows, and tighter oversight of global platforms, framing data as a national asset and security concern.?
• Vision IAS and other policy analyses describe a digital governance trilemma where India must choose how far to go with hard sovereignty tools (localisation, state access, tighter platform control) without undermining investor confidence, cross-border digital trade, and India’s positioning as a trusted global hub for privacy-centric innovation.?

• Innovation vs privacy: Strong privacy rules and restrictive interpretations of consent can slow AI/fintech experimentation, but weak privacy and broad state exemptions risk surveillance, chilling effects, and erosion of citizen trust, which ultimately hurts digital adoption.?
• Sovereignty vs openness: Aggressive localisation and discretionary export controls over non-personal/aggregated data strengthen state control but may fragment global value chains, complicate operations of GCCs/MNCs, and reduce India’s attractiveness as a digital hub.?
• State capacity vs regulatory burden: Uniform, high-compliance standards under DPDP and sectoral norms can protect users but may be onerous for MSMEs and start-ups, suggesting a need for graded obligations, clear anonymisation standards, and simple, predictable rules.?

• Accelerate semiconductor manufacturing, indigenous OS, and domestic certificate authorities to reduce supply chain risks.?
• Enforce data protection rules with independent oversight for privacy-security balance and mandate localization.?
• Launch national programs for AI, cyber, and chip talent; support startups via procurement and funding.?
• Shape norms through G20, BRICS; regulate Big Tech for accountability aligned with Indian laws.

• India stands at a crossroads to pioneer a third model of digital sovereignty—democratic, innovative, and self-reliant—neither replicating China's authoritarian control nor yielding to foreign dominance.
• Achieving this demands strategic investments, diplomatic engagement, technological autonomy, and political resolve to unlock trillion-dollar growth, high-quality jobs, and secure national interests. Success hinges on upholding democratic values amid geopolitical tensions.

Download Pdf