India Steps Up Push for Data Privacy and Digital Security
The Government of India is moving forward strongly on data privacy and digital security with the Digital Personal Data Protection (DPDP) Act, 2023 and the draft rules for 2025, which are currently open for public consultation from citizens and stakeholders.
These efforts aim to protect citizens’ personal data while making sure organizations handle information in a lawful and responsible way.
The DPDP Act, 2023 sets out a clear framework to safeguard people’s data rights. It requires data fiduciaries entities that hold and process personal data to put in place reasonable security measures.
To make the law work in practice, the government issued the Draft DPDP Rules, 2025. These rules have already drawn 6,915 responses from citizens and stakeholders, showing strong public interest and engagement.
Building a Safe and Trusted Digital Space
As part of its wider mission, the government is also working on awareness and capacity building to make cyberspace safe, reliable, and accountable.
Key initiatives include:
- Cyber Security Awareness Month and Safer Internet Day campaigns to promote safe online behavior.
- CyberShakti, launched in October 2024, which trains women to build a strong workforce in cybersecurity.
- The Information Security Education and Awareness (ISEA) programme, which has held more than 3,637 workshops, reaching over 8.2 lakh people, including students, law enforcement, and government officials.
- Awareness resources in multiple Indian languages, available on platforms like staysafeonline.in, infosecawareness.in, and csk.gov.in, covering topics such as deepfakes, safe transactions, and cyber hygiene.
Strengthening Cybersecurity Infrastructure
India has also put in place national agencies and policies to detect, monitor, and respond to cyber threats. These include:
- The National Critical Information Infrastructure Protection Centre (NCIIPC), which protects important digital systems.
- The Indian Computer Emergency Response Team (CERT-In), which regularly issues advisories on cyber threats and ways to prevent them.
- The National Cyber Coordination Centre (NCCC), which coordinates responses to cyber risks across multiple agencies.
- The Cyber Swachhta Kendra (CSK), which helps citizens and organizations clean infected systems, remove malware, and follow cyber hygiene practices.
- The National Cyber Security Coordinator (NCSC), which ensures policy coordination across different sectors.
Continuing Enforcement of Older Rules
Alongside these new steps, the government continues to enforce the IT Rules, 2011 (Reasonable Practices and Procedures and Sensitive Personal Data or Information Rules). These rules ensure that organizations handling sensitive data follow proper security protocols.
With these combined efforts the DPDP Act, draft rules, awareness campaigns, and stronger cybersecurity agencies, India is working to create a safer and more trusted digital environment for its citizens and businesses.
Also read: How India’s Data Protection Law is Reshaping Policy and Business