Fragmentation of global AI regulations could weaken cyber collaboration: Microsoft's Khiangte
New Delhi, May 20
Growing fragmentation in global Artificial Intelligence regulations and standards could weaken international cyber collaboration and make coordinated responses to cyber threats increasingly difficult, John Khiangte, Director of Government Affairs at Microsoft, said today.
"What we are increasingly seeing, and because of the volatile nature of the global geopolitics and everybody sort of trying to regulate the AI systems in their own way, we are seeing that it is increasingly becoming fragmented. And when fragmentation happens, it is difficult for collaboration to happen," Khiangte said while addressing FICCI's CyberComm 2026.
Khiangte said there is a need to establish foundational standards for AI infrastructure and deployment systems, particularly in areas such as governance, quality assurance and secure-by-design principles.
"For us to decide what should be the standard that goes into the infrastructure of the assembly, there are some basics out there in terms of governance, in terms of quality and those things should definitely be there and secure that design. So these are the basic standards that needs to be taken," he said.
Highlighting the borderless nature of cyber threats, he said cyberspace functions beyond geographical boundaries, making international coordination essential.
"To explain that a little bit, what happens is in a cyberspace, everyone is your neighbour. Cyber criminals don't respect geographical boundaries for them. And so every incident is global in that nature," he said.
Referring to India's bilateral cooperation frameworks, Khiangte said the country has signed multiple agreements to strengthen cybersecurity collaboration, but differing standards and definitions across countries can create difficulties for authorities during cyber incidents and investigations.
"What happens is that if those standards are different, if those minimum criteria are different, there are definitional differences, then it becomes difficult for authorities to work together," he said.
He further said countries should define sovereign minimum standards for AI systems while also ensuring harmonisation at the international level.
"There are basic requirements like explainability, secure by design, model provenance and so on. But I think at the same time, countries have to work together so that there is a harmonization, so that collaboration can happen," Khiangte said.
He also warned that cyber criminals and nation-state threat actors are increasingly collaborating "at scale", making harmonised standards and coordinated responses more important than ever.
"Cyber criminals are the ones, from our vantage point, we are seeing that, and not just cyber criminals, nation threat actors and cyber criminals are collaborating at scale," he said.
— ANI
Reader Comments
The point about "everyone is your neighbour" in cyberspace is spot on. As an Indian IT professional, I've seen how even a small breach in one country can cascade worldwide. But let's be honest - can the US, EU, China, and India really agree on one set of rules? Each has different priorities.
Interesting perspective from Microsoft. But isn't this just a way for big tech to avoid stricter regulations? Every country has the right to protect its citizens and data. India's upcoming Digital Personal Data Protection Act is a perfect example of why local standards matter. 🤔
This is absolutely critical for India. We're positioning ourselves as a global tech hub, and fragmented regulations could hurt our international collaborations on cyber threats. The government should take note - we need a proactive approach, not reactive. 🇮🇳
I'm a cybersecurity researcher based in Bangalore, and this hits home. The "definitional differences" Khiangte mentions are real - even terms like "cyber incident" mean different things across nations. Harmonisation is easier said than done, but we must try. Otherwise, we're fighting a war with different dictionaries.
Microsoft wants uniform standards? Of course they do - they can comply with one system globally. But what about smaller countries? India must ensure our unique digital ecosystem and data sovereignty are protected. Sovereign minimum standards as he mentioned, yes - but not at the cost of our autonomy.
We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.