Cloud has shifted from elasticity to control and jurisdiction: CEO, Xtelify

India's digital economy runs on cloud infrastructure, much of it owned and operated outside its borders. For years, that was an acceptable trade-off. But as AI systems begin carrying sensitive business logic, citizen data, and critical national services, the question of who controls that infrastructure is getting harder to ignore. In a conversation with TechCircle, Pradipt Kapoor, Chief Digital & Information Officer at Bharti Airtel and CEO of Xtelify, argues that the shift from compliance-on-paper to control-by-design is no longer optional, it's the next competitive frontier.

Edited Excerpts: 

India’s cloud adoption is accelerating rapidly, but much of the underlying infrastructure is still governed by global hyperscalers like Amazon Web Services and Microsoft Azure. At what point does this dependence become a strategic risk rather than just an operational choice?

The cloud conversation in India is larger than this because the real issue is not about global hyperscalers, who have been incredible innovation engines for the country. Cloud in India had been about elasticity and cost up until now, but it is now shifting fundamentally to control, jurisdiction, and continuity of critical services. The conversations are moving to the core of India’s digital sovereignty and resilience. The real issue now is about who ultimately controls the digital infrastructure that underpins the country’s economy, public services, and national security. Outages, geopolitical tensions, and extra‑territorial laws have shown that if the control plane, jurisdiction, and decision rights sit outside India, then what looks like an operational choice very quickly becomes a strategic vulnerability.

Hyperscalers will continue to power many workloads, however, sovereign cloud is the layer that sits alongside them for regulated, mission-critical and citizen-data workloads. Regulated industries, critical infrastructure, government, and the digital public stack will need a sovereign cloud fabric that is built in India, operated from Indian data centers, with control, metadata, and decision rights anchored firmly under Indian jurisdiction. This will allow regulators, banks, critical infrastructure providers, and digital‑first enterprises to use cloud and AI with confidence that no external entity can unilaterally switch them off, change the rules overnight, or exploit their data.

At Airtel, we are building exactly this. Our approach is a telco‑grade, sovereign cloud anchored in Nxtra’s next‑generation data centers and deeply integrated with our network, so we can handle hundreds of millions of users and billions of transactions a minute, while keeping data resident, compliant, and secure in India.

What are the structural gaps in today’s regulatory approach that allow enterprises to be compliant on paper, yet lack real control over their data?

India has moved fast on data protection, and the direction of travel with DPDP and sectoral norms is broadly right. The gap we see is not intent, it is alignment between what the law asks for and what actually gives an enterprise real control in a multi‑cloud, API‑driven world.

Today, on paper, one may be fully compliant with consent notices in place, contracts with processors, data‑localisation clauses ticked, yet in practice, critical data is scattered across regions, replicated in multiple jurisdictions, and governed by foreign law once it leaves the sovereign control plane. You will agree that earlier regulations were not written for a world where workloads move dynamically across clouds, where telemetry and metadata often sit outside the primary jurisdiction, and where complex supply chains of sub‑processors handle your data. Compliance had been defined largely as documentation and contractual hygiene, not as verifiable technical and operational control over where data lives, who can touch it, and under which jurisdictional obligations.

This is, however, changing as regulators are increasingly asking harder questions around data residency, sovereignty, and systemic resilience, not just checklists. The opportunity now is to evolve from ‘compliance‑on‑paper’ to ‘control‑by‑design’ architectures where data residency, encryption, access governance, and auditability are engineered into the cloud fabric itself. This is exactly the problem we are solving at Airtel with our sovereign cloud and Nxtra’s infrastructure by offering enterprises a platform where compliance, residency, and control are natively built in, so that being compliant does not just mean that you have the right clauses, but instead means that they can prove, in real time, that they truly own and govern their data.

As AI systems begin to encode proprietary business logic and institutional knowledge, how should enterprises rethink infrastructure decisions differently compared to the pre-AI cloud era?

When you start putting AI at the heart of your business, the cloud stops being just ‘infrastructure’ and effectively becomes the place where your institutional memory, proprietary logic, and competitive edge are encoded. That is a vastly different world from the pre‑AI cloud era, when you were mostly lifting applications and data; now you are putting your playbook, your business secrets, and in many cases your regulatory obligations into someone else’s stack.

In that context, enterprises need to rethink three things simultaneously. First, sovereignty and control, which translates into where they train and run their AI models, who has jurisdiction over that environment, and whether anyone outside their organisation can see, copy, or constrain how those models evolve over time.

Second, architecture for portability and de‑risking lock‑in. In an AI world, one cannot afford to hard‑wire their future into a single provider’s proprietary stack. Models, features, and data pipelines must be able to easily move across on‑prem and sovereign clouds, which means open standards, containerised workloads, clear separation between business logic and the underlying infrastructure, and an ecosystem approach across IaaS, PaaS, and SaaS, which is exactly the approach we have built at Airtel Cloud.

Third, performance with responsibility. AI workloads are compute‑hungry, latency‑sensitive, and highly regulated when they touch citizen data or financial rails. Enterprises should evaluate which platform gives them AI‑grade compute, carrier‑grade reliability, and verifiable compliance for DPDP and sectoral norms, without compromising on cost efficiency over time.

These will help Indian enterprises with a headroom to innovate aggressively in AI, on infrastructure that is local, governed, and engineered for resilience.

The idea of converging network, cloud, and AI into a unified stack is gaining traction—what specific inefficiencies or risks does the current fragmented, multi-vendor model create?

We are already solving for this at Airtel Business as we converge network, cloud, and AI into a single stack to address some of the most critical problems large enterprises in India are facing today. In a fragmented, multi‑vendor set‑up, each layer comes with its own control plane, telemetry, and SLAs, creating structural risks such as inconsistent performance across networks and clouds, blind spots in observability, overlapping security policies, and a cost base that is almost impossible to predict quarter to quarter. As a result, enterprises spend more time reconciling logs, tickets, and contracts than actually delivering new journeys for their customers.

The next decade belongs to architectures where network, cloud, and AI are designed as one fabric. At Airtel, we have already converged these layers onto our telco‑grade cloud platform, and we are taking the same philosophy to customers through Airtel Business. With Airtel Cloud, Nxtra data centers, world-class cybersecurity solutions, and our connectivity backbone that spans mobile, fixed, and subsea cable systems, we can offer truly end‑to‑end integrated solutions with one digital spine, one control plane, one set of SLAs, with AI embedded into the network and cloud by design. This means enterprises can run mission‑critical workloads in Nxtra’s data centers, scale on Airtel Cloud, secure their entire estate with our cybersecurity stack, and connect users and applications over our terrestrial and undersea networks while benefiting from unified observability, consistent policy enforcement, faster incident resolution, and a significantly lower total cost and complexity of ownership.

In practical terms, what would “true control” over data and AI systems look like for an Indian enterprise, and how far are most organizations from achieving that today?

True control starts when one’s most sensitive data and AI workloads move from being somebody else’s feature to being their own capability. In practical terms, this translates into three things for Indian enterprises.

First, their data and models should run on platforms where the data plane and control plane are both under Indian jurisdiction and they know exactly where their data resides, who can access it, and which laws apply, instead of relying purely on contracts and fine print. Second, their AI stack is architected for portability and openness, so one is not locked into one provider and can easily move models and workloads across on‑prem and sovereign. Third, one has real‑time observability and governance with a clear line of sight into how data is used, how models behave, and who is accountable for outcomes, especially under DPDP and sectoral regulations.

While most organisations are still some distance away from this ideal scenario, the good news is that the shift has begun, with sovereign cloud, AI‑ready infrastructure, and open architectures. We are helping customers move from ‘using cloud and AI’ to actually owning the levers that matter, including location, access, portability, and governance. This, to me, is what true control will look like over the next decade.

There is an increasing policy push toward digital self-reliance—how do you see sovereign cloud infrastructure aligning with India’s broader ambitions around technological independence and economic competitiveness?

Sovereign cloud is the infrastructure expression of India’s push for digital self‑reliance. We discussed this above, how this is about making sure that the data, control plane, and intelligence that power our economy sit under Indian jurisdiction, on platforms architected for our scale and our laws. When we do this, every rupee of digital growth compounds inside the country, as local AI models, local talent, and local SaaS ecosystems, rather than leaking out as pure infrastructure rent.

This is exactly the design intent behind Airtel Cloud and is a telco‑grade, AI‑ready sovereign cloud that can run mission‑critical workloads at national scale, while delivering full data sovereignty as well as up to 40% optimisation in cloud spends. If India wants to be competitive in AI, 5G, and digital public infrastructure, it cannot afford to have its strategic systems running on infrastructure it does not fully control. Sovereign cloud is how we align innovation with independence so India can integrate with the world on its own terms as an equal.

For CIOs and CFOs evaluating long-term infrastructure strategy, what are the most overlooked risks today when it comes to cloud governance, especially in the context of AI-led transformation?

For most CIOs and CFOs, the biggest blind spot is that cloud governance is still being treated as an IT and contracts problem, when in an AI-first world it is fundamentally a control, concentration-risk, and long-term economics problem.

Three risks are consistently underestimated across who really controls their critical data and models, how portable those assets are if the environment or rules change, and whether AI infrastructure costs will scale sustainably with value created.

Enterprises that get this right will own their digital destiny instead of renting it, and trusted partners like us are committed to building that foundation for them so enterprises can scale AI with confidence.