May I now please invite Mr Srii Gopinathan, founder and CEO, SKG Advisory, for his keynote address on the Corporate Digital Responsibility framework. Ladies and gentlemen, Mr Gopinathan brings over 20 years of significant domain expertise and global experience. Before this, he was the Chief Information Officer at Lupin Limited and led the end-to-end IT and digital portfolio of the company. He has also been associated with companies like Philips, Procter & Gamble, ISRO, and ABB. Ladies and gentlemen, let’s put our hands together for the founder and CEO, SKG Advisory.

Good morning everyone. Thank you very much, Samir, for inviting me, and Dr Gushan for inviting me to present this important topic.

Digitalization and digital transformation have gathered a lot of steam in terms of people talking about them much more in the recent past, to be precise probably post-pandemic. This has gathered a lot of momentum in both the private and public world. This does not mean that digitalization and digital transformation were not going on before that. I have been working in the corporate sector for more than three decades now, worked in other parts of the world, and then I’ve come back here. It has been happening in different forms and shapes across the corporate world as well as the public sector.

So does that mean that now that we are talking about corporate digital responsibility, it was done irresponsibly in the past? I don’t think so. I think there have been certain parameters which were always under consideration—how to do business, how to digitize, how to create minimum impact due to that. However, if you look at the curve, there has been an exponential pickup in terms of digitizing not just a user in an organization or a public system, but also the industrial setups.

If you go to a pharma company or an FMCG company or an oil and gas company, the digitization in the past was very isolated because the machine did the job, production happened, and the output came. But now there is digitization happening in the industrial sector as well, which is increasing the landscape and the surface area of digitization. Digital transformation then happens because of the quantum of data that is being generated out of all the digitalization that is happening.

But even today we are still scratching the surface—not just in India, but globally as well. There are very few top organizations that have probably gone deeper into this to create insights and data value out of it. In India, in the last three to four years, it has actually gathered steam, and probably there is a trajectory that we are seeing in India which can catapult us to a different level compared to the global scenario.

Given that, it is very important that this catapulting does not result in dire consequences for the planet and for people. What that means is there are a lot of data centers being generated, a lot of sensorization happening, and artificial intelligence—especially generative AI—requires significant storage and compute behind the scenes to generate the output it is supposed to generate. We are all now very conversant with ChatGPTs of the world; we use them for everything we need in life, kids are using them for school work. But the compute that happens behind this is actually pretty significant. It results in consumption of a lot of factors—technical and non-technical.

Hence the call for being more responsible from a corporate perspective—and not just corporate, but also the public sector. This is very important. A lot of research has gone into this by the SKOCH Group and task forces created from both public and private sectors. A lot of discussions and brainstorming have happened, and what is being presented now is an outcome of that.

There are certain frameworks that exist in some countries, but there is nothing comprehensive anywhere. About seven countries were taken from across the globe to study what is out there and how we can create a framework which is probably going to be ahead of the game. As we heard earlier, ESG has become mandatory for people investing in or buying from certain companies. There will come a time when, if you are not doing digital transformation in a responsible manner and do not have the indices in your favor, organizations may not get the business they are getting today, globally and probably within the country as well.

Hence, this work is very important so that it helps the corporate world, leadership, and organizations to take a look at it as a guidance factor for now, and probably as a mandatory regulatory point in the future. We need to stay ahead of the game.

This is a master set you will see—twelve big components that have been created as a master set for corporate digital responsibility.

First and foremost is data security. All of us are throwing our private data into the digital world. How secure is it? Consumer data, patient data, distributor data, retailer data—each has significance and needs to be handled in an appropriate, secure manner.

Then there is the social aspect. We are all worried whether AI is going to replace jobs and employment, and the social disruptions that may result from that. That is the second aspect.

Then comes sustainability. The foundation for all this compute is the data center—cloud or on-prem. The underlying infrastructure and power consumption are similar. Sustainability must be considered. In India, almost all real estate companies with land and buildings are trying to become data center companies as well. This proliferation is demand-driven, but how do we do this responsibly?

There is also an economic aspect. Digitalization can disrupt economic equations if not managed properly. Then comes technology itself as a core component. There are technologies that help us act responsibly, and others that may give the same outcome but not in a responsible way.

Risk management is another component. Corporates are no longer isolated; they have supply chains before and after them. The entire value chain must be considered.

Human resources is another aspect. Products consumed by users can lead to grievances, and organizations must address them. Ethical practices must be at the core—outcomes can be achieved in multiple ways, but without ethics they won’t last.

Government practices must also be considered, forming a Venn diagram where everything comes together. India is a diverse, multilingual country, so inclusion through language is critical.

Finally, mental health. Digitization is creating significant stress. We are constantly on our phones. Kids are not going out and doing what we did earlier. This is creating serious mental health issues.

These are the twelve buckets of corporate digital responsibility.

I will quickly touch upon sub-points. From a security perspective, data at rest and data in transit both need protection. Many organizations encrypt stored data, but data in motion is highly vulnerable. Ransomware attacks are common. Attackers often remain in systems for over a year before attacking, mapping servers and extracting data. Even if systems are restored, data may already be compromised.

There are insider threats as well—disgruntled or former employees. IP protection, copyrights, patents, and responsible innovation are critical. Data privacy regulations like GDPR, California Act, and India’s DPDP Act are important, and India has struck a good balance. Corporates must take this seriously.

On social digital responsibility, organizations collect massive consumer and patient data. As data fiduciaries, they must disclose what data is collected, how it is used, and whether it is outsourced. Accountability, addressing digital poverty, inclusive products, diversity, and skill enhancement are key.

Sustainability includes carbon neutrality, e-waste, power efficiency, zero waste, sustainable web design, renewable energy, gas emissions, and water consumption.

Economic responsibility involves equity, fair income, and avoiding negative impacts of AI-driven decisions.

Technology choices, partners, outsourcing layers, and methodologies matter. Risk management includes phishing and fraud prevention—both proactive and reactive approaches.

Human resources includes inclusion, education, capacity building, grievance redressal, feedback mechanisms, and data-driven decision-making.

Ethical practice includes digital ethics, iterative processes, and ethical design—collect only what is essential.

Government practices include consent management under the DPDP Act. Consent can be withdrawn, and data must be deleted unless legally required.

Misinformation, harmful content, multilingual inclusion, and mental health are critical. Mental health, though listed last, is among the most important. Organizations must have employee assistance programs, counseling, awareness, good work environments, and continuous monitoring.

This framework is a guidance for organizations to adopt corporate digital responsibility so they are not left behind when it becomes a regulation, expectation, or mandate for doing business.

Thank you very much.

Participants at the Indices for Viksit Bharat