Building the Foundations for an AI-Powered Nation "We're not just thinking about how we encrypt data; we're asking whether we can reduce dependency on foreign firmware and build a true root of trust," Golok Simli, CTO of Passport Seva
Opinions expressed by Entrepreneur contributors are their own.
You're reading Entrepreneur India, an international franchise of Entrepreneur Media.
India's AI journey will require more than experimental models and policy documents. It will demand infrastructure that doesn't fail under pressure. Few understand this better than the National Stock Exchange (NSE), where transaction volumes surged during the pandemic—from 1 billion to 8–10 billion orders a day in just 18 months.
"Our volumes went through the roof post-COVID," said Viral Mody, CTO – Applications & Development, NSE. "Scalability and resiliency are not features for us—they are foundational. We don't treat them as a tech problem alone. It's a function of people, process, technology, and operating model, all working in sync."
Mody emphasised that legacy systems often hide the most critical risks. "The unglamorous corners of legacy code are where scalability breaks. We've had to rewrite core components from scratch—not once, but multiple times. That's the level of rigour this transformation requires."
The NSE has also turned to chaos engineering, telemetry, and stress testing to bring objectivity to resiliency. "If no one notices a release, that's when we've done it right," Mody added.
Tech + trust: the passport seva model
India's digital governance success stories often highlight scale. But the Passport Seva program, which transformed how millions of citizens access identity services, shows how inclusion and trust must anchor that scale.
"When we began designing Passport Seva in 2008, we asked: how do we democratise access and make services equal for a villager in Bihar and a resident of Delhi?" said Golok Simli, CTO of Passport Seva.
Simli, who helped architect India's National e-Governance Plan in the early 2000s, pointed out that "data is the new democracy"—but only if protected with ethics, transparency, and consent.
"One breach is one too many," he noted. "Trust, once broken, can collapse an entire system. Our design principle was simple: secure the citizen's data like a national asset, and deliver services at the same level to everyone—no matter their geography or economic class."
Simli also highlighted that compliance with local laws, zero trust architectures, and hardware sovereignty will be key to long-term resilience. "We're not just thinking about how we encrypt data. We're asking: can we reduce dependency on foreign firmware and build a true root of trust?"
Innovation amid crisis: CDSL's transformation
For Amit Mahajan, CTO of Central Depository Services (India), the COVID-19 pandemic triggered a dramatic scale-up—India's Demat account holders surged from 3 crore to 15 crore at CDSL alone.
"We had to pivot fast—scaling software, replacing legacy hardware, and shifting to seamless, paperless onboarding," Mahajan shared. "We introduced e-DIS (electronic delivery instruction slip) with OTP authentication, removing the need for physical documents or power of attorney. That was a game-changer."
The innovations enabled CDSL to reach 98 per cent of India's pin codes, expanding market access for fintechs and retail investors in small towns. "The growth wasn't just technological—it was structural. We had to rethink how trust and access are balanced," Mahajan said.
On data governance, he added, "We store transactional data from inception. This isn't just about daily settlements—it's historic, regulatory, and tied to tax records. So any move to the cloud must be cautiously designed."
Sovereign cloud: a strategic opportunity
The idea of a sovereign cloud—where sensitive data remains within Indian borders and under Indian jurisdiction—emerged as a common interest. But opinions varied on its implementation.
"We've traditionally been cloud-averse," admitted NSE's Mody, citing compliance, latency, and cost. "But for specific workloads like reporting, disclosures, and analytics, a sovereign cloud could be a stepping stone."
Mahajan agreed, noting that while core systems may remain on-premises, "a sovereign cloud could make sense for disaster recovery (DR) sites or secondary workloads. Economically, it's viable. From a cyber-resilience lens, it's necessary."
Simli, however, pushed the conversation further. "Security isn't just about where you store data. It's about what data you collect, why you collect it, and how you protect it. Citizens have a right to know all three."
He stressed the need for encrypted-by-design models and Indian-made firmware, asking, "Can we decouple critical infrastructure from foreign dependencies? That's the next frontier."
Speakers shared their inputs at the TCS Accelerating India Event.
