India

By Prashanth Kumar Muddana Telangana State has witnessed a remarkable digital transformation in urban governance. The state’s building permission process — once plagued by manual delays and bureaucratic hurdles — has now evolved into an intelligent, AI-powered approval ecosystem known as BuildNow Telangana. This transformation marks a major leap toward efficiency, transparency, and smart urban planning. The Manual Era — Before 2015 Before digitization, building and layout permissions were handled manually by local authorities such as GHMC, HMDA, DTCP, and various Municipalities and Gram Panchayats. Applicants had to submit physical files and visit multiple departments for No Objection Certificates (NOCs). This process was time-consuming, lacked transparency, and was prone to inconsistencies and corruption. The Early Digitization Phase — 2015 to 2019 Recognizing the need to modernize, Telangana introduced early online systems such as OBPMS (Online Building Permission Management System) by GHMC and ODPMS (Online Development Permission Management System) by HMDA. These allowed online submission and tracking of building applications but had limited integration and required manual scrutiny. TG-bPASS Scheme — Telangana’s First Unified Digital System (2020–2024) In 2020, the Telangana Government launched TG-bPASS (Telangana State Building Permission Approval and Self-Certification System), a single-window platform for online approvals. It brought transparency, reduced human intervention, and provided instant approvals for small residential plots. Key highlights in TG-bPass, Scheme include: - Self-certification-based instant permissions - Online submission and tracking - Departmental integration for NOCs - Citizen convenience and transparency BuildNow Telangana — The AI-Driven Smart Era (2024–Present) With rapid urbanization and the exponential growth of building activity in Telangana, the Government recognized the need to enhance capacity, efficiency, and scalability in urban service delivery. In 2024, the State Government of Telangana introduced BuildNow Telangana, an advanced AI-powered building and layout approval platform replacing TG-bPASS. It integrates all departments under one system and uses artificial intelligence for faster, more accurate approvals. This next-generation integrated platform serves as a single digital window for processing all types of building and layout permissions, offering contactless and self-certification-based approvals. It is designed to deliver services within stipulated timelines, ensuring transparency and accountability at every stage. Building a Smarter Telangana BuildNow Telangana symbolizes the state’s evolution from manual file-based approvals to AI-enabled smart governance. Through this initiative, Telangana reinforces its commitment to efficiency, accountability, and innovation, ensuring that urban development keeps pace with the aspirations of its people and the momentum of its growth. Digital Governance and Citizen Empowerment The vision behind BuildNow Telangana is to provide citizen-friendly, technology-driven services that are both transparent and efficient. The platform leverages advanced IT infrastructure, AI-powered automation, and real-time digital tracking to create a contactless approval process that minimizes human intervention and maximizes reliability. By digitizing traditional workflows and enabling data-driven monitoring, BuildNow is helping to: Reduce delays and eliminate discretionary decision-making, Empower citizens through self-service digital applications, and Strengthen governance through integrated inter-departmental coordination. Collaboration and Future Vision The MA&UD Department continues to collaborate with national and international institutions to introduce global best practices in urban management. By focusing on innovation and data-driven decision-making, Telangana aims to: Develop transparent, citizen-centric, and cost-effective services, Simplify complex approval processes through one-stop digital access, and Enhance ease of doing business to accelerate state-wide growth and infrastructure development. Key Features of AI-Driven Automation in BuildNow: AI-Powered Drawing Scrutiny — Automatically checks uploaded plans for compliance with building codes and zoning laws. Automated GIS Integration — Validates land use, boundaries, and site details using real-time maps. Predictive Approval Analytics — Forecasts approval timelines and identifies workflow bottlenecks. Smart Workflow Automation — Seamlessly routes files to relevant departments digitally. Transparency and Tracking — Citizens receive updates and digital copies of permissions instantly. Data-Driven Planning — Enables better urban planning using aggregated data insights. Timeline of Evolution Before 2015 – Manual Local Systems: Physical files, multiple NOCs, and high delays 2015–2019 – OBPMS / ODPMS: Partial digitization, limited integration 2020 – TG-bPASS: Unified online approval and self-certification 2021–2023 – TG-bPASS: Enhancements including GIS integration, online payments, faster processing 2024–Present – BuildNow Telangana: AI-based scrutiny, unified digital platform Conclusion From manual file submissions to AI-driven automation, Telangana’s building permission journey showcases the power of innovation in governance. BuildNow Telangana represents a model of efficiency, transparency, and smart governance - transforming how citizens and developers interact with the government.

By Vanga Sai Keerthan Reddy INTRODUCTION The Indian insolvency framework continues to evolve to address the restructuring and resolution of companies unable to perform their operations due to overwhelming financial debt obligations and financial distress. A pivotal step in this process involves inviting resolution plans from prospective applicants and distributing proceeds as per the approved Resolution Plan. The recent Supreme Court judgment in Kalyani Transco Ltd v. JSW Steel Ltd[1] left open the issue of the distribution of EBITDA (Earnings Before Interest, Tax, Depreciation, and Amortization) accrued during the Corporate Insolvency Resolution Process (CIRP) of the Corporate Debtor. THE FRAMEWORK AND FINDINGS IN THE BHUSHAN POWER AND STEEL CASE In the ‘Kalyani Transco Ltd v. JSW Steel Ltd’ case, arising from the ‘Bhushan Power and Steel Ltd’ resolution process, the Supreme Court remained silent on the issue of EBITDA distribution, noting the absence of any statutory provision or precedent governing it. The creditors contended that they were entitled to the EBITDA, as they provided financial assistance for operations during the CIRP, while the Resolution Applicant argued that ownership and control of the assets and liabilities were transferred to them upon approval of the Resolution Plan by the Adjudicating Authority. The Court observed that the resolution plan had already been implemented after a significant delay. Entertaining new claims at this stage—described by the Court as “Hydra Heads Popping Up”—would undermine the sanctity and finality of the resolution plan, reiterating principles established in *Essar Steel Ltd v. Satish Kumar Gupta*. In ‘Essar Steel Ltd’, the Court held that profits or proceeds should be distributed as per the Request for Resolution Plan (RfRP). If the RfRP does not specify the treatment or distribution of such profits, they shall be retained by the Corporate Debtor. However, ‘Essar Steel’ dealt with the distribution of resolution proceeds, not profits generated during the CIRP. In contrast, ‘Bhushan Power and Steel Ltd’ is concerned with operating profits (EBITDA) generated before plan approval. This distinction reveals a legal lacuna that remains unresolved and open to future litigation. REFLECTIONS ON LAW Under Section 30 of the Insolvency and Bankruptcy Code, a resolution plan must be approved by (i) the Committee of Creditors (CoC) with at least 66% voting share and (ii) the Adjudicating Authority (NCLT). Once approved, under Section 31, the plan becomes binding and extinguishes prior financial obligations of the Corporate Debtor. A Successful Resolution Applicant (SRA) does not hold any ownership or control over the assets and liabilities of the Corporate Debtor until the plan is duly approved. Hence, the SRA cannot claim any interest in the Corporate Debtor’s earnings prior to that approval. Conversely, creditors cannot independently claim EBITDA unless it is recognized as part of the Corporate Debtor’s estate or distributed as per the approved plan. EBITDA represents the operational earnings generated by the Corporate Debtor during CIRP and forms part of the estate managed by the Resolution Professional. In the absence of explicit statutory guidance, the treatment of such earnings should ideally be addressed within the Resolution Plan approved by the COC. EXPERTS’ AND INSOLVENCY PRACTITIONERS’ VIEWS Upon commencement of the CIRP, the Resolution Professional assumes control over the management of the Corporate Debtor’s assets and liabilities. Creditors, who have extended loans in good faith, often face significant haircuts on their claims. Under Section 53 of the IBC—which governs liquidation distribution but is often referred to by analogy for fairness in CIRP—the interests of secured creditors and financial institutions must be carefully protected. These creditors, entrusted with public funds, play a crucial role in maintaining economic stability, and any losses sustained by them can have broader implications on the financial system. Hence, it is essential that the interests of financial and secured creditors be safeguarded in the distribution of any proceeds, EBITDA, interim profits, or net gains generated during the CIRP, prior to the approval of the Resolution Plan by the CoC. CONCLUSION The objectives and interests of financial creditors, operational creditors, and secured creditors must be protected to the greatest possible extent to ensure that repayments are recycled into the economy, strengthening financial health and safeguarding depositors’ rights. Legislative or regulatory amendments may be required to clarify the treatment and distribution of EBITDA and interim profits generated during CIRP. Such clarity would promote equitable treatment among stakeholders while upholding the principles of transparency and fairness envisaged under the Insolvency and Bankruptcy Code [1] 2025 INSC 1165

Lessons From The Apple Data Breach And Remedial Steps That Can Be Taken By India In Light Of The New Data Privacy Act By K. Sidharth Reddy   INTRODUCTION In an era where personal data is a currency as valuable as gold the Government has taken commendable steps towards protecting this aforesaid new age currency by enacting The Digital Personal Data Protection Act, 2023 and associated rules (“DPDPA”) with the aim to protect personal data, deter data aggregators from collecting more data than what is required and to ensure such breaches do not take place in India. The step taken by the Government to enact DPDPA is particularly relevant in light of the recent Apple Inc. (“Apple”) privacy breach that arose due to Apple’s voice assistant namely “Siri”[1] serves as yet another wake-up call. Apple, a company that has long prided itself on its commitment to security and user privacy, now finds itself at the center of controversy. The breach not only exposes vulnerabilities in even the most fortified digital ecosystems but also raises critical questions about how much control users truly have over their data especially with respect to voice assistants like Siri, as it continuously monitors conversations, potentially collecting sensitive personal data without explicit user consent. This undermines users' right to control their own information, exposing them to unauthorized data access and surveillance risks. This incident underscores the evolving nature of cybersecurity threats, the limits of corporate safeguards, and the urgent need for stronger regulatory frameworks. As we dissect the implications, one thing remains clear—data privacy is no longer a given; it’s a battle that must be fought continuously. IMPLICATIONS The recent breach of personal data by Apple’s Siri has raised concerns among users about the actual level of protection offered by technology companies, despite their claims of prioritizing data privacy. This incident is particularly alarming given Apple’s reputation as a leading advocate for user privacy in the smartphone industry. Furthermore, the settlement arrived at by Apple in the class action lawsuit[2] which prima facie amounts to a $95 million settlement but upon perusal of the finer details it can be discerned that individuals are entitled to receive a paltry compensation of $20 only upon satisfaction of the following conditions (“Relevant Conditions”): If the individual claiming the compensation has owned a Siri-enabled Apple device (such as an iPhone, iPad, Apple Watch, Mac, HomePod, or AirPods) in the United States between September 17, 2014, and December 31, 2024; and If the individual has experienced any unintentional Siri recordings during private or confidential conversations. An analysis of the Relevant Conditions highlights the limited nature of the compensation being awarded to the affected users highlights the value given to data privacy of the users and citizens as the paltry compensation can be further disputed by analysing whether a conversation can be deemed as “private” or “confidential”. However, data privacy should be of paramount importance to any company processing personal data as provided for under the California Consumer Privacy Act, 2018 (“CCPA”) and the California Privacy Rights Act, 2020 (“CPRA”)[3] which is the applicable law for Apple as the company is incorporated in California. The CCPA and CPRA (collectively referred to as “California Privacy Laws”) are akin to the European Union’s General Data Protection Regulation (“GDPR”)[4]. However, unlike the interpretation of GDPR by the European Courts which levies stringent deterrent penalties on any entity that breaches privacy of any individual in Europe, the American Courts did not interpret the penal provisions of the California Privacy Laws in a similar manner despite the similarities of provisions with GDPR and established precedents for levying exemplary damages. In this instant class action lawsuit against Apple, the American district courts elected to pass an award for damages which is more of a slap on the wrist despite a grave breach of privacy and utilizing personal data in an unauthorized manner. Despite the heightened awareness of data privacy in developed countries, citizens' personal data continues to be exposed to severe breaches, often with inadequate compensation. Thus, it is even more crucial for Indian legislators to deter such actions, given the insufficient awareness of data protection within Indian society. Hence, the onus falls on the Government to safeguard the valuable data of the world’s largest digital population which the DPDPA has been enacted for by the Government of India. In light of the above, we will be analysing the relevant provisions of DPDPA that companies need to adhere by to ensure that they are not affected by penalties and we will also analyse how the Indian legislators can modify the DPDPA to further protect data privacy in our country. ANALYSIS Relevant provisions of DPDA: Section 2(i): Definition of Data Fiduciary: A data fiduciary means any person who, either alone or in conjunction with other persons, determines the purpose and means of processing personal data. Section 2(j): Definition of Data Principal A data principal means the individual to whom the personal data relates. Section 3: Applicability and Scope The Act applies to the processing of digital personal data within India. It also applies to processing outside India where any entity offers goods or services to individuals in India. Section 4: Grounds for Processing of Data Personal data must be processed only for lawful purposes, in a fair and transparent manner, and only after obtaining free, fair, and unambiguous consent from the data principal. Section 5: Notice Collection of personal data must be limited to what is necessary for the stated purpose, as specified in the notice provided to the individual while seeking consent.  Section 6: Consent Consent for collecting personal data must be free, specific, informed, unconditional, and unambiguous, expressed through a clear affirmative action. It must indicate agreement to process personal data for a specified purpose and be limited to data necessary for that purpose. Such consent must be easily withdrawable, and upon withdrawal, data processing must cease within a reasonable period. Section 8: General Obligations of Data Fiduciary Data fiduciaries are required to implement reasonable security safeguards to prevent personal data breaches. They are solely liable for damages if any provision of the DPDPA is breached during the collection or processing of personal data. Section 10: Additional Obligations of Significant Data Fiduciaries The Government may notify a data fiduciary as a “Significant Data Fiduciary” based on factors such as the volume and sensitivity of personal data processed, risks to data principals or democracy, and concerns relating to state security or integrity. Once classified, such fiduciaries are subject to additional compliance requirements, including appointing a Data Protection Officer, conducting audits, and meeting other obligations prescribed under the DPDPA. Section 11: Right to Access Information about Personal Data Data principals have the right to access their personal data and obtain information regarding how such data is being processed. Section 12: Right to Correction and Erasure Data principals may request correction, updating, completion, or erasure of their personal data. Section 13: Right to Grievance Redressal Data principals have the right to file complaints with data fiduciaries in case of violation of their rights. The grievance redressal mechanism must be simple and accessible. Section 18: Data Protection Board The Data Protection Board is the regulatory authority constituted under the DPDPA to handle complaints, ensure compliance, and impose penalties. Section 33: Penalties The DPDPA provides for monetary penalties for breaches of its provisions, which may extend up to INR 250 crore. Such penalties are credited to the Consolidated Fund of India. Upon a brief analysis of the relevant provisions set out above it can be noticed that the DPDPA has incorporated the basic tenants of GDPR and California Privacy Laws including exemplary damages for breach and misuse of personal data, thus it is important for companies who intend to collect data to take comprehensive steps to be in compliance with DPDPA including but not limited to taking the following steps: Preparation of a consent notice and privacy policies in line with provisions of DPDPA; Ensuring technological measures are implemented to track the consent being provided along with scope of the consent being provided thus ensuring the data being collected does not exceed the scope of consent being provided; and Should be aware of the sensitivity of personal data being collected and implement technological measures to safeguard personal data for avoiding any breach of the same which in turn could lead to the companies attracting exemplary penalties. While the above actions can be taken by companies who fall under the definition of data fiduciaries, the Central Government could take further steps towards improving the protection afforded to the citizens of India by amending provisions of DPDPA as outlined in the recommendations below. RECOMMENDATIONS Pursuant to the above analysis, the following actions are recommendable to be taken by the Central Government for further protecting the citizens of India: Data collection tax: To ensure companies adhere to a fundamental tenet of the DPDPA—limiting the collection of personal data—it is essential to enforce appropriate consequences. A viable approach is to introduce a data collection tax, wherein data fiduciaries are taxed based on the volume of data they collect. This would incentivize them to restrict data collection strictly to what is necessary for their business purposes. Prescribing relevant technological measures to protect personal data from any breach: While the DPDPA mandates the implementation of technological measures to protect personal data, it lacks quantifiable guidelines for micro, small, and medium-sized enterprises (MSMEs) to understand the necessary measures for compliance. To address this, the Central Government could establish a committee of technological experts to develop clear guidelines, ensuring that all data fiduciaries can effectively adhere to the DPDPA's provisions. Utilization of the penalties being levied in a transparent manner: Section 34 of the DPDPA mandates that penalties imposed under Section 33 be credited to the Consolidated Fund of India. It is crucial to ensure that these funds are used for the welfare of data principals, including compensation for privacy breaches and their consequences. Therefore, the Government should establish guidelines ensuring transparency in the utilization of these funds, specifically towards enhancing the protection of privacy and personal data. CONCLUSION The Apple Siri privacy breach is a stark reminder that even the most privacy-conscious tech companies are not impervious to data vulnerabilities. While regulatory frameworks like the CCPA, CPRA, and GDPR establish strong data protection standards, inconsistent enforcement raises concerns about corporate accountability. India’s Digital Personal Data Protection Act, 2023 marks a significant step in India toward strengthening data privacy, ensuring that companies are held accountable and user data is safeguarded. However, for the DPDPA to be truly effective, it must go beyond mere compliance mandates. Stronger enforcement mechanisms, transparent utilization of penalties, and well-defined technological safeguards are essential to prevent data misuse and protect user privacy. As the digital landscape continues to evolve, both regulators and corporations must remain proactive in upholding data protection as a fundamental right as recognized by the Indian judiciary—because in today’s world, personal data is not just information, it is power. [1] https://www.forbes.com/sites/moinroberts-islam/2025/01/03/siri-privacy-breach-apple-to-pay-95m-settlement-amid-spying-claims/ [2] Lopez et Al. v. Apple, 19-cv-04577-JSW (N.D. Cal.) [3] Cal. Civ. Code §§ 1798.100–1798.199.100 [4] General Data Protection Regulations, (EU) 2016/679.

SNG & Partners has acted as legal counsel to DreamFolks Services Limited on two milestone transactions. The acquisition of a 50.01% stake in Ten 11 Hospitality LLP in India and a 60.24% stake in ETT Solutions DMCC in Dubai. These deals mark a significant step in DreamFolks’ strategy to scale its domestic offerings and reinforce its global footprint spanning 120+ countries and 500 airports. SNG & Partners delivered end-to-end legal support across both mandates. For the Ten 11 Hospitality LLP transaction, the firm led comprehensive due diligence and the drafting and negotiation of the definitive agreement, helping strengthen DreamFolks’ domestic hospitality ecosystem. The ETT Solutions DMCC acquisition—structured through a mix of secondary share purchase and primary subscription—will result in DreamFolks holding a 60.24% stake, with ETT set to become a foreign subsidiary post‑completion. With its cross‑border structure and multi‑jurisdictional regulatory requirements, the deal involved heightened complexity. SNG & Partners worked closely with UAE counsel on definitive agreements and negotiations, while also providing specialised guidance on foreign exchange reporting requirements, ensuring seamless alignment across jurisdictions. The transaction was led by Chandra Shekhar Mishra (Associate Partner), supported by Aditi Mishra, Arjun Khanna, and Mohit Goyal (Associates). The transaction team drew on strategic oversight and key transactional direction from Aditya Vikram Dua (Partner & Head – Financial Services), whose guidance was instrumental in navigating both the domestic and cross‑border dimensions of the mandates.