Raksha Labs
← Raksha WatchData protectionDeadline 14 May 2027
High

The DPDP timeline: what's due on 14 Nov 2025, 14 Nov 2026 and 14 May 2027

DPDP obligations don't all start at once. Some provisions began on notification, Consent Manager registration opens at the one-year mark, and the substantive obligations most businesses care about bite on 14 May 2027.

The three dates that matter

The 2025 Rules commence in three tranches, each keyed to the 14 November 2025 gazette publication:

WhenWhat commences
14 Nov 2025Definitions, commencement provisions, and the framework for the Data Protection Board.
14 Nov 2026Consent Manager registration (the intermediaries that will manage consent on people's behalf).
14 May 2027The substantive obligations: privacy notice & consent, data-principal rights, reasonable security safeguards, breach reporting, Significant Data Fiduciary duties, and cross-border transfer rules.

Why it matters

14 May 2027 is your hard deadline. That's when the obligations that affect day-to-day operations — how you ask for consent, how you respond to a "delete my data" request, what security you keep — become enforceable.

What this means for you

Work backwards from May 2027. A consent + notice + deletion workflow, a data map, and basic security hardening are not weekend jobs — give yourself months, not days.

Heads-up on dates: you'll see "13 November / 13 May" in some write-ups (the date the Rules were signed). The government's gazette-publication dates are the 14th — use those.

Further reading: a clear rule-by-rule breakdown of the commencement schedule is in Shardul Amarchand Mangaldas's analysis.

What to do now

Project

Build your plan backwards from 14 May 2027 — that's when notice, consent, data-principal rights and security obligations are enforceable. Note Consent Manager registration opens a year earlier.

This affects you if…
  • you process personal data of people in India
  • you need a compliance roadmap and dates
Source

Press Information Bureau (MeitY) · DPDP Rules, 2025 — commencement schedule (s.1(2))

Don't just read it — find out where you stand.

A free scan shows what your live site is exposing today. When you're ready to be audit-ready, our Compliance Sprint gets you DPDPA-ready in 30 days.

Scan my site freeCompliance Sprint — ₹49,999

General information, not legal advice. Verify against the cited primary source and confirm specifics with a qualified advisor before acting.