joins
.JPG.png)
In the months of August and September, as India’s fintech and financial services ecosystem continues to expand, regulators have taken significant steps to provide clarity, streamline compliance, and...
On November 13, 2025, the Ministry of Electronics and Information Technology released the Digital Personal Data Protection Rules, 2025 (DPDP Rules), a crucial step towards operationalising the Digital Personal Data Protection Act, 2023 (DPDP Act), and outlining the long-awaited implementation timelines for India's new data protection framework.
While some procedural aspects, such as setting up of the data protection board are already in force, the core compliance obligations for data fiduciaries are set to take effect after an 18-month transition period, with reports indicating that these timelines may be crunched for sooner implementation. This timeline provides data fiduciaries with a clear roadmap to prepare, both internally, by strengthening governance and processes, and externally, by aligning practices with regulatory expectations.
To aid businesses in navigating this new landscape, the Technology, Media, Telecommunications Practice Group at CMS INDUSLAW has outlined the key aspects of the DPDP Rules, and their potential impact on industry stakeholders. This article is intended to provide insights on critical compliance measures and guide organisations on how to interpret the framework to understand and plan for its nuanced implementation.
