AI Ethics
AI Safety Fundamentals: DPDP and AI Governance Guide
AI Safety Fundamentals explained for Indian AI, SaaS, and regulated teams: DPDP risk, PII controls, audit evidence, and practical CrewCheck scan steps.
What AI Safety Fundamentals means for Indian AI teams
AI Safety Fundamentals is not just a policy topic for AI governance, product, data science, and risk teams. It is a day-to-day operating question: what personal data enters the workflow, why it is needed, which system receives it, and what evidence proves that the processing stayed inside the promised purpose. Under the DPDP Act, personal data is broad enough to include obvious identifiers and context that can identify a person when combined with other records. In AI products, that context often appears in prompts, retrieval snippets, support notes, analytics events, CSV uploads, and model outputs.
The practical risk is simple: AI Safety Fundamentals can expose personal data to model providers, logs, vendors, or internal tools without a clear purpose, consent record, or audit trail. A compliant implementation should make the safe path the default path. Product teams should describe the purpose in plain language, engineering teams should enforce the purpose at the request boundary, and compliance teams should be able to inspect the evidence without reconstructing the system from scattered logs. CrewCheck treats this as an operational control problem, not a one-time legal document exercise.
Data map and consent questions
Start by mapping the fields that appear in this workflow. Typical signals include Aadhaar, PAN, mobile number, email, IP address, account ID, support ticket text, model prompt context. The map should separate data collected directly from the user, data imported from another system, data inferred by analytics or AI, and data added by staff in free-text notes. This separation matters because each source can have a different notice, consent record, retention period, and deletion path. A prompt assembled from three systems inherits the obligations of all three systems.
For consent, the key question is whether the person would reasonably understand this AI processing from the notice they saw. If the notice only covered account creation, but the data is later used for model training, behavioural profiling, automated recommendations, or support automation, the team should treat that as a separate purpose and capture explicit evidence. Withdrawal also needs a product path. A user who withdraws consent should not continue to appear in embeddings, analytics cohorts, fine-tuning files, or assistant memory without a documented lawful reason.
DPDP, sector rules, and AI governance overlap
AI Safety Fundamentals usually sits at the intersection of DPDP lawful purpose, data minimisation, consent withdrawal, security safeguards, and breach evidence. DPDP sets the personal-data baseline, but Indian teams may also face RBI, SEBI, IRDAI, healthcare, telecom, consumer protection, employment, or contractual obligations depending on the sector. The safest internal model is to treat sector rules as additional constraints on top of DPDP, not substitutes for it. A bank, insurer, hospital, school, marketplace, or SaaS platform still needs a clear data inventory, security safeguards, breach handling, and user-rights workflow.
AI adds a second layer because data can leave the primary application boundary through a model provider, vector database, observability stack, evaluation dataset, or agent tool call. That movement should be visible in architecture diagrams and audit exports. If a regulator, buyer, or board member asks what happened to one person's data, the team should be able to answer which controls ran, what was redacted, which provider received the final payload, and whether any human reviewed the exception.
Implementation pattern
Route the workflow through an LLM gateway, scan request and response payloads, redact Indian PII before the provider call, preserve a tamper-evident audit event, and review exceptions in shadow mode before enforcement. The pattern works best when it is enforced close to the boundary where AI calls are made. A gateway or middleware layer can inspect prompts, tool inputs, retrieval context, and model responses before they are stored or forwarded. The application can continue using its preferred model SDK while the governance layer applies consistent policy. This is especially important when multiple teams use different providers or when one product uses OpenAI, Anthropic, Gemini, local Llama models, and custom fine-tuned models side by side.
Controls should include bias testing, human review, explainability records, model cards, appeal paths, and monitoring for drift. These are not decorative checklist items. They are operational checkpoints that prevent silent drift. Shadow mode is useful before blocking traffic because it shows what would have been redacted or stopped without disrupting production users. Once false positives are understood, enforcement can be enabled for the highest-risk identifiers first, such as Aadhaar, PAN, financial account details, health IDs, children's data, and precise location.
Audit evidence and scanner workflow
Evidence should be generated automatically. A good audit record captures timestamp, source application, policy version, detected data type, action taken, model provider, redaction placeholder, and reviewer status. The record should not store the raw sensitive value unless there is a strict business reason and a protected storage path. This gives compliance teams enough proof to investigate without creating a second sensitive database that becomes its own risk.
The fastest way to start is to run a DPDP scan against representative prompts, logs, documents, and API payloads. The scan should identify personal data density, high-risk fields, missing redaction, risky retention, and repeated exposure patterns. From there, teams can prioritise fixes by blast radius: public forms and LLM prompts first, internal logs and analytics next, vendor transfers and deletion workflows after that. CrewCheck's scanner link is included below so this page can act as a practical handoff, not just a reference article.
Common mistakes to avoid
The most common mistake is assuming that privacy policy text alone makes AI Safety Fundamentals compliant. Policy text matters, but enforcement happens in code, queues, model calls, exports, dashboards, and staff workflows. Another mistake is redacting only user input while ignoring retrieved context, system prompts, tool results, attachments, screenshots, and model output. AI systems often leak data through the path that was not included in the first threat model.
Teams should also avoid vague claims such as 'we do not store personal data' unless the statement has been verified across logs, tracing, data warehouses, analytics tools, embeddings, backups, support tools, and third-party vendors. A better habit is to maintain a living data map, run scheduled scans, keep exceptions small and reviewed, and make the DPDP scanner part of release readiness. For legal interpretation, teams should use counsel; for operational proof, they should rely on repeatable controls and evidence exports.
Related pages
Check your own workflow
Run a free DPDP scan before this risk reaches production.
Scan prompts, logs, documents, and API payloads for Indian PII exposure, missing redaction, and audit gaps. Backlinks: learn hub, developer docs, pricing, and the DPDP scanner.