Official DPDP Rules Announcement Imminent: Final Details Expected This week

The Delhi high court directed the Union Government to release a schedule on the implementation of the Digital Personal Data Protection (DPDP) Act, 2023. The Court pointed out the time lag between the publishing and enactment of the Act. At a recent AI conference, IT Minister Ashwini Vaishnaw, stated that the pending rules under the DPDP Act, 2023, would be notified on a time-bound basis. The announcement was welcomed by industry stakeholders as a step toward regulatory clarity and compliance preparedness. 

High Court Flags the Need for Accurate Timeline 

These events were spurred by the action of the Delhi High Court of September 20, 2025, when a Bench had urged the government to shed some light on how the Act should be operationalised. Petitioners pointed the fact that the lack of notified rules meant that the provisions of the Act could not work in practice, and anyone could be exposed to abuse of their personal data, and companies could not be confused by the lack of clarity on the regulations. The Court noted that a statute that is not being enforced could easily fail and become a mere symbolic act. The Bench underlined the fact that the right to data protection, which is now law, could not be suspended indefinitely; in other words, the government was put on its toes to swiftly notify the rules.  

Minister’s Response and Road Ahead 

During a recent AI-based event, IT Minister Ashwini Vaishnaw announced that the DPDP rules are likely to be announced this week. Although it was not a direct reponse to the Delhi high court, the statement serves to shed light on the expected publishing deadline of the rules. The update has come as a green signal to stakeholders in the industry to commence compliance planning and resource allocation. Privacy advocates have however, been speculative about the issue. They have stressed the fact that the notification must be done in time to ensure that the rights of an individual are not infringed by businesses. 

Stay informed about updates on the upcoming DPDP Rules and its analysis. Visit www.tsaaro.com to know more. 

Source- https://www.hindustantimes.com/india-news/hc-seeks-govt-reply-on-operationalising-dpdp-act-101758134539891.html  

News of the week 
 
1. Crackdown on AI Deepfakes: Parliamentary Panel Demands New Laws 

 Parliamentary committee urged the government to come up with legal and technological strategies to combat the proliferation of artificial news generated by AI. Recommendations such as licensing of AI content creators, mandatory labelling of AI-generated content and better coordination between the ministries to be considered. According to the committee, fake news poses a grave danger to democracy, and demands tougher rules and punishment to fight it. 

Source: Parliament panel urges govt to develop legal, tech solutions to act against those behind AI-based fake news 

2. China Mandates 1-Hour Breach Reporting for Major Cyber Incidents 

China enacted new rules that will require network operators to reveal serious cybersecurity incidents within an hour. These rules require immediate reporting of the incidents of critical infrastructure or government portals, and are in effect as of November 1, 2025. The operators should be able to give comprehensive details of the incident, and failure to do so can result in prosecution. The project is focused on improving the resiliency of the country against cyber-attacks and responding to cyber threats promptly. 

Source: China Imposes One-Hour Reporting Rule for Major Cybersecurity Incidents 

3. Brazil Enacts New Law to Strengthen Children’s Online Data Protection 

The Brazilian legislation ‘ECA Digital’ has been passed to safeguard the privacy of children on the internet. It will require age verification and parental consent to download applications by children under 12 years of age and 12 to 18 years old, starting in March 2026. It is illegal in the country for video games to have loot boxes, and failing to do so means that a company may face a fine of up to 50 million Brazilian reais or even 10 per cent of its revenue. This law and previous legislations in Brazil have indicated the Government’s intention to not only preserve the privacy of students but also protecting them from parts of this internet that are harmful to their well-being. 

Source: Brazil passes new law to protect children’s online privacy 

4. High Fashion, High Stakes: Ransomware Gang Targets Kering Brands 

Kering has millions of customers whose personal data have been stolen by hackers of its luxury brands, Gucci, Balenciaga and Alexander Mcqueen. The attack did not reveal any financial details but personal information. Kering refused to pay to the cybercriminal group, called Shiny Hunters, said that it was responsible and tried to extort this company. Kering has also alerted the concerned authorities and consumers impacted, which highlights the issue of the increase in cybersecurity threats in the luxury retail market. 

Source: Hackers steal client data from Kering’s Gucci, Balenciaga and McQueen