New Delhi: The government has notified the Digital Personal Data Protection (DPDP) Rules, 2025, putting in place a simplified compliance framework for start-ups and select categories of data fiduciaries under the Digital Personal Data Protection Act, 2023. The rules, notified on November 13, lay out implementation timelines and formalise the creation of the Digital Data Protection Board, which will oversee grievance redressal and enforcement.
According to the Ministry of Electronics & IT, the new compliance structure is designed to ease regulatory pressure on emerging businesses while ensuring strong protections for users’ personal data.
The government also retains powers to designate jurisdictions where cross-border transfer of personal data may be restricted, in line with global norms on data sovereignty and national security.
The ministry said widespread citizen awareness is a key pillar of the rollout, with ongoing campaigns, workshops, conferences, expert sessions and digital outreach meant to educate people on their rights and responsibilities under the law.
Minister of State for Electronics & IT Jitin Prasada informed Parliament that the government’s focus is on “ensuring widespread adoption of the DPDP Act” while building institutional capacity to support a smooth transition to the new data regime. The framework is expected to create a more predictable compliance environment for digital businesses, especially start-ups, as India aligns its data protection landscape with international standards.