<h2>Executive Summary</h2><ul><li><p><strong>Algorithms make consequential decisions</strong> about credit, jobs and healthcare at scale in India. Almost none have been audited for bias.</p></li><li><p>The few <strong>audits that exist are alarming</strong>. Only 10% of AI-using financial entities had bias mitigation protocols in place.</p></li><li><p>In every case, the <strong>bias was inherited from training data and design assumptions</strong>, and was not deliberate. </p></li><li><p>India is the only major AI economy where <strong>binding algorithmic accountability covers just one sector</strong>. Everything else is ungoverned</p></li><li><p><strong>Three risks are converging for businesses</strong>: regulatory exposure, flawed operational pipelines and reputational damage.</p></li><li><p>Organisations that <strong>audit now</strong>, before regulation compels them, will be significantly better positioned than those that wait.</p></li></ul>.<p>Algorithms influence millions of business decisions each day: who deserves a home loan, what someone’s credit limit should be, which candidates should be shortlisted for a job, how products are recommended and how risks should be weighted. Yet, few of these algorithms have been examined for the biases they carry.</p><p>Many decision systems rely on reams of personal and behavioural data, from transaction histories and repayment records to browsing activity, location data and patterns of digital engagement. From this information, they infer characteristics, preferences and levels of risk that can materially affect opportunities and outcomes. The logic behind these decisions is often inaccessible, difficult to explain and rarely subject to review. As a result, biases embedded within data, models or design choices can remain undetected while operating at scale.</p><p>Governance norms have not kept pace with AI adoption. This matters acutely in India, which ranked third globally in <strong>Stanford University's</strong> 2025 AI Vibrancy Index, a composite measure of AI research, investment, talent and policy activity, behind only the United States and China. While the EU has enacted comprehensive, binding legislation, and China has established robustAI oversight frameworks, India remains without dedicated AI legislation. MeitY’s November 2025 AI Governance Guidelines, is a step forward, but the guidelines remain voluntary and there are no penalties for non-compliance. </p><p>This paper examines what algorithmic opacity looks like in practice across Indian sectors, how regulators are beginning to respond and why algorithmic audit capability is becoming a business issue rather than a purely technical one.</p> <h2><strong>What Audits have Found</strong></h2><p>Only a handful of audits on algorithmic systems have been conducted so far, but they reveal recurring and potentially disturbing patterns.</p><p>In the realm of<strong> hiring,</strong> a 2025 working paper from<strong> IIM Bangalore</strong> tested <strong>ChatGPT</strong> on a structured shortlisting exercise: identical qualifications, equal proportions of scheduled caste (SC), scheduled tribe (ST) and general category candidates, repeated across a thousand iterations. The model selected dominant-caste candidates 84% of the time, even though the output, in all cases, looked like any other shortlist. Nothing in the interface indicated what led to these decisions. In May 2025, a US federal court certified the first class-action against an AI hiring platform, <strong>Workday</strong>, for discriminating against Black candidates, older applicants and people with disabilities. India has no mechanism that would catch an equivalent failure today, despite AI hiring tools getting embedded across most major recruiters.</p><p>In<strong> lending,</strong> the<strong> RBI’s FREE-AI</strong> framework, published in August 2025, found that Indian banks and fintechs were deploying AI across credit assessment and fraud detection with minimal oversight. Of the entities using AI, only 35% had validated their systems for bias and fairness, but only at the development stages, not in terms of actual deployment. Only 15% used <em>any</em> tools to interpret how their models were making decisions, just 14% conducted regular audits and only 10% had bias mitigation protocols in place. </p><p><strong>NASSCOM, </strong>the technology industry's leading trade body, has called out algorithmic discrimination in digital lending as an active concern. The most common mechanism for perpetuating bias is <em>proxy discrimination</em>: algorithms use postcodes, mobile recharge frequency and behavioural data as inputs. These proxies correlate with income and community in ways that the companies deploying them have not explicitly mapped. NASSCOM has documented cases of people, including a self-employed contractor in Punjab, receiving lower credit limits than peers with identical financial profiles, mainly because of variables that the algorithm treated as relevant, but which nobody had audited for fairness. In each case, the companies involved had no mechanism to know this was happening. The bias was inherited from training data, default settings and design assumptions that encoded the worldview of the people who built the system. </p><p>In <strong>healthcare</strong>, a 2025 meta-analysis of over 70,000 clinical images found that AI dermatology diagnostic tools perform measurably worse on darker skin tones, resulting in markedly lower diagnostic accuracy. The cause, again, is training data: the datasets used to build these tools are composed predominantly of lighter-skinned patients. Every health-tech platform deploying these tools, including in India, is thus inheriting a performance gap without necessarily knowing it. </p><p>In the booming <strong>matrimonial services industry</strong>, an audit of <strong>Jeevansathi </strong>and <strong>Shaadi.com</strong> by <strong>IIT Delhi</strong> researchers found that both platforms amplify social norms around income, age and religion even when users explicitly indicate that those dimensions do not matter to them. More striking is what the platforms do <em>before</em> users make <em>any</em> choice at all. Jeevansathi automatically sets a female profile's desired partner-income either equal to or higher than hers, while leaving the same field blank for male profiles. The platform is thus encoding an ideological position in its default settings. Nearly three-quarters of surveyed users said they would prefer recommendation systems free from such biases. The platforms, meanwhile, have no obligation to inform users that the defaults exist, or to explain how the recommendation algorithm works.</p><p>Across these cases, the structure of the problem is identical: The bias was not ‘designed in’, but instead, inherited from training data, default settings, or from design assumptions that reflect the worldview of the people who built the system. In each case, it was invisible until someone specifically looked for it.</p> <h2><strong>The Regulatory Patchwork</strong></h2><h2></h2><p>India's regulators have begun to move on this issue, but mainly around the financial-services sector. The <strong>RBI’s FREE-AI</strong> framework, covering banks and NBFCs, requires board-approved AI policies, mandatory incident reporting and algorithmic audit processes for all regulated financial entities. A February 2025 <strong>SEBI </strong>circular, covering capital markets, goes further in one specific respect: it formally distinguishes between white box algorithms, where the logic is transparent and replicable, and black box algorithms, where it is not, and requires providers of the latter to register as Research Analysts and maintain detailed documentation for each algorithm. The fact that two of India's most powerful regulators arrived at the same conclusion about opacity as a governance risk, independently and from different starting points, is itself a signal worth noting.</p><p>Effectively, then, India currently has a binding framework in only one domain: financial services. Every other areas of business activity – from hiring and healthcare, to matrimony, e-Commerce and agriculture – remains <em>entirely ungoverned</em> from an algorithmic accountability perspective. In comparison, the <strong>EU AI</strong> <strong>Act</strong>, effective August 2024, establishes binding risk-based obligations across <em>all</em> sectors. Similarly, China has enacted broad algorithm-recommendation regulations requiring user transparency and control. </p><p>Potentially, this creates two types of issues. First, as research from <strong>Google</strong> finds, conventional ‘fairness frameworks’ are West-centric in their design, and may fail to account for India's specific social hierarchies, data reliability problems and the distance between AI systems and the communities they affect. Simply importing, say, the EU model would be mere window dressing in a country where the ground conditions are fundamentally different. Indeed, a joint study by the <strong>Singapore Institute of Management </strong>and<strong> Christ University</strong> found that Indian AI developers and policymakers have limited awareness of the biases embedded in the systems they are building and regulating. The study's most pointed observation is that addressing bias reactively, after harm has occurred, risks entrenching it further. Second, patchy implementation may later create material exposure for businesses operating outside sectors where the issues are being addressed.</p> <h2><strong>Why this is a Board-Level Risk</strong></h2><p>The business case for acting <em>now</em> comes down to three risks:</p><p>The <strong>regulatory </strong>risks are the most immediate. India's sectoral AI governance will not stay fragmented forever. When a national framework does arrive, organisations that have already audited their systems will have ready answers. Those who have not will be building them from scratch under scrutiny. <strong>Goldman Sachs</strong> did not <em>know</em> its <strong>Apple</strong> <strong>Card</strong> algorithm was producing different credit limits for men and women until customers noticed. That ignorance made the situation considerably worse when regulators inquired. </p><p>The<strong> operational </strong>risks are less overt, but may compound over time. A hiring algorithm filtering by caste proxies is effectively excluding over 30% of India's workforce without anyone in the organisation knowing. Such distortions compound silently across hiring cycles, producing no visible signals until someone audits the funnel. By that point, years of flawed decisions have already been made.</p><p>The <strong>reputational risks </strong>may prove the most insidious. Public responses to algorithmic failures tend to focus less on technical limitations and more on organisational responsibility. Once an issue becomes visible, companies are often expected to explain not only what happened, but whether adequate oversight existed in the first place. </p><p><strong>India's DPDP Act</strong> is in force and a broader AI governance framework is in development. Before it arrives, CXOs can pay attention to the following:</p><ul><li><p>Inventory what your algorithms are deciding, and on whose behalf</p></li><li><p>Test whether outputs differ systematically across demographic groups in ways the decision criteria do not justify</p></li><li><p>Require audit documentation from every vendor whose algorithmic system you license</p></li></ul><p>Rather than focusing on sophisticated tooling, the need of the hour is to ask the right questions about your decision-making algorithms. Most organisations have not.</p>
<h2>Executive Summary</h2><ul><li><p><strong>Algorithms make consequential decisions</strong> about credit, jobs and healthcare at scale in India. Almost none have been audited for bias.</p></li><li><p>The few <strong>audits that exist are alarming</strong>. Only 10% of AI-using financial entities had bias mitigation protocols in place.</p></li><li><p>In every case, the <strong>bias was inherited from training data and design assumptions</strong>, and was not deliberate. </p></li><li><p>India is the only major AI economy where <strong>binding algorithmic accountability covers just one sector</strong>. Everything else is ungoverned</p></li><li><p><strong>Three risks are converging for businesses</strong>: regulatory exposure, flawed operational pipelines and reputational damage.</p></li><li><p>Organisations that <strong>audit now</strong>, before regulation compels them, will be significantly better positioned than those that wait.</p></li></ul>.<p>Algorithms influence millions of business decisions each day: who deserves a home loan, what someone’s credit limit should be, which candidates should be shortlisted for a job, how products are recommended and how risks should be weighted. Yet, few of these algorithms have been examined for the biases they carry.</p><p>Many decision systems rely on reams of personal and behavioural data, from transaction histories and repayment records to browsing activity, location data and patterns of digital engagement. From this information, they infer characteristics, preferences and levels of risk that can materially affect opportunities and outcomes. The logic behind these decisions is often inaccessible, difficult to explain and rarely subject to review. As a result, biases embedded within data, models or design choices can remain undetected while operating at scale.</p><p>Governance norms have not kept pace with AI adoption. This matters acutely in India, which ranked third globally in <strong>Stanford University's</strong> 2025 AI Vibrancy Index, a composite measure of AI research, investment, talent and policy activity, behind only the United States and China. While the EU has enacted comprehensive, binding legislation, and China has established robustAI oversight frameworks, India remains without dedicated AI legislation. MeitY’s November 2025 AI Governance Guidelines, is a step forward, but the guidelines remain voluntary and there are no penalties for non-compliance. </p><p>This paper examines what algorithmic opacity looks like in practice across Indian sectors, how regulators are beginning to respond and why algorithmic audit capability is becoming a business issue rather than a purely technical one.</p> <h2><strong>What Audits have Found</strong></h2><p>Only a handful of audits on algorithmic systems have been conducted so far, but they reveal recurring and potentially disturbing patterns.</p><p>In the realm of<strong> hiring,</strong> a 2025 working paper from<strong> IIM Bangalore</strong> tested <strong>ChatGPT</strong> on a structured shortlisting exercise: identical qualifications, equal proportions of scheduled caste (SC), scheduled tribe (ST) and general category candidates, repeated across a thousand iterations. The model selected dominant-caste candidates 84% of the time, even though the output, in all cases, looked like any other shortlist. Nothing in the interface indicated what led to these decisions. In May 2025, a US federal court certified the first class-action against an AI hiring platform, <strong>Workday</strong>, for discriminating against Black candidates, older applicants and people with disabilities. India has no mechanism that would catch an equivalent failure today, despite AI hiring tools getting embedded across most major recruiters.</p><p>In<strong> lending,</strong> the<strong> RBI’s FREE-AI</strong> framework, published in August 2025, found that Indian banks and fintechs were deploying AI across credit assessment and fraud detection with minimal oversight. Of the entities using AI, only 35% had validated their systems for bias and fairness, but only at the development stages, not in terms of actual deployment. Only 15% used <em>any</em> tools to interpret how their models were making decisions, just 14% conducted regular audits and only 10% had bias mitigation protocols in place. </p><p><strong>NASSCOM, </strong>the technology industry's leading trade body, has called out algorithmic discrimination in digital lending as an active concern. The most common mechanism for perpetuating bias is <em>proxy discrimination</em>: algorithms use postcodes, mobile recharge frequency and behavioural data as inputs. These proxies correlate with income and community in ways that the companies deploying them have not explicitly mapped. NASSCOM has documented cases of people, including a self-employed contractor in Punjab, receiving lower credit limits than peers with identical financial profiles, mainly because of variables that the algorithm treated as relevant, but which nobody had audited for fairness. In each case, the companies involved had no mechanism to know this was happening. The bias was inherited from training data, default settings and design assumptions that encoded the worldview of the people who built the system. </p><p>In <strong>healthcare</strong>, a 2025 meta-analysis of over 70,000 clinical images found that AI dermatology diagnostic tools perform measurably worse on darker skin tones, resulting in markedly lower diagnostic accuracy. The cause, again, is training data: the datasets used to build these tools are composed predominantly of lighter-skinned patients. Every health-tech platform deploying these tools, including in India, is thus inheriting a performance gap without necessarily knowing it. </p><p>In the booming <strong>matrimonial services industry</strong>, an audit of <strong>Jeevansathi </strong>and <strong>Shaadi.com</strong> by <strong>IIT Delhi</strong> researchers found that both platforms amplify social norms around income, age and religion even when users explicitly indicate that those dimensions do not matter to them. More striking is what the platforms do <em>before</em> users make <em>any</em> choice at all. Jeevansathi automatically sets a female profile's desired partner-income either equal to or higher than hers, while leaving the same field blank for male profiles. The platform is thus encoding an ideological position in its default settings. Nearly three-quarters of surveyed users said they would prefer recommendation systems free from such biases. The platforms, meanwhile, have no obligation to inform users that the defaults exist, or to explain how the recommendation algorithm works.</p><p>Across these cases, the structure of the problem is identical: The bias was not ‘designed in’, but instead, inherited from training data, default settings, or from design assumptions that reflect the worldview of the people who built the system. In each case, it was invisible until someone specifically looked for it.</p> <h2><strong>The Regulatory Patchwork</strong></h2><h2></h2><p>India's regulators have begun to move on this issue, but mainly around the financial-services sector. The <strong>RBI’s FREE-AI</strong> framework, covering banks and NBFCs, requires board-approved AI policies, mandatory incident reporting and algorithmic audit processes for all regulated financial entities. A February 2025 <strong>SEBI </strong>circular, covering capital markets, goes further in one specific respect: it formally distinguishes between white box algorithms, where the logic is transparent and replicable, and black box algorithms, where it is not, and requires providers of the latter to register as Research Analysts and maintain detailed documentation for each algorithm. The fact that two of India's most powerful regulators arrived at the same conclusion about opacity as a governance risk, independently and from different starting points, is itself a signal worth noting.</p><p>Effectively, then, India currently has a binding framework in only one domain: financial services. Every other areas of business activity – from hiring and healthcare, to matrimony, e-Commerce and agriculture – remains <em>entirely ungoverned</em> from an algorithmic accountability perspective. In comparison, the <strong>EU AI</strong> <strong>Act</strong>, effective August 2024, establishes binding risk-based obligations across <em>all</em> sectors. Similarly, China has enacted broad algorithm-recommendation regulations requiring user transparency and control. </p><p>Potentially, this creates two types of issues. First, as research from <strong>Google</strong> finds, conventional ‘fairness frameworks’ are West-centric in their design, and may fail to account for India's specific social hierarchies, data reliability problems and the distance between AI systems and the communities they affect. Simply importing, say, the EU model would be mere window dressing in a country where the ground conditions are fundamentally different. Indeed, a joint study by the <strong>Singapore Institute of Management </strong>and<strong> Christ University</strong> found that Indian AI developers and policymakers have limited awareness of the biases embedded in the systems they are building and regulating. The study's most pointed observation is that addressing bias reactively, after harm has occurred, risks entrenching it further. Second, patchy implementation may later create material exposure for businesses operating outside sectors where the issues are being addressed.</p> <h2><strong>Why this is a Board-Level Risk</strong></h2><p>The business case for acting <em>now</em> comes down to three risks:</p><p>The <strong>regulatory </strong>risks are the most immediate. India's sectoral AI governance will not stay fragmented forever. When a national framework does arrive, organisations that have already audited their systems will have ready answers. Those who have not will be building them from scratch under scrutiny. <strong>Goldman Sachs</strong> did not <em>know</em> its <strong>Apple</strong> <strong>Card</strong> algorithm was producing different credit limits for men and women until customers noticed. That ignorance made the situation considerably worse when regulators inquired. </p><p>The<strong> operational </strong>risks are less overt, but may compound over time. A hiring algorithm filtering by caste proxies is effectively excluding over 30% of India's workforce without anyone in the organisation knowing. Such distortions compound silently across hiring cycles, producing no visible signals until someone audits the funnel. By that point, years of flawed decisions have already been made.</p><p>The <strong>reputational risks </strong>may prove the most insidious. Public responses to algorithmic failures tend to focus less on technical limitations and more on organisational responsibility. Once an issue becomes visible, companies are often expected to explain not only what happened, but whether adequate oversight existed in the first place. </p><p><strong>India's DPDP Act</strong> is in force and a broader AI governance framework is in development. Before it arrives, CXOs can pay attention to the following:</p><ul><li><p>Inventory what your algorithms are deciding, and on whose behalf</p></li><li><p>Test whether outputs differ systematically across demographic groups in ways the decision criteria do not justify</p></li><li><p>Require audit documentation from every vendor whose algorithmic system you license</p></li></ul><p>Rather than focusing on sophisticated tooling, the need of the hour is to ask the right questions about your decision-making algorithms. Most organisations have not.</p>
