MSL Public Affairs

The passage of the Sustainable Harnessing and Advancement of Nuclear Energy for Transforming India (SHANTI) Act, 2025, marks one of the most consequential shifts in India’s energy policy since Independence. SHANTI represents a fundamental rethinking of nuclear power’s role in India’s economic strategy, climate commitments, and technological future, particularly at a moment when artificial intelligence (AI) is reshaping how nations grow, compete, and govern.

At the core of this shift is a strategic reality: AI’s future will be shaped as much by energy infrastructure as by algorithms. Scaled AI adoption requires reliable, affordable, and uninterrupted power to sustain data centres, high-performance computing, and domestic R&D. Without firm baseload energy, AI risks concentrating in a few regions and firms, reinforcing digital divides rather than enabling inclusion. For India, where AI is expected to lift productivity across governance, manufacturing, healthcare, and MSMEs,energy availability will determine whether innovation remains elite or becomes truly democratized. SHANTI addresses this constraint by positioning nuclear power not just as a climate instrument, but as foundational infrastructure for AI-led growth, indigenous research, and inclusive technological diffusion.

It dismantles a six-decade-old institutional architecture. By repealing the Atomic Energy Act, 1962 and substantially restructuring the Civil Liability for Nuclear Damage Act, 2010, SHANTI ends the state monopoly over civil nuclear power. For the first time, licensed private Indian companies, joint ventures, and select foreign participants will be permitted to build, own, operate, and decommission nuclear power plants, subject to central government approval. The Nuclear Power Corporation of India Ltd (NPCIL) will no longer be the sole operator, opening the sector to new capital, execution capacity, and technological partnerships.

Simultaneously, India is entering a sharply energy-intensive phase of growth driven by artificial intelligence, global capability centres (GCCs), and large-scale digital infrastructure. Data centres, cloud platforms, large language models, and high-performance computing clusters require vast quantities of uninterrupted, high-quality power with tight latency and reliability thresholds. Globally, data centres consumed around 460 terawatt-hours of electricity in 2022, a figure projected to double by 2026. India’s own AI ecosystem is estimated to contribute nearly $1 trillion to GDP by 2035, but only if energy availability, grid stability, and power quality do not become binding constraints. Yet today, this demand is filtered through fragmented electricity markets, financially stressed DISCOMs, and coordination gaps between central transmission planning and state-level distribution capacity, creating uncertainty for AI-led investments that depend on 24/7 power assurance.

This is where nuclear power re-enters India’s strategic calculus. Unlike solar and wind, nuclear energy provides stable, zero-carbon baseload power at scale, which is precisely the attribute required for AI infrastructure, GCC clusters, and hyperscale data centres. For emerging technology hubs such as Bengaluru, Hyderabad, Pune, and Chennai, where land scarcity, grid congestion, and reliability risks are already acute, nuclear offers what renewables alone cannot: continuous, dispatchable power without emissions volatility. By anchoring AI growth to firm baseload generation, nuclear power can reduce pressure on state DISCOMs, smooth centre-state grid coordination, and provide long-term energy certainty to investors building India’s next generation of digital and AI infrastructure.

SHANTI establishes a unified statutory framework covering licensing, safety regulation, liability, compensation, and oversight, while granting statutory authority to the Atomic Energy Regulatory Board (AERB), which is a critical step in providing regulatory certainty for private investment in a capital-intensive, long-gestation sector.

Its most debated provision concerns liability. The Act caps operator liability at ₹3,000 crore, removes the automatic supplier liability introduced in 2010, and limits supplier responsibility to contractual terms or cases of wilful misconduct. Residual risk is addressed through a layered compensation structure comprising mandatory insurance, a government-backed Nuclear Liability Fund, and access to international mechanisms under the Convention on Supplementary Compensation.

Supporters argue this finally removes the liability overhang that stalled domestic and foreign participation, while critics warn that liability caps may understate accident risks and weaken victim recourse, underscoring SHANTI’s core tension between investor certainty and public accountability. Importantly, the Act maintains clear red lines: strategic fuel-cycle activities, radioactive waste management, and non-proliferation-sensitive functions remain with the state, while private participation is focused on construction, operations, and power generation where speed and scale matter most.

Small Modular Reactors (SMRs) are a practical route to power India’s AI, GCCs and data centres, delivering reliable, high-quality, round-the-clock power close to consumption hubs where conventional grids struggle. SHANTI enables this by explicitly accommodating advanced nuclear technologies, notably SMRs, whose compact, modular design and passive safety suit deployment near data centres, industrial clusters and tech parks while aligning with India’s three-stage nuclear programme and thorium strategy.

Globally, firms are exploring dedicated nuclear capacity for hyperscale sites — and research (e.g., Texas A&M) shows advanced fuels plus AI-enabled reactor management can cut downtime, a critical benefit for compute-intensive services. The relationship is bidirectional: nuclear provides a firm baseload for digital infrastructure, while AI improves safety and efficiency (predictive maintenance, fuel optimisation, anomaly detection). The IAEA frames this “atom–algorithm” convergence as central to clean, resilient energy systems, precisely what SHANTI seeks to unlock.

SHANTI is not just nuclear reform, it’s an infrastructure enabler for India’s AI, GCCs, and hyperscale data-centre economy. As workloads scale, the binding constraint is reliable, uninterrupted baseload power — something renewables alone cannot yet guarantee. By opening the civil nuclear sector and enabling advanced technologies such as SMRs, SHANTI offers a credible route to zero-carbon baseload for digital and industrial clusters. But legislation alone won’t fix legacy faults: financially stressed DISCOMs, grid congestion, transmission gaps, land/water limits, and safety/liability concerns. Only paired with market reform, stronger regulation, and centre–state coordination can SHANTI reliably power India’s AI future.

*The article has been authored by Arnab Ghosh, Associate Vice President, Public Affairs, and Abhinay Chandna, Manager, Public Affairs, MSL

The passage of the Sustainable Harnessing and Advancement of Nuclear Energy for Transforming India (SHANTI) Act, 2025, marks one of the most consequential shifts in India’s energy policy since Independence. SHANTI represents a fundamental rethinking of nuclear power’s role in India’s economic strategy, climate commitments, and technological future, particularly at a moment when artificial intelligence (AI) is reshaping how nations grow, compete, and govern.

At the core of this shift is a strategic reality: AI’s future will be shaped as much by energy infrastructure as by algorithms. Scaled AI adoption requires reliable, affordable, and uninterrupted power to sustain data centres, high-performance computing, and domestic R&D. Without firm baseload energy, AI risks concentrating in a few regions and firms, reinforcing digital divides rather than enabling inclusion. For India, where AI is expected to lift productivity across governance, manufacturing, healthcare, and MSMEs,energy availability will determine whether innovation remains elite or becomes truly democratized. SHANTI addresses this constraint by positioning nuclear power not just as a climate instrument, but as foundational infrastructure for AI-led growth, indigenous research, and inclusive technological diffusion.

It dismantles a six-decade-old institutional architecture. By repealing the Atomic Energy Act, 1962 and substantially restructuring the Civil Liability for Nuclear Damage Act, 2010, SHANTI ends the state monopoly over civil nuclear power. For the first time, licensed private Indian companies, joint ventures, and select foreign participants will be permitted to build, own, operate, and decommission nuclear power plants, subject to central government approval. The Nuclear Power Corporation of India Ltd (NPCIL) will no longer be the sole operator, opening the sector to new capital, execution capacity, and technological partnerships.

Simultaneously, India is entering a sharply energy-intensive phase of growth driven by artificial intelligence, global capability centres (GCCs), and large-scale digital infrastructure. Data centres, cloud platforms, large language models, and high-performance computing clusters require vast quantities of uninterrupted, high-quality power with tight latency and reliability thresholds. Globally, data centres consumed around 460 terawatt-hours of electricity in 2022, a figure projected to double by 2026. India’s own AI ecosystem is estimated to contribute nearly $1 trillion to GDP by 2035, but only if energy availability, grid stability, and power quality do not become binding constraints. Yet today, this demand is filtered through fragmented electricity markets, financially stressed DISCOMs, and coordination gaps between central transmission planning and state-level distribution capacity, creating uncertainty for AI-led investments that depend on 24/7 power assurance.

This is where nuclear power re-enters India’s strategic calculus. Unlike solar and wind, nuclear energy provides stable, zero-carbon baseload power at scale, which is precisely the attribute required for AI infrastructure, GCC clusters, and hyperscale data centres. For emerging technology hubs such as Bengaluru, Hyderabad, Pune, and Chennai, where land scarcity, grid congestion, and reliability risks are already acute, nuclear offers what renewables alone cannot: continuous, dispatchable power without emissions volatility. By anchoring AI growth to firm baseload generation, nuclear power can reduce pressure on state DISCOMs, smooth centre-state grid coordination, and provide long-term energy certainty to investors building India’s next generation of digital and AI infrastructure.

SHANTI establishes a unified statutory framework covering licensing, safety regulation, liability, compensation, and oversight, while granting statutory authority to the Atomic Energy Regulatory Board (AERB), which is a critical step in providing regulatory certainty for private investment in a capital-intensive, long-gestation sector.

Its most debated provision concerns liability. The Act caps operator liability at ₹3,000 crore, removes the automatic supplier liability introduced in 2010, and limits supplier responsibility to contractual terms or cases of wilful misconduct. Residual risk is addressed through a layered compensation structure comprising mandatory insurance, a government-backed Nuclear Liability Fund, and access to international mechanisms under the Convention on Supplementary Compensation.

Supporters argue this finally removes the liability overhang that stalled domestic and foreign participation, while critics warn that liability caps may understate accident risks and weaken victim recourse, underscoring SHANTI’s core tension between investor certainty and public accountability. Importantly, the Act maintains clear red lines: strategic fuel-cycle activities, radioactive waste management, and non-proliferation-sensitive functions remain with the state, while private participation is focused on construction, operations, and power generation where speed and scale matter most.

Small Modular Reactors (SMRs) are a practical route to power India’s AI, GCCs and data centres, delivering reliable, high-quality, round-the-clock power close to consumption hubs where conventional grids struggle. SHANTI enables this by explicitly accommodating advanced nuclear technologies, notably SMRs, whose compact, modular design and passive safety suit deployment near data centres, industrial clusters and tech parks while aligning with India’s three-stage nuclear programme and thorium strategy.

Globally, firms are exploring dedicated nuclear capacity for hyperscale sites — and research (e.g., Texas A&M) shows advanced fuels plus AI-enabled reactor management can cut downtime, a critical benefit for compute-intensive services. The relationship is bidirectional: nuclear provides a firm baseload for digital infrastructure, while AI improves safety and efficiency (predictive maintenance, fuel optimisation, anomaly detection). The IAEA frames this “atom–algorithm” convergence as central to clean, resilient energy systems, precisely what SHANTI seeks to unlock.

SHANTI is not just nuclear reform, it’s an infrastructure enabler for India’s AI, GCCs, and hyperscale data-centre economy. As workloads scale, the binding constraint is reliable, uninterrupted baseload power — something renewables alone cannot yet guarantee. By opening the civil nuclear sector and enabling advanced technologies such as SMRs, SHANTI offers a credible route to zero-carbon baseload for digital and industrial clusters. But legislation alone won’t fix legacy faults: financially stressed DISCOMs, grid congestion, transmission gaps, land/water limits, and safety/liability concerns. Only paired with market reform, stronger regulation, and centre–state coordination can SHANTI reliably power India’s AI future.

*The article has been authored by Arnab Ghosh, Associate Vice President, Public Affairs, and Abhinay Chandna, Manager, Public Affairs, MSL

The Digital Personal Data Protection Rules, 2025 provide the operational framework for implementing the Digital Personal Data Protection Act, 2023. They define procedural requirements, compliance mechanisms, consent management norms, data breach obligations, children’s data safeguards, and the functioning of the Data Protection Board (DPB).

These Rules significantly strengthen India’s digital governance architecture, improving consumer trust, enabling global interoperability, and operationalizing state capacity for data protection at scale. They also introduce graded compliance obligations for Significant Data Fiduciaries (SDFs), establish a regulated ecosystem for Consent Managers, and create a digital-first regulatory enforcement system.

The Rules operationalize the DPDP Act by ensuring that digital personal data of Indian citizens is processed lawfully, fairly, and transparently. The core actors under this framework are Data Fiduciaries (entities processing data), Data Principals (individuals), and Consent Managers.

Consent is positioned at the heart of the regime. It must be explicit, verifiable, and based on clear, understandable notices. For children and persons with disabilities, consent must come from parents or lawful guardians through verifiable methods. Individuals are granted straightforward mechanisms to withdraw consent, request access to their data, seek corrections, or demand erasure.

Data Fiduciaries are required to implement strong security safeguards including encryption, access controls, logging, and risk-mitigation processes. In the event of a breach, both the affected Data Principals and the DPB must be informed within 72 hours. Logs of consent and data access must be preserved for at least one year, while Consent Managers must retain consent logs for seven years.

Only the minimum necessary data for a specified purpose may be collected or processed. Once the purpose is fulfilled, the data must be erased unless legal requirements warrant further retention, and individuals must be duly notified of such erasure.

Significant Data Fiduciaries face enhanced responsibilities: they must conduct regular data protection impact assessments and undergo independent audits. Cross-border transfers are permitted, but only under conditions that guarantee adequate protection, with India retaining the right to restrict transfers for national security or strategic considerations.

The Rules empower individuals with clear rights to access, correct, or delete their personal data. They also guarantee an enforceable right to grievance redressal through digital mechanisms, ensuring transparency and timely responses from Data Fiduciaries.

The Rules represent India’s most decisive step in safeguarding digital privacy, reinforcing the fundamental right to privacy under Article 21 of the Constitution. While inspired by global frameworks such as the EU’s GDPR, they remain tailored to India’s unique digital and socio-economic landscape.

By mandating transparent consent processes, strong security standards, and effective redressal pathways, the Rules aim to reinforce trust in digital services. This trust is critical to sustaining growth in India’s digital economy, startup ecosystem, and innovation sectors.

The 18-month phased rollout offers organizations time to redesign systems, update processes, and align operations with the new compliance architecture. The intention is to ensure smooth adaptation while encouraging proactive compliance.

For businesses, especially those handling large volumes of data or engaging in cross-border data flows—the Rules necessitate significant changes in data governance, consumer interaction, and operational practices. The financial and regulatory penalties for non-compliance serve as strong incentives for organizations to adopt a privacy-first approach.

“The DPDP Rules 2025 mark an important and decisive step in building a coherent, implementable data protection framework for India. By defining the consent architecture, strengthening breach-notification obligations, and establishing greater accountability for data fiduciaries including state entities, the Rules enhance transparency in data processing and improve grievance redressal. These elements are essential for accelerating trust in India’s digital economy and aligning the country more closely with global best practices.”

“These rules will enable building digital trust among the people, better compliance by enterprises and quicker decisions by Data Protection Board being digital borne. Principle based approach, severity-based compliance and penalty mechanism and decriminalisation framework will promote technology, innovation and startups. Rules give a clear road map for planning and implementation guidelines regarding children’s data, significant fiduciaries and organisations which will ensure robust personal data privacy and secure data governance. A staggered implementation approach may help in course corrections as different provisions come into effect.”

“Our 2024 study surveying Indian companies on DPDPA implementation revealed a stark reality: most firms estimate at least 24 months to comply, grappling with the immense complexity of mapping data processes, overhauling technical architectures, and redefining product compliance. This aligns with global precedents – two years in Brazil, Japan, and the EU – yet with resource constraints forcing sequential rollouts, a longer grace period is essential to avoid chaos. As deadlines loom, expect widespread calls for extensions to the government. Compounding this, the rules’ failure to exempt behavioral monitoring, tracking, and targeted ads for products that are beneficial for children will deliver a devastating blow to child-focused industries like animation, toys, and publishing.”