Excerpt from ETCISO Article, Published on December 2, 2025
India’s newly notified Digital Personal Data Protection Act, 2023 (DPDP) is reshaping how companies design systems — and the impact on AI firms will be especially deep. As the law’s rules kick in, firms using large datasets to power AI now must rethink how they collect, store, and process personal data.
Under DPDP, organisations must get explicit, informed consent from users for each data – processing activity. Consent must be clear, itemized, and in plain language. Data minimization is now a firm requirement — companies should collect only what’s strictly necessary. And, importantly, individuals get the right to erase their data, meaning firms must be ready to delete personal data at a user’s request.
For firms building AI models, this means a major shift. Data — the lifeblood of AI — might shrink in quantity or be anonymized to comply with privacy norms. According to cybersecurity experts, AI deployments will now require structured consent handling, auditable model inputs, and stronger anonymization practices.
As a result, companies should expect rising compliance costs and new operational demands. Many will need external support for privacy engineering, consent management and data governance. IDC’s research suggests that a significant portion of Indian enterprises will lean on external providers to help with DPDP – compliant AI systems.
Conversely, this regulatory push also creates opportunities. With demand growing for privacy – first infrastructure and consent management tools, startups focusing on privacy tech or compliance automation could find new growth paths. Enterprises might even benefit by differentiating themselves through robust data handling practices.
The transition will also impact cloud and data – driven services: companies may adopt providers offering granular data – residency options and verifiable compliance mapping. That helps align data operations with DPDP’s retention, residency and breach – reporting mandates.
In short, the DPDP rules are not just a compliance headache — for the AI industry in India, they are a turning point. Firms that adapt quickly may face short – term costs, but long – term they stand to build trust, transparency and competitive advantage in a privacy – conscious market.
To delve deeper into this topic, Visit ETCISO.
