DPDP rules signal need for stronger AI access controls, says Saviynt’s Nitin Varma

The government’s notification of rules to operationalise the Digital Personal Data Protection (DPDP) Act has prompted fresh discussion on the need for stronger identity and access controls in artificial intelligence systems, according to a senior industry executive.

The rules, issued this week, give practical effect to the DPDP Act and outline compliance requirements for organisations that handle personal data. They also specify the rights available to individuals. Implementation will take place in phases.

In the backdrop of the notification, Nitin Varma, Senior Vice President and Managing Director for India and SAARC at Saviynt, said the development coincides with a shift in how access governance is viewed in AI deployments.

Advertisement

‹

EVENT

VeeamON 2026 Tour India - Delhi

A VeeamON 2026 India Leadership Series Delhi for senior public sector and government technology leaders.

📅 Fri, 19 Jun 2026

📍 Shangri-La Eros

Register Now →

EVENT

Infosec Reimagined

Infosec Reimagined 2026 is the premier information security summit where top leaders—CISOs, CROs, CIOs, CTOs and risk executives—converge to redefine cyber resilience.

📅 Fri, 26 Jun 2026

📍 New Delhi

Register Now →

EVENT

Digital Senate

Digital Senate is a premier conference uniting government leaders, technologists and innovators to share ideas, success stories and strategies on digital governance, public sector transformation, cybersecurity and emerging technologies in India.

📅 Thu, 30 Jul 2026

📍 New Delhi

Register Now →

EVENT

CIO Prism

CIO Prism unites forward-thinking technology leaders to exchange transformative insights, shape digital strategies, and foster innovation, empowering enterprises to excel in an era of rapid technological change.

📅 Fri, 18 Sep 2026

📍 Goa

Register Now →

›

“India’s new AI Governance Framework signals a decisive shift, identity and access governance is now a national level priority for safe and responsible AI,” Varma said.

He said that as organisations use AI in decision making and mission critical functions, risks are linked not just to data but to the access privileges granted to people, systems and autonomous agents.

“As organisations embed AI into core decision making and mission critical workflows, the real challenge is not model sophistication but ensuring that only the right people, systems and autonomous agents receive the right level of access for the right purpose at the right time and can be held accountable for how that access is used,” he said.

Varma added that conventional access controls are not built for the speed and automation associated with AI.

“Traditional periodic controls were not designed for the velocity, scale and autonomy that AI environments demand,” he said.

He said companies will need identity platforms that provide continuous oversight and real time policy enforcement as AI systems become more integrated into enterprise operations.

“Indian enterprises will now require converged intelligence driven identity platforms that offer continuous assurance, real time policy enforcement and AI led risk detection,” he said.

Varma said the combination of the DPDP rules and the government’s AI governance approach should prompt organisations to reassess how identity is managed as part of digital transformation.

“This is a pivotal moment for organisations to modernise identity governance and build a secure innovation ready foundation for AI,” he said.