Principal Rights Follow us:

Your go-to hub for Expert Insights,
Publications, and Resources on
data privacy and compliance

Our resources provide the essential tools, guides, and insights to help your business stay ahead of data privacy regulations. From practical templates to expert articles, we ensure you have everything you need to navigate compliance with confidence.

Sign up for Newsletter Get in touch

Table of content

Last Updated: 2025-04-09 ~ DPDP Consultants

Government Set to Finalize DPDP Act Rules Within 6-8 Weeks

Government Set to Finalize DPDP Act Rules Within 6-8 Weeks

NEW DELHI - The Indian government expects to implement the rules for the Digital Personal Data Protection (DPDP) Act within the next 6-8 weeks, according to Ministry of Electronics and IT Secretary S. Krishnan. The announcement came during the Digital Threat Report 2024 event for the BFSI sector organized by SISA and Cert-In.

"We have received detailed comments on the rules. We are examining them rule by rule and determining if any changes are required," said Krishnan. "We may need to complete another process of internal consultation after that is completed. I would estimate it will take about six to eight weeks."

Once implemented, the DPDP Act will be instrumental in preventing personal data leaks and strengthening India's data protection framework.

In a related development, officials revealed that the government is evaluating requirements for local storage of artificial intelligence models, particularly Large Language Models (LLMs), to mitigate security risks and prevent unauthorized data flows outside the country.

"The true problem lies when data gets shared on a portal or on a mobile app because then the data may go out of the country and may sort of feed the way that a particular model is trained," Krishnan explained. "If the model itself is hosted in India, then the risks of data going out are far more mitigated considerably."

The Secretary noted that these factors would be carefully considered before making any final decisions regarding AI governance policies, especially concerning platforms from certain countries.

Krishnan also highlighted a positive trend in cybersecurity incident reporting across India. "Traditionally, in India, people are warned not to report many of these breaches. So, it is a good thing that reporting is happening so that we understand the extent of the problem and where the problems are coming up," he said.

This increase in reporting reflects growing awareness about cyber threats and demonstrates improved surveillance capabilities and detection systems throughout the country's digital ecosystem.

Industry experts suggest that organizations should begin preparing for compliance with the upcoming DPDP Act rules by reviewing their current data protection practices and establishing robust protocols for data breach reporting.

The government's focus on data localization for AI models and strengthening data protection regulations indicates a continued emphasis on digital sovereignty while balancing innovation and security concerns.

 

Key Actions for Organizations to Prepare:

  1. Conduct a Data Audit: Identify and catalog all personal data being collected, processed, and stored within your organization.
  2. Review Data Processing Agreements: Ensure all third-party service providers handling personal data comply with DPDP Act requirements.
  3. Establish Data Breach Response Protocols: Create or update incident response plans specifically for data breaches, including notification procedures.
  4. Evaluate AI and LLM Usage: Assess whether your organization uses AI models that process Indian citizens' data and determine if they're hosted within India.
  5. Implement Data Minimization Practices: Collect and retain only the personal data necessary for your business operations.
  6. Train Staff: Educate employees about the upcoming DPDP Act regulations and their responsibilities regarding data protection.
  7. Appoint Data Protection Officers: For larger organizations, consider designating personnel responsible for ensuring compliance with the new regulations.
  8. Monitor Regulatory Updates: Stay informed about the final DPDP Act rules when they are published in the coming weeks.

Get Ahead—Start Your DPDP Compliance Journey Today

The clock is ticking. The notification of DPDP Act Rules in coming weeks will trigger a compliance scramble. The question is—will you be ready or left behind?

👉 Contact DPDP Consultants now to secure expert guidance and safeguard your organization’s compliance future.

#DPDP #DataProtection #IndianCybersecurity #DataLocalization #AI #LLM #DataPrivacy #DataSovereignty #CyberSecurity #DataCompliance #DigitalIndia #TechRegulation #DataGovernance #AIRegulation #DataBreachPrevention #IndiaTech #CyberLaws #MeitY

 

Similar Read

Aadhaar Law Set for Overhaul to Align with DPDP Act, Says Union Minister Ashwini Vaishnaw
India Pushes for Data Localization Despite Big Tech Opposition
DPDPA Rules Will Be Out in April – Are You Ready?
India Set to Unveil Digital Data Protection Rules in April