Nadella suggested that, as facial recognition becomes increasingly prevalent, self-regulation among tech companies might not be enough to deal with the societal challenges it represents.
"One of the things that I feel today is, in the marketplace, there's competition; there's no discrimination between the right use and the wrong use of facial recognition," Nadella told an audience at the World Economic Forum in Davos.
He said that, while self-regulation is important to ensure use of facial recognition is "fair and robust," government rules may be needed to prevent harmful consequences.
"At the same time we also welcome any regulation that helps the marketplace not be a race to the bottom," Nadella said.
Such a "race to the bottom" could in fact lead to "even more heavy-handed regulatory regimes," he added.
The software giant has been at the forefront of raising concerns about the potential misuse of facial recognition. It has been increasingly calling for rules to be established to prevent human rights violations and discrimination.
The technology is included in many new smartphones including Apple's new iPhone models and Samsung's latest Galaxy phones. A primary purpose of facial recognition so far has been to identify users with biometric authentication to bolster the security of devices.
But growing worries over the ability of countries like China to use it to spy on citizens have led to increasing calls for regulatory oversight.
Chinese artificial intelligence giant SenseTime, for instance, is known to provide its face identification tech to help the police identify suspected criminals. The firm says on its website that Guangzhou's public security bureau has managed to identify over 2,000 crime suspects since 2017 with the help of SenseTime's technology.
Nadella also called for global privacy regulation. The Microsoft boss lauded the European Union's new GDPR data privacy law which was introduced last year, calling it a "fantastic start."
But he said that an overhaul of data protection legislation shouldn't stop with Europe, and that the U.S. and the rest of the world should also follow suit.
"I am hopeful that in the United States we will have something that's along the same lines," Nadella said. "In fact, I hope that the world over we all converge on a common standard."
"Because one of the things we do not want to do is fragment the world and increase transaction cost."
Last year was a particularly notable one in regard to controversy surrounding the sharing of data and violations of privacy. Facebook was — and to a large extent, still is — at the center of a scandal surrounding the way it let political consultancy Cambridge Analytica gain access to the data of 87 million people.
That particular case saw politicians and regulators cracking down and increasing scrutiny of the tech sector.
Various company executives — including Facebook's Mark Zuckerberg and Sheryl Sandberg, Google's Sundar Pichai and Twitter's Jack Dorsey — appearing before lawmakers to testify on a multitude of issues, not least including the misuse of personal information.
More scrutiny over data practices in the industry also landed Facebook and others with fines. The U.K.'s data watchdog slapped the social media giant with a £500,000 ($652,000) fine over its handling of user data, while the French privacy authority recently hit Google with a 50 million euro ($57 million) fine for allegedly breaching GDPR.