Ministry of Electronics and Information

Notification

New Delhi, the 13th November 2025

G.S.R. 846(E).––– Whereas draft of the Digital Personal Data Protection Rules, 2025 were published, as required under sub-section (1) of section 40 of the of the Digital Personal Data Protection Act, 2023 (22 of 2023), vide notification of the Government of India in the Ministry of Electronics and Information Technology vide number G.S.R. 02 (E), dated the 3rd January, 2025, in the Gazette of India, Extraordinary, Part II, Section 3, Sub-section (i), dated the 3rd January, 2025, inviting objections and suggestions from all persons likely to be affected thereby, before the expiry of the period of forty-five days from the date on which copies of the Official Gazette containing the said notification were made available to public;

And whereas copies of the said Official Gazette were made available to the public on the 3rd January,2025;

And whereas objections and suggestions were received from the public in respect of the said draft rules have been considered by the Central Government;

Now, therefore in exercise of powers conferred by sub-sections (1) and (2) of section 40 of the Digital Personal Data Protection Act, 2023 (22 of 2023), the Central Government hereby makes the following rules, namely: ...

 

INDEX  OF RULES

 

Rule u/s Description Date
1 1(2) Short Title and Commencement 13/11/2025
2 2 Definitions 13/11/2025
3 5 Notice given by Data Fiduciary to Data Principal 13/05/2027
4 6(7) Registration and obligations of Consent Manager 13/11/2026
5 7 Processing of personal data for provision or issue of subsidy, benefit, service, certificate, licence or permit by State and its instrumentalities 13/05/2027
6 8(3) Reasonable security safeguards 13/05/2027
7 8(6) Intimation of personal data breach 13/05/2027
8 8(7) Time period for specified purpose to be deemed as no longer being served 13/05/2027
9 10(2) Contact information of person to answer questions about processing 13/05/2027
10 9(1) Verifiable consent for processing of personal data of child 13/05/2027
11 9(1) Verifiable consent for processing of person with disability who has lawful guardian 13/05/2027
12 9(3) Exemptions from certain obligations applicable to processing of personal data of child 13/05/2027
13 10 Additional obligations of Significant Data Fiduciary. 13/05/2027
14 11 Rights of Data Principals 13/05/2027
15 16 Transfer of personal data outside the territory of India 13/05/2027
16 17 Exemption from Act for research, archiving or statistical purposes 13/05/2027
17 18 Appointment of Chairperson and other Members 13/11/2025
18 19 Salary, allowances and other terms and conditions of service of Chairperson and other Members 13/11/2025
19 23 Procedure for meetings of Board and authentication of its orders, directions and instruments 13/11/2025
20 23 Functioning of Board as digital office 13/11/2025
21 20 Terms and conditions of appointment and service of officers and employees of Board. 13/11/2025
22 29 Appeal to Appellate Tribunal 13/05/2027
23 36 Calling for information from Data Fiduciary or intermediary 13/05/2027
Sch    
1-Part A   Conditions of registration of Consent Manager  
1-Part B   Obligations of Consent Manager  
2   Standards for processing of personal data by State and its instrumentalities under clause (b) of section 7 and for processing of personal data necessary for the purposes specified in clause (b) of sub-section (2) of section 17  
3   Time Period under rule 8(1)  
4-Part A   Classes of Data Fiduciaries in respect of whom provisions of sub-sections (1) and (3) of section 9 shall not apply  
4-Part B   Purposes for which provisions of sub-sections (1) and (3) of section 9 shall not apply  
5   Terms and conditions of service of Chairperson and other Members  
6   Terms and conditions of appointment and service of officers and employees of Board  
7   Authorized persons under Rule 23(1) and 8(3)