Industry Bodies Urge MeitY Not to Curtail 18-Month DPDP Compliance Window

Industry associations have approached the Ministry of Electronics and Information Technology (MeitY) requesting that the originally contemplated 18-month compliance timeline under the Digital Personal Data Protection regime not be shortened. Reporting in Hindustan Times indicates that stakeholders are concerned about potential acceleration of implementation milestones.

Corporate representatives have submitted that large-scale system audits, vendor renegotiations, data mapping exercises, and consent architecture redesign require substantial lead time. Small and medium enterprises, in particular, may face disproportionate operational strain if compliance deadlines are compressed.

Industry has also sought harmonisation with sectoral regulatory frameworks to avoid duplicative or conflicting compliance obligations. The request underscores apprehension that premature enforcement could create uneven compliance landscapes, with resource-rich entities adapting more swiftly than emerging businesses.

Regulators, however, remain under pressure to ensure timely operationalisation of privacy safeguards, particularly given heightened public sensitivity around digital data governance.

Legal Analysis:

While the executive retains discretion to recalibrate timelines, abrupt modification without transparent consultation may attract scrutiny under principles of administrative fairness. A calibrated, phased implementation supported by guidance notes and sectoral transition measures would likely withstand challenge while preserving regulatory legitimacy