The Digital Personal Data Protection (DPDP) Act, passed by India's Parliament in December 2025, is already encountering significant legal challenges. Stakeholders are raising concerns about its compliance framework and the potential implications for citizens' rights.
The Act aims to establish a comprehensive legal framework for personal data processing in India, responding to growing concerns about data misuse in the digital era. Key provisions include stringent requirements for data fiduciaries—entities handling personal data—to obtain explicit consent from individuals before processing their data. Section 8 mandates that data breaches be reported within 72 hours, while Section 12 outlines penalties for non-compliance, which can reach up to ₹250 crore.
