Editor's note: The IAPP is policy neutral. We publish contributed opinion and analysis pieces to enable our members to hear a broad spectrum of views in our domains.

While the monsoon season starts its annual sweep across India bringing rain that provides the much-awaited respite from the hot summer months, the growth of the digital landscape in India is hardly seasonal, marching ahead rapidly. The country's digital trust and governance community watches this march with a mix of awe and apprehension, often tearing our hair out about the accompanying risks.

The optimist in me chooses to observe the streaks of silver lining.

For those of us who patiently wait to hear any news pertaining to India's Digital Personal Data Protection Act, which has yet to become operational, some news emerged a couple days ago. The Economic Times reported it is likely the DPDPA may be referred to the Attorney General of India for an opinion on whether it dilutes the powerful Right to Information Act.

While discussion on this has been going on since the DPDPA was passed, this is the first time any action relating to it has been reported. Its impact on the roll-out of the law could be potentially significant, much delayed as it already is.

While on the topic of privacy, the Telecom Regulatory Authority of India announced the launch of a pilot for rolling out digital consent in the sphere of telemarketing. Given how intrusive and voluminous unwanted telemarketing calls have become for the average user, this is the latest in a series of measures by the TRAI.

In this latest endeavor, telemarketing entities would be required to obtain explicit digital consent from users. Further, the consent would need to be registered "in a secure and interoperable digital consent registry maintained by the Telecom Service Providers (TSPs) for easy verification of consents while commercial communication is made to the consumers."

Dark patterns, another area impacting a large swathe of consumers, also saw some action. Given how an average user can be manipulated via design tactics into making choices they would not have otherwise, and the growing complaints associated, the Department of Consumer Affairs issued a press release requiring e-commerce platforms to address the problem.

It has set up a Joint Working Group to "identify and eradicate dark patterns" and given platforms a three-month deadline to conduct self-audits to identify dark patterns in their operations and take steps to mitigate them. Further, the advisory asks the platforms to make self-declarations about nonindulgence in such activities.

Meanwhile, regulators are gradually starting to show awareness of the adoption of artificial intelligence. After the Reserve Bank of India, the Securities and Exchange Board of India — the regulator for the securities sector covering exchanges, brokerages and mutual funds — has spoken up.

In a consultation paper titled "Guidelines for Responsible Usage of AI/ML in Indian Securities Market" released 20 June, the SEBI articulated five key principles as the basis for governance of AI applications in the securities market. These include model governance, investor protection, testing framework, fairness and bias, and data privacy and cyber security measures. Comments and feedback is requested by 11 July.

As baby steps are being taken on the regulatory front, the digital juggernaut powers on, raising several questions around associated risks.

For instance, the Ministry of Electronics and Information Technology recently announced that the Unique Identification Authority of India — the authority that operates and oversees the critical Aadhaar identity ecosystem of 1.4 billion Indians — is sharing "non-personal" and "anonymized" Aadhaar data with India's open government data platform.

This set off a flurry of criticisms from a variety of stakeholders centering around the risk of re-identification and lack of a legal framework in India around nonpersonal and anonymized data.

In another development, the Ministry of Women and Child Development issued a 30 May directive mandating the use of facial recognition systems to authenticate beneficiaries and record attendance under the Poshan Abhiyaan scheme — which provides benefits like food rations and mid-day meals to children in government-run schools and childcare centers. This requires collection of facial data of children under the age of 6. At age 6, children in India become eligible to obtain an independent Aadhaar card — so this means 80 million children across 1.4 million Anganwadi centers.

Finally, some interesting statistics.

According to the recently published "2024 Piracy Trends and Insights" report from the Museum of Solutions, India ranked second in global piracy traffic — second only to the U.S. A cringeworthy statistic, for sure.

In a recent report by the Telecom Regulatory Authority of India on telecom subscription data, there was a 0.11% decline in April 2025 in broadband users. At the same time, emerging technologies like fixed wireless access and machine-to-machine are gaining momentum, particularly in rural areas. For example, fixed wireless access subscribers went from 6.7 million to 7.5 million.

To understand the context of this: Fixed line internet is scarce in rural areas even now. Ambitious government programs are being rolled out to address this. One of the flagship programs is the BharatNet project, an initiative to get broadband to all villages in India — which number over 250,000. Fixed wireless access enables the last mile here.

Hopefully the various initiatives to provide the necessary guardrails to the digital juggernaut that is India start seeing the light of day rapidly. One does not need to articulate to this community of readers the implications otherwise.

Shivangi Nadkarni is senior vice president and general manager, digital governance at Persistent Systems.

This article originally appeared in the Asia-Pacific Dashboard Digest, a free weekly IAPP newsletter. Subscriptions to this and other IAPP newsletters can be found here.