MeitY notifies DPDP Rules 2025, marks new era of data protection in India: What you need to know

Laying out the operational framework for data protection in India, the Ministry of Electronics and Information Technology (MeitY) has officially notified the Digital Personal Data Protection (DPDP) Rules, 2025. The new notification comes after the government included objections and suggestions on the draft DPDP Rules, 2025, issued in January 2025. Businesses have an 18-month window to comply with core obligations. “With the Data Protection Board now established and staggered compliance timelines taking effect, businesses need to shift focus from high-level planning and sensitisation to actual implementation of obligations. The next 18 months will be critical for achieving the right balance between user rights, regulatory certainty and business practicality,” says Probir Roy Chowdhury, Partner-JSA Advocates & Solicitors. Read more