India stands at a critical crossroads. As foreign technology giants continue to expand their dominance over our digital infrastructure, we risk ushering in a new era of “digital colonialism”—a 21st-century version of the East India Company saga. What began centuries ago with trade agreements eventually led to full-scale colonial rule. Today, the digital economy risks a similar fate, with Indian data being extracted, repurposed by foreign AI companies, and sold back to us in the form of intelligence services. The parallel is not merely rhetorical—it is a real and urgent threat.
AI platforms like OpenAI and xAI’s Grok are already under scrutiny—not just from the Indian government and businesses, but globally. Their operations raise valid concerns around the control, security, and economic ownership of data. What’s more troubling is exposure to to extraterritorial laws such as the CLOUD Act and FISA Section 702, which can mandate data disclosure to foreign authorities. The ‘architecture of global surveillance under frameworks like the Five Eyes alliance—a U.S.-led intelligence network that now sweeps vast swaths of the world’s data, often including information on non-citizens and foreign institutions. While the stated intent is national security, the implications for privacy, civil liberties, and digital sovereignty are profound.
India’s growing dependence on foreign hyperscalers—large, foreign-owned cloud service providers—is exacerbated by the vacuum in enforceable data sovereignty protections. While the Digital Personal Data Protection (DPDP) Act addresses privacy and security, it falls short on data attainability, portability, and user control—key pillars of true sovereignty.
This is not just a policy gap; it is a national vulnerability.
New Colonization: Cloud Dependency
India’s over-reliance on foreign cloud infrastructure represents a digital colonization of our economy. Sensitive government, healthcare, and financial data are routinely stored in foreign data centers governed by extraterritorial laws like the U.S. CLOUD Act and FISA Section 702. These frameworks allow foreign agencies to access data stored on servers owned by U.S. companies—even if that data belongs to Indian citizens or institutions.
Legal scholar Fisher-Streinz (2022) notes that the global legal landscape is shifting to define data as a resource akin to oil or minerals. Yet, unlike traditional resources, the mechanisms for regulating data ownership and access remain underdeveloped, leaving countries like India exposed.
The consequences are severe:
=National Security Risks: Unauthorized surveillance erodes trust and compromises the integrity of our strategic data.
=Economic Leakage: An estimated $10.5 billion is drained annually to foreign cloud providers, stifling domestic innovation and employment.
=Innovation Stagnation: The dominance of foreign players blocks the emergence of a competitive Indian cloud ecosystem.
The Case for a Sovereign Cloud
India’s strategic autonomy in the digital age depends on building a sovereign, open, and interoperable cloud infrastructure. We must think beyond data protection and embrace a more holistic vision of data swaraj—self-rule over our digital destiny.
A sovereign cloud strategy should include:
=Local Data Residency: Mandating that sensitive and strategic data be stored within Indian jurisdiction.
=Indian-Controlled Encryption: Ensuring only Indian entities hold the keys to decrypt sensitive information.
=Incentives for Domestic Cloud Startups: Offering tax breaks, procurement preferences, and regulatory support to build a thriving indigenous cloud ecosystem.
=Open Standards and Interoperability: Adopting federated cloud models and standardized protocols to reduce migration costs and avoid vendor lock-in.
=Export-Ready Infrastructure: Positioning the Indian cloud stack as a low-cost, high-value alternative for developing nations, expanding India’s global footprint.
=Data as a Public Good: Establishing frameworks that treat data not just as a commercial asset but as a national resource that must be governed transparently and equitably.
A Strategic Imperative
India has already proven its mettle in complex technological arenas – from space exploration with ISRO to nuclear energy to digital payments and latest being India switching to its own atomic clock + NavIC satellite system to define Indian Standard Time (IST) – ditching foreign dependence once and for all. This isn’t just a clock upgrade – it’s a pivotal step toward digital sovereignty, secure infrastructure and sovereign timekeeping for a sovereign India.
Geopolitical tensions, evolving data governance norms, and increasing cyber threats make this a national emergency. We must act swiftly to legislate, build, and lead. Let’s unlock India’s next phase of digital autonomy – from clocks to clouds (a Sovereign Made in India Cloud).
This is a call to action for policymakers, industry leaders, and citizens alike: safeguard India’s digital future by investing in sovereign cloud infrastructure. Reclaiming control over our data is not just about privacy—it is about economic prosperity, national security, and the right to self-determination in the digital world.
The future belongs to those who own their data. It’s time for India to lead.
Abhishek Bhatt – Secretary General, Bharat Digital Infrastructure Association
