India: Ministry of Electronics and Information Technology issued Digital Personal Data Protection Rules 2025 including data protection regulation

On 13 November 2025, the Ministry of Electronics and Information Technology issued the Digital Personal Data Protection Rules implementing the Digital Personal Data Protection Act of 2023. The rules outline the principles governing consent, data fiduciaries' responsibilities, and the security measures required to safeguard personal data. The measures include encryption, access control, and ensuring transparency in data collection. The rules contain provisions on the registration and obligations of consent managers. The rules also mandate that data principals have rights to access, correct, and erase their data, with some exceptions for research or statistical purposes. Furthermore, significant data fiduciaries are mandated to conduct regular Data Protection Impact Assessments and audits to mitigate risks to data privacy.