The Parliamentary Standing Committee on Information and Communications Technology has raised red flags about the slow progress in rolling out India’s Digital Personal Data Protection (DPDP) Act, 2023. In its report presented in Parliament on July 24, the Committee questioned the Ministry of Electronics and Information Technology (MeitY) for not moving fast enough to protect people’s personal data.
So far, MeitY has held only 20 awareness workshops and 9 consultations to gather feedback on the Draft DPDP Rules, 2025. The Committee considers these numbers insufficient, especially since the law aims to secure digital privacy for over a billion citizens.
The Committee also looked into how MeitY is handling research and development (R&D) linked to the DPDP Act. MeitY has conducted only four brainstorming sessions with academic experts. Even MeitY admitted that R&D in this space is still “a niche area” that urgently needs private industry involvement.
Committee Pushes for Timely Implementation and Accountability
Although MeitY said it has developed a beta version of the “Digital Office” proposed under the Act, the Parliament Committee remained unconvinced and urged the Ministry to speed up the work. The Committee insisted that MeitY should implement DPDP-related projects “in right earnest” and achieve the goals without further delays.
“The Ministry should implement these projects in right earnest and ensure that the intended objectives are achieved on time,” the Parliamentary panel stated clearly in its recommendations.
The Committee also reviewed the National Cyber Coordination Centre (NCCC), a project meant to track and respond to nationwide cyber threats. MeitY launched Phase I in 2017, but has delayed Phase II, which involves connecting 250 more monitoring sites. The Parliament Committee has now asked MeitY to provide a clear update on whether it can still meet the original deadline — the end of FY 2024–25.
MeitY released the Draft DPDP Rules on January 3, 2025, to explain how the law will work in practice. They collected public feedback until March, but concerns remain about whether they are acting on that input quickly enough. Several groups, including the Internet and Mobile Association of India (IAMAI), have requested a 24-month timeline to fully implement the law, so businesses — especially small and medium ones — have enough time to adjust.
As India becomes more digital, the Parliament is keeping a close eye on how seriously the government is treating data privacy. Lawmakers are stressing that delays could create risks for citizens, and they want to make sure the Act does not end up being only good on paper.