Takeaways From the 2021 Global Technology Summit

This collection of short commentaries by Carnegie India scholars aims to dissect the current state of the technological landscape, as discussed at the Global Technology Summit 2021. This year’s theme of Global Meets Local tackled how a fractured global consensus on various issues—from fragmentation of data protection regimes to encouraging resilience in vaccine supply chains—could thwart progress on developing foundational principles for critical and emerging technologies.

Global or regional cooperation on an assortment of issues will need to see countries step up their level of engagement with one another to develop robust, local solutions. Even in areas as distinct as semiconductor self-sufficiency and privacy, where a disjointed global response has been observed due to technonationalism and data localization measures, the inescapable conclusion remains that deepening global cooperation to develop local answers will continue to be the way forward. The discussions that took place at GTS identified the talking points around such issues and provided recommendations on how to view them. This compendium picks up where such discussions left off.

We are keen to draw lessons from these discussions and extrapolate trends to move the conversation forward. —Konark Bhandari

1. AUKUS, Non-Proliferation, and the Indo-Pacific
2. Data Privacy
3. Building Data Protection Authorities
4. How Do Governments Usher in Trustworthy AI?
5. Lessons for Cryptocurrency Regulation
6. Securing Vaccine Supply Chains
7. What’s Next for the Global Semiconductor Supply Chain?
8. Fragmentation: The Future Geopolitics of Data

1. AUKUS, Non-Proliferation, and the Indo-Pacific

The security partnership between Australia, the United Kingdom, and the United States, known as AUKUS, reverberated across global headlines in September 2021. The agreement aims to “deepen diplomatic, security, and defense cooperation in the Indo-Pacific” and at its center is an initiative that will equip the Royal Australian Navy with a fleet of conventionally armed, nuclear-powered submarines, making Australia the first non-nuclear weapons state to possess such weapons. This historic deal will likely strengthen cooperation in the region, extend deterrence against China, and even bring opportunities for India. But there are also some concerns over  its implications for the global nonproliferation regime.

The Nuclear Non-Proliferation Treaty (NPT), to which Australia is a signatory, prevents the proliferation of nuclear weapons while stipulating that all countries should be able to reap the “benefits of peaceful applications of nuclear technology.” To this effect, all non-nuclear weapons states have to declare their nuclear materials and allow them to be inspected by the International Atomic Energy Agency (IAEA). However, neither naval reactors nor the enriched uranium required to fuel nuclear submarines is covered by the IAEA’s safeguards—a loophole Australia will now be taking advantage of.

Although this loophole is widely known, there are norms around the transfer of nuclear technology that AUKUS would undercut. Countries that operate nuclear submarines had an implicit understanding that they would not transfer technology related to nuclear submarines to other countries, as such a transfer is considered escalatory in nature. So by acquiring nuclear submarines under AUKUS, Australia will dent some of the norms underpinning the nonproliferation regime.

Nevertheless, Australia believes that its credentials as a champion of nuclear nonproliferation will make AUKUS sustainable. Rory Medcalf, head of the National Security College at the Australian National University, has argued that Australia’s excellent track record will make it possible for Canberra to develop a special arrangement with the IAEA and establish additional protocols to deal with the submarine loophole in a way that is consistent with the nonproliferation regime.

While Australia may not technically be in violation of the NPT, it might set a dangerous precedent. As Carnegie Nuclear Policy Program co-director James Acton put it, the fear is not that Australia will misuse the nuclear material that it receives as part of the agreement. Rather, future would-be proliferators could use naval reactor programs as a cover to develop nuclear weapons and expect to face few consequences for it.

Iran in particular might be tempted to sidestep nuclear safeguards by declaring that its enriched nuclear material is for powering submarines. Shortly after AUKUS was announced, Iranian officials at the UN General Assembly sought to use the deal as a precedent to advance Tehran’s plans to develop nuclear submarines. Other non-nuclear weapons states have also expressed an interest in developing such weapons. Brazil is currently conducting sea trials of a prototype naval reactor and could launch its first nuclear submarine by the early 2030s, even before Australia would acquire its own. Given that these nuclear submarine programs are still young, there is time to consider imposing additional safeguards for naval reactors.

Although the United States has made it clear that AUKUS is a one-off exception to its policy on the proliferation of nuclear submarine technology, its actions may encourage other countries to follow suit. For instance, China, the very adversary the United States seeks to deter through AUKUS, could now make similar exceptions—perhaps for Pakistan or North Korea.

Despite these concerns, the NPT wasn’t designed to limit its signatories’ strategic capabilities, and for Australia, AUKUS is fundamentally a strategic partnership in a changing geopolitical environment. The agreement represents a natural next step, given that the increasing points of friction with Beijing have only amplified Canberra’s need to deepen its alliances with major powers. In that sense, countering China appears to be the objective of AUKUS, representing a definitive shift of Australia’s closer military and foreign policy alignment with the United States. While Australia’s key regional partners, Indonesia and Malaysia, have expressed caution that the trilateral agreement might spark a regional arms race, AUKUS could also be understood as a nudge for Indo-Pacific powers to upgrade their naval capabilities.

Like Australia, India has increasingly viewed China as a threat, with the recent border standoff in Ladakh exacerbating this perception. Although—as Manpreet Sethi, a distinguished fellow at the Centre for Air Power Studies, notes—India must watch out for its own security interests. New Delhi would no doubt welcome a greater commitment from the United States and the United Kingdom toward the Indo-Pacific. Further, while AUKUS enhances the military capabilities of Australia, as a partner in the Quadrilateral Security Dialogue (Quad), India will be keen to ensure France is not left out and would potentially look toward strengthening its maritime security partnership with Paris. Despite the deep resentment France may feel toward AUKUS, Bruno Tertrais, the deputy director of the Foundation for Strategic Research, has pertinently pointed out that France has interests in the Indo-Pacific, and the best way forward for Paris is to work with like-minded partners to address the security challenges in the region.

India should also take advantage of the opportunities that emerge from the agreement, such as looking to France for a potential collaboration in the development of nuclear propulsion and nuclear submarine technology. With AUKUS effectively relaxing the nonproliferation norms, Paris  should have fewer qualms toward such an endeavor. Moreover, India could benefit from the science and technology cooperation that AUKUS will bring about.

It is important to note that the purview of AUKUS goes beyond submarines. Australia, the United Kingdom, and the United States have also pledged to deepen collaboration on cyber issues, artificial intelligence, quantum technologies, and additional undersea capabilities. There is enormous potential for such a strategic information and technology sharing setup to counter nonconventional hybrid threats such as cyber attacks. Some argue that AUKUS intends to pool resources and integrate defense and security technology, industry, and supply chains to overcome the technology competition posed by China in the Indo-Pacific. The United States’ willingness to share its closely guarded nuclear propulsion technology with Australia is an unmistakable indicator that such technology cooperation will only deepen in the years ahead.

For India, the recently announced Quad initiatives to develop cooperation in emerging technologies and cybersecurity are complementary to the AUKUS objectives. Prior to France pulling out from the India-France-Australia trilateral dialogue, the arrangement had discussed joint efforts in the field of critical technologies, supply chain security, and cybersecurity. India has also taken separate measures to enhance digital interoperability with the UK, thereby creating the potential for AUKUS-Quad synergy. India is at a juncture where various avenues of future multilateral, technological cooperation could arise, and partnering with AUKUS could be promising route forward.

—Rahul Bhatia and Meha Shah

2. Data Privacy

In the past few years, discussions on data-related privacy issues have shifted from broad principles to specific practices. A general consensus in favor of personal data protection laws seems to be strengthening globally, and discussions have moved on to the laws’ details, including implementation mechanisms, state capacity and oversight, and the evolving geopolitics of data flows.

This year’s Global Technology Summit session on building data protection authorities (DPAs) spoke to the need to strengthen institutional procedures for better ways to safeguard the flow of information. DPAs will face significantly greater challenges in jurisdictions that lack a substantial jurisprudence on data protection. These DPAs will have to work harder to establish legal certainty than in European countries that have had data protection jurisprudence since before the existence of comprehensive regulations. All the speakers underlined the importance of DPAs following a collaborative approach to regulation and the need to seek out diverse expertise. India’s policymakers will have to grapple with many of these issues as India’s privacy legislation makes its way through Parliament.

The discussion on the future of encryption focused on a specific aspect of the privacy and data-protection debate: how law enforcement and intelligence agencies should be given access to encrypted information without weakening encryption or reducing data security and confidentiality. The experts also discussed specific mechanisms for weakening encryption and their relative merits. While there was no consensus on the solutions themselves, the experts agreed that different proposals need to be assessed for their utility and that maximalist stances on this issue are no longer feasible.

The discussion on encryption again highlighted progress in the debate on privacy issues, from the general to the specific and toward greater nuance in thinking about policy solutions. This also encapsulates the trend in the debate on encryption in India, where the government has mandated a traceability requirement on major technology companies for now, but there is space for further discussion on the appropriate methods for accessing encrypted data.

A third significant developing theme of the privacy debate has been the geopolitics of data. Some experts argue there is scope for convergence around data governance norms. The opposite view claims that the world is headed toward increasing fragmentation in data norms over the next few years. The direction of such trends will matter in determining the precise nature and design of global privacy norms in the field of data.

This will become clearer as more and more major countries enact data protection legislation. India’s proposals on data localization have already been highlighted as problematic, given that many bilateral and regional agreements currently stress free data flows. Experts in the session on the future of data geopolitics acknowledged a move toward greater convergence around core principles and elements of data governance but disagreed on whether the next few years will be marked by harmonization or fragmentation. Some experts highlighted the rise of data localization measures concurrent with factors like cybersecurity, rent-seeking, and protectionism that would inhibit multilateralism.

As privacy remains a key topic of discussion in the debates around data, the themes of discussion have become increasingly local and contextual. Specific designs, capabilities, and implementation mechanisms will now be the focal points of discussion in the privacy debate.

— Anirudh Burman

3. Building Data Protection Authorities

In many countries, the debates about the content of data protection laws have been settled. About 70 percent of countries have data protection laws, and 10 percent of countries have draft legislation. Many of these countries have recently enacted or modified such legislation, and effective implementation of these laws is the key to achieving their objectives.

Many of these laws establish regulatory agencies, known as data protection authorities (DPAs), for implementation of the law. Paying attention to the workings of DPAs is crucial, since they are responsible for the way these laws play out in practice. As expert bodies, DPAs are also responsible for providing advice to governments, judiciaries, and other bodies dealing with data. DPAs will define the relationship between humans and digital technologies in the years to come.

India’s data protection law—the Personal Data Protection Bill, 2019—is pending in India’s parliament and would establish a DPA for the country. Unlike some jurisdictions in the European Union, India’s DPA will not benefit from preexisting data protection jurisprudence. This may not necessarily be a disadvantage. With a preexisting regime comes the problem of path dependence and limits to the imagination of what data protection entails. However, one cannot ignore the advantages associated with existing capabilities.

At GTS, one panel on data protection discussed mechanisms to build a strong DPA for India. That panel had five main takeaways.

First, it is important for a DPA to prioritize among its many functions. Miriam Wimmer, director of Brazil’s DPA, spoke about the complicated federal structure of her agency and highlighted the importance of outlining the agency’s priorities clearly. She noted that a DPA must be “selective in order to be effective.” The Brazilian DPA’s strategic plan focused on raising awareness, prioritization of key topics such as data breaches, and the agency’s institutional structure.

Second, regulatory uncertainty around compliance is a major issue in the data protection field, so it is important for the DPA to raise awareness about its domestic data protection laws.

Third, a DPA must take a collaborative and responsive approach toward regulation. This would involve the regulator actively learning from stakeholders and developing regulatory responses in consultation with them. Since data protection laws apply to many sectors and involve fast-changing technologies, a collaborative approach is necessary.

Collaboration could also supplement a DPA’s capacity. The use of public consultations at various stages could help a DPA make fewer mistakes with final regulations.  DPAs could also use regulatory sandboxes, adopt codes of practice formulated with the help of the industry, and encourage self-regulatory organizations. Wimmer stated that the Brazilian DPA has an advisory board made up of representatives from different fields for situations where meeting with each stakeholder is not feasible. Going forward, it might also consider the use of technologies like artificial intelligence for distinguishing meaningful comments from frivolous ones.

Fourth, DPAs must try different methods for regulation and enforcement. Participants suggested using a technolegal approach that involves creating a framework for compliance using technologies governed by privacy principles. Enforcement strategies must be risk-based and may be scaled up gradually. They could use methods like naming and shaming and giving the noncompliant body time to correct its activities, among others.

Fifth, the DPAs needs to find innovative ways to build and use their capacities in the face of constraints. While collaborative approaches are necessary, some aspects can be challenging for DPAs from a human resource perspective. Wimmer explained how examining and responding meaningfully to thousands of comments received during public consultations can be resource-intensive and time-consuming. Handling other aspects like complaints can also require more manpower. The EU’s enactment of its General Data Privacy Regulation led to a dramatic increase in the number of complaints due to rising awareness regarding data protection rights and remedies.

India’s proposed legislation outlines a wide range of powers and obligations for its DPA, which is unlikely to deploy broad capabilities from the very beginning. Decisionmaking on various aspects of data protection requires technical and context-specific expertise, which the DPA will have to build over time or find ways to ensure compliance without intensive direct supervision.

The Indian DPA could adopt the Brazilian DPA’s approach of putting forth a strategic plan. This could outline, among other things, the main regulatory agendas it will prioritize and could evolve over time as it builds capacity.

The Indian DPA must also consider using existing knowledge wherever possible. The Personal Data Protection Bill, 2019 already contains a provision for codes of practice specified through consultation with industry. Additionally, the DPA could consider other methods such as public consultations at various stages of regulation-making and agreements with academic and research institutions. The use of public consultations at different stages can also help in improving the quality of the final regulation. It can consider the use of appropriate technology to make the process less cumbersome.

Discussions like these are effective ways of sharing information and insights about how to build a new regulator. This could be one of the many ways the Indian DPA could find solutions to the many challenges it will face in the coming years.

—Shivangi Tyagi and Suyash Rai

4. How Do Governments Usher in Trustworthy AI?

Artificial intelligence (AI) has been touted as a promising technology for decades now, but only in recent years have developments stemming from deep learning techniques led to it being seen as transformative. AI has applications in various sectors, including healthcare, agriculture, and education, but the distribution of benefits across countries may be uneven and could widen the performance gap.

The discussion at the GTS panel on AI started off with the acknowledgement that while AI itself holds great promise, a veritable AI arms race is possible when it comes to different countries investing in AI technology. Given that the battle to emerge as a leader in AI is hotly contested, several international organizations have sought to ensure that AI adheres to principles that include accountability, transparency, explainability, security, privacy, and fairness. The Indian government has committed to responsible use of the technology in its 2018 AI national strategy. In the document, India sought to solve societal problems at a massive scale, in ways that could later be used to solve global problems elsewhere. This frenetic activity, however, brings corresponding challenges for governments in terms of the regulatory structures adopted, and questions about how AI should be involved in lawmaking and other aspects of public institutions.

One of the challenges in the field of AI has been the speed with which systems have evolved. Legal systems the world over usually play catch-up with technological developments and struggle to come up with a regime that would regulate cutting-edge technologies. AI is no different. However, with global consensus being gradually forged through enunciation of AI principles by various international institutions, it may be possible to implement AI systems in a largely harmonized way.

The other challenge is the issue of autonomy of AI systems. While much has been made of how certain technologies that use AI systems, such as automated weapons or self-driving cars, are autonomous to the point that they neglect the importance of human intervention, others can be just as worrisome. For instance, there may be considerable doubt as to how certain algorithms work and what repercussions they could have in sectors where algorithms are used to price goods or allocate resources.

Another key challenge that stems from AI systems is the issue of opacity. Sometimes, administrative tasks such as sentencing could be outsourced to AI, which may aid a judge in arriving at a decision that is free from human bias. In other cases, AI could be employed in administrative tasks related to sentencing. Either way, no matter how error-free these processes are, they should adhere to the principle of explainability; it is necessary to not only arrive at an efficient decision but also be able to explain its methodology. There is a strong case to be made for regular AI review or audits when it comes to the opacity of these systems.

But the technology is not all bleak. The GTS discussion alluded to the manifold benefits of AI applications, especially in the Indian context. For instance, the agricultural sector sees a massive number of farmer suicides every year. Most of these are driven by predatory lending in the absence of crop loans from banking institutions, which claim they cannot make reasonable monetary estimates of farmland and crops. However, with AI systems—whether through roving satellite imagery or other technological tools—banks can identify the farmer’s assets and dispense a non-usurious loan accordingly. Similarly, the implications for the healthcare sector are also massive: costs have gone up, the but the quality of medical care has not necessarily kept pace. Here, AI may lead to a reduction of costs, but not at the expense of quality, as patients become more proactive in monitoring their health through AI devices.

Onerous laws can stifle innovation and lead an entire industry to migrate to greener pastures elsewhere. It is critical that the law not continuously play catch-up with AI systems, lest we risk another scenario where companies take advantage of minimal or laggard regulation. By addressing the challenges laid out above, it is possible to enable a version of AI that engenders trust, and in the process, unleashes its transformative potential.

5. Lessons for Cryptocurrency Regulation

The year 2021 was arguably when cryptocurrencies went mainstream. The cumulative market capitalization of cryptocurrencies touched $3 trillion, with significant interest from retail and institutional investors, including large private equity and sovereign wealth funds. New and disruptive use cases of cryptocurrencies, such as decentralized finance (DeFi) and non-fungible tokens (NFTs), gained ground. The global regulatory landscape also witnessed important developments, from the Chinese crackdown on cryptocurrency mining to the declaration of Bitcoin as legal tender in El Salvador.

India was no different, ranking among the top ten countries around the world in DeFi and crypto adoption, and is estimated to now host more than 230 crypto tech start-ups, 15 million retail crypto investors, and two unicorns in this space. However, the insufficiency of India’s policy response, both in setting out clear rules of engagement for the industry and market participants and in addressing emerging concerns around investor protection, market integrity, sanctity of capital controls, and potential use in illicit activities like money laundering, remains a principal issue.

Both crypto sessions at GTS witnessed a rich discussion among participants leading to several key insights, some of which are discussed below.

Participants were generally of the view that cryptocurrencies should not be treated as legal tender. However, there were divergent views on the usefulness of cryptocurrencies and the advantages to encouraging innovation and expending regulatory capacities to govern the space. Views also differed on the feasibility of a policy approach that delineates the underlying distributed ledger technology from cryptocurrencies to actively promote the former while discouraging or prohibiting the latter. This is both a technological and policy question on whether such a move would allow the necessary innovation to take place. A consultative approach for evolving Indian legislation on cryptocurrencies, suggested by the former Indian finance secretary Subhash Garg, could also be useful in bridging such gaps in understanding. Such consultations should be broad-based and inclusive to avoid capture of the process by any specific stakeholder community.

Participants discussed how cryptocurrencies differ from existing assets like stocks and the subsequent implications for regulation. For instance, cryptocurrencies do not lend themselves easily to either of the broad approaches currently being tested globally—of retrofitting them into existing regulations or creating a sui generis regulatory framework. This will be an important first-order question for Indian policymakers, too, before dealing with questions on appropriate regulatory authorities. In either case, inter-regulatory coordination will be key.

The sessions also saw a variety of suggestions on approaches to regulation and capacity-building. Barring some exceptions, participants discussed the difficulty that a ban on cryptocurrencies would impose in tracking illicit activity, circumventing capital controls, or developing regulatory understanding and capabilities. In the context of India, participants suggested that it may be useful first to assess the track record of enforcement agencies in dealing with financial crimes before considering a prohibitive stance.

Participants also discussed an “open” approach, in contrast to a ban, through the examples of Singapore and Brazil. For instance, Singapore’s approach involved an iterative process of regulation and policymaking through the use of public-private partnerships and regulatory tools like regulatory and innovation sandboxes to build adequate knowledge, supervisory and enforcement capabilities, as well as a talent pool that could be co-opted by regulatory agencies subsequently.

At a more granular level, participants discussed different possibilities on who should be supervised—from licensed intermediaries like cryptocurrency exchanges to users themselves through (in the case of India) noncustodial wallets that have undergone a Know Your Customer process using existing public infrastructure like Aadhar, a unique digital identification program in India. However, there may be disadvantages to both these possibilities. The former could exclude decentralized or peer-to-peer exchanges, whereas the latter, as a participant pointed out, may lead to market concentration and single points of failure. It is likely that the regulatory perimeter will need to extend to all intermediaries and participants in the ecosystem. Additionally, given the variety of cryptocurrencies, one participant pointed out the need to scrutinize internal governance mechanisms too, for concerns such as capture or monopolistic behavior.

Investor protection was identified as a key concern given the risks associated with cryptocurrency transactions. Koan Advisory CEO Vivan Sharan suggested that the crypto industry must take steps to increase awareness of risks among consumers and that the current juncture was also an opportunity to bolster financial literacy programs.

Another important area participants discussed was the importance of international coordination to avoid fragmentation in regulatory approaches and the ensuing regulatory arbitrage. Carnegie visiting scholar Robert Greene pointed out challenges to bringing about such coordination against a lack of uniform definitions or vocabulary for cryptocurrencies and intermediaries as well as different motivations among jurisdictions. The third impediment, he pointed out, is the policy approach referred to earlier—of encouraging distributed ledger technology like blockchain without cryptocurrencies—an approach at odds with an industry that is keen to use both together. One participant pointed out that the decentralized nature of cryptocurrencies will also require global cooperation among specialized enforcement agencies.

In short, technological developments and regulatory responses continue to evolve. From the Indian perspective, an opportunity for wider consultations, consensus-building, and evolving a practical and strategic policy response has emerged as stakeholders await legislation. Releasing a white paper in the public domain outlining the proposed policy and regulatory approaches and a draft of the proposed legislation would be a useful starting point. An important element of such a response should be to create nimble regulatory and institutional frameworks that can learn, develop capacities, and regulate alongside the rapid developments in this space. Another is greater international engagement in developing regulatory norms and in coordination and enforcement capacities. As some participants noted, as a large emerging market economy, India’s approach toward cryptocurrencies may serve as an important example globally. Further, even if India chooses to prohibit cryptocurrencies’ use within its borders, it may still need to prepare for their proliferation outside its borders.

More immediate is the need to evaluate the sufficiency of existing Indian legal and regulatory frameworks in addressing risks arising from cryptocurrencies. The recent Union Budget for the year 2022–2023 has proposed a 1 percent tax to be deducted at the time of cryptocurrency transactions in order to capture transaction details. Adequate data is a critical gap given the pseudo-anonymous nature of cryptocurrency activities. Such a staggered approach, which similarly addresses immediate concerns like investor protection and potential use in illicit activities, could be a useful way forward while a comprehensive framework is developed.

—Priyadarshini D.

6. Securing Vaccine Supply Chains

The coronavirus pandemic has challenged the vaccine supply chain to deliver more products to a larger number of beneficiaries in less time and often with more limited resources and options. Discussions at GTS brought together researchers, vaccine manufacturers, government officials, academics, and public health experts to discuss challenges affecting vaccine supply chains, explore potential partnerships, and highlight lessons from the current pandemic.

Participants see a lot of potential for India to build on its experience during the pandemic to become an even more important innovator and producer of vaccines for both India and the global market. Unprecedented partnerships among researchers, the private sector, funders, and regulators expedited the development and delivery of COVID-19 vaccines globally. Apart from traditional academia-industry partnerships, collaboration among competitor companies and cooperation among different government departments eased supply chain pressures, which led to faster manufacturing and distribution of vaccines in India and elsewhere.

Despite this collaborative ecosystem and forged partnerships, the global vaccine supply chain was still disrupted. This is partially because Western vaccine companies initially chose to use manufacturers in the Western world with no prior vaccine production experience, instead of India, which houses the biggest vaccine-makers in the world. This model created by Western companies perpetuated a division between the developed and developing world and disrupted the supply chain, as we see today.

Participants underscored the importance of regional and global partnerships in developing agile and robust vaccine supply chains.

Considering India’s reputation as the “pharmacy of the world,” other members of the Quadrilateral Security Dialogue (the Quad, including Australia, Japan, and the United States) are looking toward India to ramp up vaccine manufacturing to end the COVID-19 pandemic. Experts elaborated to explain that the United States can develop vaccines, India can become the manufacturing hub, Australia can facilitate last-mile delivery of vaccines, and financing can be provided by the U.S. Development Finance Corporation, Japan International Cooperation Agency, Japan Bank of International Cooperation, among others. This partnership will be implemented by a Quad Vaccine Experts Group, comprised of top scientists and officials from the four governments. Further, the Quad can partner with other entities such as COVAX and the Coalition for Epidemic Preparedness Innovations (CEPI) for vaccine distribution to other countries.

On the global front, COVAX—a public-private partnership to provide innovative and equitable access to COVID-19 diagnostics, treatments, and vaccines—faced enormous supply constraints and coordination challenges across the world. Models such as COVAX should however be sustained and improved upon so that the supply of vaccines can be more efficient and equitable after the current pandemic has run its course.

On the multilateral front, CEPI is a remarkably innovative global partnership between public, private, philanthropic, and civil society organizations that helps small developers take their vaccines to early phase testing where bigger companies may not wish to invest in the global market. It is therefore important to sustain this multilateral collaboration to support new and innovative platform technologies that can develop and manufacture vaccines, strengthen capacity in countries that are at risk, and advance regulatory science that governs product development to better prepare for future outbreaks.

Discussions at GTS also highlighted key strategies ranging from diversifying manufacturing capacity to strengthening immunization systems for swift dissemination of vaccines. Participants were hopeful that the global nature of the COVID-19 pandemic could trigger an institutional change regarding funding to strengthen public health, both at national and regional levels, ensuring ongoing investments in health security rather sudden and temporary responses to major outbreaks, within India and elsewhere.

Participants discussed possible pathways for both India and the world to develop a functional, end-to-end supply chain and logistic system that can enable appropriate vaccine storage, distribution, handling, and waste management.

First, to build resilient vaccine supply chains at home, India could have small, localized facilities for manufacturing that are placed closer to the point-of-care, rather than one large facility that serves the entire country. This approach would increase India’s capacity to manufacture vaccines and enhance its ability to supply globally. It could be supported by requiring researchers and regulators to short-circuit the clinical trial phase by replacing animals with organoids, a 3D in vitro tissue that mimics its corresponding in vivo organ. All steps from discovery to commercialization of vaccines need to be considered carefully to develop secure, robust, and resilient supply chains.

Second, India should build tech transfer offices, with a strong business development focus group, in academic research institutions to ensure that the proprietary knowledge developed by those institutions is licensed and translated to develop products that can solve real-world problems. This capability will encourage industry to collaborate with academia for new seed innovations and will also create trained manpower to be able to leverage technology to develop medical countermeasures, creating a sustainable research and innovation ecosystem in the country.

For the global market, many of the supply chain issues with respect to vaccine supply have always existed. Even though governments have substantial experience in implementing immunization campaigns, governments did not commit to buying COVID-19 vaccines early enough. It is therefore important to put in place agreements with vaccine manufacturers both in India and abroad to avoid a situation that was observed during the second wave of the pandemic, where there was a lack of clarity among both manufacturers and government about the pace at which vaccines can/should be made.

To accelerate global vaccine production and create regional manufacturing hubs, large vaccine manufacturers should partner with pharmaceutical companies in developing countries. This can be like the AstraZeneca model, where the company collaborates with multiple manufacturing units globally to support each stage of its vaccine production. The process is transferred to the respective facility, with adequate guidance and technical training, throughout the manufacturing process to ramp up vaccine production.

In addition to the ability to scale up vaccine manufacturing, the entire value chain—from raw materials to filters and cold chains—needs to be ready to increase production in case of an emergency. More comprehensive supply chain planning should be undertaken to assess elements that can be developed domestically, identify components that should be imported, and find ways to minimize vaccine wastage. Better use of Internet of Things devices and supply chain management software could make a big difference.

Discussions should happen both at the national and the international levels to ensure equitable distribution of vaccines globally. The former can help countries identify gaps in their logistics circuit to ensure that vaccines reaching their geographical borders are distributed equitably. The latter can perhaps either involve institutions like the World Health Organization or multilateral agreements ahead of time to ensure that vaccine vials, reagents, syringes, and technology are shared. Moreover, regional arrangements can be created to identify bottlenecks in supply chains and collaborate to exchange raw materials, reagents, and technology needed to develop resilient vaccine supply chains.

Finally, apart from strengthening vaccine supply chains, it is important to create architecture, systems, and standards that facilitate regional cooperation for pathogen surveillance. This can help scientists and policymakers to implement appropriate measures to contain a pandemic. It can also assist in public health decisionmaking, which in turn would build national and regional resilience to fight outbreaks.

—Shruti Sharma

7. What’s Next for the Global Semiconductor Supply Chain?

Semiconductors are critical for various industries, ranging from aerospace to automotives. However, in the last couple of years, the semiconductor supply chain has been upended by a severe global shortage. An April 2021 Goldman Sachs estimate puts the number of impacted industries at a staggering 169.

So, what has caused this sudden shortage?

First, the coronavirus pandemic led to a sudden, momentary disruption in global supply chains, including for the semiconductor industry. Many automobile companies had to cancel their orders or invoke provisions in their order contracts to halt semiconductor purchases. Meanwhile, key semiconductor factories redirected their supply to other industries, such as consumer electronics and cloud computing, that saw a surge in demand as many more people began to work from home.

Second, in 2020, the United States introduced new export control measures that completely prohibited any product that used U.S. technology from being sold to entities blacklisted by the U.S. Commerce Department. So, companies like Huawei stockpiled goods and ordered several months’ or years’ worth of semiconductors in products used for base station technology. The massive surge in demand even before the pandemic exacerbated the ensuing chip shortage.

Third, a massive earthquake in Japan in February 2021 led to a substantial constriction in output. In addition to that, a major fire at one of the biggest factories of Renesas, a prominent chip supplier, interfered with the company’s ability to fulfill its orders to automakers worldwide.

Given the pressing shortage and the escalating significance of semiconductors, the Indian government has adopted several approaches toward establishing a vibrant semiconductor ecosystem. Its Design Linked Incentive (DLI) scheme, with a massive outlay of 76,000 crore rupees (over $10 billion), incentivizes domestic firms to enter the semiconductor value chain at various stages, be it chip design, fabrication, or assembly, testing, and packaging. The Indian government is also reportedly in talks with the Taiwan Semiconductor Manufacturing Company to set up a $7.5 billion fabrication foundry in India. India is going all out to court the world’s largest foundry player by reportedly offering tariff reductions on components for producing semiconductors.

One GTS roundtable developed the following takeaways:

• By introducing a mammoth scheme to promote semiconductor design and production in India, the Indian government has displayed a healthy risk appetite for incubating innovative technologies. Most countries, with the exception of the United States and China, have not considered similar schemes, and any existing plans (such as in the EU) have been short on details.
• The scheme proposed by the Indian government also seeks to promote chip design and manufacturing in less advanced nodes as well. This is a welcome step. While semiconductors have proven utility in cutting-edge industries, they are still necessary for other less advanced electronic industries as well. Focusing on all types of nodes would help India to hedge its bets and possibly boost its electronics industry.
• The provision of subsidies for chipmakers by most other countries may play spoilsport for the United States and the EU, which have thus far sought to prevent doling out any subsidies to entice chipmakers. This may change, given the magnitude of investment required and the need to shore up semiconductor manufacturing capability in the short run.

Techno-nationalism—the trend where nations favor their own security objectives over commercial benefits—may be here to stay in the medium term. As such, there is a huge appetite for diversification away from China, which may open new markets for India.

To start off, India could lean into a concert of democracies that may provide technology transfers. Given the lasting suspicion about China securing sensitive technology, the United States could work with like-minded countries when it comes to managing technology transfers. India could allow its public research institutions to incubate technology transfers from the United States and then transfer the technology to private companies through spin-offs—as the Industrial Technology Research Institute and Electronics Research and Service Organization did in Taiwan.

India could also seek preferential access to such technology within the Quadrilateral Security Dialogue (Quad). But establishing consensus on process would be challenging. Already, Quad countries diverge on data flows and related issues like data localization. Getting other significant players in the semiconductor ecosystem, such as Japan and South Korea, to participate in both technology transfers and fabrication facility investments would be harder, still since it is unclear how they would benefit from such an arrangement. However, the DLI scheme of the Indian government shows that it is serious about taking this challenge head-on.

—Konark Bhandari

8. Fragmentation: The Future Geopolitics of Data

The global nature of the internet is being threatened. A single multilateral structure to govern the cross-border flow of data appears more and more like a pipe dream. This could “cripple the Internet of Things and the Cloud of Things,” because, as Michael Nelson puts it, “politicians and governments like to control things,” such as the use and storage of data.

This partially explains the fast, worldwide rise of data sovereignty requirements, or governments’ attempts to assert control over data generated within their borders. Commercial data transfers account for $2.8 trillion of global gross GDP and are expected to grow by forty-five times every decade. But the policies of several G20 economies “have become more inward looking” and prioritize keeping data within their borders. So how exactly do countries square the circle between data sovereignty and the need for the global governance of data?

At most, a higher degree of convergence of language around privacy and standards can be expected, suggested a GTS panel on the fragmentation of data governance. Ralf Sauer underlines that global companies’ narratives on fragmentation often mask commonalities “around core principles, rights and obligations.” This convergence, Sauer argues, is clearly evident across countries in Latin America, Africa, and Asia. “The real fragmentation,” Sauer claims, is within the United States, which is yet to seriously consider a federal law on privacy.

In fact, unilateral, plurilateral, and other trade agreements often have a “high degree of commonality in existing frameworks.” There is some, if faint, evidence of the “emergence of an international architecture . . . aimed at reaping the benefits of data flows.” The increasing localization of data doesn’t necessarily mean that the global internet is on the verge of an apocalypse.

It does mean that there will no Bretton Woods system for data in the near future. The G20 likely won’t agree to a common set of standards on the cross-border movement of data anytime soon. Even Japanese officials, who developed the concept of “data free flow with trust” (DFFT), themselves argue that this architecture is unlikely to become the global standard. At best, it can help expand common language on privacy legislation, which in turn mandates the extent of data localization in different jurisdictions. The G20 recognizes that the “free flow of data” needs to be considered alongside existing international and domestic legal frameworks. But to countries like India and Indonesia, signing on to the DFFT was considered a bridge too far. In the case of India, the government would prefer to wait for a long-pending draft bill on personal data protection to become law before taking a clearer position on the cross-border movement of data as underlined in the DFFT.

There is a clear recognition that data localization is not going away. Almost every country in the world—apart from a handful of rich ones, like Canada, Japan, Singapore, and the United States—has incorporated data localization measures or plans to. Yet, GTS-related discussions made clear that there ought to be an alternative way to approach data internationalization.

Rather than seek a global compact, it would be more practical to find the convergences within and between the layers of fragmentation in national, plurilateral, and trade agreements. The texts of many of these agreements—regional, international, and bilateral—demonstrate a higher degree of convergence than otherwise assumed.

Over the next few years, partners should capitalize on the convergence. Fragmentation, including a puzzling array of agreements that touch upon data, will remain the default setting in the geopolitics of technology. So for now, norm-building will be more important than multilateral rule-setting.

Suggestions that the United States and its allies should adopt the DFFT, or that the United States could lead the way in structuring the rules of the data game, completely miss the fragmented nature of data governance. Similarly, arguments making a case for the creation of a so-called, U.S.-led Internet Freedom League remain at odds with the growing number of agreements that exclude the United States.

Indeed, the world’s two largest democracies—India and the United States—are also the least connected to the dizzying sets of data-related agreements and initiatives in Asia. Despite the so-called Great Firewall, Chinese leaders appear to understand the importance of plugging into cross-border economic and legal structures in their neighborhood. That Chinese national laws on data and technology more broadly will make it almost impossible to integrate with these emerging legal structures when it comes to the flow of data is, of course, another matter altogether.

With all of this in mind, public and closed-door discussions at GTS generated the following recommendations.

• Over the next few years, policymakers should accept fragmentation and find ways to support global norms rather than fixating on a well-defined multilateral solution for data governance.
• Policymakers should work more closely with the OECD to help leverage such principles.
• The G20, which started serious work on data governance in 2017, should serve as an annual milestone to take stock of opportunities for the “glocalization” of data (a mix between global norms and national localization standards).
• Countries like India should consider the impact of data localization and government access to data on the future need to harmonize regional and bilateral treaty structures. Further, New Delhi should consider cross-border, data-led partnerships more forcefully, especially as the Indian Draft Personal Data Protection Bill becomes a law, potentially in 2022.
• The United States should start working seriously on a federal privacy law.
• The European Union needs better ways to adapt the standards built into the commission’s adequacy decisions.
• As norms around data governance proliferate over the next several years, to the international community will need to work simultaneously through multilateral platforms, such as the G20, to agree to a common set of rules for World Trade Organization member states. The OECD could help to facilitate a policy recommendation on cross-border data flows, keeping in mind the many different layers of national localization requirements in place. At most, localization can be disincentivized as international and bilateral legal obligations balance the needs of the global with those of the local.

— Rudra Chaudhuri