1. New Personal Data Protection Regime
India has recently enacted a new data protection law. The Digital Personal Data Protection Act, 2023 (“DPDPA”) rehauls existing data protection practices in the country. While comparable to the GDPR, the DPDPA diverges from many international data protection laws by focusing on a consent-centric framework. This will require businesses to restructure their global privacy framework for India-related data processing activities. Penalties for non-compliance may extend up to INR 250 crores (~ 30 million USD). While the law is not yet in effect, companies have already commenced their compliance operations. Read our detailed summary of the new law and its impact on businesses here.
2. A Proposed Framework To Regulate Information Technology
The Indian government seeks to revamp its decades-old IT law under its ‘Digital India’ initiative. A proposed “Digital India Act” will regulate the open internet, online safety, accountability and quality of services, and emerging technologies, while establishing a new adjudicatory mechanism. Through the regulation of internet intermediaries, developers of emerging technologies, and internet users, the Digital India Act aims to establish non-discriminatory internet access through sanctions on digital harms such as impersonation, privacy violations, misinformation, doxing, and cyber-attacks. Fines for non-compliance are expected to extend up to INR 500 crores (~60 million USD) and will include criminal penalties as well. A draft version of this law has not yet been officially published.
3. Increased Penalties For Non-Compliance With Cybersecurity Requirements
In 2022, India’s nodal cybersecurity regulator issued a set of directions that, among other cybersecurity obligations, requires businesses to report cybersecurity incidents to the regulator within six hours of knowledge of occurrence. Penalties for non-compliance include both, fines of up to INR 1 lakh (~1,200 USD) and imprisonment of up to one year. While there have been no public instances of penalties being imposed since these directions went into effect, the Indian government has recently enacted an amendment to increase the fine to a maximum of INR 1 crore (~120,000 USD), which significantly increases risks associated with non-compliance with the stringent directions. This amendment is not yet in effect.
This website is owned and operated by Spice Route Legal, and is exclusively meant to be a source of information on the firm, it’s practice areas, and its members.
It is not intended and should not be construed as any form of advertisement, solicitation, invitation or inducement of any sort from the firm or its members.
Spice Route Legal does not warrant that any information provided on the website is accurate, complete or updated, and further denies liability for any and all loss or damage caused to the user as a result of their reliance on the content provided.
The information made available on this site must in no way be relied upon, or construed, as legal advice. If you need legal assistance, we recommend you seek help from competent counsel licensed to practice and advise in the relevant jurisdiction.