India: Ministry of Electronics and Information Technology issued Digital Personal Data Protection Rules including cross-border data transfer regulation

Ministry of Electronics and Information Technology issued Digital Personal Data Protection Rules including cross-border data transfer regulation

On 13 November 2025, the Ministry of Electronics and Information Technology issued the Digital Personal Data Protection Rules implementing the Digital Personal Data Protection Act of 2023. Rule 23 stipulates that the Government may request that a Data Fiduciary or Intermediary provide specific information via an authorised individual listed in the Seventh Schedule. Should the disclosure of such information potentially compromise India's sovereignty, integrity, or security, the Data Fiduciary or Intermediary is obligated to obtain prior written approval before disseminating the information.

Original source

Scope

Policy Area

Data governance

Policy Instrument

Government access to data

Regulated Economic Activity

cross-cutting

Implementation Level

national

Government Branch

executive

Government Body

other regulatory body

Complete timeline of this policy change

Hide details

2025-01-03

in consultation

On 3 January 2025, the Ministry of Electronics and Information Technology opened a public consultat…

2025-03-05

processing consultation

On 5 March 2025, the Ministry of Electronics and Information Technology closes the public consultat…

2025-11-13

adopted

On 13 November 2025, the Ministry of Electronics and Information Technology issued the Digital Pers…

Description

Ministry of Electronics and Information Technology issued Digital Personal Data Protection Rules including cross-border data transfer regulation

Scope

Complete timeline of this policy change