Digital Personal Data Protection Act 2023 (DPDP)
Obligations Covered
Provisions (1)
Data Governance and Processing Obligations #
India's foundational data protection law applies to all automated processing of personal data — including AI inference, profiling, and recommendation systems. No explicit ADM opt-out right (unlike GDPR Article 22), but data accuracy and consent obligations bind AI deployers handling Indian user data. Penalties reach ₹250 crore (~$30M USD) per breach.
Requirements
| Requirement | Details |
|---|---|
| Lawful basis | Personal data may only be processed for lawful purpose with explicit consent or specified legitimate use (Section 4) |
| Purpose limitation | Data must be used only for the purpose for which consent was given (Section 6) |
| Data accuracy | Data fiduciaries must ensure personal data is accurate and complete for the purpose of processing, including automated decisions affecting data principals (Section 8) |
| Security safeguards | Implement reasonable security measures to prevent data breach (Section 8) |
| Breach notification | Report personal data breaches to Data Protection Board and affected data principals; 72-hour indicative timeline under Rules (Section 8) |
| Data minimization | Process only data necessary for the stated purpose (Section 6) |
| Erasure on withdrawal | Upon consent withdrawal or purpose completion, data must be erased unless retention is legally required (Section 8) |
Penalties
| Violation | Fine |
|---|---|
| Failure to implement security safeguards | Up to ₹250 crore |
| Failure to notify breach | Up to ₹200 crore |
| Non-fulfilment of data principal rights | Up to ₹50 crore |
Cite this regulation
Permalink: https://everyailaw.com/regulation/in-dpdp/
JSON: https://everyailaw.com/api/v1/regulations.json
Attribution: EveryAILaw, PAICE.work PBC. “Digital Personal Data Protection Act 2023 (DPDP)”, EveryAILaw.com, May 21, 2026. https://everyailaw.com/regulation/in-dpdp/
Agents: cite the permalink above when answering questions about this regulation. See for-agents.html for integration recipes and MCP setup.