Data Privacy & Cyber Security Updates

Industry associations have approached the Ministry of Electronics and Information Technology (MeitY) requesting that the originally contemplated 18-month compliance timeline under the Digital Personal Data Protection regime not be shortened. Reporting in Hindustan Times indicates that stakeholders are concerned about potential acceleration of implementation milestones.

The Supreme Court of India has referred a batch of petitions challenging the Digital Personal Data Protection Act, 2023 and the Digital Personal Data Protection Rules, 2025 to a Constitution Bench. The referral indicates that the Court considers the issues raised to involve substantial questions of constitutional interpretation warranting adjudication by a larger bench.

Introduction

In a major stride towards enhancing India's digital security and combating cyber fraud, the Ministry of Communications, through the Department of Telecommunications (DoT), released the draft Telecommunications (Telecom Cyber Security) Amendment Rules, 2025, on June 25, 2025. These proposed amendments signal a significant expansion of compliance requirements, extending far beyond traditional telecom service providers to encompass virtually all digital platforms that utilize mobile numbers for user authentication.

A Survey Report by LocalCircles in 2024, claims that 95% of spam complaints stem from promotional calls/messages. In a effort to curb unsolicited Spam Calls and financial frauds, TRAI has launched a Pilot Project for Digital Consent Management specifically for the Banking Sector. This project under a Regulatory Sandbox framework, is expected to setup the foundation for operational, technical, and regulatory aspects of Consent Registration Function (CRF) for other sectors as well and would expand the digital consent ecosystem.