Govt notifies digital personal data protection rules

Govt notifies digital personal data protection rules

14 Nov 2025, 04:38 PM

The rules also state that Data Fiduciaries must comply with government-specified restrictions on certain categories of data, including localisation where required.

Team Head&Tale

Share the story on

The Government of India on Friday notified the Digital Personal Data Protection (DPDP) Rules, 2025 with an aim to protect the privacy of citizens amid increasing concerns in the wake of rapidly growing AI.

The much awaited rules, which mark the full operationalisation of the DPDP Act, 2023, provide an 18-month phased compliance timeline for data protection regime to be implemented, the government said in a statement.

The rules also require that Data Fiduciaries, entities handling personal data, must issue notices that should transparently explain the specific purpose for which personal data is being collected and used.

Besides, Consent Managers, which are entities that help individuals manage their permissions, must be Indian companies, it added.

In case of data related to children, Data Fiduciaries must obtain verifiable consent before processing their personal data. Besides, in case of disabled people, consent must come from a lawful guardian verified under applicable laws.

The rules also state that Data Fiduciaries must comply with government-specified restrictions on certain categories of data, including localisation where required.

This is significant as new-age AI companies including OpenAI and Anthropic have planned to set up offices in the country.

"The rules seek to strike a careful balance between protecting citizens’ privacy and promoting innovation and growth," noted the statement.

Who Reads Us

“I enjoy reading The Head and Tale for their coverage on the Fintech landscape. The reporting is incisive and honest, and it demonstrates a sharp understanding of the industry and the issues that concern it. I'd like to extend my best wishes to Arti for her continued success.”

Rahul Chari Co-Founder And CTO, PhonePe

“Well-researched, informative and analysis based reporting makes an interesting read. 'The Head and Tale' news portal has been demonstrating this quite well covering fintech and emerging tech sectors. Their timely updates, exclusive stories and different perspectives on these sectors help me stay informed. Kudos to Arti Singh for pursuing her passion and best wishes to the team.”

Rishi Gupta MD & CEO, Fino Payments Bank

“The Head and Tale stands out for its deep industry knowledge and impressive network of sources. I especially appreciate that the reporting remains independent, rarely resorting to paid puff pieces, making it a publication I can genuinely trust. Having followed Arti’s work for years, I’ve come to rely on The Head and Tale for its unparalleled insight and truly independent coverage. Arti’s long-standing presence in the sector means her reporting is always informed, with access few can match.”

Lizzie Chapman Co-founder, ZestMoney

“What I really appreciate about The Head and Tale is that it doesn’t just report the news, it interprets it. The stories are well-researched, comprehensive, and bold. Arti brings a fearless lens to reporting, often asking the uncomfortable but necessary questions. She makes you pause, reflect, and rethink what it all means for the payments and fintech ecosystem. It’s rare to find journalism that’s this sharp, timely, and relevant to the work we do every day.”

Mohit Bedi Co-founder, Kiwi

“I’ve always valued journalism that goes beyond surface-level headlines. The Head and Tale does exactly that - it connects the dots, asks the tough questions, and brings clarity to the shifts shaping our evolving industry. I’ve even encouraged my team members to subscribe, because staying informed through credible, deeply reported stories is as important as building products. For me, The Head and Tale has become part of essential reading.”

Cofounder of IPO-bound leading fintech lending company