JSA in
News

Provisions restricting cross-border data transfers in the Digital Personal Data Protection (DPDP) Act and the rules are expected to drive large companies, especially global tech firms, to build local compute infrastructure. Probir Roy Chowdhury, Partner at JSA Advocates and Solicitors, said companies might localise data despite the absence of explicit mandates. He explained, “There are provisions (Section 16) allowing the government to notify certain countries as blacklisted countries where data cannot be transferred, and Rule 13(4) imposes limited restrictions on data transfer for processing certain kinds of data by SDFs.” Read more

Adani has publicised its goal of achieving a 15 GW renewable energy park at Khavda in Gujarat. Reliance India is building a fully integrated ‘sand-to‐module’ manufacturing ecosystem at its Jamnagar facility in Gujarat. With the government’s generous PLI (Production Linked Incentive) schemes underway, the country is signalling a major push into solar manufacturing. Kartikeya G.S., Partner at JSA Advocates & Solicitors, noted that while India’s production-linked incentive (PLI) scheme and other state-level measures are designed to foster self-reliance, they now face scrutiny at the World Trade Organization (WTO). “China has challenged India’s policies on the grounds that they allegedly favour domestic over imported goods, but India is likely to argue that the norms are meant to incentivise local industry rather than discourage foreign suppliers,” he explained. Read more

Banks are expected to increasingly rely on external commercial borrowings (ECBs) to fund mergers and acquisitions as the Reserve Bank of India’s proposed overhaul of the ECB framework creates a new pathway for acquisition financing. Experts say the move reflects the RBI’s recognition of the strong momentum in India’s M&A and real estate markets. “The RBI has noted the growing momentum in India’s M&A and real estate sector. By proposing to allow IFSC banking units and foreign branches of Indian banks to participate in M&A and real estate financing under the ECB route, the RBI aims to leverage this trust and further strengthen the Indian financial market,” said Nand Gopal Anand, JSA Advocates & Solicitors. Read more

Global companies will spend at least $5 billion by 2027 overhauling compliance systems, as conflicting AI regulations across just 50 per cent of world economies force firms to build country specific data controls, according to latest research data by Gartner. Overall, compliance costs can include legal and consultancy fees, appointing of data protection professionals, building of technical compliance systems, staff training and audits, said Probir Roy Chowdhury, partner, JSA Advocates & Solicitors. Read more

Banks have flagged several restrictions in the Reserve Bank of India’s acquisition financing guidelines that they believe will limit their participation in the merger and acquisition (M&A) space. These include capital caps, equity restructuring as well as inability to fund smaller deals. According to banking sources, a detailed representation has already been made to the banking regulator. Similarly, on profitability requirements, Pratish Kumar, partner, JSA, said, “Mandating a three-year profitability track record for the target company risks undermining commercial judgement. Banks are well equipped to assess risk and should be trusted to evaluate the strategic merit of each deal” He added the proposed 70:30 debt-equity ratio for unlisted acquisitions is overly restrictive. “A shift to 80:20 would offer banks greater flexibility without compromising on prudential norms, he added. Read more

The Digital Personal Data T Protection Rules, 2025, may force e-commerce, ride-hailing and food delivery apps to rethink the way they design their interfaces. For years, platforms have engaged in forced opt-ins, buried optouts, and misleading prompts to trick users into sharing more data than they intended. “They sit at the intersection of high-volume data collection and UI (user interface)-led decision-making,” said Probir Roy Chowdhury, partner, JSA Advocates and Solicitors. Read more

Cash App’s “Moneybot” is redefining banking for Gen Z by using AI to provide personalized, conversational financial advice and real-time spending insights. This shift democratizes access to financial guidance, reducing decision fatigue for young investors and prompting competitors to adopt similar AI-driven strategies. Read more

India’s Digital Personal Data Protection (DPDP) Rules are forcing the country’s advertising and martech ecosystem to undertake its most far-reaching reconstruction yet. The new consent regime, requiring permissions to be “free, specific, informed, and unambiguous’, has effectively outlawed the behavioural tracking mechanism that fuelled everything from big sale banners to festival-time ads. “Data fiduciaries need to implement technical and organisational measures to verify that the individual claiming to be the parent or a lawful guardian is an identifiable adult,” says Akshaya Suresh, partner at JSA Advocates & Solicitors. Read more

The freshly-minted data protection rules will require companies to give clear notice seeking consent for processing personal data of individuals, mandate prompt 72-hour data breach notification, and allow for erasure of data after its purpose has been served. Probir Roy Chowdhury, Partner, JSA Advocates & Solicitors, described the rules as a major step in operationalising India’s privacy framework. He called on businesses to move from high-level planning to practical implementation over the next 18 months to balance user rights with regulatory certainty and business needs. Read more

The story also appeared in News Drum. CXO Today

As India enters a new era of enforceable data governance, industry leaders say the next 18 months will determine whether companies simply comply or transform trust into competitive advantage. India’s notification of the Digital Personal Data Protection (DPDP) Rules, 2025 has triggered one of the most significant shifts in the country’s technology and business landscape in over a decade. The regulations transform India from a disjointed patchwork of sectoral and IT guidelines into an organized, enforceable privacy regime supported by quantifiable expectations, explicit requirements, and a new enforcement body called the Data Protection Board (DPB). Probir Roy Chowdhury, Partner, JSA Advocates & Solicitors, adds that with staggered timelines and the DPB now operational, “businesses need to shift focus from high-level planning and sensitisation to actual implementation. The next 18 months will be critical.” Read more

Laying out the operational framework for data protection in India, the Ministry of Electronics and Information Technology (MeitY) has officially notified the Digital Personal Data Protection (DPDP) Rules, 2025. The new notification comes after the government included objections and suggestions on the draft DPDP Rules, 2025, issued in January 2025. Businesses have an 18-month window to comply with core obligations. “With the Data Protection Board now established and staggered compliance timelines taking effect, businesses need to shift focus from high-level planning and sensitisation to actual implementation of obligations. The next 18 months will be critical for achieving the right balance between user rights, regulatory certainty and business practicality,” says Probir Roy Chowdhury, Partner-JSA Advocates & Solicitors. Read more

The Digital Personal Data Protection Rules 2025 give citizens control over their personal data and privacy in online spaces and mitigate misuse. While some provisions will be implemented immediately, others will come in a phased manner over 12-18 months. “With the strict consent requirements, enhanced data security and breach notification protocols, and data retention and erasure being regulated India moves to a more global compliance level for data protection,” feels Sajai Singh, Partner at JSA Advocates & Solicitors. Probir Roy Chowdhury, Partner at JSA Advocates & Solicitors feels that the DPDP Rules notification is a “major step in operationalising India’s privacy framework”. He added that with the compliance roll-out planned, businesses need to shift focus from planning and sensitisation to implementation of obligations. “The next 18 months will be critical for achieving the right balance between user rights, regulatory certainty and business practicality,” Roy Chowdhury added. Read more