The Ministry of Electronics and Information Technology (Meity) is said to be shortening the implementation timeline for certain provisions under the administrative rules of the Digital Personal Data Protection (DPDP) Act for significant data fiduciaries to 12 months from the earlier 18 months.
The changes were proposed by the ministry during a stakeholder meeting on Thursday, the sources said. Big-tech companies and social media intermediaries, such as Meta, Google, Amazon, and Microsoft, along with most major banking, financial services and insurance institutions, will fall under this category.
Industry executives indicated the move could face resistance. One executive, speaking on condition of anonymity said that compressing the timeline by nearly a third would be difficult for data fiduciaries operating at scale in India, given the complexity of legacy systems and data localization requirements.
Under the DPDP Act, the central government can designate any entity as an SDF based on factors including the volume and sensitivity of personal data processed, risks to data principals, and potential impact on national security, electoral democracy, and public order.
According to sources, MeitY has also proposed immediate implementation of provisions allowing the government to seek information from any data fiduciary or internet intermediary. This power was earlier scheduled to come into force after an 18-month transition period.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
