India: Ministry of Electronics and Information Technology issued Digital Personal Data Protection Rules including cybersecurity regulation
Description
Ministry of Electronics and Information Technology issued Digital Personal Data Protection Rules including cybersecurity regulation
On 13 November 2025, the Ministry of Electronics and Information Technology issued the Digital Personal Data Protection Rules implementing the Digital Personal Data Protection Act of 2023. The rules impose obligations on Data Fiduciaries and Data Processors across sectors handling personal data. The rules mandate reasonable security safeguards, including encryption, access controls, logging, and data backups, along with contractual requirements for processors to ensure equivalent protections. In the event of a personal data breach, Data Fiduciaries must notify affected individuals promptly and report to the Data Protection Board with detailed information within 72 hours.
Original sourceScope
Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
other regulatory body
Complete timeline of this policy change
Hide details
2025-01-03
in consultation
2025-03-05
processing consultation