India is a digital market with huge potential and influence. India is actively building a data governance system; Of all the digital policies currently in place or being established in India, about 25% (53 policies) are related to data governance. Against this backgroud, we study the data governance policies and regulations in India, as well as the cooperation between India and major countries, and cases of companies.

Chapter 2 analyses India’s top-level data policy framework that forms the foundation of the data economy and the data regulations that govern its implementation. India is considering a long-term, comprehensive data governance framework such as the ‘National Data Governance Policy (draft)’. It is also building a government-led data accumulation and utilisation system, India Stack. The establishment of a government-led data ecosystem is a key feature of India's digital transformation policy and has the potential to spread as an alternative to other latecomers to digital transformation.

India's data regulations are in line with global standards while seeking its own path. The Digital Personal Data Protection Act 2023 is business-friendly and avoids excessive restrictions. It is characterised by the introduction of a negative approach that allows cross-border data transfer in principle. However, sector-specific data localisation regulations are applied, and there are some parts that need to be specified in application. The Non-Personal Data Governance Framework (draft) announced in 2020 expresses the government's intention to create data platforms and data marketplaces, but further discussions are needed regarding the possibility of excessive restrictions. The Digital India Act (draft, 2023) is a comprehensive legal framework that responds to the rapid growth of new technologies and large technology companies represented by platforms. Through this, the regulatory environment for large technology companies in India will be newly established. It is likely that data regulations will be introduced for new technologies such as artificial intelligence, as well as transparency standards for data processing based on types of platforms.

In Chapter 3, we analysed the aspects of data governance in India expressed through digital trade policy. India has maintained a protectionist stance on data openness in WTO negotiations and bilateral trade negotiations with Australia and the EU. The US government has been raising the issue of data barriers with India, but given India's strategic importance, it is unlikely that the US government will exert bilateral trade pressure. However, it is likely that US companies will continue to raise issues and exert influence on India's data policy.

The EU and India are placing more emphasis on discussions about data governance in general rather than regulations, and it is expected that bilateral discussions will focus on areas where the interests of the two sides, such as artificial intelligence, coincide. It is noteworthy that the EU is responding to India's initiative to spread digital public infrastructure(DPI).

It is unlikely that Australia will be able to implement the liberalisation of cross-border data transfer and the restriction of data localisation measures in the CECA negotiations with India. However, Australia has been able to induce India to open up in the AI-ECTA service trade and financial services negotiations. Australia seeks to expand digital trade and data trasnfer with India and pursue institutional compatibility under the framework of strategic cooperation such as the QUAD.

Despite India's high economic dependence on China, it is likely to remain wary of China in the digital sector. In particular, Chinese companies’ investments in areas directly related to data security are expected to be treated with great sensitivity.

India is presenting Digital Public Infrastructure (DPI) as a key agenda at major international forums such as the G20 and the World Telecommunication Standardisation Assembly (WTSA-24), as well as multilateral forums such as QUAD, and is stepping up its efforts to make its DPI model an international standard. This is believed to be an attempt to expand India’s influence in the process of building digital infrastructure, especially in global south.

Chapter 4 synthesises the above research and presents policy implications. First, it is necessary to respond to the issues that may arise in the process of introducing data norms in India. The Digital Personal Data Protection Act (2023) provides separate regulatory grounds for large-scale data processing companies and does not clearly state the legal basis for data processing, which may cause uncertainty in corporate activities. The Korean government needs to pay attention to the list of countries that the Indian government plans to announce as data transfer restriction countries. The Digital India Act (draft) currently under discussion is expected to have a major impact on corporate activities by strengthening the transparency of data processing, with platform companies as the main target.

Second, we can consider indirect measures to make the activities of data-related companies freer through negotiations with India. Like AI-ECTA, efforts should be made to increase the level of openness of computer and related services, engineering and integrated engineering services, provision and transfer of financial information, and software provided by financial data processing. If the data related articles are included, it is possible to include a temporary clause as an intermediate step in the liberalisation of data transfer and data localisation, and to review it after the establishment of the India’s data system. Meanwhile, Korea needs to pay attention to strengthening cooperation between like-minded countries. Korea is already participating in the Korea-US- India iCET, and it is necessary to actively respond to the QUAD countries’ agenda for cybersecurity and DPI cooperation.

Third, digital cooperation with India requires the building of trust capital, and key area is DPI. India's DPI is a government-led model with no precedent, and is likely to attract the attention of developing countries. It is necessary for Korea to consider responding to the DPI cooperation agenda in the G20, ITU, UNDP, and QUAD. Korea should also pay attention to cooperation for the development, interoperability, and inclusiveness of DPI in developing countries. It would also be possible for Korea to cooperate with India in projects such as capacity building and expert exchanges for developing countries.

Fourth, Korea should seek cooperation in the digitalisation of the public sector in India using ODA. It is believed that cooperation can be found in tasks such as standardising data management, data security, building data platforms, and expanding public data accessibility, etc. In particular, the digitalisation of government services in the process of urban development in India is a field with high potential for cooperation.

Fifth, it is necessary to establish continuous bilateral contact platforms so that Korean and Indian policy makers can share the changing aspects of data governance. It is necessary to set current issues such as data and DPI as an ongoing agenda in channels such as the ministerial-level industrial cooperation committee between the two countries, which is scheduled to be established, and the established Korea-India Information and Communication Technology (ICT) Policy Council. Going further, the two countries could consider forming partnerships between relevant ministries and operating regular forums to exchange issues related to data governance. In addition, the difficulties faced by Korean companies entering India should be actively communicated through the Korea-India government-to-government dialogue channels, such as the Korea-India Fast Track Mechanism, Invest India, etc. Cooperation with a third country can also be promoted. Rather than the United States, which already has its own influence in India, cooperation with Japan may be more effective.