🇮🇳

Regulatory compliance in India

India's DPDPA (Digital Personal Data Protection Act 2023) introduces GDPR-like obligations. The RBI, SEBI, and IRDAI regulate financial services with increasing digital focus.

Start free scan

Key regulatory authorities

Cleo monitors enforcement actions and guidance from these authorities in real time.

Data Protection Board of India

DPBI

www.meity.gov.in

Reserve Bank of India

RBI

www.rbi.org.in

Securities and Exchange Board of India

SEBI

www.sebi.gov.in

Regulations covered

Key regulatory frameworks monitored by Cleo in India.

DPDPA 2023IT Act 2000RBI Data LocalizationSEBI Cyber FrameworkDigital India Act (proposed)

Compliance by industry in India

Explore sector-specific regulatory requirements.

Retail & Consumer Goods

HealthTech

Insurance

Energy & Utilities

Cosmetics & Personal Care

Electronics & Connected Devices

Regulation deep dives

Frequently asked questions

What is India's DPDPA and when does it apply?

The Digital Personal Data Protection Act 2023 introduces consent-based data processing, data fiduciary obligations, and significant penalties. Cleo tracks its phased implementation timeline.

Does India require data localization?

The RBI mandates that all payment system data be stored exclusively in India. The DPDPA allows cross-border transfers to approved countries but the government can restrict transfers to specific nations. SEBI also requires certain financial data to remain in India. Cleo maps applicable localization requirements by sector.

What are the penalties under India's DPDPA?

The DPDPA imposes penalties of up to INR 250 crore (approximately EUR 28 million) per violation. The Data Protection Board of India adjudicates complaints and can order compensation. Penalties apply to both data fiduciaries and data processors who fail to implement adequate security safeguards.

Ready to master compliance in India?

Start free scan and see your regulatory perimeter mapped by AI in minutes.

Start free scan