Notes from the Asia-Pacific region: India feels geopolitical impacts, awaits DPDPA rules, and more

Much like the rest of the world, India is in the thick of dealing with the current volatile global scenario. Needless to say, all dimensions of the economy are impacted — as are individuals. Those of us who work in the digital trust and governance space tend to train our eyes on the impact of geopolitics on the digital ecosystem.

A specific incident in late July brought into focus how geopolitics can impact everyday businesses.

Late last month, Nayara Energy, India's third largest refinery with 6,000 fuel stations, was cut off from accessing its data by Microsoft without notice, despite having fully paid licenses. Rosneft, a Russian entity, has a 49.13% stake in Nayara Energy. The action came after EU-imposed sanctions on Russia 18 July. As expected, this raised a hue and cry and much discussion.

Another geopolitics-related incident involves the Indian National Space Promotion and Authorisation Center's service authorization withdrawal for two Asia Satellite Telecommunications Company satellites after 31 March 2026. AsiaSat's biggest shareholder is a Chinese government-owned entity. This move impacts some of India's largest entertainment broadcasters, like Zee and Jiostar, which will now have to look for alternatives.

Meanwhile, ever since the Indian Parliament's Monsoon session got underway, we have been waiting with bated breath for the much-anticipated Digital Personal Data Protection Act rules to be introduced. The rules need to be passed by the Parliament to come into effect, and unfortunately, there has yet to be news on this front.

However, a few actions do take place occasionally — akin to "green shoots" — that keep us optimistic. One was the announcement of the Ministry of Electronics and Information Technology's shortlisting of six entities for the final round of a competition titled "Code for Consent: The DPDP Innovation Challenge." The initiative is running to build a consent management ecosystem for India under the DPDPA.

Meanwhile, the privacy of an individual was brought into focus through an interesting incident. An insurance company denied one man's medical insurance claim for hospitalization stating his Google timeline — location history — did not match the hospital's location. The claimant took the matter to the Consumer Dispute Redressal Forum which ruled in his favor.

But the incident showcases how much a user's privacy continues to be taken for granted in India — especially since the DPDPA is yet to get off the ground.

In another case, for the first time in India, an e-voting app was permitted to be used to cast votes. This was in the state of Bihar, where local elections were recently held. Predictably, this has sparked a wave of criticism, including around privacy. For example, the app's privacy notice states the personal data collected can be used for other purposes. Without the operationalization of the DPDPA, this is a matter of concern, including that this could set precedence. Similar examples could continue to rise, particularly given how rapidly India has been going digital in the last decade.

Some statistics to corroborate this:

Data consumption has been steadily increasing, as reflected in the quarterly financial results of one of India's leading mobile service providers, Airtel. The company reported a 21.6% rise in mobile data consumption from April to June.

Digital payments are another key area where data is used, with the extremely popular unified payments interface-based payments leading the charge. This backbone on which several digital payment apps operate enables instant transfer of funds between any two individuals. According to the latest statistics from the National Payments Corporation of India, the number of daily transactions has crossed 650 million, overtaking the daily global transactions by Visa.

Given the above volumes, can cybercrime be far behind?

Some rather scary statistics in this regard were recently released. According to a question answered in parliament, cybercrime cases have increased 500% in the last five years.

A silver lining to counter this is the updated security audit guidelines issued by India's Computer Emergency Response Team. While there are lingering uncertainties around how these would sync with the requirements of the DPDPA, the guidelines would certainly help bring added structure and standardization in this area.

Amid these rather uncertain, yet busy times, I remain optimistic that things will settle down eventually. Until then, the lovely monsoon season will keep us cool and in good cheer.

Shivangi Nadkarni is senior vice president and general manager, digital trust at Persistent Systems Ltd. The views expressed belong solely to the author.