Data Privacy & IT

Motor vehicle accident claims under the Motor Vehicles Act, 1988 represent one of the most common categories of civil litigation in India. When a person is injured or killed due to negligent driving, Indian law provides a mechanism for obtaining compensation through Claims Tribunals. Understanding the filing procedure, the calculation of compensation, and the applicable limitation periods is essential for accident victims and their families. The Supreme Court has developed a

The Insurance Regulatory and Development Authority of India (IRDAI) has issued comprehensive Information and Cybersecurity Guidelines for 2026, establishing a mandatory framework for all insurance companies operating in India. These guidelines mandate robust cybersecurity standards, data protection protocols, and incident reporting mechanisms, building on the foundation laid by the Digital Personal Data Protection Act, 2023. Every insurer, regardless of size or business model

In February 2026, the Telecom Regulatory Authority of India (TRAI) mandated that all IRDAI-regulated entities must switch to 1600-series telephone numbers for service and transactional calls by February 15, 2026. This directive represents a coordinated effort among financial regulators to reduce spam and fraudulent calls targeting consumers. This article explains the regulatory background, the technical requirements, and the implications for financial institutions and consume

On April 21, 2026, India's Supreme Court issued a landmark ruling in Nikhat Parveen v. Rafique (2026 INSC 399) that fundamentally shifts the balance between biological truth and legal presumption. The Court held that DNA evidence can override Section 112 of the Indian Evidence Act, which has long presumed the legitimacy of children born during marriage. If DNA proves a man is not the biological father, he cannot be compelled to pay maintenance. This decision represents a sign

The Digital Personal Data Protection Act (DPDP) 2023 unfolds in phased implementation timelines stretching through 2027. Phase II, effective November 13, 2026, introduces consent manager framework requirements. Organizations processing personal data must establish relationships with approved consent managers who facilitate transparent data processing agreements. This phase emphasizes mechanism transparency, where users understand what data is collected, how it is used, and wh

In March 2026, the Supreme Court delivered a landmark ruling in Harish Rana v. Union of India, permitting withdrawal of life-sustaining medical treatment for a patient in Persistent Vegetative State with no reasonable recovery expectation. The patient, unconscious for 13 years and entirely dependent on artificial life support, was permitted to be taken off ventilation with family and physician consent. The Court held that such withdrawal does not constitute unlawful killing o

India's approach to regulating AI-generated content, deepfakes, and other forms of synthetic media has crystallised significantly in 2026 through amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021. These amendments impose specific obligations on social media intermediaries and other digital service providers regarding the labelling, detection, and removal of AI-generated or manipulated content. The regulatory shift refl

The Supreme Court of India's Constitution Bench ruling in Common Cause v. Union of India (2018) recognised passive euthanasia and the concept of a living will as legally valid, holding that the right to die with dignity is an integral component of the right to life under Article 21 of the Constitution. This landmark judgment, affirmed and clarified by subsequent decisions, has profound implications for end-of-life care, the medical profession, hospitals, and families of termi

India has formally moved to regulate deepfakes and AI-generated content through the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, 2026. These amendments introduce a structured regime for synthetically generated information, imposing a three-hour takedown deadline for certain categories of harmful AI content and new labelling, traceability, and due diligence requirements for intermediaries. For social media platforms, AI compan

The Insurance Regulatory and Development Authority of India (IRDAI) has introduced sweeping changes to health insurance regulations in 2026, fundamentally reshaping how insurers design products, accept policyholders, and settle claims. The new guidelines eliminate upper age limits for policy issuance, reduce pre-existing condition waiting periods, mandate AYUSH treatment coverage, and introduce performance scorecards for insurers and hospitals starting June 2026. These reform

The rapid rise of synthetic media and artificial intelligence has prompted Indian regulators to act decisively. In February 2026, the Ministry of Electronics and Information Technology notified the second amendment to the Information Technology Rules 2021 (IT Rules), introducing comprehensive obligations for handling synthetically generated information (SGI). These rules, effective February 20, 2026, fundamentally reshape how digital platforms, intermediaries, and content cre

The Securities and Exchange Board of India issued a circular on March 4, 2026 introducing a revised regulatory reporting framework for Alternative Investment Funds registered under the SEBI (Alternative Investment Funds) Regulations, 2012. The revised framework changes what AIFs must report, when they must report it, and in what format. The first Annual Activity Report under the new framework must be submitted by May 31, 2026, covering the financial year 2025 to 2026. Fund ma

The Securities and Exchange Board of India notified the SEBI (Investment Advisers) (Second Amendment) Regulations, 2025 on 16 December 2024, with supporting guidelines issued by circular in January 2025. These amendments overhaul the compliance framework for registered Investment Advisers (IAs) in India, replacing the previous net worth requirement with a deposit-based system, recalibrating fee structures, introducing a mandatory AI usage disclosure obligation, and requiring

In March 2026, the Food Safety and Standards Authority of India introduced landmark amendments to its licensing and registration framework, fundamentally transforming how food businesses obtain and maintain compliance with food safety regulations. The amendments introduce lifetime validity for FSSAI licences, eliminate periodic renewal requirements, raise the registration threshold for small businesses, and integrate street vendors through automatic FSSAI registration under t

The Information Technology Act, 2000, represents India's primary legislation addressing cybercrime, data protection, and digital transactions. As India's digital ecosystem expands and cyber threats become increasingly sophisticated, understanding the criminal offences, penalties, and available remedies under the IT Act becomes essential for digital users, businesses, law enforcement, and legal professionals. The Act establishes a comprehensive framework criminalizing unauthor

If you own a business in Dubai or anywhere in the UAE, you have more legal protection than you may realise — and more compliance obligations that have been triggered by the current conflict than most business owners are aware of. The India-UAE Bilateral Investment Treaty (2024) is in force. FEMA provides a legal mechanism for repatriation of your assets. The Companies Act governs your Indian parent entity's obligations. And the India-UAE Double Taxation Avoidance Agreement (D

The Indian Telecommunications Act 2023 replaces the outdated Indian Telegraph Act 1885 and repeals the Telecom Regulatory Authority of India Act 1997, establishing a modern regulatory framework for telecommunications services in India. This landmark legislation consolidates telecom regulation into a single unified statute and grants the telecom department direct regulatory authority. The Act imposes comprehensive obligations on telecom operators, internet service providers, a

India's Ministry of Electronics and Information Technology has introduced the AI Content Labelling Rules 2026, establishing mandatory disclosure requirements for artificially generated content across digital platforms and business applications. These rules represent India's regulatory response to challenges posed by deepfakes, synthetic media, and AI-generated content that could deceive users or spread misinformation. The regulations impose obligations on content creators, pl

In November 2025, the Government of India notified the Digital Personal Data Protection Rules, 2025, giving operational shape to the Digital Personal Data Protection Act, 2023. Together, the Act and the Rules create India's first comprehensive legal framework governing how personal data is collected, processed, stored, and transferred. With the full compliance deadline set for May 2027 and several interim milestones already active, businesses operating in India or handling da

For Indian businesses that use cloud services, employ overseas vendors, or serve international customers, the rules governing cross-border transfer of personal data under the Digital Personal Data Protection Act, 2023 (DPDPA) are among the most critical provisions to understand. As data flows across jurisdictions in the normal course of business operations, companies must know where their data is stored, processed, and transferred, and whether any restrictions apply. The DPDP