What the DPDP Act means for enterprise AI agents in India

The Digital Personal Data Protection Act, 2023, is now the operative privacy regime in India. For enterprise AI deployments, the part that matters is not the consent banner - it is the runtime egress controls and the audit obligations.

Three clauses do most of the work: §6 (notice and consent), §8(4) (data principal rights), and §10 (significant data fiduciary obligations). Each one maps onto a specific Veto Protocol enforcement.

We will publish a clause-by-clause map and the corresponding policy pack in the next post. For now, the compliance page links to the framework matrix.