Government Policies & Frameworks

Current & Active Frameworks

Digital Personal Data Protection Act, 2023 (DPDPA)

Ministry of Electronics and Information Technology (MeitY) • 2023

India's first comprehensive data protection law, establishing rights for data principals and obligations for data fiduciaries handling personal data of Indian citizens. Modelled partly on GDPR.

Key Provisions

Consent-based processing of personal data
Rights of data principals: access, correction, erasure, grievance redress
Obligations for significant data fiduciaries (SDFs)

data protectionprivacygdpr-equivalentcompliance

ActiveRead Official

CERT-In Cyber Security Directions, 2022

Indian Computer Emergency Response Team (CERT-In) • 2022

Mandatory cybersecurity directions issued under the IT Act, 2000, requiring organizations to report cyber incidents within 6 hours, maintain system logs for 180 days, and synchronize with NTP servers.

Key Provisions

Mandatory incident reporting to CERT-In within 6 hours of detection
Maintenance of ICT system logs for 180 days within Indian jurisdiction
NTP time synchronization mandate for all systems

cert-inincident responsemandatory reportingcompliance

ActiveRead Official

National Cyber Security Reference Framework (NCRF) 2023

National Security Council Secretariat (NSCS) • 2023

India's national cybersecurity framework aligning with global standards (NIST CSF). Provides a risk-based approach for organizations across critical sectors to identify, protect, detect, respond, and recover from cyber threats.

Key Provisions

Five function framework: Identify, Protect, Detect, Respond, Recover
Sector-specific guidance for BFSI, energy, health, transport, and telecom
Risk management and supply chain security guidelines

frameworknistrisk managementcritical sectors

ActiveRead Official

RBI Cybersecurity Framework for Banks, 2016

Reserve Bank of India (RBI) • 2016

Comprehensive cybersecurity framework applicable to all Scheduled Commercial Banks in India. Mandates baseline security controls, 24x7 SOC operations, and quarterly reporting to RBI on cybersecurity posture.

Key Provisions

Mandatory Cyber Crisis Management Plan (CCMP)
24x7 Security Operations Centre (SOC) requirement
Board-approved cybersecurity policy

bfsibankingrbisoxsoc

ActiveRead Official

SEBI Cybersecurity and Cyber Resilience Framework, 2024

Securities and Exchange Board of India (SEBI) • 2024

Updated cybersecurity framework for all SEBI-regulated entities (stock brokers, depository participants, mutual funds, etc.), consolidating 25 earlier circulars and introducing mandatory Security Operations Centres and vulnerability management programs.

Key Provisions

Mandatory SOC for Market Infrastructure Institutions (MIIs) and Qualified REs
Annual cybersecurity audits by empanelled auditors
Market participants categorized into 5 tiers with proportional requirements

sebicapital marketsbfsisocaudit

ActiveRead Official

Legacy & Historical

National Cyber Security Policy, 2013

Department of Electronics and Information Technology (DeitY) • 2013

India's original national-level cybersecurity policy, setting up the foundational security architecture including CERT-In, NTRO, and National Critical Information Infrastructure Protection Centre (NCIIPC). Being superseded by NCRF 2023.

Key Provisions

Established CERT-In as national nodal agency
Created NCIIPC for critical infrastructure protection
24x7 National Critical Information Infrastructure Protection Centre

national policycritical infrastructurelegacycert-in

LegacyRead Official

Loading…

Current & Active Frameworks

Digital Personal Data Protection Act, 2023 (DPDPA)

Ministry of Electronics and Information Technology (MeitY) • 2023

India's first comprehensive data protection law, establishing rights for data principals and obligations for data fiduciaries handling personal data of Indian citizens. Modelled partly on GDPR.

Key Provisions