DPDP Rules 2025: IT Minister Ashwini Vaishnaw Envisions Committee for Local Data Storage

In a strategic move to balance data protection with seamless industry operations, the government has introduced the Draft Digital Personal Data Protection Rules 2025. A key highlight of the proposed rules is the establishment of a central sectoral committee to oversee and recommend data localization requirements for specific industries. This initiative is aimed at ensuring compliance with security regulations while avoiding disruptions to business continuity.

Centralized Approach to Data Localization
The proposed committee will act as a unified decision-making body, working closely with sectoral regulators and ministries to define the types of personal data requiring local storage. IT Minister Ashwini Vaishnaw emphasized that the committee will prevent unpredictable mandates by individual sectors and maintain a consistent regulatory framework. For example, sectors like banking already adhere to Reserve Bank of India’s stringent data localization norms for financial information. Similar structured approaches are now being extended to other industries.

Mitigating Sectoral Disruptions
The government’s intent is to avoid abrupt changes that could hinder industries reliant on cross-border data flows. By consulting with stakeholders and creating standardized guidelines, the committee aims to address sector-specific concerns. The approach is designed to ensure that data localization requirements are applied selectively, targeting only critical data categories, while preserving operational efficiencies in sectors such as technology, healthcare, and public services.

Balancing Security and Growth
Data localization has often been a point of contention, particularly among global tech giants like Meta, Google, and Amazon, who have raised concerns about operational feasibility and increased costs. The committee framework aims to resolve these concerns by providing a collaborative platform for industry input while ensuring national security.

Implementation Timeline for Smooth Transition
To ensure smooth adaptation, the government is considering a two-year implementation timeline for industries to align their systems with the new framework. This phased approach is expected to help sectors avoid abrupt operational bottlenecks and financial burdens.

Significance for the Industry
The new rules mark a departure from the more rigid localization mandates previously proposed. Instead, they focus on creating a collaborative environment where the government and industries can work together to ensure compliance without disrupting critical operations. By integrating sectoral feedback into policy-making, the draft rules reflect a pragmatic approach to data governance.

The Draft Digital Personal Data Protection Rules 2025 represent a significant step forward in India’s data governance, ensuring both national security and uninterrupted industrial growth through a carefully crafted, sector-specific localization strategy.