Skip to content
Magist
AnalyzeRegulationsVendorsCounselUpdatesCompareAbout
Home/By vertical/India DPDPA

Regulatory scoping for India’s Digital Personal Data Protection Act

India’s Digital Personal Data Protection Act is consent-first and reaches processing outside India connected to offering goods or services to people in India. Its under-18 children’s threshold and categorical advertising prohibition for minors are the surfaces where most of the divergence from a GDPR program sits.

Data privacyChildren’s dataConsent architectureCross-border transfers

Regulations Magist tracks for this vertical

  • DPDPA →

Coverage of these newer regimes is published as draft and reviewed on a rolling basis.

Questions that determine your footprint

  • Do you offer goods or services to people in India?

    DPDPA can apply extraterritorially to processing connected with offering goods or services to individuals in India, comparable in shape to GDPR.

  • Could any users be under 18?

    DPDPA defines children as under 18, which is higher than COPPA or the GDPR default, and behavioral tracking and targeted advertising directed at children are prohibited — typically a product change for mixed-age products.

  • Are you relying on a GDPR program?

    A GDPR-default program covers much of the surface, but the under-18 line, the nomination right, and the transfer-restriction-on-publication model diverge in ways worth scoping.

See exactly which of 155+ regulations apply to your india dpdpa product.

Run your analysis →

Magist is an instrument, not a consultancy. It does not sell compliance services or take payment from vendors for placement; the analysis is the same for everyone.

Magist provides legal information, not legal advice. Consult a licensed attorney.

Magist

Pre-launch regulatory analysis for product teams. Built by a lawyer, designed for PMs.

Tools

  • Analyze
  • Guided walkthrough
  • Vendors
  • Find counsel
  • Saved analyses

Reference

  • Scope by business model
  • Scope by jurisdiction
  • App ratings
  • Regulations
  • Compare regulations
  • Enforcement
  • Browse Controls
  • Vendor coverage
  • Radar
  • Pulse
  • Changelog
  • Guides
  • Regulatory updates
  • Open data
  • Corpus license
  • Ontology
  • State of Compliance

Solutions

  • For legal teams
  • For engineering
  • For executives
  • For law firms
  • For investors
  • For teams →

About

  • About Magist
  • Methodology
  • Editorial standards
  • Reviewers
  • Coverage status
  • Corrections
  • Trust
  • Coverage scope
  • How we handle data
  • Sub-processors
  • FAQ

Built by Neel Patel, a practicing in-house games attorney. Games touch more compliance domains at once than anything else in tech — Magist was designed around that.

Magist provides legal information based on publicly available regulatory sources. It does not constitute legal advice and does not create an attorney-client relationship. Consult a licensed attorney in your jurisdiction before making compliance decisions. Operated by a Washington-licensed attorney. Not licensed in California or other US states. Magist provides legal information; consult a licensed attorney in your jurisdiction.

Magist is an instrument, not a consultancy. It does not sell compliance services or take payment from vendors for placement; the analysis is the same for everyone. No vendor, sponsorship, or referral fees, ever.

MethodologyLimitationsDisclosures

© 2026 Magist
TermsLicensePrivacySecurityLinkedIn