Authors : A. K. M. Fazlur Rahman; Dr. Dulari A. Rajput

Volume/Issue : Volume 11 - 2026, Issue 4 - April

Google Scholar : https://tinyurl.com/2ftksmsu

Scribd : https://tinyurl.com/2wu28duf

DOI : https://doi.org/10.38124/ijisrt/26apr1661

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.

Abstract : The increasing integration of Artificial Intelligence (AI) into critical public infrastructure systems (e.g., energy, transport, water, digital identity) introduces both operational efficiencies and unprecedented cybersecurity vulnerabilities. However, the relationship between national AI governance frameworks and the cultivation of cybersecurity trust remains underexplored, particularly across divergent socio-technical and regulatory contexts. This paper addresses the central research question: How do different AI governance models in India, Singapore, and the United Kingdom influence cybersecurity trust outcomes in public infrastructure systems? A comparative multiple-case study design was employed, selecting one major AI-enabled public infrastructure system per country: India’s DigiYatra (biometric air travel), Singapore’s Smart Water Assessment Network (SWAN), and the UK’s National Grid AI Demand Forecasting System. Data were collected from policy document analysis (2019–2024), semi-structured interviews with 45 cybersecurity and infrastructure governance experts, and publicly available incident reports. A thematic analysis was guided by a conceptual framework integrating institutional trust theory, the NIST AI Risk Management Framework, and GDPR/UK GDPR data protection principles. Cross-case comparison used a most-different systems design to isolate governance effects. Results reveal three distinct governance-trust configurations. India’s hybrid governance (non-binding guidelines plus sectoral mandates) fosters rapid AI deployment but produces fragmented trust, with high citizen usage alongside low institutional confidence in breach response. Singapore’s centralized, risk-based model (Model AI Governance Framework, amended Cybersecurity Act) generates managed trust—predictable but brittle, with private infrastructure partners exhibiting compliance fatigue. The UK’s principles-based, cross-sectoral approach (e.g., CDEI, NCSC guidance) yields negotiated trust, characterized by active public contestation and slower adoption but higher resilience to adversarial attacks. Cross-cutting findings show that technical robustness alone does not predict trust; instead, transparency mechanisms (e.g., algorithmic impact assessments) and redress pathways are stronger determinants. Notably, all three systems struggle with trust asymmetries: AI operators over-trust automated defenses while citizens under-trust anomaly detection systems. We conclude that no single governance model universally optimizes cybersecurity trust. India’s agility suits resourceconstrained scaling but requires independent oversight for trust repair. Singapore’s precision reduces known risks but may fail against novel AI attacks. The UK’s deliberative model builds legitimacy but at the cost of speed. For policymakers, we recommend (1) embedding ‘trust audits’ as mandatory components of AI system certifications, (2) establishing crossjurisdictional learning mechanisms for incident response, and (3) moving from static compliance to dynamic trust calibration. Future work should extend the comparison to Global South contexts and empirically test the proposed trust-governance typology.

References :

• Primary Source Documents (Policy & Legal)

1. Government of India. (2018). National AI Strategy. NITI Aayog.
2. Government of India. (2019). Personal Data Protection Bill (Bill No. 373 of 2019). Ministry of Electronics & Information Technology.
3. Government of India. (2023). Digital Personal Data Protection Act (Act No. 22 of 2023). Ministry of Law and Justice.
4. Government of India. (2013). National Cyber Security Policy. Ministry of Electronics & Information Technology.
5. Government of India. (2021). National Cyber Security Policy (Draft). Ministry of Electronics & Information Technology.
6. Ministry of Civil Aviation, Government of India. (2018). DigiYatra Policy Guidelines. Government of India.
7. Ministry of Civil Aviation, Government of India. (2023). DigiYatra Consent Management Framework. Government of India.
8. CERT-In. (2019–2024). Annual Cyber Incident Reports. Indian Computer Emergency Response Team.
9. Government of Singapore. (2019). Model AI Governance Framework (1st ed.). Infocomm Media Development Authority & Personal Data Protection Commission.
10. Government of Singapore. (2020). Model AI Governance Framework (2nd ed.). Infocomm Media Development Authority & Personal Data Protection Commission.
11. AI Verify Foundation & Infocomm Media Development Authority. (2024). Model AI Governance Framework for Generative AI. Government of Singapore .
12. Cyber Security Agency of Singapore. (2018). Cybersecurity Act (Act No. 9 of 2018). Government of Singapore
13. Cyber Security Agency of Singapore. (2022). Cybersecurity Act (Amended). Government of Singapore.
14. Cyber Security Agency of Singapore. (2025). Securing Agentic AI: An Addendum to the Guidelines and Companion Guide on Securing Artificial Intelligence (AI) Systems. Government of Singapore .
15. Infocomm Media Development Authority. (2026). Model AI Governance Framework for Agentic AI. Government of Singapore .
16. Smart Nation and Digital Government Group. (2019–2024). Operational Guidelines for Smart Nation Infrastructure. Government of Singapore.
17. Personal Data Protection Commission. (2012). Personal Data Protection Act (Act No. 26 of 2012). Government of Singapore. (Amended 2020).
18. Cyber Security Agency of Singapore. (2021–2024). SWAN Technical Specifications and Audit Protocols. Government of Singapore.
19. Government of Singapore. (2019). National AI Strategy. Smart Nation and Digital Government Office.
20. Government of Singapore. (2023). National AI Strategy (Updated). Smart Nation and Digital Government Office .
21. Government of United Kingdom. (2021). National AI Strategy. Office for Artificial Intelligence.
22. Centre for Data Ethics and Innovation. (2019–2023). Review Reports. UK Government.
23. National Cyber Security Centre. (2021). Guidance on Securing AI Systems. UK Government.
24. National Cyber Security Centre. (2023). Guidance on Securing AI Systems (Updated). UK Government.
25. Government of United Kingdom. (2018). Data Protection Act (c. 12). UK Parliament.
26. Government of United Kingdom. (2022). National Cyber Strategy. Cabinet Office.
27. Ofgem. (2020–2024). National Grid Security Compliance Reports. Office of Gas and Electricity Markets.
28. National Grid. (2026). Flexpectation: Short-Term Forecasting for Demand and Embedded Generation. Network Innovation Allowance Project .
29. Academic Literature

• Books and Book Chapters

30. Braun, V., & Clarke, V. (2006). Using thematic analysis in psychology. In Qualitative Research in Psychology (Vol. 3, pp. 77–101). Taylor & Francis.
31. Miles, M. B., Huberman, A. M., & Saldaña, J. (2020). Qualitative data analysis: A methods sourcebook (4th ed.). SAGE Publications.
32. Power, M. (2007). The audit society: Rituals of verification. Oxford University Press.
33. Yin, R. K. (2018). Case study research and applications: Design and methods (6th ed.). SAGE Publications.

• Journal Articles and Conference Papers

34. Barreno, M., Nelson, B., Sears, R., Joseph, A. D., & Tygar, J. D. (2006). Can machine learning be secure? Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, 16–25 .
35. Bhattacharya, S., & Singh, A. (2023). A comparative analysis of AI governance frameworks in China and India. Journal of AI Policy and Regulation, 8(2), 112–134.
36. Carlini, N., & Wagner, D. (2020). Adversarial examples are not easily detected: Bypassing ten detection methods. Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, 3–14.
37. Chew, L. K., Tan, W. H., & Lim, S. (2022). Singapore's Model AI Governance Framework: A critical assessment. Asian Journal of Law and Society, 9(3), 345–367.
38. Duddu, V. (2018). A survey of adversarial machine learning and privacy attacks. arXiv preprint arXiv:1806.04165 .
39. Eykholt, K., Evtimov, I., Fernandes, E., Li, B., Rahmati, A., Xiao, C., Prakash, A., Kohno, T., & Song, D. (2018). Robust physical-world attacks on deep learning visual classification. Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, 1625–1634 .
40. Gardiner, J., & Nagaraja, S. (2016). On the security of machine learning in malware detection: A survey. ACM Computing Surveys, 49(3), 1–39 .
41. Glikson, E., & Woolley, A. W. (2020). Human trust in artificial intelligence: Review of empirical research. Academy of Management Annals, 14(2), 627–660.
42. Goodfellow, I. J., Shlens, J., & Szegedy, C. (2015). Explaining and harnessing adversarial examples. International Conference on Learning Representations .
43. Hoff, K. A., & Bashir, M. (2015). Trust in automation: Integrating empirical evidence on factors that influence trust. Human Factors, 57(3), 407–434.
44. House of Lords Artificial Intelligence Committee. (2018). AI in the UK: Ready, willing and able? (Report of Session 2017–19, HL Paper 100). UK Parliament.
45. Ibitoye, O., Shafiq, O., & Matrawy, A. (2019). Analyzing adversarial attacks against deep learning for network intrusion detection. IEEE Canadian Conference of Electrical and Computer Engineering, 1–4 .
46. Kolosnjaji, B., Demontis, A., Biggio, B., Maiorca, D., Giacinto, G., Eckert, C., & Roli, F. (2018). Adversarial malware binaries: Evading deep learning for malware detection in executables. Proceedings of the 26th European Signal Processing Conference, 533–537 .
47. Lee, J. D., & See, K. A. (2004). Trust in automation: Designing for appropriate reliance. Human Factors, 46(1), 50–80.
48. Li, D., Chen, Q., Zhang, W., & Li, S. (2021). Adversarial malware detection: A survey. IEEE Transactions on Dependable and Secure Computing, 18(6), 2654–2673 .
49. Ling, X., Wu, Z., & Ji, S. (2020). A survey of adversarial attacks on Windows PE malware detection. Computers & Security, 97, 101965 .
50. Martins, N., Cruz, J. M., Cruz, T., & Abreu, P. H. (2020). Adversarial machine learning applied to intrusion and malware scenarios: A systematic review. IEEE Access, 8, 35403–35419 .
51. Papernot, N., McDaniel, P., Sinha, A., & Wellman, M. P. (2018). SoK: Security and privacy in machine learning. Proceedings of the 2018 IEEE European Symposium on Security and Privacy, 399–414.
52. Roberts, H., Cowls, J., Morley, J., Taddeo, M., Wang, V., & Floridi, L. (2021). The Chinese approach to artificial intelligence: An analysis of policy, ethics, and regulation. AI & Society, 36(1), 59–77.
53. Sarker, I. H., Furhad, M. H., & Nowrozy, R. (2021). AI-driven cybersecurity: An overview, security intelligence modeling and research directions. SN Computer Science, 2(3), 1–18.
54. Shneiderman, B. (2020). Human-centered artificial intelligence: Reliable, safe & trustworthy. International Journal of Human-Computer Interaction, 36(6), 495–504.
55. Sillence, E., Blythe, J., & Briggs, P. (2022). Trust in algorithmic decision-making systems in public services. Behaviour & Information Technology, 41(12), 2547–2563.
56. Smuha, N. A. (2021). Beyond the individual: Governing AI's societal harm. European Journal of Law and Technology, 12(3), 1–31.
57. Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., & Fergus, R. (2014). Intriguing properties of neural networks. International Conference on Learning Representations .
58. Veale, M., & Borgesius, F. Z. (2021). Demystifying the draft EU Artificial Intelligence Act. Computer Law Review International, 22(4), 97–112.

• Technical Reports and White Papers

59. DigiYatra Foundation. (2023). Privacy Audit Report. DigiYatra Foundation.
60. National Cyber Security Centre. (2021). Adversarial machine learning: A taxonomy and terminology. NCSC Technical Report.
61. National Cyber Security Centre. (2022). Post-inc review of near-miss attack on National Grid AI systems. NCSC.
62. Open Climate Fix & National Grid. (2026). Flexpectation: Technical specification and methodology. National Grid Publications .
63. Sitaraman, G., & Parek, K. (2025). The global rise of public AI. Vanderbilt Policy Accelerator, Vanderbilt Law School.

• News Media and Public Reports

64. BOOM Fact Check. (2023, March 21). Why experts aren't convinced by Scindia's clarification on DigiYatra privacy. BOOM .
65. The Hindu. (2024, January 14). What are the complaints about Digi Yatra? Explained. The Hindu .
66. ZDNET. (2020, October 15). Singapore releases AI ethics, governance reference guide. ZDNET .

• Online Databases and Reference Works

67. ArxivLens. (2025). The Algorithmic State Architecture (ASA): An integrated framework for AI-enabled government [Paper summary]. ArxivLens .
68. Bird & Bird. (2026). AI regulatory horizon tracker: Singapore .
69. Complete AI Training. (2026, March 13). How National Grid is using AI to zero in on cyber risks and stay ahead of new rules. Complete AI Training .
70. Herbert Smith Freehills Kramer. (2026). AI tracker: Singapore .
71. IEEE Xplore. (2024). A survey on adversarial attacks for malware analysis. IEEE Access, 13, 428–459 .

• Additional References (Theoretical and Methodological)

72. Braun, V., & Clarke, V. (2021). Thematic analysis: A practical guide. SAGE Publications.
73. Creswell, J. W., & Poth, C. N. (2018). Qualitative inquiry and research design: Choosing among five approaches (4th ed.). SAGE Publications.
74. Floridi, L., Cowls, J., Beltrametti, M., Chatila, R., Chazerand, P., Dignum, V., Luetge, C., Madelin, R., Pagallo, U., Rossi, F., Schafer, B., Valcke, P., & Vayena, E. (2018). AI4People—An ethical framework for a good AI society: Opportunities, risks, principles, and recommendations. Minds and Machines, 28(4), 689–707.
75. Mittelstadt, B. (2019). Principles alone cannot guarantee ethical AI. Nature Machine Intelligence, 1(11), 501–507.
76. Rudin, C. (2019). Stop explaining black box machine learning models for high stakes decisions and use interpretable models instead. Nature Machine Intelligence, 1(5), 206–215.
77. Taddeo, M., & Floridi, L. (2018). How AI can be a force for good. Science, 361(6404), 751–752.
78. Wachter, S., Mittelstadt, B., & Russell, C. (2021). Why fairness cannot be automated: Bridging the gap between EU non-discrimination law and AI. Computer Law & Security Review, 41, 105567.