As Google’s Gemini Spark turns AI into a persistent digital intermediary, India’s governance framework risks falling dangerously behind.

Google’s unveiling of Gemini Spark at Google I/O 2026 is not just another AI product announcement. Spark is designed as a persistent personal agent that coordinates tasks across Gmail, Docs, Slides, and third-party platforms such as Canva and Instacart. Unlike earlier AI assistants that responded to isolated prompts, Spark remains continuously active, retains contextual memory, and acts across workflows over time.

For India, the scale of exposure is immediate. The Gemini app holds 52 percent of AI chatbot downloads in India, making it the dominant AI product in the country’s market. India had 1.03 billion internet users as of end-2025, with 85.5 percent of households owning at least one smartphone, according to the National Sample Survey’s Comprehensive Modular Survey on Telecom. Google’s AI Mode already counts 100 million monthly active users across the United States and India combined. When Spark rolls out at scale, it arrives into a digital environment where hundreds of millions of people conduct daily financial transactions, communicate with employers, and access services through a single device.

High Integration

An AI system that summarizes meetings, rewrites emails, tracks bills, and coordinates purchases is no longer a passive software tool. It becomes an intermediary between individuals and their digital environments. Current governance frameworks were not built for this level of integration or autonomy. Most existing debates around AI ethics focus on misinformation, algorithmic bias, or copyright disputes. Those concerns remain important. But persistent personal agents introduce a different category of risk. The issue is not what AI generates. The issue is what AI does on behalf of users, how much authority it acquires over time, and who remains accountable once decision-making becomes partially automated.

Consider what this means for an ordinary Indian user. UPI accounted for 85.5 percent of all digital payment transaction volumes in India in the second half of 2025, per the Reserve Bank of India’s Payment Systems Report. Over 504 million people use UPI, processing transactions worth Rs 27.97 lakh crore in December 2025 alone. Many of these users are first-generation digital consumers: small traders, migrant workers, and rural households who entered formal financial systems through their phones. A persistent AI agent with access to their banking workflows, spending patterns, and communication history is not a productivity upgrade but an unaccountable intermediary inserted into the financial lives of people with limited recourse when things go wrong.

When an AI agent books services, sends communications, or coordinates transactions on its own, mistakes carry legal, financial, and reputational consequences. A poorly interpreted instruction leads to unauthorized spending or procedural harm. Technology companies present user consent as a sufficient safeguard. In reality, most individuals cannot monitor every action a persistent agent takes. Users move from decision-makers to occasional reviewers of actions already initiated by the system. Responsibility becomes distributed across the model developer, the cloud provider, third-party platforms, and the user. When failures occur, accountability is impossible to trace. The company argues the user approved the workflow. The platform claims it executed instructions. The user does not understand how the system arrived at a decision.

India’s regulatory position makes this gap sharper. MeitY released the India AI Governance Guidelines in November 2025, built around seven principles. The guidelines acknowledge that “increasingly autonomous systems pose challenges for regulatory frameworks to remain timely, coherent, and future-ready.” But the framework is non-binding. The DPDP Rules 2025, notified on 13 November 2025, provide a data protection framework for data fiduciaries, not for agentic systems that observe, interpret, and act autonomously across multiple workflows simultaneously. No Indian regulation currently addresses liability for autonomous AI action, audit requirements for persistent agents, or users’ right to understand why an AI system made a decision on their behalf.

Vulnerability Surface

The privacy implications compound this. Spark’s usefulness depends on continuous access to emails, documents, calendars, financial records, and interpersonal communications. In India, UPI fraud cases stood at 6.32 lakh incidents causing Rs. 485 crore in losses in FY25. Adding an always-on AI agent with access to payment workflows and communication histories expands the vulnerability surface considerably. Persistent AI agents do not merely observe behaviour retrospectively, as traditional advertising systems did. They observe behaviour while participating in future decisions. They help structure preferences.

Google’s infrastructural position in India intensifies these concerns. The company controls Android, which runs on the overwhelming majority of Indian smartphones, alongside Search, Gmail, YouTube, Maps, and Google Pay. Gemini Spark operates within a vertically integrated ecosystem where infrastructure, data, and agentic intelligence reinforce one another. For Indian users, many of whom access the internet exclusively through Android devices and Google services, a persistent personal agent in this ecosystem is not an add-on feature but a structural deepening of dependency on a single privately governed platform. If personal AI agents become the dominant interface through which people access digital services, platform providers acquire unprecedented influence over information access, consumer behaviour and market visibility.

A meaningful policy response requires moving beyond voluntary principles. MeitY should extend its AI governance work to cover agentic systems with binding requirements rather than aspirational guidelines. The DPDP Rules need a specific provision covering autonomous AI action: users should have a legal right to know what decisions a persistent agent made on their behalf, on what basis, and what the consequences were. The Competition Commission of India should examine whether a single platform controlling the operating system, the productivity suite, the payment infrastructure, and the personal AI agent in a mobile-first economy creates conditions for structural market foreclosure. Interoperability standards are needed so users are not locked into a single AI ecosystem simply because switching means losing their interaction histories and workflow continuity.

The real governance failure would not be that personal AI agents become powerful. It would be allowing them to become socially indispensable before public institutions have set the rules under which they operate.

(The author is an independent public policy researcher who writes on political economy, climate, and the ethics of everyday systems. Views personal.)