Sir, you have built an impressive career spanning over 18 years across a top-tier law firm, a broadcasting company, a multinational IT consulting giant, and now as Corporate, TMT and Fintech Lead Partner at IRIS Legal. How has this diverse journey shaped your expertise, and what inspired your transition into private practice leadership?
My journey at Khaitan & Co. gave me the essential foundation every lawyer needs, the ability to spot issues, conduct thorough research, and build watertight arguments. That big law firm environment teaches you precision and attention to detail.
But the real transformation came in-house as Associate General Counsel at Capgemini and Senior Lead Counsel at Ten Sports. I discovered that being legally correct isn’t always the same as being commercially useful. You’re not just analyzing what the law says—you’re figuring out how to make business objectives happen within legal boundaries. I learned to ask different questions: How can we structure this deal so it actually gets done? What’s the smartest way to navigate regulatory requirements without stalling progress? It was a shift from binary yes-or-no answers to providing a menu of options with a solution-oriented mindset.
After gaining this dual exposure, I returned to private practice with something unique to offer: not just legal expertise, but genuine understanding of how businesses actually operate. Now, as the Corporate, TMT, and Fintech Lead Partner at IRIS Legal, I bring that business-first perspective to everything I do. My clients get practical, informed advice that helps them achieve their goals. I’ll flag the risks that matter, but I won’t derail a good deal over theoretical concerns. At the end of the day, successful legal practice is about enabling business success, not preventing it.
During your early years at Khaitan & Co, you worked on cross-border and domestic M&A, private equity, and joint ventures. Which experiences from that period continue to influence how you approach corporate and technology-driven transactions today?
My Khaitan years were foundational in several ways. The cross-border work taught me to map regulatory complexity upfront rather than discover deal-breakers halfway through—crucial now in tech and fintech deals. Working with PE firms helped me understand commercial dynamics and evaluate legal structures through a risk-return lens. Joint ventures taught me stakeholder management across different corporate cultures—invaluable when working with multinational tech companies with different risk appetites and decision-making processes. Most importantly, that M&A training instilled rigorous due diligence and issue-spotting skills—the ability to quickly distinguish between genuine deal risks and ‘nice to have’ cleanups that can wait.
You later transitioned into the media and entertainment space, handling high-stakes content acquisition and cross-border broadcasting deals. How did this experience broaden your legal skillset compared to traditional corporate and technology law?
The transition to Ten Sports was a complete game-changer. I moved from the law firm hierarchy to reporting directly to the CEO, contributing in strategy discussions with brilliant minds from IIMs, IITs, and major financial institutions where business decisions happened in real time. We were doing creative cross-border structuring to establish global presence for a popular sport, coordinating with international firms across time zones on tight deadlines in a relentless, fast-paced environment.
What made this particularly exciting was that broadcasting regulations in India were being completely redefined. Unlike traditional corporate work with periodic regulatory interaction, broadcasting required constant regulator engagement, anticipating policy changes, and building compliance into deal structures from day one. There were no established playbooks, so innovation was essential in structuring untested solutions.
This experience fundamentally changed my approach—teaching me to think several moves ahead, build flexibility into structures for rapidly evolving frameworks, and integrate legal solutions with real-time business needs. Those skills have been invaluable in complex technology and fintech transactions where innovation often outpaces regulation.
In your role at Capgemini, you managed various high stake legal portfolios, led complex software licensing and cloud transformation deals, and negotiations. What were some of the most challenging aspects of these negotiations, especially in the software and cloud service space, and how did you navigate them?
As Associate General Counsel-North Americas at Capgemini, managing high-stake software licensing and cloud transformation deals required navigating multifaceted challenges under tight timelines while balancing cross-jurisdictional jurisprudence and business expectations across EMEA, APAC, and Americas—each with distinct data sovereignty and regulatory frameworks.
Some of the critical negotiation points centered around licensee’s rights on original source code, ownership of developed IP, royalty and revenue split models, managing third-party and open-source components, establishing robust escrow mechanisms with clear release conditions, post-termination IP treatment including perpetual licenses and wind-down periods, the binding nature of revenue forecasts where clients wanted flexibility while we needed commitment, and structuring appropriate liability caps and indemnification with adequate representations and warranties.
The key to timely deal closure was maintaining preparedness with legal alternate solutions to navigate negotiation impasses—whether through hybrid licensing models, phased implementations, or creative commercial structuring that addressed both parties’ underlying interests.
With extensive experience in software, digital, IoT, and 5G technologies, what do you see as the most pressing legal challenges in the TMT sector today, particularly around cloud services, outsourcing, and cross-border data regulation?
From my experience, the most pressing challenge is implementing the Digital Personal Data Protection Act, 2023 while preserving India’s competitive edge as a global technology hub. Organizations are navigating the delicate balance between data localization requirements, cross-border transfer mechanisms, and serving global clients across multiple jurisdictions. This becomes particularly complex in cloud and outsourcing contexts where Indian service providers must reconcile DPDP Act obligations with clients’ home country regulations—whether GDPR, CCPA, or sector-specific frameworks—often requiring sophisticated contractual architectures and sometimes separate processing environments.
Secondly, there’s significant regulatory uncertainty around cloud services and emerging technologies. While DPDP Act rules are still being notified, sectoral regulators like RBI, SEBI, and IRDAI are issuing parallel guidelines, creating a complex compliance matrix. For cloud services, we’re seeing ambiguity around ‘significant data fiduciary’ classification, liability allocation between providers and customers, and critical information infrastructure obligations. In 5G and IoT, clarity remains limited on device security standards, edge computing liability, and supply chain security requirements.
The key is building flexible compliance frameworks that adapt as regulations evolve, while ensuring legal rigor doesn’t stifle India’s innovation advantage. Success requires proactive regulatory engagement and translating regulatory complexity into pragmatic operational solutions.
Having advised on M&A and strategic business transfers in technology and IP-driven sectors, what are the most critical considerations that companies and their legal counsel should keep in mind when structuring such deals?
One of the most critical considerations is comprehensive IP due diligence that goes beyond ownership verification to understand value creation architecture. This means mapping registered IP, unregistered trade secrets, open-source dependencies with potential viral licensing obligations, third-party components, and ensuring proper assignment agreements exist for contractor and employee-developed IP. I’ve seen deals nearly collapse when acquirers discovered core technology relied on restrictively-licensed open-source libraries or that critical IP was personally owned by founders rather than the company.
Equally important is analyzing transferability—whether customer agreements contain change-of-control provisions and ensuring data privacy compliance for cross-border transfers post-transaction under DPDP Act and GDPR. In IP-driven businesses, talent retention often matters more than IP, as innovation resides in people—structuring proper rebadging, enforceable earn-outs, retention bonuses, and non-competes while maintaining team morale is essential.
The key lesson is that technology M&A requires legal counsel to think like business strategists and technologists, structuring appropriate representations and indemnities that fairly allocate IP-related risks.
As a leader at IRIS Legal, you advise clients on both complex technology transactions and broader corporate advisory matters. Managing such a high-profile, demanding career alongside personal commitments can be challenging. How have you approached work-life balance, and what strategies have helped you manage both professional and personal priorities effectively?
Work-life balance in demanding legal practice requires intentional strategies. At IRIS Legal, we’ve found several approaches effective.
First, creating clear time boundaries is critical. AI has made life significantly simpler by automating routine research and tasks, allowing us to work more strategically. When pressing deadlines or client emergencies arise, we put in the hours needed to deliver excellence. However, we encourage our team to leave early when there’s no immediate deadline—preventing burnout and maintaining long-term productivity.
Second, we’ve implemented a hybrid work model combining office collaboration for complex matters with focused, interruption-free time for deep work. Every day begins with a 15-minute priority discussion to align on what needs immediate attention versus what can wait—this simple practice brings remarkable clarity to otherwise chaotic days.
Finally, we leverage technology strategically — using AI extensively for research and routine tasks to free mental bandwidth for high-value, strategic work that truly requires our expertise. We also follow a 15-minute rule, prioritizing tasks that can be completed quickly to prevent small matters from accumulating into overwhelming backlogs.
These strategies help us maintain high client service standards while preserving personal time and team well-being.
Finally, what advice would you give to young lawyers aspiring to build careers in technology, especially those contemplating whether to start in a law firm or an in-house role?
My advice is simple: in TMT, technology literacy is as critical as legal expertise. You need solid legal fundamentals, business acumen, and genuine tech fluency—not surface knowledge, but actual understanding of how tech such as AI models work, how cloud architectures function, how platforms handle data. I’ve seen talented lawyers struggle because they couldn’t grasp what their clients were building.
I’d recommend starting at a specialized firm for 2-3 years to get breadth—exposure to how different companies handle tech governance, cross-border data flows, emerging tech compliance—then moving in-house to understand how legal advice translates into product reality.
Staying current is non-negotiable. I follow AI researchers, read tech blogs as much as legal updates, and track policy developments constantly. When new regulations drop—which happens monthly—you need to understand both the regulatory requirements and technical implementation.
The lawyers succeeding in TMT can walk into meetings with engineers and speak their language, then explain regulatory implications to the C-suite. The traditional ‘learn law first, industry knowledge later’ approach doesn’t work in TMT—the field moves too fast, and the opportunities are extraordinary for lawyers who master this hybrid skillset.
With over two decades of legal experience across aviation, manufacturing, IT, banking, and more, what first drew you to specialize in data protection and privacy law? In 2016, I had the privilege of working with a mentor who saw potential in my analytical approach and encouraged me to explore data protection more deeply. At the time, privacy was gaining global traction with the GDPR on the horizon and organizations beginning to grapple with what responsible data stewardship truly meant. What intrigued me wasn’t just the regulatory complexity, but the human dimension: how we protect dignity, autonomy, and trust?
How did your law degree at The University of the West Indies, Cave Hill Campus, Barbados shape your worldview and influence your approach to international data protection and cross-border compliance?
Studying law in Barbados gave me a strong foundation in critical thinking and comparative legal analysis. I was surrounded by students from across the Caribbean (from The Bahamas to Guyana) and our coursework often involved comparing legal systems from the UK, India, and the US. It was a diverse, intellectually rich environment that encouraged me to look beyond borders and see law not just as a set of rules, but as a tool for societal transformation. That exposure shaped my global mindset and continues to guide my work today; whether I’m advising on GDPR compliance, India’s DPDPA, or data protection frameworks in the Middle East. I approach cross-border compliance not merely as a technical exercise, but as an opportunity to bridge cultures, align values, and foster global accountability. Legal compliance is more than a regulatory requirement. It’s a step toward building trust, empowering communities, and strengthening institutions.
You’ve advised organizations on GDPR, DPDPA, and other global privacy regulations. What are the biggest challenges multinational companies face in harmonizing compliance across jurisdictions?
When it comes to legal compliance, the saying “too many cooks spoil the pot” doesn’t quite capture the complexity. In global data protection, it’s not just about conflicting opinions, it’s about reconciling overlapping laws, operational realities, and evolving expectations. The most pragmatic approach for MNC’s is to anchor their framework in the highest standard (typically the GDPR) and then layer in jurisdictional nuances across your operations. It sounds simple, but implementation requires careful calibration. MNCs need to weigh time, cost, enforcement risk, the litigious nature of data subjects, and the reputational impact on their brand. These factors, when considered together, help determine their compliance priorities. This juggling act is one of the greatest challenges for multinational organizations. And it doesn’t end once the framework is built as keeping up with changing requirements, new enforcement trends, and emerging technologies is a continuous process. Compliance isn’t static; it’s a living, evolving discipline.
After more than a decade in inhouse legal roles, you transitioned into independent consulting and later established your own practice. What motivated this shift, and how did it change your perspective?
I reached a point where I wanted to change both professionally and personally. I had gained significant experience across aviation, manufacturing, IT, and banking, but I felt the pull to work more closely with small and medium-sized businesses that often can’t afford large legal teams but still need strategic guidance to transform their operations. Independent consulting gave me the freedom to support these organizations across industries, helping them build privacy programs from the ground up. It also allowed me to take better care of my health and spend more time with my family :something the corporate pace rarely permitted. Along the way, I’ve realized that data protection compliance is still viewed by many as a luxury rather than a necessity. It’s not always a top priority, especially for growing businesses. That’s where I bring added value not just through privacy expertise, but by integrating my cross-functional skills in contracts, intellectual property, and operational risk. I offer clients a holistic view of compliance that’s practical, scalable, and rooted in their business realities.
In your diverse practice, what has been one of the most challenging cases for you, and how did you navigate it?
Everyone uses templates and guidelines today but preparing for GDPR compliance before 2018 was a very different story. There were no ready-made toolkits, no plug-and-play solutions. Crafting documentation meant starting from scratch interpreting the law line by line, understanding its intent, and translating best practices into operational reality. It was challenging, especially under tight timelines and high-stakes environments. Time-sensitive projects always come with pressure, but I’ve learned to navigate the magnitude with focus and resilience. A few grey hairs later, I’m proud to say I’ve pulled through and helped organizations build privacy programs that are not just compliant, but meaningful.
You’re deeply involved in privacy training and awareness programs. What’s the most common misconception employees or leaders have about data protection? How do you see AI reshaping legal compliance and data protection practices in the near future?
One of the most persistent challenges in data protection is that many people still struggle to grasp the basic concept of personal data. Culturally, there’s a long-standing comfort with sharing information in many countries (photos, medical details, contact numbers) with service providers, often without a second thought. So when it comes to implementing data protection compliance within organizations, employees may not fully understand what they should avoid or why it matters.
That’s why education is critical. It’s not just about rules, it’s about understanding the reason behind the law and the consequences for both the individual and the organization. Leaders, too, often underestimate the importance of compliance. Some assume regulators won’t enforce the law, so they question the need to invest in privacy programs. What they miss is the long-term brand value that privacy compliance can bring. That’s trust, credibility, and resilience.
AI is reshaping the compliance landscape. It introduces new challenges especially around automated decision-making and data ethics but it also brings precision and efficiency. Many data breaches stem from human error, and AI can help reduce that risk by handling repetitive, high-volume tasks with consistency. When used responsibly, AI becomes a powerful ally in building smarter, more secure privacy frameworks.
While designing and implementing data protection policies and internal controls, what are the most critical factors organizations should keep in mind?
Policies should be written in clear, accessible language to ensure all employees can easily understand and apply them. They must be reviewed annually to remain relevant and effective. Updates should reflect current industry trends as well as internal insights and lessons learned. To reinforce understanding, training should be used to animate policy content, thus transforming written guidelines into meaningful, memorable practices.
How can data privacy be effectively embedded into day-to-day operations rather than treated as one-off compliance exercises?
Embedding data privacy into daily operations starts with applying core protection principles consistently, regardless of one’s role or department. When privacy is treated as a shared responsibility, it naturally becomes part of business-as-usual. One-off compliance exercises may check legal boxes, but they rarely build lasting habits or cultural awareness. By integrating privacy into everyday activities ..step by step, day by day…it becomes second nature to staff and strengthens both trust and compliance.
You’re passionate about mentoring young legal professionals. What key qualities should future privacy leaders cultivate to thrive in a rapidly evolving regulatory environment? Future privacy leaders must embrace adaptability by welcoming new challenges, evolving technologies, and diverse ways of working. Flexibility isn’t just a skill, it’s a mindset that allows them to navigate shifting regulations and organizational cultures with confidence. Equally important is respect. Privacy is a collaborative field, enriched by voices young and old, technical and legal, strategic and operational. Every colleague brings a unique ingredient to the pot and leaders who listen, learn, and uplift others will build stronger, more resilient privacy cultures.
With data protection laws expanding globally, what major trends do you foresee shaping privacy compliance over the next five years, and how do you see your practice evolving?
Over the next five years, AI will be one of the most transformative forces in privacy compliance. Its rapid adoption will pose significant regulatory and operational challenges, especially around transparency, accountability, and lawful processing. Initially, many practitioners may struggle to keep pace with the evolving tools and frameworks. But as familiarity grows, AI will become an ally streamlining meticulous tasks such as maintaining records of processing activities, comparing cross-border legal requirements, and conducting compliance assessments. Those currently take up a lot of my time, so I’m especially keen to explore how AI can reduce administrative burden while enhancing accuracy and consistency.
Being in this industry with such diverse experience, what initially motivated you to choose law as a career, and what inspired you to specialize in Intellectual Property, Data Privacy, and Technology Law?
As a child, I was always writing poems for school magazines. I still recall one incident when I shared an unwritten poem with a classmate, only to find it published under his name in the very next issue. I came home in tears, and that’s when my mother first introduced me to the concept of copyright. That moment sparked my curiosity about how law can protect creativity and original thought.
Naturally, when I began my career, intellectual property became my first area of focus. Over time, as I engaged with clients and industries evolving rapidly in the digital age, I found myself drawn to the adjoining fields of technology and data privacy. It felt like a natural transition, broadening my horizon from protecting creative works to safeguarding innovation, digital assets, and personal data.
Today, my work allows me to bring these threads together: using IP, technology, and privacy law not just as legal tools, but as enablers of innovation and trust in an increasingly interconnected world.
You started your career at top-tier firms specializing in IP. What early experiences helped lay the foundation for your practice, and how did you navigate your way into such prestigious firms straight out of law school?
When I first joined my law firm, most of my work was around intellectual property including litigation, opinions, and strategy. That’s when the GDPR had just come in, and suddenly everyone was talking about data privacy. I remember being really curious about it and actively looking for ways to get involved in those matters, even while my main focus was IP.
What struck me was how naturally the two fields connected. On one hand, I was helping protect brands and creative works, and on the other, I was seeing how technology and privacy were becoming equally critical for businesses. That overlap made me want to broaden my horizon beyond IP, and it eventually set me on the path of building a practice at the intersection of IP, data privacy, and technology law.
With years of experience across various domains in IP law, how do you approach complex IP disputes especially in the brand protection domain, and what are the key challenges in managing global IP portfolios?
In IP disputes, whether trademarks, patents, or copyrights, I focus on aligning enforcement with the client’s long-term strategy and reputation. In brand protection, a recurring challenge is timing. Many businesses delay securing rights until the brand has grown or infringement has already occurred. The same happens with patents, where filings are often an afterthought instead of being integrated with R&D. Another common issue is skipping clearance searches, whether for trademarks or prior art in patents, which leads to avoidable disputes and costs. The key is to start early, secure strong and defensible rights, and stay proactive rather than reactive.
You have advised clients on data privacy compliance under DPDP, GDPR, CCPA, and other international regulations. What are the major challenges companies face while ensuring compliance with these data privacy frameworks? One of the biggest challenges is procrastination. Companies know compliance is important but tend to delay it until there’s a breach or regulatory action, when it’s already too late. Another recurring issue is the way data is handled: it’s often scattered across departments, systems, and vendors without proper mapping or controls. Many organizations don’t even have a clear view of what data they collect, where it’s stored, or how long they retain it. Without that foundation, compliance with frameworks like DPDP, GDPR, or CCPA becomes patchwork. The real solution is to start early, streamline data handling, and embed privacy into day-to-day processes rather than treating it as a last-minute fix.
What are the most critical considerations when drafting and negotiating technology contracts, licensing agreements, or cross-border data transfer agreements?
For me, the most critical part of drafting or negotiating technology contracts, licensing agreements, or cross-border data transfer agreements is balance. On one side, you have the legal and regulatory requirements i.e., data transfer restrictions, liability, compliance with GDPR or DPDP, and so on. But on the other, you have the business reality: both parties want a workable, commercial arrangement that doesn’t get buried under red tape. I’ve seen that the real challenges often lie in the details, how data is actually handled day to day, who has access, how risks are allocated if something goes wrong. Cross-border transfers especially demand extra care, because you’re not just dealing with contracts but also with differing legal regimes and enforcement landscapes. So the key for me is clarity and practicality, making sure the contract reflects not just what looks good on paper but how the technology, data, and partnership will function in real life. That’s where the trust between parties really gets built.
Having handled numerous brand protection, domain name disputes, and anti-counterfeiting enforcement cases, can you share one of the most challenging cases you’ve worked on and how you navigated it?
While I can’t share client names, I can say I’ve handled everything from pharma to fashion to OEMs, and each sector brings its own unique challenges. One of the toughest situations I dealt with was a large-scale counterfeiting network spread across multiple jurisdictions. It wasn’t just about seizing counterfeit goods, it involved coordinating with law enforcement, navigating cross-border enforcement hurdles, and simultaneously managing domain name takedowns and online marketplaces. What made it challenging was the scale and speed at which counterfeiters adapt. Every time we shut down one channel, another would emerge. The way we navigated it was through a multi-pronged approach through legal actions, customs enforcement, online monitoring, and working closely with investigators. It taught me that brand protection today isn’t just about one-off enforcement, but about building a continuous, layered strategy.
How has speaking at global conferences and publishing on technology and data privacy shaped your perspective and practice? What advice would you offer to students aspiring to enter this field, and what resources would you recommend to stay current?
I still remember my very first global conference as a young attorney. I was so anxious, sitting in the audience, just trying to absorb everything and wondering if I would ever have the courage to stand on that stage. To look back now and see the journey from being an eager attendee to becoming a speaker is something that feels very special. Speaking at these forums and writing on technology and data privacy has given me incredible exposure. It has shaped the way I think and connected me with inspiring people from all over the world. More than anything, it has taught me that this field never stands still, and the best way to grow is to keep learning and sharing.
For students who want to step into this space, my advice would be to focus on upskilling and to trust the process. Don’t feel pressured to be part of the rat race. Choose your own path, follow what excites you, and keep nurturing that interest. In the long run, it is passion and consistency that will set you apart. To stay current, I would suggest keeping an eye on regulatory updates, following thought leaders, and most importantly, engaging in conversations, because some of the most valuable insights come not from books, but from exchanging ideas with others who share your curiosity.
As someone who oversees high-stakes matters, manages teams, and mentors the next generation of associates, how do you manage everything such as handling complex legal mandates, and what qualities do you value most in your team members?
To be honest, I don’t think I do much! It’s the young associates who make it all possible. They come in with so much commitment, energy, and willingness to learn that managing high-stakes matters becomes a shared effort rather than a burden. My role is simply to guide and support them, but the drive really comes from their side.
What I value most in my team is sincerity, curiosity, and ownership. These are qualities they already bring to the table, and they inspire me as much as I hope to mentor them. At the end of the day, it’s their dedication that keeps everything moving, and I feel fortunate to be surrounded by such motivated people.
What emerging trends in AI, blockchain, or digital technologies do you see shaping the future of IP and data privacy law?
I think the future of IP and data privacy law will be shaped by how we respond to technologies. With AI, the big questions are around authorship and ownership, who owns AI-generated outputs and the privacy risks that come from training on massive datasets. Blockchain adds another dimension: while decentralization is powerful, it raises real challenges for enforcement and even basic rights like data erasure.
What excites me most is data privacy itself. It’s often seen as a compliance burden, but I see it as business-friendly. Strong privacy practices don’t just avoid penalties, they build trust, open up cross-border opportunities, and become a differentiator in crowded markets. The real shift ahead will be from treating privacy as a legal checkbox to making it part of core business strategy.
Looking ahead, where do you see your practice evolving over the next five years, and what areas are you most excited to focus on?
I honestly don’t know what life will look like five years from now, and maybe that’s the beauty of it. What I do know is that I want to keep learning, keep growing, and keep challenging myself to create a deeper impact through my work in IP, technology, and data privacy. But more than that, what excites me is the opportunity to create a path for others.
As a first-generation lawyer, I know what it feels like to start without a roadmap, to rely on sheer hard work and belief. Over the next five years, I want to not only grow but also make sure that others like me, first-gen lawyers know they can dare to dream, carve their own space, and make it big. If my journey can inspire even a few to believe that it’s possible, that would be the most meaningful achievement of all.
From completing your B.B.A LL.B from Symbiosis to pursuing an LL.M. at NYU, how has your academic journey influenced your perspective on law and policy in a global context?
What began as a spontaneous decision to pursue law gradually evolved into a conscious and enduring passion. Studying law taught me to view it not merely as a fixed framework, but as an ever-evolving dialogue across jurisdictions. At Symbiosis, I built a strong foundation in core legal principles within the Indian context, and later, my time at NYU shaped and broadened my entire perspective about it.
My motivation to pursue a post-graduation degree was a bit different from a lot of students out there. After nearly eight years of work experience, I decided to pursue my LL.M. at NYU; not as a break, but as a deliberate step to step back, reflect, and re-engage with law in a global classroom. That year was transformative. That experience allowed me to appreciate how legal systems can be both deeply interconnected and strikingly different, particularly in the areas I focused on; technology governance, environmental and energy policy. I believe that it also instilled in me the belief that a lawyer today must not remain confined within national borders or existing judgments, but should be ready to question, reinterpret, and challenge what they encounter at every step. I am also convinced that cultural context significantly shapes the way law is interpreted and enforced. Hence, my academic path enabled me to learn law in a way that extends far beyond textbooks.
What inspired you to specialize in environmental and energy policy, with a focus on emerging technologies, during your Master’s at NYU? How did that experience enhance your understanding and practice of these areas?
The real catalyst for my interest came during my time with the Cambridge Centre for Alternative Finance at the University of Cambridge. While researching the sustainability challenges of crypto-assets, I realized that what seemed like a niche question- whether blockchain-based assets could ever be environmentally sustainable- was in fact a window into a much larger set of issues around climate change, sustainable development, and the governance of emerging technologies. Over those nine months, I found myself asking bigger questions: how do we balance innovation with responsibility, and what role should law and policy play in steering that balance?
When I decided to pursue further study, I chose the U.S. very intentionally. It has been a leader in both clean technology and regulatory innovation, and I knew that immersing myself in such an environment would challenge me and give me the global perspective I needed. NYU was the natural choice because of its emphasis on international and interdisciplinary learning. At NYU, seminars and courses such as Environmental & Energy Law Colloquium, and Law and Global Governance, allowed me to engage with both theoretical and practical dimensions of these challenges. I learned from professors who are at the forefront of global policy debates and worked alongside peers who brought perspectives from every continent. These interactions helped me see the intricate linkages between technology governance and environmental goals in a way that was both global and deeply contextual.
That experience did more than just enrich my knowledge; it sharpened my conviction. I came away believing that solving climate and energy challenges will require not only technological innovation, but also robust legal governance frameworks that can adapt to the pace of change. It was at Cambridge where the spark was lit, but it was at NYU where that spark turned into a sustained commitment to work at this intersection.
Early in your career, what were some of the most formative experiences, and how have you integrated those lessons into your professional practice?
My most formative years were the initial three years, which were spent as a litigating lawyer under the mentorship of Mr. Anupam Srivastava (now Senior Advocate). For those three years, I had the privilege of working on a wide spectrum of matters across the High Court of Delhi, ranging from high-stakes political cases to civil disputes and recovery suits. Those experiences shaped me into the lawyer I am today. The environment was demanding yet enriching; drafting petitions, appearing before different courts, and learning to think on my feet. I entered litigation with stage fright, but my seniors’ trust and belief in me from the very first day when he handed me a file and asked me to argue before a registrar, is something that helped me as a young lawyer. Today, when I look back, that moment and many similar ones in those three years helped me shed my fear and find my voice as an advocate.
I believe that the lessons I gained from my mentors and seniors during those years have stayed with me throughout my career. The discipline of drafting in litigation helps me today when I negotiate and draft million-dollar contracts or company-wide policies at a Fortune 500 IT distribution company. The advocacy skills I mastered in court helped me adapt seamlessly at NYU, where the Socratic method requires you to engage, challenge, and defend ideas in real time. I owe much of my professional growth to those early years and to the mentorship I received in that chamber, and they continue to anchor me, along with my work, and give me confidence as I navigate newer, global domains of law and policy even today.
You’ve navigated diverse legal domains, from litigation and corporate law to compliance and emerging technology regulations. How do you adapt your approach when moving across such varied fields?
Litigation gave me the strongest toolkit a lawyer can ask for; clarity of thought, precision in drafting, and the ability to argue under pressure. These skills are transferable across every legal domain I have since navigated. Whether drafting a court petition, negotiating a transaction, or shaping Data Privacy or AI governance frameworks, the process is similar- understand the facts, identify the risks, and build persuasive solutions.
What changes is the context, and that is where adaptability comes in. Moving from the courtroom to corporate boardrooms, I learned to switch between adversarial advocacy and collaborative problem-solving. Litigation instilled resilience and meticulousness in me, and corporate practice taught me pragmatism and strategy. The combination of both makes me comfortable navigating even uncharted and new territories like digital assets or AI regulation, even after years of practice.
While managing legal and policy functions at a cryptocurrency trading platform and later at Yellow.ai, what were some of the most challenging regulatory or compliance issues you faced in the digital assets and AI space?
In the digital assets space, I faced regulatory ambiguity, which was new from what I was practicing before. When I started working for a cryptocurrency startup, digital asset regulations were not even at the nascent stage; everything was fragmented across jurisdictions, and mostly contradictory. The challenge was to build robust compliance structures in a grey zone, ensuring innovation without regulatory backlash- worldwide. Whereas at Yellow.ai, the challenge shifted to AI-driven business models, where data privacy, AI ethics, and regulatory uncertainty required foresight. Here, I guess, approaching every issue systematically, anticipating risks, and preparing strong documentation and frameworks to withstand scrutiny helped a lot.
From litigation to working in fast-growing tech spaces, the change was quite different, but as I mentioned, the approach remained similar, and these experiences taught me that in emerging fields, lawyers must not only interpret law but also actively shape it through dialogue with regulators and industry stakeholders.
In your current focus on data privacy, AI governance, and sustainability laws, what shifts have you observed in these areas, and how do you navigate these evolving dynamics?
Currently, I look after Data Privacy & Protection, AI Legal Governance, and Sustainability Laws for an IT distribution giant across the Asia-Pacific Japan region. The scale itself is humbling; advising a multinational with thousands of employees and partners requires not just legal expertise, but also cultural sensitivity, strategic alignment, and the ability to anticipate risks in markets that are at very different stages of regulatory maturity.
This role is a stark departure from my earlier years in litigation and tech startups, but the contrast has been invaluable. While litigation sharpened my advocacy and analytical skills, working with startups trained me to be agile in ambiguous regulatory spaces. Now, in a corporate environment of this size, the challenge is about building governance structures that are both robust and scalable.
The biggest shift I’ve observed is the fine balance between principles and accountability. In Data Protection & Privacy, this means embedding privacy by design into products, processes, and systems, instead of treating it as an afterthought. In AI Governance, the conversation is rapidly moving from broad ethical principles to concrete, enforceable frameworks like the EU AI Act, where businesses must demonstrate active risk management and transparency. And, in Sustainability, voluntary ESG disclosures are giving way to mandatory reporting requirements, with investors, regulators, and even consumers demanding credible, data-backed commitments.
To navigate this evolving landscape, I rely on two approaches. First, I lean on the structured thinking that my litigation and academic experiences instilled in me; fact-finding, risk assessment, and precise documentation are my constant go-to. Second, I draw on my corporate and policy exposure to design governance frameworks that don’t just tick regulatory boxes but align meaningfully with business goals, enabling companies to remain compliant while still innovating and growing.
Looking ahead, I believe the role of lawyers in these domains will become increasingly proactive. We are no longer just interpreters of the law; rather, we are architects of governance, guiding organizations through uncharted territories where law, policy, and technology converge.
Having worked at the intersection of environmental law, corporate governance, and emerging technologies, what trends do you see shaping the future of legal practice in these areas?
I believe the practice of law in my area is moving toward a far more anticipatory and integrated role than it has been in the past. Instead of being called upon to interpret rules once they are in force, lawyers are already and will increasingly be involved in shaping how those rules are designed, tested, and embedded into business strategy from the outset. In my view, this is especially true for fields like data protection, AI governance, and sustainability, where the pace of innovation is far faster than the pace of regulation.
Another change I see is the growing expectation that lawyers act as translators, not only of law into practice, but of complex issues across various disciplines. For example, when discussing sustainability with the management of a company, the lawyer will not only have to explain reporting requirements, but also connect them to investor risk, technology adoption, and long-term corporate resilience. That level of cross-disciplinary fluency is going to define successful practitioners in the coming decade.
Also, the global-local tension will only deepen as we are witnessing. We may see convergence in certain areas, like sustainability disclosures, but fragmentation will persist in fields like data protection and A.I regulations. Lawyers of the future will therefore need to be not just regulators’ watchdogs, but strategic advisors, who can help organizations craft governance frameworks that are both globally coherent and locally responsive.
In short, I see the role of the lawyer evolving from interpreter of law to designer of governance, someone who not only ensures compliance but also helps businesses earn trust, stay resilient, and lead responsibly in uncertain times.
What advice would you give to young lawyers seeking to build multidisciplinary expertise across litigation, corporate practice, and global regulatory policy?
If I were to give one piece of advice, it would be to start with litigation if you get the chance. Those years in the courtroom gave me the strongest foundation: clarity of thought, discipline in drafting, and confidence in advocacy. As mentioned above, I still draw on those skills every single day, whether I am negotiating deals, drafting contracts, or shaping governance frameworks for global companies. Beyond that, I would encourage young lawyers to stay curious and not box themselves into one practice area too early. The legal profession today rewards breadth as much as depth, and a non-linear career path is not a weakness- it is rather a strength. Every shift, whether from litigation to corporate advisory or from startups to global policy, adds another dimension to your skillset and makes you a more resilient lawyer. And I cannot overstate the importance of mentors. I was fortunate to have seniors early in my career who trusted me and gave me real opportunities, and that faith shaped my confidence and growth. Seek out mentors who challenge and guide you, and be willing to learn from every opportunity, no matter how small it seems at the time.
With such a diverse portfolio and responsibilities, how do you maintain personal well-being and work-life balance? Are there any particular strategies or resources you rely on?
For me, balance has never been about drawing a hard line between work and personal life; it’s about weaving them together in a way that feels organic in my day-to-day life. I have found that movement is my best anchor. Whether it’s an early morning workout or a long evening walk to clear my head, those moments give me the energy and mental space to reset. They are often when I do my best thinking, away from screens and meetings.
I also try to pick up new hobbies from time to time, something completely outside the legal world. Recently, it has been experimenting with different dance forms and cooking. Having something creative to turn to reminds me that my identity is bigger than my work, and it helps me keep perspective when deadlines pile up. It was early in my career, I learned how easily work can take over every waking hour if you let it. Now I’m intentional about boundaries. I’ll close my laptop at a certain time, put my phone away during dinner with family and friends, and make sure weekends have at least one pocket of time just for me. These small choices add up eventually- I have come to see well-being not as a luxury, but as a professional necessity.
With several years of experience in the legal industry, and an international practice, what initially inspired you to pursue a career in law? What experiences guided you toward specializing in this particular field of IP and Data Privacy, and how did your law school journey shape your career?
Growing up, I was the inquisitive child in the family, always asking questions like “Why?” “What does this mean?” and “How does this work?”, not to challenge authority, but out of genuine curiosity. So, when it came time to choose a career path, law felt like less of a decision and more of a natural evolution. After all, what better profession for someone who spent their childhood debating dinner table negotiations? Law gave me a way to turn that endless curiosity into something constructive, to ask better questions, find sharper answers, and help others navigate the “whys” and “what ifs” of the world.
But law was not my first choice. As a kid, I was equally captivated by science and believed I might one day become an aeronautical engineer. One of the defining moments that shifted my perspective occurred while watching Kalpana Chawla on the news during the Columbia shuttle tragedy alongside my father. I remember wondering, What happens when science fails? Who steps in when technology breaks down? That moment planted the seed for a different kind of career, one that still engages with science and innovation, but from a legal lens.
That curiosity eventually led me to intellectual property law, where science, technology, and legal reasoning collide in wonderfully complex ways. During law school in India, I immersed myself in this area through internships at prominent law firms, gaining exposure to a broad range of IP matters, including trademarks, copyright, technology, media, gaming and gambling, and entertainment law. The ever-evolving nature of IP, driven by innovation, fascinated me. I realized that IP law was not just about protecting rights, it was about fostering creativity, enabling progress, and balancing competing interests in a dynamic, global environment.
Thus, after graduation, I joined a law firm as an IP attorney to get a deeper understanding of the field, and just as I was getting comfortable, the GDPR arrived and I was hooked. The realization that lawyers have to adapt just as fast as the tech world made privacy law feel less like a compliance checklist and more like a moving target that I genuinely enjoyed chasing.
Eventually, that passion brought me to the Bay Area, the land of startups and innovation. Studying IP and data privacy here was not just about career growth; it was about being at the heart of change, surrounded by people building the future, and occasionally breaking things that lawyers then have to fix.
Looking back, my career has been shaped by one simple fact: I never stopped asking “why?” The difference now is that I have learned how to put those questions into memos, and a commitment to helping clients navigate the complex interplay between law, technology, and human creativity.
Starting your career with a prominent law firm, what were some key learning experiences during the early stages as you were mastering the fundamentals? Given the complexity and constant evolution of Data Privacy Laws, how did you develop an understanding of the field and stay ahead of emerging trends?
When I first started my career as an IP attorney at a law firm, freshly out of law school, I imagined a steady path through the world of trademarks and copyright. And for a while, that is exactly what I got: think counterfeit sneakers, branding disputes, and the occasional “no, you cannot copyright a concept” conversations.
But here is the twist no one warns you about in law school, clients do not show up with neatly categorized problems. They often bring you messy, modern dilemmas. And that is how I found myself dipping my toes into the complex pool of data privacy.
Working with clients ranging from mom-and-pop retailers to Fortune 500 tech giants, I quickly realized that every product launch or branding campaign had a digital component, and where there is data, there is drama.
Initially, my work was trademark-focused. But adjacent issues kept knocking on my door: copyright quirks, customs enforcement, and eventually, a new breed of question: “Hey, does our app accidentally violate three different international privacy laws?” Spoiler: it often did.
Slowly but surely, the law kept up to the technological development with the introduction of the General Data Protection Regulation (“GDPR”), aka “the EU’s gift to lawyers everywhere.” The Brussels effect had lawyers and tech enthusiast everywhere scrambling to understand cross-border compliance, and enough acronyms to make your head spin. What fascinated me was not just the law itself, it was the broader question of how we regulate innovation. The boundaries between intellectual property, consumer rights, and data governance began to blur, and I realized, this was the future.
What started as a curiosity has become a cornerstone of my practice. Privacy isn’t just a hot topic, it is a critical lens for understanding the intersection of innovation, ethics, and law in the digital age.
To stay updated and ahead of emerging trends, I rely on a well-balanced mix of strategies: regularly reviewing regulatory updates and key case law, tuning into insightful podcasts and panel discussions on evolving privacy topics, and subscribing to a few carefully curated newsletters. I have also joined privacy book clubs where we regularly discuss upcoming privacy regulations and challenges faced in the field.
So, while I did not imagine a career in the intersection of IP, privacy, and consumer protection, I am glad it happened. And for all the challenges this field throws at us, one thing is for sure: Privacy law is never boring.
After over four years at a law firm, you chose to pursue a Master’s degree at the University of California, Berkeley School of Law, specializing in Technology Law, Privacy Law, and Intellectual Property Law. What inspired you to focus on these areas, and how did your studies shape your understanding of data privacy laws on a global scale? Additionally, as a Research Assistant to Professor Sonia Katyal and an active member of the Women in Tech Law team, what other activities did you engage in, and how did these experiences influence your professional growth and development?
After over four years of tackling trademark disputes and navigating the growing tide of data protection concerns, I realized I wanted more than just answers. I wanted to understand the bigger picture. I was curious not just about what the law said, but why it was evolving the way it was, especially in response to rapidly shifting technologies.
Berkeley felt like the perfect fit: world-renowned faculty, cutting-edge tech-law curriculum, and if the future was being built in Silicon Valley, then Berkeley Law was clearly where it was being legally translated.
Immersing myself in this environment gave me something invaluable: perspective. Studying privacy law under experts who were helping shape legislation (rather than just interpret it) helped me move beyond the black-letter law mindset. I began to think more critically about regulatory intent, policy trade-offs, and the delicate balance between innovation and accountability.
Courses like Social Media Law and Computer Crime Law sharpened my understanding of how existing legal frameworks are being pushed by new technologies. Learning about Hollywood contracts one day and GDPR enforcement actions the next made me see just how interconnected everything is in this space, and how important it is for lawyers to be adaptable, tech-savvy, and a little creative.
Beyond academics, working as a Research Assistant to Professor Sonia Katyal was one of the most formative experiences of my time at Berkeley Law. Her work sits at the crossroads of technology, IP, and civil rights, and being part of a research project examining how copyright and trademark law intersect with identity and digital expression expanded my understanding of what the law can do, not just what it should do. It also refined my analytical skills, deepened my research capabilities, and taught me how to connect theory to real-world legal challenges.
As part of varied organizations such as Women in Tech Law and journals such as Berkeley Technology Law Journal, I had the opportunity to engage in real conversations about the future of the profession. One standout moment was interviewing Professor Jennifer Urban, Chair of the California Privacy Protection Agency (CPPA). That conversation gave me unique insight into the inner workings of a regulatory body and offered a front-row seat to the evolution of U.S. privacy enforcement.
These experiences, taken together, significantly shaped my professional growth. They helped me transition from being a subject-matter practitioner to a more holistic legal thinker. They taught me to approach problems from multiple angles: technical, ethical, regulatory, and commercial. Most importantly, they reaffirmed my passion for working at the intersection of law and technology and gave me the tools and confidence to lead in this space.
Berkeley did not just deepen my legal expertise; it expanded my entire outlook on the role lawyers can play in shaping the future.
As a student researcher at the American Civil Liberties Union (ACLU) of Northern California, you worked on the Digital Rights Project, focusing on policy research related to consumer data protection and compliance with California privacy laws, including the CCPA, CalOPPA, and the Song-Beverly Credit Card Act. How would you compare the data protection frameworks in the U.S., India, and Europe, particularly with your certification in these areas?
My time at the ACLU of Northern California’s Digital Rights Project offered invaluable insight into the nuanced and often fragmented landscape of U.S. privacy law. Unlike the European Union’s General Data Protection Regulation (GDPR) or India’s newly enacted Digital Personal Data Protection Act (DPDP), both of which adopt comprehensive, centralized frameworks grounded in fundamental privacy rights, the U.S. continues to follow a sectoral and state-by-state approach, creating significant variability and complexity in compliance.
One of the most interesting projects I worked on involved analyzing the privacy implications of QR code-based restaurant ordering systems. What initially appeared to be a straightforward user interface turned into a multi-layered compliance exercise involving the California Consumer Privacy Act (CCPA), California Online Privacy Protection Act (CalOPPA), and the Song-Beverly Credit Card Act. It served as a powerful reminder that even the most routine consumer interactions can involve intricate legal considerations, especially when sensitive data such as payment or behavioral information is collected and stored.
This experience strengthened my ability to assess data practices through a multi-jurisdictional, multi-sectoral lens, reinforcing the importance of understanding not just the legal frameworks involved, but also the underlying technical architecture of products and services. A lawyer’s ability to offer sound advice increasingly depends on their understanding of how data flows through systems, where risks lie, and how those risks intersect with evolving legal standards.
A key difference I observed between U.S. privacy laws and the GDPR lies in the scope and rigor of compliance requirements. The GDPR is both strict and expansive, there is no minimum threshold for applicability. Any company, regardless of size, that collects personal data from even a single EU resident is subject to the law. It is a deeply consumer-centric regime, with limited room for flexibility.
In contrast, while U.S. state laws like the CPRA, are also robust, they do provide some flexibility for companies, especially smaller entities and startups. Most U.S. privacy laws include applicability thresholds, based on revenue, number of consumers affected, or volume of data processed, before the obligations kick in. This approach allows smaller businesses a bit more breathing room to implement privacy compliance during their early growth stages, aligning legal obligations with business maturity. That said, it remains critical for startups to incorporate privacy-by-design from the outset, as crossing the threshold can happen sooner than anticipated. In short, the GDPR prioritizes consumer rights at every level, while U.S. laws attempt to strike a balance, offering strong consumer protections without stifling innovation and scalability.
This comparative analysis between the EU, India, and U.S. frameworks highlighted a fundamental truth: privacy compliance is not one-size-fits-all. It demands not only legal fluency but also a contextual, practical understanding of industry, technology, and jurisdiction. This foundational experience continues to shape my approach to privacy law, grounded in strong legal analysis but always mindful of the evolving global and technological landscape.
Being admitted to both the Indian Bar and the State Bar of California, how has your dual qualification benefited your practice? What advice would you give to aspiring legal professionals aiming to clear the California Bar Exam?
Being dual-qualified in both India and California, two jurisdictions that are home to some of the world’s most dynamic and disruptive startups, has significantly enhanced my ability to provide cross-border legal counsel, particularly in the areas of intellectual property and data privacy. This dual qualification allows me to advise clients navigating regulatory requirements, commercial expansion, and product launches across both legal systems. Where Indian law is rapidly evolving through legislative reform, California’s legal landscape is shaped by a combination of statutes and robust regulatory enforcement. Understanding these contrasts enables me to craft nuanced, business-oriented legal strategies that are tailored to the specific jurisdiction and sector.
As for the California Bar Exam, its reputation as one of the most challenging in the U.S. is well-earned, but not insurmountable. My advice to aspiring legal professionals is straightforward: treat it like a full-time job. Success requires consistency, discipline, and a well-structured study plan. I truly believe that the exam does not test intelligence, it is more about mastering the method, developing exam endurance, and performing under pressure. If you can commit to the process fully, passing the exam is absolutely achievable.
Ultimately, the effort is well worth it. Being admitted in California has opened up exciting opportunities to work at the intersection of law, technology, and innovation on a truly global scale.
Throughout your distinguished career, what strategies have you employed to maintain a healthy work-life balance? What guidance would you offer to others striving to manage both professional ambitions and personal responsibilities?
Let’s be honest, achieving work-life balance in the legal profession is often more aspiration than reality, something everyone talks about, but few actually manage to pin down. The nature of our work is demanding, high-stakes, and often time-sensitive. But over the years, I have learned that if you do not actively protect your personal life, your professional life will quietly take over every corner of it.
One mindset shift that has served me well is this: Don’t make work your life, make it part of your life. Law is what I do; It is not all of who I am. I have come to believe that you cannot be a high-performing professional if you are constantly running on empty. As the saying goes, you can’t pour from an empty cup!
For me, this means setting clear boundaries where possible. I carve out non-negotiable time for things that replenish me, whether that’s exercise, travel, sports, time with family and friends, or even just reading something that has nothing to do with legal theory. I also try not to romanticize the hustle. Being available 24/7 does not make you indispensable, it often just makes you exhausted. And, let us be candid: no matter how good you are, you are replaceable to your workplace, but not to your health, your loved ones, or yourself.
My advice to younger legal professionals is that ambition is important, but so is sustainability. If you are building a long-term career, you need to treat your time, energy, and wellbeing as strategic assets. Learn to say no. Take breaks without guilt. Celebrate small wins outside of work. And most importantly, define success on your own terms, not just by billable hours.
At the end of the day, being a fulfilled person makes you a better lawyer!
Your doctoral research focuses on economic frauds with special reference to the Maharashtra Protection of Interest of Depositors Act, 1999 (MPID). How has your academic background in commerce, finance, and corporate law influenced your understanding of white-collar crimes? Could you also highlight some key gaps or challenges you’ve identified in the enforcement of the MPID Act during your research?
My academic background in commerce, finance, and corporate law has helped me develop the way I think about economic offences. Once you have grasped the mechanics of finance and corporate structures, it is easier to understand how the system is exploited.
During my research on the MPID Act, one challenge I have consistently noticed is that while the legislation is well-intentioned and aimed at protecting depositors, its enforcement often struggles because of delays in attachment and prosecution. Many times, by the time the authorities act and pursue the offender, the trail has already grown cold and recovery is nearly impossible. Another gap is the edges of enforcement and conflict of central legislation as PMLA, Companies Act, SEBI laws and the MPID Act being a state level enforcement, and derails any sense of priority in jurisdiction or proceedings.
The Act is strong, but sometimes its effectiveness can be compromised in practice through procedural delays, poor agency coordination, and attempts to strike a balance between depositors’ protection and the rights of bona fide third parties. This is where I see a need for more extensive reform and clarification.
You have handled several high-profile and complex criminal defence cases involving multi-crore corporate frauds and GST evasion. Could you share one particularly challenging case experience and how you strategized your way through it?
Certainly! One case that comes to my mind right now involved a large corporate fraud and GST evasion worth several crores – and it was particularly significant as it was one of the first arrests in Maharashtra specifically for fraudulent availment of input tax credit, but more than the amount, it was the structure of the operation that made it really demanding for me. It was a well-orchestrated network of multiple shell companies, benami directors, and several documents that had been carefully planned to appear legitimate. By the time I stepped in, the arrest had already been made.
From the remand hearing stage itself, I appeared for the accused and continued representing them through the entire process until we successfully secured bail.
We also highlighted violations of procedural safeguards under the CGST and MGST provisions. Beside this, we took help from an independent forensic accountant who examined the financial transactions. Our goal from the beginning was to show that these were not necessarily fraudulent movements of money, but could also be read as genuine business activity with commercial rationale.
You successfully defended clients in a multi-crore Bitcoin scam case, an area where financial fraud converges with evolving technologies. With the advent of the new Digital Personal Data Protection (DPDP) rules, how do you see defence strategies evolving in cases involving cryptocurrencies and digital financial crimes?
Yes, I have defended some clients in Bitcoin scam cases, including matters related to one of India’s biggest cryptocurrency frauds, the GainBitcoin scam case. This was a massive Rs 6,600 crore Ponzi scheme that was allegedly masterminded by Amit Bhardwaj and his brother Ajay Bhardwaj, and it really opened my eyes to how technology and financial laws are starting to collide. Because of the introduction of the new Digital Personal Data Protection Act, I think defence strategies are going to change in very different ways.
I appeared for my clients from the remand stage itself and continued through the entire process until we secured bail.
For one, we now have a solid legal basis to question how agencies are handling personal digital data, how it’s collected, stored, shared. In crypto cases, most of the evidence is digital, so if investigators skip steps or mishandle that data, we can raise serious doubts in court. Earlier, we didn’t have a clear law backing that argument, now we do.
Also, cryptocurrency in India still sits in a grey area. It’s taxed, monitored under money laundering laws, but still not officially recognised as currency. And this confusion gives us room to argue that our clients were operating within what was legally understood at the time, even if the law was unclear.
As part of your professional and social commitment, you’ve provided pro bono legal aid to under-trial prisoners and represented numerous indigent accused across Maharashtra’s trial courts. What systemic barriers have you observed in ensuring fair representation for under-trials, and how can the legal fraternity work towards making justice more accessible for marginalized communities?
Working in trial courts across Maharashtra and providing pro bono aid to under-trials has helped me understand how the system functions on the ground. One of the biggest issues, I would like to share, is the absolute lack of legal aid lawyers compared to the number of under-trial prisoners(UTP). Most legal aid lawyers, I know, are handling 200+ cases at once, that’s why it’s not surprising that many under-trials meet their lawyers for the first time in court. There’s no time for proper case prep, and that really affects the outcome in my perspective.
Let me share two specific cases that highlight these challenges. I appeared for an accused in a case punishable under Section 328 IPC and other relevant sections, who had been in jail for five years. While I successfully secured his bail, he didn’t have the financial condition to furnish the surety. The only viable option was to file a discharge application, which I presented before the Baramati District Court, and the court was pleased to discharge the accused from the case.
In another case, I represented a person charged under Section 302 IPC who was languishing in jail for six years. I conducted the entire trial, and he was ultimately acquitted by the Pune District Court. These cases show how prolonged incarceration affects the most vulnerable.
Even when bail is granted, release gets delayed, sometimes for weeks or months, just because of delayed paperwork and sometimes, miscommunication between courts and jails. I have seen people stay behind bars for months after getting bail, which is truly heart-breaking. Add to that the language barriers, missing documents, and financial struggles, and you have got people stuck in the system with no help.
If you ask me about my opinion, then I would suggest that we need more trained legal aid lawyers, regular jail visits, digital tools to track cases, and also we need to make communities aware about their basic legal rights. If we, as lawyers, law students, bar associations, and NGOs, come together and build a more connected, grassroots-level support system, it can make a big difference.
You have authored several papers and conducted numerous lectures and seminars. In your view, what role does academic writing and legal scholarship play in shaping legal practice? What advice would you offer to young legal professionals looking to contribute to this space?
For me, academic writing has played a meaningful role in connecting and relating legal theory with day-to-day practice. With the help of writing and research, I have been able to step back from the routine of litigation and examine the different patterns and challenges within the legal system. Well-reasoned legal scholarship usually finds its way into judgments, reforms, and legal education, and I have seen how it can directly influence how the law is interpreted and applied.
To all the young professionals, I would recommend starting with small, focused pieces, perhaps a case law or analysis of a recent development in your area of practice. Choose topics that reflect current legal challenges or procedural issues you observe in court. Try to show your practical experience with the help of your writing. Engage with ongoing academic conversations, attend seminars, and collaborate with others in the field. Writing regularly with purpose sharpens your thinking and builds your skills.
You’ve appeared as counsel across various jurisdictions, including trial courts and the Bombay High Court, and have assisted in representing prominent politicians, bureaucrats, and celebrities. In the initial phases, what were the endearing experiences that laid the foundation to your practice?
In the early years, what really changed me was the time I spent observing and working with senior advocates at the Bombay High Court. Watching them argue, handle the pressure, and understand tough situations have taught me more than any class or lecture ever could. I was fortunate to assist in matters that ranged from bail to high-stakes commercial disputes, and that variety gave me a good solid base to start my own practice.
I still remember my first proper argument in court, it was a small matter, but for me, it was a big moment. The judge asked a tough question, and while I fumbled a bit, I also learned how to hold my ground. Those moments, when you get knocked a little and then find your footing, are mostly the ones that stay with you.
Working with senior counsel also taught me how much court preparation matters. And when I started assisting in high-profile matters, I realised a new thing about managing the expectations of well-known clients, is a skill in itself.
Looking back, it was those early experiences, good and tough, that gave me both clarity and confidence. They still guide me on how I approach my cases today.
Looking back at your robust and diverse career, what inspired you to pursue law? What was your original vision, and how has that evolved over time? What are your aspirations going forward?
To be honest, law was not always the plan. Coming from a family business in finance and share broking, I was naturally exposed to the financial world from an early age. I even pursued an MBA in Finance, thinking I would follow that path. However, my interest in law kept growing stronger than anything else.
I didn’t grow up with the idea of becoming a lawyer; it came more from curiosity and also with a need to find something that combined structure with impact. Over time, I realised how powerful the law could be in changing lives and solving problems. That’s when it became more than a profession and started feeling like a purpose.
My early vision was probably moulded by the usual excitement of arguing in court, but as I started handling cases, my understanding of the law grew more. I began to see it less as a tool to win arguments and more as a way to balance justice.
Now, my focus is on deepening that expertise, working on policy-heavy cases, white-collar crimes, and contributing to the law around data and tech laws. I also work on the corporate advisory side. A major part of my corporate practice involves drafting and negotiating commercial agreements, including non-disclosure agreements. I regularly advise companies on confidentiality matters and information security protocols that align with both legal requirements and business objectives.
This dual exposure has helped me a lot in understanding how preparation and preventive corporate advisory go hand in hand.
In the future I would like to build a practice that will represent and also educate, mentor to create awareness about legal reform. The law is always evolving, and I want to keep evolving with it.
What advice would you give to law students and young professionals hoping to build a career in economic offenses and financial crime litigation? Is there a particular roadmap or mindset you’d recommend to help them stay ahead in this rapidly evolving space?
Economic offences are really wide, which makes it hard to grasp it all at once. If your goal is to start a practice focused on economic offences and financial crime litigation, I would suggest learning as much as you can about financial systems and how they actually work. This area is much more about understanding how money travels in the economy and how the regulators generally think. So, alongside your legal studies, make sure you have spent time on basic accounting, and the financial regulations.
In your early years, try to work alongside lawyers, or firms dealing with white-collar crime, with the ED or CBI issues, and with cases of corporate fraud. Try to watch closely how investigations are conducted, and how documentation is compiled, the process of taking statements, and how enforcement agencies operate. This will give you an initial understanding of the concept.
Given the high-stakes and often intense nature of litigation, how do you maintain your composure in stressful situations? What practices help you manage pressure while also taking care of your mental well-being? Litigation matters are intensive, long hours, and involve tight timelines, high stakes. It’s very easy to lose your balance if you don’t actively protect it. With time, I have learnt that managing pressure means building the capacity to carry stress without letting it overwhelm you.
I maintain a strict routine of one hour of meditation and one hour at the gym daily. This combination has become non-negotiable for me, regardless of how demanding my case load gets. I have also become very mindful of boundaries. I have stopped glorifying all-nighters. I delegate when I need to, I disconnect when I must.
Law can really push you. If you don’t pace yourself, you’ll burn out before you build anything that lasts.
Starting from your first role in 2008 at Khaitan & Co., you’ve built a legal career that bridges traditional law and cutting-edge technology. What mindset shaped this journey? My journey has been one of deliberate growth — from shadowing senior counsel during internships to advising boards on privacy and AI. At NLIU, I learned discipline and legal craftsmanship. Assisting senior counsel before the Supreme Court taught me the value of precision in advocacy.
Joining Khaitan & Co. in 2008 gave me exposure to private equity and M&A, where I realized law can enable growth, not just mitigate risk. These experiences shaped my approach to law as a living system — not merely a set of rules.
“Every deal, every court brief was a rehearsal for the lawyer I was becoming.”
You pursued an MSc in Law & Finance at the University of Oxford in 2015. How did this experience reshape your perspective on law, business, and technology? Oxford was transformational. The program pushed me to think like a policymaker and strategist, marrying systems thinking with economic foresight. The admissions process itself forces you to ask: Who are you, and what will you change?
At Oxford, I realized law is not just about resolving disputes — it’s about designing fairer futures. Today, whether drafting cross-border data policies or shaping ethical AI frameworks, I rely on those lessons — precision, foresight, and human-centered thinking.
“Oxford didn’t just open doors. It reshaped how I walk through them.”
After Oxford, you joined Baker & McKenzie, London, in 2016, working on complex cross-border deals. How did this prepare you for tech law challenges?
Baker & McKenzie exposed me to multi-jurisdictional transactions involving data, competition law, and tech-driven businesses. It refined my ability to integrate legal advice with commercial strategy — a skill that remains critical in regulatory leadership.
“Global deals teach you that law is not just local compliance — it’s about harmonizing rules with vision.”
With the Digital Personal Data Protection Act, 2023 (DPDPA) reshaping privacy frameworks, what should businesses focus on?
DPDPA 2023 introduces a consent-first, rights-driven approach. Businesses must embed privacy into their DNA. The Business Requirement Document on Consent Management becomes crucial — translating legal obligations into features like granular consent, revocation, and audit logs.
For SaaS companies, compliance means building privacy into product architecture from the start — not bolting it on later.
“Under DPDPA, privacy is no longer a checkbox. It’s a design principle.”
AI regulation is evolving fast. How should SaaS companies approach permitted AI usage?
Permitted AI usage means innovating responsibly — ensuring data processing aligns with consent, purpose limitations, and ethical safeguards. For SaaS, it requires documenting use cases, maintaining risk registers, and conducting ethical reviews before rollouts.
“Permitted AI usage is about proving that innovation respects rights, not just scaling technology.”
You transitioned from law firms to leading compliance and privacy in-house. How did this shape your leadership style?
Law firms were my training ground, but moving in-house allowed me to build rather than just fix. At CoinSwitch and later at Dun & Bradstreet, I became a translator between risk and vision — operationalizing DPDPA and IT Act obligations into workflows teams could implement.
Leading cross-border teams taught me that leadership isn’t about authority; it’s about making people feel safe, seen, and inspired.
“You can’t lead well if you’re afraid of being disliked. Courage creates clarity.”
Aligning compliance across India, Singapore, and European markets is challenging. What worked for you?
The key is balancing speed with regulation. At Dun & Bradstreet, we operationalize DPDPA alongside Singapore’s PDPA while maintaining agility. The secret lies in simplifying complex regulations into actionable steps and keeping regulatory reporting both consistent and efficient.
“Regulatory leadership is about keeping law human.”
You’ve faced curveballs in high-stakes environments. How have they shaped you?
I’ve seen strategies falter and negotiations stall — not because of effort, but because the environment changed faster than expected. Each curveball wasn’t a setback; it was a reset that made me sharper.
Examples:
In a cross-border M&A deal, cultural misalignment nearly derailed progress. Listening and adapting saved the deal.
During a privacy review, spotting gaps in vendor contracts early prevented regulatory risk.
When developing a consent framework, simplifying it through user-centric design improved adoption across teams.
“Curveballs teach you to anticipate change, stay agile, and turn challenges into frameworks that drive long-term success.”
What do recognitions like being featured in prominent legal rankings or industry awards mean to you in terms of your professional journey and leadership?
These awards reflect consistency and relevance. They’re not destinations; they’re mirrors reminding me to stay adaptive, curious, and innovative while empowering the teams I work with.
“Careers aren’t built in boardrooms. They’re built in quiet moments of reflection, persistence, and refusal to be ordinary.”
You lead Regulatory, Legal & Compliance across India and Southeast Asia. How can a lawyer carve their path to becoming a DPO while managing these broader responsibilities?
Being an effective DPO while leading regulatory, legal, and compliance functions means more than knowing laws — it’s about embedding privacy into the company’s growth strategy.
At Dun & Bradstreet, where analytics power decisions for enterprises worldwide, the DPO role is integral to building trust while enabling innovation.
What works:
Deepen expertise in privacy (DPDPA, sectoral laws, cybersecurity).
Embed privacy into processes, not just policies.
Work across teams — legal, product, engineering — to align compliance with agility.
Learn from real challenges, such as mitigating risks in cross-border data flows.
Keep learning and stay visible through certifications and thought leadership.
“A great DPO doesn’t just enforce compliance; they design trust that drives the business forward.”
What’s your advice for young lawyers entering privacy and tech law? Pick a niche — privacy, SaaS, fintech — and go deep. Master laws like DPDPA 2023, the IT Act, AI frameworks, and client-facing SEBI regulations. Pair this with an understanding of how technology works, and share your insights through writing and forums.
“Expertise is built when curiosity meets consistency.”
You’ve handled billion-dollar deals and privacy decisions impacting millions. How do you stay grounded?
Balance is intentional. Strong mentors and high-performing teams keep me centered. High-stakes work demands clarity that comes from preparation and purpose.
“Balance isn’t slowing down. It’s designing rhythms that let you accelerate without burning out.”
Final Words to the SuperLawyer Community
Law is evolving at the speed of technology. Even in an age of AI and SaaS, three things remain timeless: trust, clarity, and courage.
My journey — from NLIU Bhopal to Oxford (2015), Baker & McKenzie London (2016), and leading privacy across India & Southeast Asia, to being recognised in the Forbes India Top 100 Lawyers 2023 and Business World Legal 40 Under 40 — is proof that deliberate choices shaped by curiosity and resilience can redefine what’s possible.
“You don’t have to be fearless. You just have to move forward despite the fear — and build a brand that speaks for itself.”
You’ve worked extensively across sectors like AI, social media, e-commerce, education, and gaming. What early experiences shaped your decision to specialize in technology and regulatory law?
I think the best way to describe it is that a series of decisions brought me to where I am today. My love of political science as a subject sent me down the path of reading law, and my desire to be the prime minister of India one day (among many other professions – across creative and public interest fields) brought me to public policy. Tech was always fascinating to me – one example that comes to mind is how I’d watch product launches and service upgrades, and visualise the journey from the present moment to a future with Irona-esque devices or Tony Stark’s Jarvis assistant. But I was also acutely cognisant of the need for an inclusive regulatory discourse surrounding technology, one that ensures a seat at the table for a cross-section of diverse perspectives.
My early mentors played a formative role in equipping me with the tools to understand this space and build my own voice. While tech public policy was still in its experimental stages as a profession in India, I worked on complex questions surrounding intermediary liability and safe harbour, net neutrality, and privacy. The perfect storm of innovation, impact, and uncertainty reinforced for me the need for thoughtful, future-facing tech regulations. And I realised that I loved the interpretation of law, but I was even more excited about understanding the answers to the underlying questions – of intent, of timing, of form, and of substance – and within that context ensuring that the perspective and agency of the individual remains front and centre.
How did your LL.M in Public International Law from LSE broaden your legal perspective, especially in navigating global tech policy?
LSE gave me a bird’s-eye view of how legal norms are constructed, contested, and negotiated across jurisdictions. It trained me to think beyond domestic legislation and consider global frameworks, power dynamics, and geopolitical context – skills that are essential in tech policy today. Studying international humanitarian and human rights law also deepened my own appreciation of “harms” and what they might mean in the digital world. It taught me to ask not just “is this legal,” but “is this just,” especially when advising on emerging technologies. That normative framing continues to guide my work across borders today.
What I am most grateful for, however, is how LSE opened up a whole new and vibrant world – of people, experiences, and contexts – that I may have read about in the past but got to actually immerse myself in-person. It impressed upon me just how numerous and diverse perspectives on a single issue can be, and how essential it is to make space for them in building the policy ecosystem of tomorrow.
Having worked with top law firms and major companies, what inspired you to launch Data & Co, and what is your vision for the future?
When I thought of my next steps, the answer was quite straightforward – I wanted to focus on the subject matter that I love – of public policy as it applies to the technology sector. Granted that this is work I’ve done for the past 11 years, but I wanted to now thoughtfully and intentionally design my focus. I’m building Data & Co to be a trusted advisor across the spectrum of regulatory stakeholders – businesses, governments, special interest groups alike – as well be a thought leader on emerging policy challenges particularly for fast moving regulatory topics like in AI, digital payments, privacy, online safety, and consumer interest.
Candidly, Data & Co is my professional passion project. I feel inspired to strengthen evidence-based thoughtful policy research on some of these issues, while also collaborating closely with stakeholders for cross-pollination of ideas and building a more resilient and sustainable policy ecosystem. I launched Data & Co to bridge legal nuance with public policy strategy, and to make the approach to compliance not just a checkbox, but a tool for responsible innovation.
A big part of my vision is to invite young minds to this work – new ideas always spark novel answers to complex problems, and that is invigorating. So at Data & Co we welcome young people to share their thinking, and be involved and productive members of the policy discourse.
Given your experience advising both Indian and international clients, how do you navigate evolving regulatory frameworks particularly in the area of data privacy when legal standards are still emerging and often ambiguous?
I treat ambiguity as an opportunity for proactive strategy rather than passive compliance. Navigating emerging frameworks means staying grounded in first principles – think accountability, data principal rights, and purpose limitation for instance. It also means scenario-planning for multiple outcomes, building privacy-by-design muscle early, and engaging constructively with regulators. My approach is typically layered – assess risk, weigh policy direction, and align with business goals, which includes maintaining the interest of the individual customer. I also find it helpful to reiterate that in navigating privacy, building and maintaining trust with data principals is crucial, and using that as a yardstick when exploring emerging regulations can be quite instructive.
With laws like India’s DPDP Act and the growing global focus on AI governance, what guiding principles should companies follow to ensure ethical innovation and long-term regulatory compliance?
I’d go back to the first principles I just mentioned. Transparency, user agency, privacy-by-design, and fairness should be embedded into product and data practices, not retrofitted after the fact. The global AI and privacy regulatory landscape may differ in specifics, but the overall direction is often informed by similar imperatives – that of protecting consumer interest. This means inculcating practices of explainability in clear and simple language, i.e. how and why personal data is collected, and how decisions on/ from/ for that personal data are made.
I also recommend, as a good hygiene practice, to build internal accountability structures. In doing so, cross-functional collaboration and clear documentation go a long way – in both ensuring compliance and building user trust.
You have helped clients through unexpected regulatory shifts. Can you share a specific example of managing a challenging case in relation to global technology regulations?
As public policy professionals, our goal is to work towards limiting instances of unexpected regulatory changes, and contribute constructively to the dialogue. However, every now and then there are surprises that we help our clients navigate. My goal, as the first step, is to understand what is happening, why, who it is intended for, and how it impacts my client. To do all of this, I work closely with cross-functional partners internally within my client organisation and simultaneously with regulatory stakeholders as well as peers in the industry to gain their perspectives.
In situations like these, I personally find clear prioritisation to be incredibly helpful – what is business-critical versus good-to-have. I think it is also essential to manage expectations with honesty, and partner productively with internal and external stakeholders. And I also use these opportunities to remind myself that agility is as important as knowledge.
As a woman leading at the intersection of law, tech, and policy fields traditionally dominated by men, what key challenges and leadership lessons have shaped you, and what advice would you have for others facing similar paths?
One lesson that’s stayed with me is that while credibility is earned, confidence must often be self-issued. Early on, I had to make my peace with being the only woman, or the youngest voice, in many rooms, and to back myself even when others didn’t because of my gender or age. I advocated for inclusion and diversity in these rooms. I learned to speak up not just when I was certain, but also when I was curious. Leading now, I try to build spaces that are collaborative, inclusive, and intellectually honest. I learn from people with shared and different experiences alike, and acknowledge struggles – of the glass ceiling, of imposter syndrome, of credit-theft – that we’ve all been through.
My advice? Be audacious in your ideas and generous with your platform, especially for others trying to find theirs. The only way we’ll succeed in making the profession more inclusive is we intentionally make space for diverse perspectives.
Balancing a demanding legal practice with personal life can be challenging. How do you manage the pressures of a multifaceted career while maintaining your well-being and finding time for reflection?
I believe that as human beings we are the sum total of all our experiences, which includes work and leisure. I am wildly protective of both my boundaries and my ambition.
I have a mentor who used to tell me that outside of breaks or holidays from work, it is really important for us to find small moments of joy on a daily basis. On some days, that means logging off to cuddle with my dog (Data, my firm’s mascot), and on other days, it’s about saying no to a project that doesn’t align with my purpose. I also recognise that it is not pragmatic to believe that I can achieve mathematical balance on each day, and so I listen closely to my body and mind. I travel, read and keep myself creatively stimulated through writing, dance or art, which then translates into a fresh mind for work. The converse is also true – my creative pursuits are often informed by work imperatives!
And beyond that, just super tactically, I approach my time with structure and planning. I find blocking time on my calendar very helpful to visualise how I am spending my day/ year, and I remain flexible about tweaking it on the go. My goal, ultimately, is less about balance, and more about (upon reflection) my time as having brought me joy.
Ma’am, with over two decades of experience, when most people didn’t know about cyber laws, intellectual property laws, let alone media laws, what initially inspired you to pursue a career in this field? And what led you to study at the most prestigious King’s College, London? How did you choose this as your specialization?
Very interesting question at the outset. Well, if I look back at my journey in this field of law, it’s been very fascinating. It’s been evolving just like the dynamic nature of law and technology. Way back when I was studying at Delhi University, I did my law from DU, and at that time, the IT Act 2000 was just enacted, and we were very fascinated to see a new law being enacted in India.
We were looking at what exactly the nuances of this new field would be, what the challenges would be. Everything was so new that this field of law made me very inquisitive about what could be the legal issues that would arise, considering the inherent nature of the internet would be borderless.
You know, questions like, will the conventional laws still apply in this medium? How will it change the way people work? How will it change the way people communicate? What kind of complications could arise? For example, jurisdiction issues: if two parties were interacting and contracting online, and there was a dispute, which court would be the right forum to decide? Because there is no global internet court, and there is no global internet law. So that was very, very interesting to think about, and I wanted to read more in-depth into this field, research it further, and contribute to it.
So, I think it’s basically the fact that it was a completely new and unsaturated area, completely new to explore, and I always like to explore something that is an uncharted avenue of our subject. It makes you brainstorm. And I wanted to do this brainstorming in the field of law.
And that’s what really kept me energized. Even today, I still feel like a student. Every day, there is so much to learn. So I may have been here for 25 years, but I still feel just like a graduate would. There is so much to learn and contribute.
In your early stages, you must have obviously, like us, faced a lot of challenges. There must have been a variety of experiences. As you said, the IT Act had just entered and became a reality. How has all of this understanding helped you make a niche for yourself in technology law? How did you decide where and when to start, what kind of practice you should do, and how you should approach it?
You are also majorly involved in training and developing public policies with the government sector. How have you shaped your practice around this?
Well, as I said, the field was unexplored at that time. It was very new. And I wanted to do anything and everything under the sun because this is, you know, learning. And when you’re learning, you can contribute in multifarious ways. As we say, this was a road less traveled, and I took that.
When I looked at the way in which I could basically learn and gain more experience, I looked at the IT Act. Then I also looked at what was happening across the world. When I studied at King’s, we understood that the approaches to the same issues really varied across various jurisdictions. So we had professors, and we had interactions from different jurisdictions across the world. And with those perspectives and the kind of debates in the classrooms, we discussed issues like criminality. For example, how would criminality apply in the metaverse today? Can we say an avatar is responsible for committing a crime? Is the player liable if it’s an assault in a game that leads to some sort of mental shock to a user? How would one impute criminality in such a scenario?
We also discussed how jurisdiction would apply if a person commits a crime in one location and damages critical infrastructure in another country. If while deciding a court’s jurisdiction for example, if the protective principle applies, then the courts would pass orders. How would one go about enforcing those orders? These kinds of cross-jurisdictional issues were really at the helm of discussions even at that particular point in time.
If you look back, the IT Act, when it was just a basic Act, and the way technology developed, the industry grew, cybersecurity became a huge area in itself because with the rising crime, the industry had to catch up. Cyber safety tools were being floated, right from a basic antivirus to spyware to firewalls, and other kinds of technologies. Nowadays, we have blockchain, VPNs, data loss prevention software, and many network safeguards.
So as the industry developed, they also needed legal compliance, and legal advice. I started advising companies on various issues linked with cyber law, which was also interesting. I helped frame their policies, shape their HR policies, social media policies, and tackled tricky issues like whether companies could scan employee emails in the name of productivity. These policies became very important as e-commerce grew.
So in this way, my role became more advisory. I was also involved in education. I taught cyberlaw at the Indian Law Institute and Amity University. In fact, I was part of the first batch of PG Diploma in cyber law at AmityI completed after LLB from Delhi University, and that was a significant encouragement and motivation for me to learn more about this field. That was just the beginning, I would say. Then I went on to study Masters at King’s and further pursued my Ph.D. in cyber law.
It’s been a fascinating journey, but as far as contributions are concerned, there was a need for capacity-building in the country because law was changing. Cybercrime increased phenomenally, so I dealt with those cases, represented clients in various forums, and assisted law enforcement bodies. I also worked on educating and training judicial academies and police academies across India.
And then came writing, which is also a passion I followed and pursued. I wrote my book on computers, the internet, and new technology laws, which was released in 2012. We have a third edition, the latest edition in the market now. I’ve been writing extensively on this subject, and since it’s been changing so fast, we’ve already had 3 editions since 2012. So you can imagine. This is also one way in which technology has positively impacted me and helped me contribute better to society.
How do you see the advent of artificial intelligence shaping the kind of technology law that we have? How is it going to influence not only the legal system but all systems, especially the defense system, as you are with the DRDO right now, advising them in different capacities? How do you see all of this being impacted by international AI acts as well? There are so many of them from which we also take a lot of references, like with the DPDP Act, as it happened. Where do you see we lie with artificial intelligence, and what kind of track are we going to take? Obviously, it can only be speculation. I’ve been advising the government for more than two decades now, and in my personal experience, it’s been a very enriching journey. The way we have shaped our laws and looked at technology, it’s been a very liberal and progressive approach.
I do believe, and firmly believe rather, that one should allow technology to advance liberally and support R&D in the country because, truly, India, when we say ‘Make in India,’ ‘Viksit Bharat,’ or ‘Digital India,’ we have seen this revolution, and it is ongoing and in process.
We are already working towards India at 2047. Looking at that, we are building our roadmaps, and plans are already being implemented. It’s not just in one department; I’m talking about the Ministry of Law, Ministry of Defense, Ministry of IT and Telecom, Ministry of Home, for example—they’re all trying to bring in coordination. There’s scope for more, but with the adoption of the PPP model we see now in AI, India’s AI projects are truly creating a platform for India to progress in the right way.
There is going to be minimum regulation because if you put too much regulation, it’ll stifle the growth of the industry, and that’s the approach of the government as well. But I do feel that high-risk systems need to be regulated immediately because they can play havoc with people’s lives and bring destruction to countries.
For that reason, I strongly advocate that there should be a regulation. In fact, in my mind, there should be a separate regulation for AI. As a voluntary initiative to support G20 and as country chair of G100 for AI and cybersecurity, I drafted a proposed code, a proposed Act for India on AI.
I would like the government to consider it, and in various roundtables with the Honorable Minister, we’ve had discussions. We know the DPDP Act is already there in the offing and it will have provisions for high-risk systems that need to be prohibited and regulated. There will be some regulation to that extent.
Although I think we’re still far away from having separate AI legislation because there’s no talk on that right now, but you never know. The way technology is progressing, I think this will become indispensable very soon. Let’s see how it goes, but so far so good.
The government is taking a lot of interest and initiative, and we are truly world leaders in the ‘Make in India’ space, and I think the law will support the government’s approach and initiative because it’s in the interest of the industry.
With India being quite active in AI, there has been a lot of conversation surrounding its cultural and diversity impact. Ethical concerns and language considerations are important, but cultural aspects must also play a significant role. Where do you see this intersection of culture, ethics, and AI impacting society, and when will these changes be realized by the common man? Currently, a lot is happening at the policy level, but how do you foresee it affecting society when it becomes a reality, especially given that India is a leader in AI yet culturally diverse? How do you see India impacting the global AI scene with its own AI Act, coupled with cyber and intellectual property laws?
I believe we have already started exploring the key pillars of AI ethics. I’ve been involved in developing ethical frameworks, particularly in national projects and educational institutions, such as my role as a professor at Vivekananda Institute of Professional Studies (VIPS). Here, we’ve introduced an ethical framework for AI, which reflects global principles such as transparency, justice, inclusiveness, sustainable development, and bias elimination. These principles are endorsed globally, though regulations can vary by jurisdiction. In India, while we don’t yet have an AI Act like the EU, we are working on provisions for AI regulation.
On the industry side, AI development is progressing rapidly, with models being developed for multilingual AI systems that consider India’s diverse languages and cultural contexts. This is already ingrained in the AI models being developed in India, and as a result, the laws need to reflect these cultural nuances as well. However, these laws must also be globally synchronized, given that AI models or data may eventually travel outside India for processing or storage, requiring compliance not only with Indian laws but also global standards.
Take, for example, the GDPR and its standard contractual clauses (SCC) for data transfers. Similarly, India’s DPDP law also addresses these concerns. While we have cultural diversity, the core principles, like data protection, remain universal. Therefore, I believe we need a harmonized framework that works both for India’s unique needs and the broader global landscape.
Moreover, there are also concerns about data ownership and intellectual property when training AI models. A current case before the Delhi High Court involving ANI and OpenAI raises these issues, questioning whether permission is required for using copyrighted material in AI training. Such cases highlight the need for clear regulations to determine how intellectual property laws apply to AI and data usage for training.
AI regulation is already becoming a pressing matter, and I believe it will require global cooperation to set clear principles and enforce them. The lack of a universal convention on cybercrime and AI further complicates enforcement, even when jurisdiction is assumed.
You’ve managed so much despite being an author, professor, advisor, and now a law firm founder. What motivated you to start your own law firm, especially considering your already extensive involvement in cyberspace and AI law?
The main driving factor behind starting my law firm was the desire for flexibility. I wanted to contribute to the legal field in multiple ways, integrating the knowledge I gained in various roles—whether it was teaching, advising, policy-making, or litigation. Each experience enriched my understanding of the law, and I believed it was essential to bridge the gap between legal theory and practice.
Through teaching and advising, I gained deep insights into the law’s practical challenges. When engaging with Public policy, I was able to identify gaps that needed to be filled. For instance, there were complications in the law around intermediary content removal, and after handling cases such as the one involving HubPages and a spiritual guru, I realized how critical it was for the law to evolve with changing technology.
This interdisciplinary approach—combining litigation, advisory work, policy-making, and teaching—allowed me to contribute meaningfully to law reforms in India, especially in areas like data protection and AI regulation. By establishing my law firm, I could consolidate these experiences and provide a platform for further contributions to legal practice and public policy.
You’re also well known for your work in women and children’s empowerment, especially in the context of cyber safety. Can you elaborate on your work with organizations like UNESCO and ICMEC, and how these global initiatives are being adapted or modified to protect Indian women and children online?
Child protection and women’s empowerment have always been at the core of my work, particularly in the realm of cyber law. Online harassment and digital abuse were rising concerns, especially as many women and children lacked awareness of the risks and legal protections. The existing laws were inadequate, and that’s what prompted me to focus on researching and advocating for stronger protections.
In 2015, I wrote the first book in India on child protection on the internet, which later became the subject of my PhD thesis. In this, I proposed various reforms to strengthen laws such as the Juvenile Justice (JJ) Act and the Protection of Children from Sexual Offences (POCSO) Act. Additionally, I’ve written extensively about women’s rights against cybercrimes, including a book on cyber safety for women.
Through my work with organizations like UNESCO and ICMEC, I was able to contribute to global policy discussions on child protection and cyber safety. In India, I’ve helped tailor these global frameworks to suit our local context. For instance, I established a not-for-profit organization that focuses on awareness-building in schools and colleges, empowering women and children with cyber safety skills and best practices.
During the COVID-19 pandemic, we conducted over 50 webinars to raise awareness about online scams, fake emails, and malicious content targeting vulnerable populations. We were able to educate women, children, and educators on how to protect themselves from online threats, and the response was overwhelmingly positive.
These efforts were particularly rewarding because we saw tangible changes, with many women and children reaching out for guidance, and schools actively engaging in cyber safety education. Through these initiatives, I believe we were able to mitigate harm and empower individuals to navigate the digital world more safely.
You have also worked extensively in intellectual property protection, particularly in the digital space. Could you share some of the primary challenges you’ve faced in this area and how industries have reached out to you for solutions? Given the rising importance of digital platforms, how can businesses better protect their intellectual property?
Intellectual property (IP) has grown tremendously over the years, and new laws were needed to address these changes. In the early days, it wasn’t clear whether domain names could be protected like trademarks. But over time, legal clarity emerged, affirming that domain names could indeed be protected as trademarks. I’ve had the privilege of serving as an arbitrator for the National Internet Exchange of India, where I resolved many cross-border disputes involving “.in” domains.
The expansion of cyber litigation, especially in areas like music piracy, video piracy, and film piracy, has been notable. I also advised Prasar Bharati in overhauling their royalty contracts, ensuring they accounted for the rise of the internet. Many of their contracts, at that time, did not even mention the internet. More recently, we’ve worked on updating these contracts to align with today’s technological landscape.
Governments and industries are now paying more attention to policies that govern emerging technologies, including AI. In this context, governance and audits have become essential. We must ensure that businesses are not collecting unnecessary data, that the data being used is unbiased, and that proper security measures—such as encryption and data redaction tools—are implemented.
The protection of trade secrets, copyrights, and trademarks through registration is fundamental. However, in the case of trade secrets, businesses must ensure confidentiality through other means. The development of new technologies, including AI-generated images, music, and art, raises questions of ownership. Who owns AI-generated art—the person who provided the prompt or the AI system itself? These are some of the challenges businesses face, and it’s crucial for them to adopt encryption, anonymization, and pseudonymization to protect sensitive data.
Moreover, sectors like the social sector, which deal with sensitive data such as donor and beneficiary information, must ensure that data is encrypted and stays within the country. I’ve been advising these sectors on policies, ensuring they comply with legal frameworks. Protecting confidential information is not just the responsibility of the government; the industry must also play its part by adhering to these laws.
The PPP model is vital. It allows for a collaboration between government resources and industry expertise. The government brings its authority and resources, while the industry contributes its technical know-how and capabilities. When both sectors work together, it results in a win-win situation that benefits the nation’s progress.
How would you guide aspiring lawyers looking to specialize in fields like media law, cyber law, or IT law, which are expanding rapidly? What skills should they focus on, and are there any particular books, journals, or individuals they should follow?
To make a meaningful contribution to this field, aspiring lawyers must have the right mindset. You should always consider yourself a student, as there is always more to learn. If you think you know everything, that’s the end of real learning. Passionate research is also key. You cannot delve into the depths of these fields without thorough research and understanding different perspectives. It’s essential to look at how different jurisdictions address similar challenges and tailor those solutions to India’s context.
Perseverance is another crucial trait. The journey in this field isn’t always easy, and you may face challenges along the way. But consistency and hard work will bring results. The legal profession is full of ups and downs, and while your views might differ from others, time often proves the validity of your perspectives. The world changes, and sometimes the policies you advocate for today become essential in the future. Being open to criticism is important, as it helps you grow.
Cyber law and IP law are highly specialized fields. Today, we have DPDP laws, AI laws, and entire branches dedicated to IPR, all of which often intersect. A lawyer working in this space needs to have a broad understanding of various legal issues. These fields cannot be treated in isolation, as cases often involve multiple areas of law.
There are wonderful resources available today that were not accessible when we started law practice. The proliferation of e-learning platforms, educational apps, and online courses is a game-changer. I have personally taken courses such as the Cybersecurity CS50 from Harvard University, which was a fantastic experience. These online platforms provide a wealth of knowledge, allowing students to access information from anywhere.
Additionally, portals like Manu Patra, SCC Online, and government-backed platforms like Swayam and E Pathshala offer free courses that cover a wide array of subjects. There are also incubation centers at institutions like DSCI and NASSCOM that promote startup culture, which is an excellent opportunity for students to learn hands-on and learn about new technologies.
You started your educational journey with the University of Cape Town (UCT), and then went to the University of Warwick, and from there went on to do your master’s at The London School of Economics and Political Science (LSE). Was law a planned choice for you and what were the challenges you faced in law school?
To be honest, I really didn’t want to study law, let alone be a lawyer of any kind.
But the BA degree I took at UCT gave me a much broader education, majoring in English and Comparative African Government and Law. This allowed me to study in depth English language and literature, and the rise of African independence movements and the politics of liberation. Some of the lecturers on those two courses were inspirational – and brave. In my final year, I was taught by Mary Simons (both of whose parents were major figures in the ANC and were then in exile) while she was under a succession of 90-day banning orders. I have her to thank for the most important part of my education there – or anywhere. In summary, being a student at UCT at that time, and opposing Apartheid, I faced challenges just being there.
The BA I took was part of the (then) South African legal qualification, leading to a second, LLB, degree. During my BA, I was exposed to some legal studies, as we had to take Roman Law, Roman Dutch Law and Constitutional Law. Roman Law was historically and intellectually interesting and challenging as it also required university-level Latin, but bore no relationship to the socio-political, economic and human reality of Apartheid SA. As I saw it, Roman Dutch law was equally irrelevant to the lives of most South Africans.
I knew that I wanted to leave South Africa because of my views on Apartheid. And I was lucky enough to have British nationality, so the UK was, thankfully, my first and only choice. I left SA forever as soon as I could, soon after graduating from UCT.
I had become interested in English law – mainly through my constitutional law studies at UCT (which were largely based on UK constitutional law). So, when I arrived at Warwick to study for the LLB degree, I was committed to studying law, and about four-five years older than most of my undergraduate class. Being a mature student, I understood why I was there and was committed to my UK legal studies. Warwick had (and still has) an exceptional and pioneering Law School – having developed its “law in context” approach to studying law. I had several inspirational teachers, too. It was at Warwick that I became so interested in English law that I then seriously considered an academic legal career.
The main challenge I faced at Warwick was settling into a very different institution, approach to teaching and studying law, and, of course, learning what it was actually like to live in the UK – a challenge that many international students are likely to face when arriving in the UK for their studies. I had no doubts about being there, studying law, or the value of its LLB degree. And it didn’t take too long to settle.
In my final year at Warwick, I realised that I wanted, if possible, to take a master’s or equivalent degree to broaden my legal thinking and to allow me to study and think about subjects that weren’t available to me as an undergraduate. Financial constraints meant that it had to be a one-year degree course.
The LSE was my first choice, mainly because of its outstanding reputation as an institution and because of the quality and fame of its Law Department. Again, I was lucky to have some inspirational teachers and mentors. I studied the law of restitution and English legal history. I was also able to study in much greater depth constitutional and administrative law and wrote my dissertation on administrative law. (It was subsequently published in The Modern Law Review in 1984.) Again, I had no doubts about being at LSE.
The challenges I faced as a law student were different at each of UCT, Warwick and LSE. Those I faced at UCT are obvious from the way I have outlined my background. The main moral challenge I faced at UCT is that you can’t divorce law from its place in its social, political, economic and human contexts, and that, as in Apartheid SA, it was an instrument of oppression for the majority. The Law Faculty at UCT did what it could under very challenging circumstances. As I said, some of my teachers were trying to live and teach under a series of banning orders (in effect, house arrest, and under near constant surveillance). Others were arrested, charged and imprisoned for serious offences in resisting Apartheid.
At Warwick, I had to settle into a new country and a very different university and academic life. Those challenges were more personal. By the time I arrived at LSE my challenges were mostly financial, especially as I had then decided to become a barrister. I knew I was going to have to find ways of keeping myself for some time beyond LSE, at the Inns of Court School of Law for my Bar Final Examination studies, and into 12 months’ pupillage in London barristers’ chambers. I was fortunate – and I am grateful to this day – that the Law School at Warwick offered me extensive part-time lecturing and tutoring, and the LSE Law Department engaged me as a part-time teacher, too. These, among other jobs I held while studying at LSE for my LLM and at the Inns of Court School of Law, kept me afloat.
More broadly, one challenge I have come across often is trying to answer the question asked by many in the UK who are contemplating a legal career: should I study law at university, or something else?
There are two opposing schools of thought here: one is that it is better to have a broader education than the typical, three-year, UK undergraduate law degree offers, and to take the law conversion course later, and then the professional examinations. The argument is that this creates a more rounded individual with broader perspectives to bring to legal practice. There are many, including some of our most senior judges, who advocate this thinking.
The other is that it is better to immerse yourself in law from the start to get a deeper understanding of, and grounding in, law as an academic discipline. And besides, that saves you taking a law conversion course, so there is a timing and financial advantage, too.
I realise that, for many prospective law students in India and elsewhere, this may not be a dilemma, but I thought this challenge may resonate for some.
You’ve been involved in the technology and outsourcing sectors since the mid-80s. How have you seen the landscape evolve, particularly in terms of regulation, client needs, and technology advancements like AI and cloud computing?
The information technology landscape has evolved markedly from product (think mainframe computers that occupied entire buildings) to software and applications and then to IT-enabled services, including IT and business process outsourcing (which has of course, led to the dominance of India as an offshore IT services destination). This isn’t to say that the infrastructure – information networks and systems and their components – aren’t important. Obviously, they’re critical, as we’re now seeing at GPU level in AI compute. It’s just that, over the years, there’s been greater focus on software and services, especially from market and client perspectives. This broad evolution has obviously led the focus of regulatory responses and client needs from a product-supplier perspective leading to a service-service provider perspective.
To illustrate this evolution from hardware to software – cloud computing is a good example of a business model – less a technology (though some may argue with that), that has evolved to become all-pervasive “as a service”..
AI has been and is evolving all the time and will continue to evolve. To be honest, I think it’s too early to call how AI will evolve.
But, based on experience of tech hype cycles to the point where tech ultimately delivers real value, I think we must take the long view of all technology developments. This means that it’s probably wrong to take either of the extreme views that, on the hand, AI spells the end of humanity as we know it and should be regulated accordingly, while, on the other, AI will be the saviour of humanity and should, if it’s regulated at all, be regulated as lightly as possible. AI’s actual benefits, risks and challenges will become clearer over time. This makes regulation today, and even client needs, much more difficult to formulate – and to deliver.
Today, the greatest challenge facing governments and regulators with AI – as with any significant, fast-developing technology – is if, how and to what extent to regulate it. We can see at either end of the spectrum the US approach (broadly, don’t regulate federally or we’ll stifle innovation) and the European Union response evidenced in the recent and comprehensive AI Act, with which I am sure all your readers are familiar. The UK is perhaps somewhere in the middle, for now. It’s hard to read the direction of travel that the current UK government and our sector regulators will take. For those interested in this subject, have a look at writings on “the Collingridge Dilemma” and “the Pacing Problem” in technology regulation.
Can you walk us through your journey from starting your career with the UK Civil Service to your current role? How has your career evolved over the last 40 years, and what were some pivotal moments that shaped your path?
In the 1980s while in the UK government, I was lucky enough to have access to some leading-edge information technologies, systems, and products. I became fascinated by them and their potential. I also started to understand – at a very basic level – how those technologies, products and systems were supposed to work and what their implications might be for the mission-critical networks and computer systems then deployed by the UK government and its agencies – and for the outputs and outcomes of those networks and systems. At the same time, in the mid- and late-‘80s, I found myself as probably the only lawyer in the UK government having to advise on some leading-edge technology applications and the start of what we’d now call outsourcing (then, we called it “facilities management”).
I had to learn very quickly to apply traditional legal rules and principles, that had no apparent application to the transactions before me, to developing technologies and the services around them, where there were no textbooks or precedents – in fact, no guidance at all, either from the UK, the USA, or elsewhere. So, I learned the hard way, and certainly made some big mistakes of various kinds along the way. Those mistakes were all my own.
I found this challenge both daunting, but also exhilarating and fascinating, and I still do today, for example, when I must think about and advise on AI. That’s what drew me to becoming a technology lawyer. IT law and the challenges of being an IT lawyer aren’t for everyone. But they were pivotal for me and made me want to practise “computer law” (I am not sure it even had a name then) when I left the UK government and went into legal private practice in the City of London. And so I became a highly specialised (some would say, too narrowly specialised) advisory and transactional commercial lawyer, focusing on the strategic and operational aspects of IT and related regulation. As I am today.
Recognising that I had chosen such a narrow path in my legal career, as soon as I’d established myself as an IT legal practitioner, I realised that I needed to broaden my perspective. It wasn’t common then – and it’s still relatively uncommon – for lawyers like me in private practice to represent IT suppliers and service providers. But I decided that I should represent some selected suppliers and service providers, because this would broaden my transactional perspectives, my legal, contractual, and negotiating experience, my practice base, and my career prospects. And I thought it would make me a more rounded, effective IT lawyer.
Also, I started to engage with others in the IT ecosystem, for example, management and procurement consultants, business advisers, corporate financiers, banks that debt- funded IT companies and projects, and private equity and venture capital houses – all of which increased my networks, live connections, and opportunities. That isn’t to say that I became a corporate, corporate finance, finance or any other kind of lawyer – but I was (and am) able to introduce my colleagues who were (and are) to those IT-market and client-related opportunities. So, this was a career- and practice-enhancing pivot.
Another major development in my career comes from, and is about, India. When India started opening up economically in the early 1990s, its IT sector became recognised, and Jack Welch at GE had decided to site GE’s back-office operations in India. This eventually opened a very important new practice for me. It came about because my team and I were often instructed by Western organisations to advise on the newly emerging offshore outsourcings from India to our client locations, as well as to represent our Western clients in the development and operations of Indian-based captive and build-operate-transfer structures. This took me to India frequently, and I came to know the giants of the Indian IT sector: Tata Consultancy Services, Infosys, Wipro, HCL, Satyam (as was) and Tech Mahindra, along with most of the other major IT and newly emerging business process service providers like L&T Infotech (as was), NIIT Technologies (as was), WNS, Genpact and EXL Service. Consistent with my desire to broaden my practice and client base, I started representing many of those Indian Tier 1 and 2 service providers in their first major IT and outsourcing transactions in the UK and Europe, as well as being involved in their first M&A transactions in the UK. India being India, and with such a highly networked business community, I found myself drawn into a wide range of Indian transactions and opportunities, irrespective of my legal experience. I have spent many happy years travelling in India, also on family holidays, from the far North to the deep South.
Another one of those unexpected developments that proves to be pivotal in a career: while I was making my way as a partner in Stephenson Harwood (where I started my IT private practice legal career in earnest in the 1990s), a fellow SH partner and I were approached by the UK firm of Coopers & Lybrand, then one of the global accountancy practices, to set up and lead their first associated UK law firm. So we established Tite & Lewis. This meant learning new, very different, and much broader management skills alongside running an IT law practice and serving clients. Coopers & Lybrand very soon merged with Price Waterhouse, to become what is now PwC. We became, in effect, PwC Legal. So, my co-founder and I, along with our T&L colleagues, saw a massive, complex, global merger at close quarters. All I can say is that it was quite an experience, and not an especially comfortable one, either.
The direction of travel and aspirations for PwC’s legal practice changed, but not in a way that appealed to all of us. So, when Ernst & Young (EY) UK approached us to create their first associated UK law firm, we moved shop and created Tite & Lewis a second time. I learned much from the experience, too, as this was a complete start-up that needed to scale up rapidly and, on the EY side, it was led with a different senior management style to PwC’s. Again, I had to combine senior management learning with running a successful IT law practice and serving clients, often in places like Europe, the USA, Hong Kong and Australia. That experience came to an end because of Enron, the demise of Arthur Andersen, the Sarbanes-Oxley Act, and changes in SEC public audit rules, all of which meant that a standalone UK legal practice was no longer viable for EY.
So, I returned to mainstream legal private practice as an IT specialist and held various practice leadership and senior partnerial positions. And I now find myself – very happily – back where I started my specialist IT legal career, at City of London and international law firm, Stephenson Harwood LLP, but this time, as senior consultant, not a partner.
Finally, another direction that proved pivotal for me has been serving as a non-executive director and adviser to various companies, including chairing a UK plc. The first opportunity arose because an important academic client needed someone to represent it on the board of a funding body operating in the medical and scientific technology areas. I had never served on such a board. So I learned.
The next, much more significant, opportunity arose because a client who had become a close friend had been appointed chief executive of one of Europe’s leading IT and outsourcing advisory groups and wanted me to support him and the board as non-executive chair. The other directors interviewed me and agreed. As this was a UK public company, I had to learn, understand, and apply corporate governance rules and London Stock Exchange regulations, as well as – and most challenging of all – boardroom dynamics and politics. This was a powerful and valuable, if occasionally unnerving, experience, from which I learned more than I could have imagined. As the company I chaired operated in the IT and outsourcing markets, often involving my clients, I had to consider and negotiate my way through potential conflicts and other legal practice governance rules. But, overall, my part-time, non-executive, chairing and later non-executive director role at this company complemented my legal private practice very well and helped me to develop my skills and experience.
Other corporate and academic non-executive director and senior advisory roles followed, all of which were complementary to my practice as an IT lawyer, and actively enhanced my career. I had to ensure that none of these roles was going to cause difficulties for my work as a private practitioner, which was always top priority.
Based on my experience, are there any messages for readers? Maybe these:
broaden your networks and horizons,
learn from your colleagues, your clients, and others you meet along the way,
keep an open mind about the opportunities that may come your way (some which you may make for yourselves, some of which may be entirely fortuitous),
be open to taking up those opportunities, even if you decide, ultimately, not to take them,
consider all opportunities and roles that are complementary to, and will enhance, your personal, business, and legal skills and experience,
think about helping, giving opportunities to, and nurturing others when you can. It’s rewarding in so many ways, and
above all, it’s really important that you enjoy your work and your role(s), accepting that there will inevitably be moments that are definitely less enjoyable.
In your experience, what are the key legal or regulatory risks that companies face when outsourcing critical IT services or adopting cloud computing solutions.
Each critical IT outsourcing or cloud computing transaction raises legal and regulatory risks depending on specific contexts and conditions, including on the customer side, for example its operational readiness for the transaction and the strength of its IT and compliance functions. It would be wrong and potentially misleading to set out a long list of specific legal or regulatory risks in such situations. Instead, based on my experience, I’ll list some of the most common key legal and regulatory risks concerned.
Regulatory compliance, especially in the UK and Europe, with the financial services sector outsourcing and cloud controls under, for example, the European Banking Authority outsourcing guidelines, the EU Digital Operational Resilience Act (DORA) and the UK Operational Resilience requirements.
Similar regulatory compliance in the EU critical national infrastructure (CNI) sectors, under the Network and Information Systems Directive (NIS2). The UK should soon be legislating to introduce similar rules in our CNI sectors. NIS2 has important implications – and obligations – for the IT, data centre, internet infrastructure, managed services and outsourcing markets.
Third-party supply chain transparency, especially in the context of cloud sub-outsourcing, clearly identifying where the cloud service provision is in the customer supply chain and putting in place suitable contractual governance.
Concentration risk in contracting with one of the small group of cloud hyperscalers, and how to relocate and ensure continuity of service in the cloud-delivered services in the event of a hyperscaler service outage or failure.
EU and UK GDPR compliance, including in cross-border data transfers outside Europe.
The application of the Acquired Rights Directive (ARD) and its UK equivalent, the TUPE Regulations (TUPE), effecting the mandatory transfer of in-scope staff on outgoing employment terms to the new outsourcing service provider or back to the customer where it takes the outsourcing back in house, especially where certain contractual pensions and enhanced redundancy rights are included in the transfer. It has not (yet) been established conclusively that the ARD and TUPE will apply to cloud computing transactions (especially public or hybrid deployment models), but in principle these rules could apply to certain kinds of cloud outsourcing.
Exit provisions to ensure efficient and timely migration of IT and cloud services on the expiry or termination of the outsourcing or cloud service provision.
As a trusted advisor to boards of some of the world’s largest corporations, what are the key strategic factors you emphasize when advising companies? Additionally, could you describe a particularly complex IT or outsourcing transaction you’ve been involved in, and how you approached overcoming the challenges associated with it?
In my experience, corporate boards do not usually call on external counsel in my practice area early enough in transactions or projects to advise on key strategic factors. Maybe they should, but usually that advice has been given before by a combination of external consultants and internal stakeholders.
When I’m called on to advise boards, it’s most often in the final stages of a transaction or technology implementation, when the board wants an external counsel’s view, delivered face-to-face and supported in writing, on the particular material risks in the IT or outsourcing transaction or project, and how those risks are being mitigated by contract, operationally, or in some other way. The board wants final legal sign-off. The key strategic risk factors vary from transaction to transaction, and from board to board. There is no one list of these factors, so it would be misleading to list them here.
In many cases, my role is to support board and corporate governance to enable the board to reach a critical “go/no-go” decision. You may think that it seems too late for such a decision, and you would be right, but that’s often the way it is. Usually, I’m able to give the legal assurance sought.
One exceptional (in every way) transaction that fell into the above category was a massively complex, business- and mission-critical IT outsourcing and data migration project for a UK bank. Because of the history of the bank, its financial situation, and its standing in the UK retail banking market, for the first time in my experience, this outsourcing project was under the regular, direct supervision of the three UK financial regulators – the Bank of England, the Prudential Regulation Authority and the Financial Conduct Authority. Such was the importance of this outsourcing in the UK retail banking market, that I was interviewed personally by the three regulators on the risks of the outsourcing to the bank concerned, and how they were being mitigated.
I was then asked to attend a full board meeting of the bank with the bank’s then general counsel to address those risks and the mitigation. My team and I prepared a graphic chart to illustrate and clarify the transactional risks to the bank’s board – this helped to explain and emphasise the issues and concerns. The board questioned me and, finally, the chair asked me directly if I would sign the outsourcing contract in its present form, given the legal and contractual risks we had identified and the mitigation in place. I said I wouldn’t unless certain contractual and operational measures were put in place, which was consistent with the advice we had been giving as the outsourcing progressed.
The board did not sign off the transaction until, sometime later, we had been able to negotiate various additional risk and operational mitigations with the outsource service provider and other entities. When these had been achieved and the documentation was finally agreed, I was able to confirm to the board that the outstanding risk areas had been addressed in contractual and operational mitigation.
The deal signed and is still considered one of the most effective banking technology and data migrations and outsourcings in the UK market.
As a Visiting Professor in Practice at LSE Law School, you teach subjects like AI, cloud computing, and legal technologies. What do you think are the most pressing legal issues in the realm of advanced technology today, and how do you prepare your students to tackle them?
LSE’s motto is “rerum cognoscere causas” meaning “to know the causes of things”. I am going to apply the motto broadly in answering this question.
In the realm of advanced technologies today, I think – and it’s a personal view that others in LSE Law may disagree with – that what serves our students best is an intellectual framework to help them “know the causes” of advanced technologies and their implications, and understand and analyse the most pressing legal issues that follow from those causes. So when I am preparing and delivering lectures, I have in mind a framework, which I hope will help our students to know and to understand the following kinds of things (this is not intended as an exhaustive list):
the way(s) that the advanced technologies concerned work
their macro and micro impacts, positive or negative or both, on the world, for example, the environment, society at large, on human activities and interactions, and in all relevant contexts, including in the commercial sphere(s) concerned. For example, in the context of AI in retail financial services markets, how bias in datasets and skewed algorithms might result in denying credit to particular, say ethnic, groups in society,
the specific risks and harms, as well as the positive impacts, associated with those technologies (see the example in (2) above),
the main providers of such technologies and their market position, for example, if those providers are dominant, as the hyperscalers are in the cloud infrastructure markets, and especially if this creates systemic concentration risk in, say, the regulated financial markets,
the ancillary issues and considerations that may arise from such technologies, for example, the impact of the growing cyber risk on the insurance markets, how AI and sovereign actors and their proxies may be contributing to that risk, and the decreasing insurability of certain kinds of cyber risk, or the private right of self-defence in response to cyberattacks,
the geopolitical consequences of advanced technologies, for example, the so-called “arms race” for GPUs in AI, and the rush to acquire alternative energy sources to drive the increasing power demands of data centres in AI compute, as well as the strategic importance of AI in the “Third Offset”,
how current law and regulation may apply to those technologies and those risks, especially in unintended or unexpected ways, and
how proposed law and regulation may apply to those technologies and those risks.
How do I try to prepare our students to tackle these issues? By encouraging them to think about them, to discuss them in class and, if students wish, to write about some or all of these issues in their summative essays.
You may be surprised that I follow this approach. I think that having a framework to “know the causes of things”, then trying to understand and think more about the impact of those things, is a more adaptable, flexible and useful approach in considering the most pressing legal issues in advanced technologies like AI, which are constantly evolving and changing. Our thinking needs to be able to keep track, and to evolve, too.
You’ve played significant leadership roles at firms like PwC and EY. How have you navigated the challenges of managing large teams of lawyers while maintaining a focus on technological innovation and client service?
The honest answer is that it was a struggle, though an exciting and rewarding one in many, though not all, ways. And it remains so for all senior lawyers in private practice and, similarly, for general counsel in corporate roles. There is an inherent and constant tension in balancing the following:
developing new and maintaining existing client relationships,
delivering the best possible legal service to clients,
being aware of, and deploying, new technologies, processes and techniques in legal service delivery,
nurturing, managing and retaining teams,
taking difficult decisions about people and the business,
general management, and
interacting with other, non-legal, colleagues.
I don’t mean this to be a complete list.
There is another, more personal and, maybe for your readers, more important challenge here. I allowed work to come first. Because of those challenges, I wasn’t at home much, I wasn’t around to support my wife much of the time and missed my three children growing up. While being an international technology lawyer looked, and was, exciting and took me all over the world serving household-name clients, I was away from my family and home for long periods over many years.
So, as I say, while it was exciting for me, and materially rewarding for my family, there were significant downsides in trying to balance these challenges. If I had my time again, I hope I would do, and be more able to do, things differently in that respect.
Your career spans across both legal practice and academia. How do you balance the practical demands of being a Senior Consultant at Stephenson Harwood LLP with your academic pursuits and publications?
These roles are actually quite complementary. My main academic commitments, which involve lecturing to the LLM and LLB classes in LSE Law, are concentrated in a relatively short period, around which I can plan my legal practice and academic work. I also have an understanding, supportive and inspirational leader in LSE Law, Professor Andrew Murray, who happens also to be one of the foremost academic lawyers globally in IT law and regulation.
My title at LSE says it: Visiting Professor in Practice. What LSE expects from me is exactly that – perspectives from practice. It says much about the LSE Law School that it recognises that a perspective in practice benefits both undergraduate and taught postgraduate students.
More importantly, I find that the learning and experience I have from my practice and academic careers enhance each other. I have the chance to think more widely and deeply about subjects like cybersecurity, cloud computing and AI when I’m preparing and delivering my lectures. This, in turn, brings additional perspectives and also opportunities to my private practice work, both substantively and in offering new and creative ideas to clients.
At Stephenson Harwood, I’m grateful to Simon Bollans, Technology practice global lead partner, and Dan Holland, overall practice leader, for their vision, understanding, and the opportunity to work in their team.
Given your involvement in legal innovation and technology, do you have any personal projects or initiatives that you’re particularly passionate about in the field of legal technology?
I’m going to interpret “legal technology” here as it applies to legal practice thinking and operations, and to client delivery of legal services in the broadest and narrowest senses.
In answer to this question, I wouldn’t single out one single personal project I can say I am particularly passionate about.
What I am passionate about is an initiative, both in my private practice and academic roles, which starts from this proposition: all lawyers, especially those studying law at university or elsewhere, and those coming into legal private or in-house practice, need to understand as best they can, and to embrace, developing legal technologies and processes, wherever and whenever they have the opportunity to do so. A current example is AI in legal use cases and applications, legal analytics, document assembly tools, workflows, and so on.
All lawyers today need to be aware of and to manage the implications of legal technologies and new processes for their clients, their markets, their own legal careers, and for their effectiveness as lawyers, especially in the age of artificial intelligence.
And, as senior lawyers, whether as practitioners or academics, we have a responsibility to our junior colleagues and students to provide them with opportunities to help them understand, and to embrace where suitable, legal technologies and processes. This doesn’t mean that all lawyers should become legal technologists, software developers and coders, or data scientists – just that all lawyers nowadays must understand the impact of these technologies and processes on their work to be able to operate effectively as lawyers, in whatever capacity.
This is a subset of the much wider challenge of AI in society: to have a future, we must try to understand the impact of AI on our lives, working and otherwise, and to harness AI by working with it. If it will let us!
In your career, you’ve mentored numerous lawyers and young professionals. What advice do you typically offer to those considering starting out as technology lawyers?
While I’m often glad that those who approach me are considering becoming technology lawyers, I feel dutybound to point out that, whether they intend to be and remain in legal private practice or work in-house, they are choosing a narrower career path for themselves than many others for lawyers.
To be blunt, in legal private practice IT law is not mainstream in most law firms, unless they are IT law boutiques. And even in boutiques, there is likely to be a need for more broadly based practitioners, for example those who can advise clients on VC or PE deals, fundraising, IP rights protection, as well as on operational IT commercial work.
So, the first piece of advice I give anyone thinking of starting out as a technology lawyer is this: understand that you would be choosing a much narrower career path than other areas of legal practice. I discuss the obvious and real implications of that choice, whether in private practice or in-house practice, including a smaller range of career opportunities, more limited opportunities for career advancement, and in many scenarios, lower levels of remuneration. I also emphasise the upsides of choosing IT law as a career, which I hope everything I’ve said here supports. But obviously it’s a personal decision.
If anyone then remains determined to pursue a career in technology law, I encourage them to find ways of broadening their perspectives, markets and market opportunities, networks, and potential client bases, and I explain how (as I have earlier in this interview) this could benefit them. Above all, my message to them – and to you – is that you need to have fun!