Ahlawat & Associates

 The Promotion and Regulation of Online Gaming Bill, 2025 swiftly received approval from both houses of the Indian Parliament, following its introduction (on August 20, 2025) by the Indian IT Ministry. The Bill marks a significant departure from the prevailing legal framework governing online gaming in India (comprising legislation at both the national and state level). The existing legal regime in India, albeit fragmented (due to non-uniform regulation of gaming of the national and state legislatures), largely permits operation of online “Real-Money Games” (RMGs) which are based on skill or involve substantial elements of skill. However, the Billseeks to rehaul existing law to establish a uniform (national level) legal framework for promoting and regulating the online gaming sector – to the extent that this concerns E-sports and Social Gaming. Further, and in stark contrast to the existing regime, the Bill imposes blanket prohibition on the operation or promotion of Online Money Games (involving stakes) – irrespective of whether or not these involve skill. As of August 22, 2025, the draft Bill has secured Presidential assent to be enacted as law. The newly enacted Promotion and Regulation of Online Gaming Act, 2025 (“Act”) effectively overrides the existing legal regime governing online gaming in India with immediate effect. Thisarticle explores the eminent ramifications and opportunities concerning the social gaming industry (in the wake of the India’s RMG ban) subject to the Act. Classification of Social Games (and relative ambiguities) The Act defines an “Online Social Game” as a game which doesn’t comprise either an “Online Money Game” (involving monetary stakes) or “E-Sports” and necessarily encompasses the following key parameters: doesn’t involve staking of money or “other stakes”, or participation based on expectation of winnings “by way of monetary gain” in lieu of money or “other stakes”; is offered solely for entertainment, recreation or skill-development purposes Interestingly, as a qualifier to the above, the Act provides that an “Online Social Game” can allow users access subject to payment in the form of a “subscription fee” or “one-time access fee” – provided that such payment isn’t of the nature of a stake or wager. The Act thus establishes strict criteria for an online game to be statutorily deemed an Online Social Game – even though such game may not statutorily qualify or be categorized as an RMG. Specifically, a clear limitation is set in terms of the format, purpose as well as fee models that social games should follow to be deemed legally permissible. Key Observations Namely, in terms of format, the Act mandates that a Social Game cannot involve staking in any form, whether of money or “other stakes”. Importantly, the term “other stakes” is defined asincluding “…anything recognised as equivalent or convertible to money…” including any virtual or actual “…credits, coins, token or objects or any other similar thing…” which users/players purchase through making payment of money (whether directly or indirectly) in relation to or as part of an Online Game. The above mandate firmly limits Social Games from offering of in-game credits, virtual currency or other similar assets or in-game payments in any form which could be perceived as a wager or stakes. In furtherance, the Act also dictates that user participation in a Social Game cannot be based on expectation of winnings in return for money or other stakes (which are akin to money).In light of this, the following prescriptions are made clear: Social Games cannot facilitate staking of money nor other stakes by users; Users’ participation in Social Games cannot be based on their expectation of some monetary winnings or monetary gain in return of staking of money or stakes However, the broad nature of the above prescription gives rise to a series of interpretations as regards what would qualify as a statutorily permissible format (or offering) in respect of a Social Game. Illustratively, the above prescriptions don’t limit the offering of in-game objects in entirety as part of Social Gaming. Social Gaming operators are simply barred from offering any objects that could be perceived as stakes – which doesn’t include in-game objects havingaesthetic nature or utility other than stakes (such as character skins or weapons) within the game.An inference that may thus be drawn that a Social Game can proceed to offer certain in-game items for purchase provided these items cannot be staked by users and provided the user is not purchasing such items in expectation of some “monetary gain”. In connection, it is worthwhile to add the term “monetary gain” can be interpreted as both gain of actual money and/or gain of rewards akin to money (such as trips or vouchers) under the Act. Accordingly, Social Gaming operators will require to be mindful of various factors to ensure the format of their game is in compliance with the Act – for which purpose each proposed format (of Social Game) wouldideally require legal analysis on a case-to-case basis.  Further, in terms of fees, while the Act doesn’t entirely restrict Social Gaming operators from collecting payment from users, it mandates that fees be charged from users in a manner that wouldn’t constitute stake or wager. In this regard, the Act mentions that operators may charge their users a “subscription fee” or “one-time access fee” for “access” to a Social Game. Notably, the Act doesn’t specify at what time or in what manner exactly such fees ought to be levied, nor the duration for which “access” is to be granted in respect a Social Game. However, it seems to imply that charging fee in relation to a Social Game is acceptable provided fee is charged for the purpose of granting access, whether charged in-game (as part of the game) or outside the game (ahead of gameplay). Meanwhile, in terms of purpose limitation, the Act effectively provides that Social Games can be offered to users only for the object of their entertainment, recreation or skill-development. Regulatory Approach to Social Gaming Gaming laws in India have long distinguished a “game of skill” or “game of chance” for the purpose of regulation. Illustratively, the Public Gambling Act, 1867 regulates and prohibits games of chance played for stakes – but not games of skill. This influence has carried over in the gaming/gambling legislation implemented by individual States in India within their respective territories – the majority of which do not seek to regulate (or at least prohibit) games based on skill, even if these may involve stakes. Further, Courts in India have repeatedly affirmed, in a series of pronouncements, that conduct of games of skill does not amount to gambling and is alegally permissible activity (entitled to protection under the Constitution of India). Likewise, the IT (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, 2023 have also sought to establish a self-regulatory model to distinguish “online real money games” involving stakes (which the statute prohibits) and “permissible online real money games”(which aren’t in the nature of gambling or based on chance). Under the above approach, it is clear that Social Gaming as a sector has largely remained outside the scope of regulatory oversight. The Act, however, disrupts the existing legal regime by establishing statutory categorization for Online Social Games. Notably, the Act empowers the Indian Government to establish a Gaming Authority for recognition, categorization and registration of Online Social Games as well as to provide for their development and availability for recreational and educational purposes. As part of this, the Central Government is empowered to undertake a variety of targeted measures for promotion of the Online Social Gaming sector – ranging from creation of platforms and programmes to support their development and distribution; implementation of initiatives forincreasing public access to safe and age-appropriate Social Games; running awareness campaigns that underscore benefits of such games; and collaborating with State Governments for wider promotion of the Social Gaming Sector. Conclusion In view of the above developments, it becomes clear that the Social Gaming sector (along with the E-Sports industry) may have escaped the ban imposed under the Act but hasn’t escaped statutory purview. The Act introduces new and distinct categorization for Online Social Games, requiring them to adhere to certain criteria to be deemed legally permissible. While the Act doesn’t fully embellish upon certain criteria (such as the format or fee structure) required to be met by games for qualifying as Social Games, further clarity on this aspect can be expected in due course – as and when the Government frames and releases rules (and relevant clarifications) for implementation of the Act. The regulation model proposed under the Act may require the gaming industry (including Social Gaming operators) to adapt and conform to new benchmarks and standards for meeting statutory requirements in the short run. However, for games which meet the relevant criteria (and qualify as Social Games), there are undeniable benefits – including in the form of Government backed initiatives and opportunities for significant promotion and development.   Authors: Mr. Gaurav Bhalla (Partner at Ahlawat & Associates) Ashneet Hanspal (Senior Associate at Ahlawat & Associates)

Introduction Gujarat International Finance Tec-City (“GIFT City”) located at Gandhinagar, Gujarat is India’s first International Financial Service Centre (“IFSC”) and the first operational smart city designed with an unequivocal focus to be a game-changer for India’s financial services market aims at becoming a global financial hub at par with international financial zones.With an objective to “onshore the offshoring of business”, the idea of GIFT City was envisaged back in 2008 and became operational in 2015. The simplified regulations bundled with various tax & other advantages offer an inviting ecosystem making it a promising destination for both local and global investors. With a specific attention on financial services, it also becomes a propitious landscape for both domestic and international financial giants. An IFSC is a specific location within the mainland of the country treated as a foreign location with an intent to enable global business offering a worldwide regulatory regime. IFSC at GIFT City gives an opportunity to global and domestic businesses to set up a company, limited liability partnership, subsidiary in the GIFT City under various business verticals including but not limited banking, insurance, stock exchange, alternate investment funds, aircraft leasing, ship craft leasing, etc. Investment in GIFT City: Game-changer for Investing in India Unified Regulator & Single Window Clearance  IFSC in India are governed by a unified regulator named  IFSC Authority (“IFSCA”) which encompasses regulatory powers of four financial services regulators in India namely Reserve Bank of India (“RBI”), Securities Exchange Board of India (“SEBI”), Insurance Regulatory Development Authority of India (“IRDAI”), Pension Fund Regulatory & Development Authority of India (“PFRDAI”) enabling it to provide single window clearance for all necessary approvals under one umbrella  in an easy manner. State-of-the-art infrastructure & easy setting up The spectacular and unparalleled urban planning done by the Government of Gujarat and Government of India gives heads up to the next- gen ‘plug & play’ infrastructure, facilitating quick and hassle-free business setup with all the infrastructural clearances in place. GIFT City Special Economic Zone(“SEZ”) The SEZ is created to encourage exports and foreign investment especially for multinational corporations. SEZ offers benefits to the businesses operating in this zone, including duty-free imports and exports, easy regulatory processes, tax benefits. GIFT City is the first IFSC in India and to make it all the more alluring and enticing the Government of India also declared it as a SEZ. Deemed Foreign Jurisdiction  GIFT IFSC has been designated as a foreign jurisdiction of a non-resident zone under the Foreign Exchange Management Act (“FEMA”) Regulations enabling affability for carrying out foreign exchange transactions in liberal manner. The entities setup in the GIFT IFSC can transact in, retain, repatriate the foreign currencies without limitations which are otherwise applicable to the mainland India. Easy movement of foreign capital  The offshore status of the GIFT IFSC bundled with various relaxations and less restrictive financial regulations makes it an attractive destination for foreign investors allowing unrestricted movement of fund invested in the form of repatriation of profits, dividends and investments back to the home country of the foreign investors. Liberal policies and business friendly regulatory framework  The regulatory regime of GIFT IFSC is formulated to parallel the best practices accepted globally facilitating flexibility and reduced compliance burden. Amongst the plethora of such benefits a few noteworthy relaxations includes exemption to non-residents from obtaining permanent account number (“PAN”) or filing return of income in India in certain circumstances. Tax Benefits in GIFT IFSC Tax benefits to the IFSC Units setup in GIFT City: The IFSC units setup in the GIFT City, India offers various tax benefits like exemptions on corporate tax, tax holiday for ten years, reduced Minimum Alternative Tax (“MAT”) etc increasing the profitability and hence growth of the business houses. It also offers numerous indirect tax benefits such as no Goods and Service Tax (“GST”) on services received by unit in IFSC, no GST on services provided to IFSC units / SEZ units / offshore clients. If the services are provided to the Domestic Tariff Area of mainland India then the GST is applicable under Reverse Charge Mechanism.   2. Tax benefits to the Investor investing in IFSC GIFT City: The investor investing in the GIFT IFSC gets numerous fiscal benefits including but not limited to the benefits such as interest income paid to non-residents on money lent to IFSC units in GIFT city are exempted from tax, transfer of specified securities listed on IFSC exchanges by non-residents are not treated as a transfer and  hence gains arising from such transfers are not treated as capital gains and are taxable in India , exemption from Securities Transaction Tax (“STT”) , exemption from  Commodity Transaction Tax (“CTT”), dividend received by investor in IFSC unit is subjected to concessional rate of tax, no GST on transactions carried out in IFSC exchanges. Various financial benefits and incentives The Government of Gujarat provides various state incentives in the form of financial incentives support schemes to attract companies and investors to GIFT IFSC. These incentives include grants, subsidies, and reduced operational costs due to OPEX support, CAPEX support, employment generation incentives. The government has also announced various state level incentives and subsidies to Information Technology (IT) and Information Technology Enabled Services (ITeS) Companies. Global IT & financial hub  GIFT City India provides distinguished benefits to the financial, IT/ ITeS companies making it a pivotal bedrock at par with the various global financial and IT hubs. GIFT City is a vision of the Government of India and Gujarat aiming to serve as a centre for global banking, trade, and business. Benefits of GIFT City for startups To promote the innovation of ideas and entrepreneurship IFSC-GIFT City provides dedicated FinTech sandboxes and requisite startup friendly environment with an aim to shape and fulfill the aspirations and ambitions of start-ups and entrepreneurs. Exemptions under the Companies Act of India for the companies set up GIFT IFSC There are various exemptions and relaxations given to the companies being setup in the GIFT IFSC with respect to the regulatory requirements under Companies Act in India. Few are enumerated as follows: The requirement of having minimum one resident director is waived in a company setup in GIFT IFSC, making it more empirical for the foreign entities to set up in India with the management people they are familiar with; Exemption for applicability of secretarial standard which lays down the procedural aspect of in relation to the board meeting and general meeting; Relaxation in compliance with regards to loans, advances, guarantees and investment by the companies setup in GIFT IFSC; Exemption in relation to appointment of internal auditor. Conclusion The Government of India recognizes and reinforces that tapping the global capital and global market are the key drivers for the development of businesses across the borders and plays a pivotal role in the overall economic growth and to strengthen the position of the country in the global economy. GIFT City accoutered with immense potential and growth opportunities is a magnum opus of the Government of India. Setting up a business entity at GIFT City will help international and domestic businesses to capitalize on the above-mentioned benefits and strategically unlock the growth opportunities and thrive in dynamic and conducive environment offered by the GIFT City. Author: Guneet Mayall (Senior Associate)

Starting a business is a multifaceted endeavour and extends beyond just having a brilliant concept and top-notch products or services.Formulating a cohesive team is paramount to the success of a business as the team functions as an engine that drives smooth operations and attends to the daily tasks that keep the business thriving. Central to this cohesive unit is the vital role played by the Human Resource (“HR”) policies formulated and the adherence to the HR compliances. While all the functions of the HR lie at an equal footing, compliances hold greater significance as they do not solely ensure a business’ adherence to a mandate, rather it also ensures employee satisfaction to an extent. As the industry constantly evolves, the compliance requirements also change to ensure that the policies and practices of organisations align with the industry practices and legal framework. This comprehensive guide serves the readers with a thorough understanding of the key HR compliances, protocols, and best HR practices, essential to foster a healthy and balanced workplace environment. Onboarding Compliances Onboarding compliances are the primary compliances involved in the process of hiring of employees. The foundation of an onboarding process often involves executing a well formulated employment agreement which outlines the terms and conditions of the employment, compensation, benefits, confidentiality terms, termination clauses and any other pertinent information. These employment agreements protect the interests of not only the employer but also provides clarity to the employee with respect to their duties and rights. As mentioned above, legal compliance is vital in onboarding and employers must ensure compliance with various central legislations during the onboarding process. This includes adhering to relevant laws and regulations such as the Transgender Persons (Protection of Rights) Act, 2019 and the Rights of Persons with Disabilities Act, 2016. Organizations should ensure that the hiring processes are non-discriminatory, inclusive and provide equal opportunities to all potential candidates irrespective of their gender identity, disability status, race, religion, ethnicity, sexual orientation, or other characteristics. Employers must ensure that the processes do not discriminate against any specific person in any matter relating to employment including but not limited to recruitment, promotion, and other matters. In addition, applicable laws mandate establishments to formulate policies for persons with disabilities and measures to make the workplace accessible to the differently abled employees. To ensure simplification, organisations may integrate the mandates of both the statues in their equal opportunity policy. Furthermore, employee background checks and verification, although not mandatory, are widely conducted by employers across industries to mitigate any risks associated with roles involving sensitive information and those of public importance. Background checks may involve obtaining government identification documents including but not limited to Aadhaar, Permanent Account Number (PAN), driving license or other generally accepted identity proofs, which are required to conduct a thorough verification as per requirements of the role and/or the organisation. However, the HR must comply with the applicable information technology laws and data protection laws when handling or storing personal data to safeguard the privacy of all the potential candidates and employees. Ongoing Compliances Like the operations of a business, the HR compliances are ongoing compliances that continue as the organisation operates and expands. Non-compliance with laws and regulations may lead to hefty penalties on organisations, can damage goodwill and in certain cases increase employee turnover rate. To avoid such adverse implications, organisations must ensure air-tight adherence to HR and labour compliances. Pivotal to such adherence are compliances to state-specific laws and regulations. The Shops and Establishments Act of each state where the organisation is located, provides for various provisions pertaining to leaves of employees, their working hours, deductions from wages, display of certain information in the establishment, etc. Every state in India has formulated its own set of regulations and has additionally outlined procedures for various matters. To safeguard the interests of both employers and employees, policies should be formulated in compliance with these applicable regulations and ensure alignment with statutory requirements. Although the respective states have formulated their set of laws with respect to leaves, working hours, probation, termination and notice period, it is imperative for the employers to comply with the legal thresholds outlined by each jurisdiction. However, organisations have the discretion to offer additional benefits extending beyond the minimum requirements stipulated by each state specific law. Furthermore, it is imperative to note that in certain states, employers have the flexibility to formulate their own policies with respect to these matters particularly for employees in managerial or supervisory roles, in which case standard laws may not be applicable. One of the key statutes to be adhered to while undertaking HR compliances is the Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013 (“POSH”), which is paramount for creation of a safe and comfortable workplace as it encapsulates provisions for protection against sexual harassment of women at workplace, prevention, and redressal of complaints of sexual harassment and connected matters. HR compliances under POSH include implementation of policies and procedures, imparting training to employees at all levels of the organisation, initiating appropriate action in instances of sexual harassment at workplace and filing of returns. Employers must conduct regular awareness programs to educate their employees, stakeholders, external members, contractors and related people about their rights and obligations under POSH. In addition to compliances under POSH, organisations are also required to comply with the various other statutes including, but not limited to, the Maternity Benefit Act, 1962, the Employee Provident Fund & Misc. Provisions Act, 1952 and the Payment of Gratuity Act, 1972. While some ongoing compliances may be applicable on organisations from the commencement of operations, there are compliances that an organisation may be liable to undertake after crossing certain threshold limits as prescribed under the central and state-specific laws. Termination Compliances Termination of employment, whether voluntary or involuntary, is a sensitive and legally intricate process that requires the HR to comply with various laws and regulations to ensure that termination is legal and ethical without adversely affecting the organisation or the employee. Failing to adhere to the compliances during the termination process may lead to legal repercussions. Therefore, clear provisions with respect to termination must be included in the employment contracts of the employees, as per applicable laws to ensure a fair and lawful termination process. The duration of the notice period and the amount of compensation that the employee may be entitled to may vary depending on factors such as the nature and duration of the employment and provisions of the employment agreement. Moreover, in the event of a misconduct, applicable state legislations necessitate an opportunity to be heard for the employee to present their side before any termination action is taken. Therefore, it is imperative for employers to comply with and be aware of the state specific regulations reflecting such requirements. Further, employers must comply with statutory requirements with respect to the full and final settlement of the terminated employees, which may include settlement of due salary, payment of gratuity (if applicable) and any other benefits accrued as per the employment agreement, organisational policies, or industry norms. HR compliances during the termination of employment in India requires careful attention to detail, adherence to legal requirements, and respect for employee rights. By following due process, communicating effectively, and prioritizing fairness and compliance, HR professionals can mitigate risks and uphold the integrity of the organization's employment practices. Labour Codes The Indian Government has introduced 4 (four) labor codes which are Occupational Safety, Health and Working Conditions Code, Code on Wages, Industrial Relations Code and Code on Social Security with the aim to amend the existing labor legislations. However, the above-mentioned labor codes have received parliamentary approval but are yet to come into force in India. With the implementation of the new labor codes, organizations in India are awaiting significant changes in their compliance obligations. These labor codes provide a unified framework, introduce a streamlined compliance process, and represent a pivotal shift in the labor regulatory landscape. The new labor codes simplify wage payment systems and mandate timely and fair remuneration, streamlining the compliance processes. Additionally, amendments introduced under these codes facilitate compliances pertaining to workplace welfare, dispute resolution, and social security coverage for all workers. It is imperative for organizations to stay abreast of the latest developments and proactively adapt their compliance practices. By aligning the HR policies and practices with the new labor codes, establishments can ensure adherence to the prevailing laws and ensure a compliant work environment. Conclusion HR compliances ensure that the organization complies with various laws, regulations, safety-standards, and policies that govern the duties and rights of the employers and employees both, thereby assisting the organization in effectively managing the workforce. Although many organizations consider it as a cumbersome task and find ways to evade their liabilities, it is crucial to note that HR compliances not only mitigate legal risks but foster a culture of trust, fairness, and accountability and lay the foundation for long-term success, sustainable growth and value creation for employees and stakeholders. From onboarding to ongoing management and termination, organizations must understand that navigating HR compliances in India requires a comprehensive understanding of the legal framework and adherence to the statutory requirements. By embracing compliance as a guiding principle, organizations can navigate the complexities of the modern business landscape with confidence, ensuring that they not only comply with the law but also pave a way for effective and efficient management. Authors: Shreyika Walia (Associate) and Khyati Bhatia (Senior Associate) of Ahlawat & Associates

The article examines the impact of the recently introduced FIU-IND registration process for virtual digital asset businesses, associated requirements and obligations (prominently including FIU-IND reporting) and the consequences thereof. I. Introduction The regulatory landscape surrounding virtual digital assets (“VDA”) in India has undergone a tumultuous past. For context, the Reserve Bank of India (“RBI”) imposed a prohibition on any dealing concerning crypto assets and currencies in India in 2018. As a result of such prohibition, Indian banks and other regulated entities were barred from providing services to any entities which dealt in such assets. The prohibition was removed as recently as 2022, when – upon hearing a petition filed by the Internet and Mobile Association of India (an industry body whose members included domestic VDA entities) – the Supreme Court of India ruled in favor of providing a framework for the regulation of virtual assets and currencies. The Indian government has since announced its intent to regulate VDA entities by enacting legislation at the central level and has taken some measures to regulate and tax VDA transactions. Nevertheless, until quite recently, VDA businesses remained largely unregulated – in the sense that no principal statute or authority was established for regulation or authorization of VDA entities. However, with the steady rise of the adoption and use of VDAs in India – a major change to the regulatory regime was introduced by the Indian Ministry of Finance (“Ministry”) vide its notification dated March 7, 2023 (“March Notification”). The March Notification classified entities engaged in offering certain services pertaining to VDAs (“VDA Service Providers” or “VDA SPs”) as “reporting entities” under the Prevention of Money Laundering Act, 2002 (“PMLA”) – the nodal statute enacted by the Indian government to combat money laundering practices in India. As a result, VDA SPs were brought under the direct purview and authority of India’s Financial Intelligence Unit (“FIU-IND”). Effective March 10, 2023, the FIU-IND released the ‘AML & CFT Guidelines For Reporting Entities Providing Services Related To Virtual Digital Assets’ (“Guidelines”) inter-alia requiring VDA SPs to compulsorily register with it as reporting entities. The issuance of the Guidelines (and measures taken for the implementation thereof) by the FIU-IND have had far reaching consequences on both domestic and international VDA SPs operating in India, which are examined hereinbelow. II. Regulation of VDA Service Providers by FIU-IND The FIU-IND (established as of November 04, 2008) is an independent body operating under the ambit of the Ministry, which reports directly to the Economic Intelligence Council (EIC) headed by the Finance Minister. It is the nodal Indian agency responsible for “receiving, processing, analyzing and disseminating information relating to suspect financial transactions to enforcement agencies and foreign FIUs.” Following the designation of VDA SPs as reporting entities by the Ministry (vide the March Notification), the FIU-IND issued the Guidelines to elaborate the specific practices and procedures to be enacted by VDA SPs for the purpose of compliance with the PMLA and the Prevention of Money-laundering (Maintenance of Records) Rules, 2005 (“PMLR”) framed thereunder. As a cornerstone of compliance, the Guidelines mandated all VDA SPs operating in India, whether domestic or foreign, to register as reporting entities with the FIU-IND. Importantly, vide its notification dated July 4, 2023 (“July Notification”), the Ministry subsequently reaffirmed the requirement for VDA SPs (qualifying as reporting entities) to comply with the PMLA, the PMLR as well as the Guidelines. In particular, the July Notification specified that FIU-IND registration was a pre-requisite of the compliance to be observed by VDA SPs under the PMLA. In furtherance, it also highlighted that non-compliance by a VDA SP would be subject to punitive action under the PMLA. As a result of the Ministry’s actions, not only is the FIU-IND empowered to exercise stricter scrutiny over VDA entities and transactions – so is the RBI (as elaborated hereinbelow). In the case of the FIU-IND, it is directly empowered to regulate VDA entities, to enforce their compliance with the provisions of the PMLA and relative rules and regulations (including its own Guidelines) and to penalize them for non-compliance. The FIU-IND’s commitment to enforcing the Guidelines is evident from the subsequent measures taken by it against non-compliant entities. Notably, in January 2024, the FIU-IND identified nine offshore VDA SPs (which were not registered with the FIU-IND) and issued show cause notices to such entities regarding their non-compliance with the statutory requirements in India. Pursuant to the directions of the FIU-IND, the websites of the relevant non-compliant VDA SPs were further blocked by the Indian Ministry of Electronics and Information Technology (MeitY) and their mobile applications were delisted from the IoS and Android Mobile Stores in India. III. Scope of Compliance Per the March Notification, the following activities (when carried out “for or on behalf of another natural or legal person in the course of business”) have been termed as designated activities subject to regulation under the PMLA – thereby qualifying the entities carrying out such activities (i.e. VDA SPs) as reporting entities for the purpose of the statute: exchange between virtual digital assets and fiat currencies; exchange between one or more forms of virtual digital assets; transfer of virtual digital assets; safekeeping or administration of virtual digital assets or instruments enabling control over virtual digital assets; and participation in and provision of financial services related to an issuer’s offer and sale of a virtual digital asset. It is worthwhile to note that the same meaning is ascribed to the term ‘VDA’ under the PMLA (for the purpose of regulation of such assets) and under the Income Tax Act, 1961(for the purpose of taxation of such assets). For reference, the Income Tax Act, 1961 defines the term to broadly include: “…any information or code or number or token (not being Indian currency or foreign currency), generated through cryptographic means or otherwise, by whatever name called, providing a digital representation of value exchanged with or without consideration, with the promise or representation of having inherent value, or functions as a store of value or a unit of account including its use in any financial transaction or investment, but not limited to investment scheme; and can be transferred, stored or traded electronically…a non-fungible token or any other token of similar nature, by whatever name called...any other digital asset, as the Central Government may, by notification in the Official Gazette specify…” While registration with the FIU-IND is an important pre-requisite of legal compliance for VDA SPs, it is important for VDA SPs operating in India to acquaint themselves and comply with the various legal requirements applicable to their business prior to approaching the FIU-IND. This includes compliance with the PMLA, PMLR as well as ancillary guidelines issued by the FIU-IND and other regulatory authorities (such as the RBI), as elaborated hereinbelow: Prevention of Money Laundering Act, 2002 (PMLA) The PMLA broadly outlines the principal legal requirements required to be followed by VDA SPs (in the capacity of reporting entities). For the purpose of compliance with the PMLA, VDA SPs are required inter-alia to adopt prescribed modes of authentication for the verification of the identity of its clients (or users) as well as ‘beneficial owners’ (i.e. persons having ownership or control in the business affairs of any client organization), to maintain records of specific transactions and to furnish such records to designated authorities, prominently including the FIU-IND, from time to time. The legal requirements in the PMLA are required to be implemented in conformity with the practices and procedures set out in the PMLR. Prevention of Money-laundering (Maintenance of Records) Rules, 2005 (PMLR) The PMLR details the practices and procedures to be observed by reporting entities for the purpose of compliance with the principal requirements in the PMLA. To this end, the PMLR inter-alia elaborates the practices and procedures and the timelines to be observed by reporting entities and their personnel for undertaking client due diligence and enhanced due diligence; for obtaining relevant information from clients, for maintaining information of transactions and for furnishing requisite information reports to the FIU-IND. Importantly, the PMLR mandates reporting entities to appoint a Designated Director as well as a Principal Officer for undertaking compliance with the PMLA and for coordinating with the FIU-IND. AML & CFT Guidelines For Reporting Entities Providing Services Related To Virtual Digital Assets (Guidelines) The Guidelines set out the specific measures to be undertaken by VDA SPs qualifying as reporting entities for the purpose of compliance with the provisions of the PMLA and PMLR.  In this regard, the Guidelines elaborate general as well as reporting obligations that VDA SPs must undertake to identify and prevent money laundering, terrorist financing or proliferation financial activities – and to maintain and report information in this regard to the FIU-IND. Additionally, the Guidelines prescribed specific obligations for VDA SPs (specific to the service rendered by them as a VDA SP). In view of the above, careful reading and interpretation of the PMLA and the PMLR together with the Guidelines becomes necessary for domestic and offshore VDA SPs alike to effectively meet and comply with all legal requirements imposed thereunder. It is worth noting that VDA SPs must also identify and comply with requirements pertaining to their business under additional ancillary rules and regulations in India – in particular the KYC requirements of the RBI as well as other relevant taxation and advertisement restrictions. IV. Process of Registration with the FIU-IND The FIU-IND maintains an official portal whereat an entity may prepare and submit application for onboarding as a reporting entity. Following submission of the online application for registration (along with the relevant documentation) on the portal, the FIU-IND will scrutinize the application and may request additional information or supplementary documentation from the applicant prior to grant approval for enrolment as a reporting entity. As previously mentioned, it is important for VDA SPs (both offshore or domestic) operating in India to acquaint themselves and comply with the legal requirements applicable to their business prior to approaching the FIU-IND for registration. Illustratively, the enrolment process with the FIU-IND, requires the applicant to furnish details of its appointed Designated Director and Principal Officer and requires the relevant personnel to be involved in the enrolment process, including in the preparation and submission of information to the FIU-IND. Further, the onboarding procedure envisaged by the FIU-IND for VDA SPs (both offshore and domestic) involves scheduling of an in-person meeting for submission of documents of the applicant VDA SP. The July Notification issued by the Ministry contains a (non-exhaustive) list of documents to be submitted by the applicant VDA SP as part of the process. The applicant can be required to submit additional information/documents by the FIU-IND for completion of the FIU-IND registration process. The applicant may also choose to submit additional documents for ensuring completion of such a process. Importantly, the Designated Director and Principal Officer appointed by the applicant VDA SP are required to appear in any in-person meeting that the FIU-IND may schedule as part of the enrollment process. V. Consequences of non-compliance of registration with the FIU-IND Failure to register with the FIU-IND as a reporting entity or to observe the legal compliance required from reporting entities under the PMLA (and ancillary rules and regulations) can lead to imposition of statutory penalties as well as other negative consequences for a VDA SP. Importantly, Section 13 of the PML Act empowers the FIU-IND to conduct an inquiry as regards the obligations of any reporting entity upon a third-party application as well as at any time upon its own volition. As part of such an inquiry, the FIU-IND is authorized to conduct an audit of the reporting entity and take appropriate measures against the reporting entity. These comprise the following: Issuance of a written warning in writing; or Issuance of directions to the reporting entity or its Designated Director or any of its employees, to comply with specific instructions; Issuance of directions to the reporting entity or its Designated Director or any of its employees, to send reports to FIU-IND at such intervals as it may prescribe (as regards measures being taken to observe compliance); Imposition of a monetary penalty (amounting to not less than INR 10000 / approx. USD 120 extendable up till INR 100000 / approx. USD 1200) on the reporting entity or its Designated Director or any of its employees for each instance of failure to comply with the PMLA, It is worthwhile to note that the FIU-IND is quite vigilant in enforcing the requirements stipulated under the PMLA and PMLR upon reporting entities. The FIU-IND has previously imposed significant penalties on reporting entities (notably including a penalty to the tune of INR 9600000 / approx. USD 115200 on the payments giant, PayPal) for failing to register with the FIU-IND despite qualifying as a reporting entity. The actions recently taken by FIU–IND against unregistered offshore VDA businesses, in particular – stress the importance for VDA SPs (qualifying as reporting entities) to ensure compliance with the PMLA and its ancillary rules and regulations. VI. Impact of FIU-IND Regulation on the VDA Industry The issuance of the Guidelines (and measures taken for the implementation thereof) by the FIU-IND have led to drastic changes in the regulatory regime applicable to VDA SPs operating in India. While the Indian Government proposed to bring about central legislation to regulate operation of privately held virtual assets and currencies in India, such legislation remains forthcoming. Rather than pressing ahead with the enactment of specific statute or regulation to govern cryptocurrencies or crypto-assets/VDAs in India, Indian authorities continued to place reliance on the ancillary laws, rules and regulations prevailing in the country. Following the amendment of the PMLA by the Ministry, the FIU-IND is empowered as the chief authority for regulating the VDA industry in India. Both domestic and offshore VDA SPs alike are directly liable to observe compliance under the PMLA (and its ancillary rules and regulations) and directly accountable to the FIU-IND in the event of any non-compliance. For the domestic VDA industry in India, the newfound accountability to the FIU-IND entails additional compliance burden but also ensures regulatory clarity. Domestic stakeholders (VDA SPs and Indian customers alike) are reported to have welcomed the actions taken by the FIU-IND and the issuance of its Guidelines. Especially considering the rising preference of Indian users to engage with FIU-IND registered and legally compliant VDA businesses, various domestic VDA SPs have taken actions to comply with the legal and regulatory requirements under the PMLA and to register with the FIU-IND. As of January 2024, reportedly over 30 domestic VDA SPs have already registered with FIU-IND as reporting entities. As regards the offshore VDA SPs operating in India, the requirement of FIU-IND registration and compliance with regulatory requirements present additional challenges. In light of recent actions taken by the FIU-IND and MeitY against offshore VDA SPs to enforce their compliance with the PMLA, it is evident that the Indian Government does not intend to allow non-compliant and unregistered VDA SPs to continue to function in India. Thus, offshore VDA SPs must either move to comply with the requirements of the FIU-IND or withdraw their business from India. Pursuant to the issuance of show cause notices by FIU to offshore VDA SPs (regarding non-compliance with the statutory requirements and the absence of registration with FIU-India), the global cryptocurrency exchange ‘KuCoin’ (which was among the unregistered offshore VDA SPs identified by FIU-IND) has recently become the first offshore VDA SP to obtain registration with the FIU-IND as a reporting entity. With this development, KuCoin is currently the only offshore VDA platform authorized to operate and offer services in the Indian market. Interestingly, as part of the announcement made by KuCoin on its platform (as of March 23, 2024) regarding the attainment of FIU-IND registration, it has also announced a series of localization measures for its business in India – including the establishment of a local team in the country. Such measures provide a blueprint for regulatory compliance to other offshore VDA SPs seeking to continue operating in the Indian market. VII. Conclusion In view of the above, the ramifications of the FIU IND regulation of the VDA industry seem to be quite apparent even in the short term. Given that domestic as well as offshore VDA SPs are now left with the option to either register with the FIU-IND or discontinue their business operations in India, various stakeholders have swiftly moved to comply with the requirements of stipulated by the FIU-IND, to familiarize themselves with and adhere to the PMLA, PMLR and Guidelines Further, for VDA customers/users based in India, the FIU-IND’s regulatory measures have been perceived as a positive development given the traditional risks associated with VDA industry. Interestingly, the loss of business caused to offshore VDA SPs (due to the blocking orders issued by MeitY) seems to have bolstered the preference of Indian users to engage with registered and legally compliant VDA SPs. As a result, domestic VDA businesses in India have reported increased user traffic – a trend which is bound to continue till the time offshore platforms attain registration with the FIU-IND and re-enter the Indian market. Further, the introduction of FIU-IND regulation is reported to have placed a curb on certain practices perpetuated by VDA SP – such as shifting of assets outside the country to avoid taxation of VDA transactions. While offshore VDA SPs are likely to face additional challenges (in comparison to domestically based VDA SPs) in modifying their modus operandi to comply with legal and regulatory requirements mandated under Indian money laundering laws, the recent registration of KuCoin as a reporting entity attests that such compliance can be achieved (and serves as an example to spur other VDA SPs to also obtain FIU-IND registration and re-enter the Indian market). In light of the above, it will be interesting to see the impact of FIU-IND regulation in the long term upon domestic and international stakeholders. It is worthwhile to note that VDA SPs operating in India are required to comply with applicable local laws and regulations (including local tax, data protection, and advertising requirements) in addition to money laundering laws. Authors: Ashneet Hanspal and Parag Singhal 

INTRODUCTION Any individual or entity intending to establish its business in India is required to undertake a meticulous assessment of the plausible legal structures for setting up its business. Incorporation of a multifaceted corporate entity within any jurisdiction must primarily be navigated through an understanding of a plethora of regulatory obligations, statutory compliances, tax consequences, and liabilities to achieve a viable commercial presence within such jurisdiction. With the ease of restrictions and relaxations under the foreign exchange laws and the policy framed thereunder, the Indian economy has witnessed a significant boom in the infusion of foreign direct investments through foreign entities. Therefore, it is even more imperative for such foreign companies who are seeking to establish their existence in India to opt for the most appropriate legal structure for smooth operations and management. The choice of a foreign entity to incorporate a new subsidiary in India, or to acquire or invest in an existing Indian entity, will have substantial implications for its ability to conduct business operations, gain market knowledge, develop business relationships, and implement financial strategies within India's regulatory environment. This article discusses and scrutinizes the factors to be considered by a foreign or a domestic entity, requirements for the establishment of a preferred business setup in India, various obtainable business structures, and legal and regulatory nuances involved with newly incorporated and pre-existing businesses. KEY CONSIDERATIONS FOR FOREIGN ENTITIES TO ESTABLISH A BUSINESS FRAMEWORK With specific emphasis on foreign entities seeking to establish a business presence in India, numerous legal structures can be proceeded with, depending on factors such as the scope of intended operations, the desired level of control, and the regulatory landscape governing the specific industry. For instance, foreign companies may incorporate a liaison office, branch offices, and project offices in India to achieve objectives subject to activities permitted by the Reserve Bank of India (“RBI”) and the Foreign Direct Investment policy (“FDI Policy”) read with Foreign Exchange Management Act, 1999 (“FEMA”) and rules framed thereunder. Foreign direct investments in India may be structured indirectly by foreign entities through the establishment of an entity in India. For foreign investors with a previously established presence in India who seek to diversify their investments or expand their operations through acquisitions, downstream investment may present a more favorable proposition since investments and acquisitions undertaken through an Indian subsidiary generally entail comparatively less compliance requirements, in comparison to foreign direct investments. Such frameworks ensure adherence to applicable regulations and the protection of all involved stakeholders' interests, including the investors, promoters, and the investee company. An appetite for comprehensive and prosperous commercial operations steers foreign entities to opt for wholly owned subsidiaries as private limited companies under the Companies Act, 2013, offering lesser protection against liabilities, or public limited companies with higher fundraising potential, a one-person company under the Companies Act, 2013. Entities must thoroughly research the regulatory requirements, taxation implications, and potential repatriation of funds and their restrictions pertinent to their preferred legal structure to ensure successful and compliant operations within India's evolving business environment. An optimal legal structure can be achieved through comprehensive assessment, due diligence, and identification of business overview, directors and number of partners/owners/members/trustees, control over business and business objectives, the ability to advance loans and raise investments, repatriation of funds, tax benefits, residential and citizenship status along with the change thereof affecting the structure, and long-term objectives, applicable laws, and compliance requirements. The volition of a desired business setup in India would demand acquaintance and selection of the place of establishment of business, the feasibility of it's operations, cost of the incorporation, and availability of funds, amongst other factors. Additionally, while deciphering a probable business structure, an in-depth analysis needs to be undertaken of the legal, financial, tax, and secretarial restrictions and limitations, including but not limited to the guidelines laid down under the FDI Policy, FEMA, and the Companies Act, 2013, and the rules made thereunder.   AN OVERVIEW OF BUSINESS STRUCTURES Selection of an appropriate legal framework demands a detailed evaluation of factors appropriate to the entity's scale, business structure, investments by stakeholders, potential liability exposure, and operational and compliance requirements. Sole proprietorships represent the most basic structure wherein ownership of the company, business plan, decisions, and all or any liabilities lie solely on a single individual, facilitating ease of establishment while exposing personal assets to business-related risks. From small retail stores to freelance consulting services, sole proprietorships remain favored for their ease of business setup and minimal regulatory compliance requirements, however, the proprietors remain personally liable for all business debts and obligations, exposing personal assets to business risks. Companies, both private or public, are the most prevalent structure for businesses as they establish a separate legal entity distinct from its owners, thus limiting their liability and allowing for capital acquisition through the issuance of share capital following the provisions of the Companies Act, 2013. Private limited companies offer shareholders limited liability protection, perpetual succession, and access to the share capital of the company through voting rights and transfer of shares as per terms under the definitive agreements and the applicable laws. Subject to regulatory compliance requirements, private limited companies are preferred as structures for business setup in India by medium scale to large scale businesses seeking to establish a robust corporate structure with a focus on long-term growth scalability and sustainability. Public limited companies, on the other hand, offer access to a more exhaustive investor base and greater liquidity for shareholders. However, such companies are subject to heightened regulatory compliance obligations and market volatility, additional vantage of raising investments through public offerings. Alternatively, business entities may further delve into the creation of a partnership firm which is governed by the Indian Partnership Act, 1932. In the case of a partnership firm, 2 (two) or more individuals/entities act as partners in a business venture and share profits and losses, having flexibility in management and operate in the form and manner as outlined under their partnership deed thereby covering the inter-se rights and obligations amongst the partners of the firm. A general partnership refers to the kind of partnership wherein partners have unlimited liability over the debts and obligations of the business and a limited liability partnership offers partners limited liability protection, safeguarding their assets from business liabilities to only a certain extent. A structure based on partnership potentially leverages combined expertise but is privy to potential conflicts and joint liability concerns. Another structure that could be considered by entities is establishing a joint venture company which offers foreign investors an opportunity to tap into the country's vast market. Since the decision of a suitable legal structure plays a decisive part in the business undertaking's long-term success, thorough regard of aspects like the joint venture's scope, duration, investment levels, and exit strategies is essential. Partaking in a joint venture with an Indian partner entity provides various strategic benefits to a foreign entity that intends to establish it’s footprint in India, such as utilizing its pre-existing distribution market within the designated territories in consonance with applicable laws; increased access to the Indian partner entity’s financial resources for plausible co-investments; and facilitation of networking opportunities, to expedite the establishment of operations in India.   REGULATORY AND LEGAL REQUIREMENTS To establish and operate a business in India, one must traverse through the legal frameworks and requirements to be fulfilled as specified under applicable laws. As conferred in this article, determining an appropriate business structure is the foremost step towards establishing a business setup in India. Besides the entire structuring or restructuring of the proposed entity(ies), negotiation of the investment terms, inter-se rights, and obligations of shareholders of the entity, along with the drafting and finalization of definitive agreements, play a crucial role in determining the most appropriate business structure. In furtherance, the Indian entity is required to draft it’s articles of association and the memorandum of association as part of the incorporation process. Additionally, the company directors are required to obtain an identification number referred to as the ‘DIN’. Once the structure is finalized, the said entity shall also be required to obtain the applicable registrations and licenses such as the goods and services tax registration under the Central Goods and Services Tax Act, 2017, permanent account number, the tax account number, certain employment centric registrations such as employee provident fund registration under Employees Provident Funds and Miscellaneous Provisions Act, 1952, and the employee state insurance registration under Employees State Insurance Act, 1948 depending upon the number of employees along with additional licenses depending on the business, such as the state-specific Shops and Establishments Act, consent to establish, consent to operate, and the registration of micro, small, and medium enterprise under the Micro, Small and Medium Enterprises Development Act, 2006. While necessary consents and licenses are necessarily required to be obtained, the newly incorporated/acquired entity must also adhere to other restrictions and limits laid down under the applicable laws whilst operating the company, raising investments, or repatriating funds. Further, the Foreign Exchange Management (Non-Debt Instruments) Rules, 2019 (“NDI Rules”) also impose certain restrictions upon downstream investments, i.e., investments made by an Indian entity that has received foreign investment or an investment vehicle in the equity instruments or the capital, as the case may be, of another Indian entity. Indian entities are required to comply with the pricing guidelines as specified under the FDI Policy, which apply to both indirect and direct investments in India. CONCLUSION The criterion of deciphering a reasonable business structure within India is a multifaceted decision with far-reaching ramifications for the long-term trajectory of any entity. Each business setup in India demands a meticulous balancing of the management of risks and liabilities, taxation issues, regulatory compliances, directors or partners of the to-be-incorporated entity or the target entity, and intent for operational flexibility. The foreign and domestic entities, both need to navigate and establish a business landscape where considerations such as the desired scale of operations, the ownership structure, potential funding requirements and investments, and industry-specific regulations and norms. To ensure a smooth and successful business setup in India, Indian entities must adhere to regulatory guidelines formulated under the applicable laws in India to avoid legal and tax implications. However, it is crucial to note that the success of any entity rests upon informed decision-making. All forthcoming businesses can significantly reduce legal and financial risks and enhance their likelihood of success by understanding the nuances of the various available business structures, the risks attached to each structure, and the compliances and licenses required to be obtained in the Indian commercial ecosystem, facilitating informed navigation of its complexities. Upon thorough assessment and evaluation of the advantages and restrictions of each available legal business structure, a foreign entity or previously existing Indian entity can expand and establish a robust foundation for enduring success in the Indian ecosystem. Authors: Shramona Sarkar  and Isha Agrawal 

INTRODUCTION The enactment of the Digital Personal Data Protection Act (DPDPA), 2023, and the publication of the draft Digital Personal Data Protection Rules, 2025 (DPDP Rules), marks a significant development in India’s data privacy framework. On one hand, the proposed legislative framework is aimed at safeguarding personal data, at the same time, the legislation also introduces stringent obligations for data fiduciaries as regards observing compliances, reporting breaches, etc. This article explores the emerging challenges businesses face under the DPDPA, 2023, and the draft DPDP Rules, 2025, while offering strategic insights for businesses to navigate these requirements effectively. KEY CHALLENGES AND COMPLIANCE BURDENS With comprehensive measures to ensure transparency and accountability, the DPDPA and the draft Rules aim to balance individual rights with compliance obligations on businesses to ensure that appropriate emphasis is given to privacy and data security (while providing opportunities for fostering innovation as well). However, businesses face several critical compliance challenges, including: Enhanced Consent Management and Tracking Mechanisms While Section 6 of the DPDPA places a strong emphasis on obtaining free, specific, informed, and unconditional consent for processing personal data, its practical implementation poses significant challenges. Businesses will now be required to move beyond generic consent forms and adopt granular, purpose-driven consent mechanisms. Further, implementation of these requirements will require businesses to establish robust consent-tracking mechanisms and maintain audit trails to ensure compliance. Further, Rule 4 of the draft DPDP Rules outlines specific requirements for Consent Managers which will enable users to provide, manage, review, and revoke their consent for the processing of their personal data. While the usage of consent managers is optional under the statute, it would lessen the administrative burden if businesses opt for the services of consent managers. However, this also comes with added costs for engaging these consent managers (which might not be finally feasible for smaller entities, MSMEs, etc.). Manner of Displaying Notice for Consent Section 5 of the DPDPA states that every request regarding consent for processing of data made to a Data Principal under Section 6 must be accompanied or preceded by a notice. Further, Rule 3 of the Draft Rules provides specific requirements to be incorporated in such notice. The notices are required to be presented in clear and plain language and must include details necessary to enable the Data Principal to give specific and informed consent for the processing of their personal data. It's interesting to note that while there are standards prescribed under Rule 3 for the notice, the DPDP Rules do not prescribe any standardized format for the Consent Notice. Consequently, a major concern amongst businesses is regarding the appropriate and legally compliant manner to display consent notices in a manner that is easily accessible and understandable to data principals. It remains to be seen whether a standard notice format will be prescribed in the final rules that would streamline compliance or if data fiduciaries will have the option to retain flexibility in adopting their own mechanisms and specifics of notice based on their business operations. This further cause concerns that Data Fiduciaries might give notice in a manner that does not adequately inform the Data Principals about the particulars of the data to be shared. Ensuring Reasonable Security Safeguards Section 8(5) of the DPDPA mandates that Data Fiduciaries will protect the personal data (in its possession) and implement ‘reasonable security safeguards’ to prevent any data breach. Accordingly, Rule 6 of the Draft Rules expands on this requirement of ‘reasonable security safeguards’ and specify that Data Fiduciaries must adopt robust data security measures such as encryption, intrusion detection systems, data loss prevention tools, etc. Accordingly, the challenge lies not only in implementing these technologies but also requires businesses to adopt a risk-based approach to data security, conducting regular vulnerability assessments and implementing appropriate technical and organizational measures. Personal Data Breach Notification Section 8(6) of the DPDPA states that in the event of a personal data breach, it is the duty of the Data Fiduciary to promptly notify the Data Protection Board of India (‘Board’) and each affected individual about such breach. Since Data Fiduciaries are required to intimate Data Principals every time for each and every data breach because of no specific data threshold, it may eventually lead to significant compliance burdens for Data Fiduciaries. Further, these data breach notification requirements will add another layer of complexity as it would be difficult for the businesses to report each data breach promptly within 72 hours to both the Data Protection Board and all the affected Data Principals (especially with the elaborate information to be provided to the Board). In light of this, it would be ideal if the businesses implement automated threat detection systems and develop a data breach notification template for swift reporting (to the Board and Data Principals) to ensure timely compliance. Cross-Border Data Transfers Under the DPDPA, cross-border transfers of personal data is permitted unless explicitly prohibited by the government through a ‘negative list’ of jurisdictions (which could be prescribed by the Government in the future). Further, the draft DPDP Rules do not define a clear policy framework for the countries which could be designated under the ‘negative list’. Consequently, businesses will remain uncertain about future government decisions, necessitating careful risk assessments and contingency plans for cross-border data flows. Data Retention Requirements DPDPA provides strict data retention requirements mandating Data Fiduciaries to retain the personal data of Data Principals only as long as necessary to fulfill the purpose for which it was collected. Accordingly, in order to avoid any potential misuse, Data Fiduciaries must erase the personal data once it has served its purpose or is no longer required. Further, the DPDPA mandates Data Fiduciaries to promptly erase personal data upon the withdrawal of consent by the Data Principal. However, the DPDP Rules provide specific data retention timelines for three specific business sectors. Accordingly, all e-commerce entities and social media intermediaries (which have more than twenty million registered users in India) and all online gaming intermediaries (which have more than five million registered users in India) are required to ensure that they’ve deleted personal data of Users/ Data Principals provided the Data Principals do not approach such Data Fiduciaries for any specified purpose or for exercising their rights under the DPDPA for a continuous period of three years, or three years from the commencement of the DPDP Rules (whichever is earlier). In light of these compliance requirements, it will be challenging for the Data Fiduciaries to notify Data Principals each time prior to the permanent deletion of their data (after completion of the specified timelines). Challenges with Implementing Verifiable Parental Consent The DPDPA and its draft DPDP Rules require verifiable parental consent for processing personal data of children (who are below the age of 18 years) or people with disabilities. The purpose of this requirement is to shield children from negative consequences such as exposure to inappropriate content or targeted advertising (which could negatively impact their well-being and development). Furter, Rule 10 of the draft DPDP Rules provides how Data Fiduciaries should handle personal data when it comes to children or people with disabilities. Consequently, the main focus is on ensuring that the parent or legal guardian gives their consent prior to the processing of children data or person with a disability’s data by businesses. Although the businesses are required to implement robust age verification mechanisms and maintain detailed records of consent to ensure compliance with legal obligations, however, given that India’s data protection framework lacks clarity on permissible mechanisms/verification methods, it’ll be challenging for the Data Fiduciaries to ensure that they get clear and verifiable consent from a parent before they process or use the personal data of children or people with disabilities. Addressing the Rights of Data Principals Section 11 and 12 of the DPDPA grants Data Principals a range of rights, including the right to access, request corrections, updates and erasure of their personal data. Further, Rule 13 of the Draft DPDP Rules provides guidelines concerning the rights of Data Principal and their implementation. In light of this, it’ll be essential for the businesses to establish efficient and effective mechanisms for responding to Data Principal requests within the stipulated timelines and hence, the challenge lies in balancing the need to protect data privacy along with the need to maintain business operations. To streamline this process, it would be critical to deploy automated data rectification and deletion tools in the system and maintain an efficient grievance redressal mechanism. Obligations of Data Fiduciaries The DPDPA requires Data Fiduciaries to demonstrate accountability and transparency in their data processing activities. This requires businesses to maintain detailed records of their data processing activities, conduct data protection impact assessments (DPIAs) for high-risk processing businesses (which are supposed to be classified as Significant Data Fiduciaries) and appoint data protection officers (DPOs) where required. While maintaining records of data processing activities and conducting Data Protection Impact Assessments are welcome steps, however, the lack of clarity on DPIA requirements and assessment formats poses implementation challenges, which could eventually lead to weak assessments. Establishing a Grievance Redressal Mechanism The DPDPA mandates that Data Fiduciaries establish a grievance redressal mechanism for addressing Data Principal complaints. This requires businesses to develop clear and accessible procedures for receiving, investigating and resolving complaints as and when received from the Data Principals. However, the ultimate challenge lies in ensuring that the grievance redressal mechanism is fair, transparent, and effective, and that each complaint is resolved in a timely manner as mandated under the DPDPA. CONCLUSION The DPDPA, 2023, and the forthcoming DPDPR, 2025 signify a paradigm shift in India’s data privacy landscape. As the draft DPDP Rules were open for public consultation for a reasonable period of time, it remains to be seen whether the above inadequacies and challenges have undergone further scrutiny and refinement (to ensure robust data protection regime which upholds privacy rights while balancing compliance obligations of businesses) in the final version of the Rules which are supposed to be published in 2025. Meanwhile, to ensure effective compliance with the data protection laws, businesses should start adopting proactive compliance strategies by investing in privacy-enhancing technologies, conducting regulatory risk assessments, and implementing user-centric data governance models. By addressing these emerging challenges, businesses can not only ensure compliance with the legislation but will also build trust with their customers and stakeholders (thereby establishing a competitive advantage in the evolving digital ecosystem). Authors: Mr. Gaurav Bhalla (Partner) Mr. Parag Singhal (Associate)

Introduction Human resources (HR) management and resolution of employee-related issues are central to the successful functioning of any organization in India’s often chaotic labour market. The scope of activities ranges from ensuring solid structured frameworks for the recruitment of suitable talents to compliance with myriad labour laws to managing employer-employee relations and navigating extensive regulations for management of their workforce, business requirements to ensure they are in compliance with applicable labour laws. This is where a retained external General Counsel (GC) can play a crucial role in the smooth functioning of an organisation. Navigating the complexity of Indian labour laws and addressing the growing need for efficient and cost-effective legal support, an outsourced GC offers essential assistance for HR departments in companies to managing legal risks and ensuring smooth functioning of their day-to-day operations. What is a General Counsel Retainer? A General Counsel retainer refers to an arrangement wherein an organisation engages an external law firm to provide ongoing, reliable legal advice to the organisation in accordance with a pre-determined payment term. Unlike in the case of hiring a full-time in-house legal counsel, a retainer model allows organisations to access expert legal guidance without the significant costs associated in the event of the engagement of an in-house counsel. In the context of human resources and employment matters, a GC retainer ensures organisations have access to a specialist legal advisor for managing legal risks and providing advice on various aspects of Indian employment laws. The external GC can assist with a wide range of employment issues, from undertaking compliance as required under labour and employment legislations to managing employee disputes and ensuring legal compliance in the employment policies of a company. Key labour laws in India include: Shops and Establishment Act: The Shops and Establishment Act in each state governs the terms of employment of individuals at commercial establishments in each state. It lays down conditions pertaining to engagement of individuals, termination of employment and management of leaves among others. The Industrial Disputes Act, 1947: The Industrial Disputes Act primarily governs the management of disputes between employers and workmen and addresses matters such as layoffs, retrenchment, and termination of employment. The Employees’ Provident Funds and Miscellaneous Provisions Act, 1952: It provides a mechanism for deducting provident fund contributions for employees and provides a social security framework for employees. The Payment of Gratuity Act, 1972: Provides a framework for the computation and the payment of gratuity to employees who have completed five years of continuous service with an employer. General Counsel supports risk mitigation in the following manner: Drafting and Reviewing Employment Documents: Ensuring that employment contracts, offer letters, non-disclosure agreements (NDAs), settlement letters and other employment-related documents are legally sound and compliant with Indian laws, while ensuring that the interests of the company are covered. Managing Disputes: Providing guidance to companies on the ideal way to resolve disputes between employers and employees through mechanisms such as mediation, conciliation, or approaching the courts. Handling Terminations and Redundancies: Advising companies on formulating termination mechanisms and processes such as retrenchment, and termination for misconduct, as per applicable labour laws. Dealing with matters in relation to Trade Unions: Offering guidance to companies in dealing with trade unions pertaining to the available recourses under the applicable laws. Preventing Discriminatory Practices: Ensuring companies comply with laws like the Equal Remuneration Act, 1976 and the Sexual Harassment of Women at Workplace (Prevention, Prohibition, and Redressal) Act, 2013, the Transgender Persons (Protection of Rights) Act, 2019, and the Rights of Persons with Disabilities Act, 2016 etc. Employee Training and Education Another important role that a General Counsel is often required to play in employment matters is in training employees and managers of a company on their rights and responsibilities under labour laws mainly pertaining to registration of establishments, hiring and termination of workforce, prevention of sexual harassment in the workplace, prevention of discrimination in hiring and management of personnel. General Counsels are often required to design and deliver employee training programs that help the organization stay compliant with laws and create a more conducive work environment while ensuring that the commercial goals of the employer are being met. One such examples is educating employees and management on the provisions and frameworks as provided under the Sexual Harassment of Women at Workplace (Prevention, Prohibition, and Redressal) Act, 2013 (“POSH Act”). General Counsels further work towards providing employers and employees an understanding on how to prevent, report, and address incidents of sexual harassment. Furthermore, a GC can help businesses create mandatory frameworks as required under labour laws such as the POSH Act for preventing and addressing sexual harassment in the workplace. Cost-Effective Legal Support For many small and medium-sized businesses in India, having a full-time legal team dedicated to HR and employment matters may not be financially viable. In such cases, engaging a General Counsel from a third-party law firm on retainer offers a cost-effective method of managing employment issues. An external GC on a retainer provides companies with regular legal support at a predictable cost, allowing companies to manage their employment and labour related issues more efficiently than if they were to hire an internal legal team or engage external lawyers on a case-by-case basis. Moreover, a General Counsel’s ongoing advice aims to help businesses avoid costly litigation and fines from labour departments due to lapses and complaints made by stakeholders, which can significantly reduce overall legal expenses. Conclusion In the context of Indian laws, a General Counsel engaged from a law firm is an invaluable resource for companies, providing consistent legal advice and support on a range of employment-related issues. By ensuring compliance with labour laws, helping with risk mitigation, facilitating employee training, and guiding strategic decisions, a General Counsel helps companies and businesses manage their legal responsibilities while protecting them from costly disputes and penalties. With the landscape of Indian employment laws requiring a definitive mechanism to ensure oversight and compliance, having a trusted General Counsel on a retainer basis is a clear necessity for companies seeking to ensure legal compliance and smoother employment and labour management as part of optimum business operations. Author: Ms. Khyati Bhatia, Senior Associate at Ahlawat & Associates and Upamanyu Banerjee,  Associate

India passed the Digital Personal Data Protection Act, 2023 (“DPDPA”) – the nation’s first dedicated data protection statute – on August 11, 2023. The DPDPA undeniably marks a significant advance in aligning India’s domestic laws with international standards for data protection and privacy and is intended to replace the existing Indian Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”). Notably, the DPDPA sets out a comprehensive legal framework for protection of personal data of individuals residing in India, akin to the European Union (EU) General Data Protection Regulation (GDPR). Like the GDPR, the DPDPA has extra territorial application – it also regulates processing of personal data (of individuals resident in India) by a person located outside Indian territory, provided such processing is carried out in connection with offering of goods or services to Indian residents. Accordingly, any person engaged in processing personal data of Indian residents (in digital form) is required to comply with the provisions of the DPDPA – irrespective of whether or not such person is located in India. While the DPDPA parallels the GDPR in certain aspects, however, it has its own distinct structure and requirements – including, notably, requirements in relation to regulation of the cross-border transfer of personal data. For Indian as well as foreign business organizations (whether targeting Indian consumers and/or engaging in cross border trade with Indian business partners) which are now subject to regulation under the DPDPA – it is accordingly exceedingly relevant to understand the scope and application of requirements set out thereunder in respect of transfer and processing of personal data of Indian residents and to implement necessary steps to ensure compliance thereto. Moreover, it is also relevant for stakeholders to have awareness and understanding of statutory requirements ahead of the upcoming (eminent) release of the draft Rules formulated under the DPDPA by the Indian Government (for the purpose of implementation of statute). This is also since it is speculated that the draft Rules will likely provide a short transition period (of around 6-8 months) to stakeholders for statutory compliance. Scope and Application of the DPDPA The DPDPA regulates the processing of digital personal data of “Data Principals” (i.e. the individuals to whom the data relates). Simply put, the statute applies to the processing of any personal data in digital form – whether collected in digital form or collected in non-digitized format and subsequently digitized. In relation, the DPDPA adopts a broad statutory definition of the term “personal data” – classifying this as any data about an individual “who is identifiable by or in relation to such data”. Further, where the individual to whom personal data relates comprises a child (i.e. any individual less than 18 years of age) the term Data Principal includes the parents or lawful guardian of such a child per the statue. The statute further stipulates that in so far as the personal data relates to any person with “disability” the term Data Principal would also include his/her lawful guardian Further, the statue is also extra-territorial in application – as mentioned above, it applies to the processing of digital personal outside Indian territory, provided such processing is carried out in connection with offering goods or services to Data Principals located in India. Thereby, it applies to any business organization engaged in processing digital personal data of Indian consumers for commercial purposes, irrespective of whether the relevant business organization is located within India. Key Stakeholders under the DPDPA For the purpose of regulation, the DPDPA principally recognizes and demarcates stakeholders as “Data Fiduciary” and “Data Processor”. Under the statute, a “Data Fiduciary” comprises any person who, alone or in conjunction with other persons, determines the purpose and means of the processing of personal data. Meanwhile, the term “Data Processor” broadly encompasses any person who processes personal data on behalf of a Data Fiduciary. The above designations employed by the statute are arguably akin (but not alike) to the designation of Data Processor and Data Controller under EU’s GDPR. It is important for international stakeholders, in particular, to note that these terms do not carry equivalent connotations in respect of statutory obligations. Illustratively, the DPDPA places the primary liability for management, security and processing of personal data (and the protection of the rights and interests of Data Principals) on the Data Fiduciary. The Data Fiduciary is held responsible for the Data Processor(s) engaged by it, including for ensuring appropriate conduct and statutory compliance at the end of such Data Processor(s). It is anticipated, however, that the forthcoming Rules under the DPDPA could further elaborate upon the obligations and duties applicable to the Data Processors. It is worth noting also that the DPDPA empowers the Indian Government to classify a certain Data Fiduciary or a certain class of Data Fiduciary as a “Significant Data Fiduciary”. The statute (non-exhaustively) stipulates that such classification may be based on factors such as the volume and sensitivity of the data processed by the Data Fiduciary, the risk of harm to the Data Principal and potential impact on the sovereignty and integrity of India and its security. The statute also prescribes enhanced compliance obligations for Significant Data Fiduciaries, which include the mandatory appointment of a local Data Protection Officer in India, engagement of an independent Data Auditor and the conduct of periodic Data Protection Impact Assessments. Further information on such measures and classification of the Significant Data Fiduciaries is also anticipated to be provided by the Indian Government under the forthcoming Rules. Regulation of Cross Border Data Transfer The DPDPA introduces certain important provisions in relation to cross-border processing and transfer of personal data, which are elaborated below. Restrictions on Transfer of Personal Data The DPDA empowers the Indian Government to restrict the transfer of personal data by a Data Fiduciary to certain foreign countries or territories (as may be notified). Thereby, the Indian Government can exercise this statutory power to blacklist a foreign territory or country prospectively and prohibit stakeholders from transfer of any personal data thereto. In this regard, it is worthwhile to note that the DPDPA doesn’t provide for the criteria basis which such restriction may be imposed by the Indian Government as regards a particular jurisdiction. However, it is speculated that clarity on this aspect may be incorporated in the draft Rules (to be issued under the DPDPA). Statutory Exemptions The DPDPA exempts certain instances of data processing and transfer from prohibition (in exercise of the statutory power granted by the Indian Government. This exemption extends to instances where data processing is necessary for the following purposes: for enforcing any legal right or claim; for discharge of functions any competent court or judicial or quasi-judicial or authority in India; for prevention, detection, investigation or prosecution of any offence or contravention of any law in force in India; where personal data of Data Principals (located outside India) is processed subject to contract between an Indian and any foreign (offshore) entity; for carrying out legally approved acquisition, merger or amalgamation or similar arrangement between two or more companies; for ascertaining the financial information and assets and liabilities of any person who has defaulted in payment of a loan or advance taken from a financial institution Concurrent Application of Additional Laws The DPDPA clarifies that its provisions will not impact existing law in India which provides for “…a higher degree of protection for or restriction on transfer of personal data by a Data Fiduciary outside India…” than the threshold of protection established under the DPDPA. This indicates that while transferring personal data outside India, multinational and other organizations will also require to comply with any Indian laws (as may be applicable) which provide for higher degree of protection or restriction than the DPDPA itself. Conclusion: Key Ramifications & Best Practices for Businesses  Key Ramifications The introduction of the DPDPA carries significant implications for domestic as well as international businesses engaged in trade in India – given its extraterritorial nature. With the enactment of the statute, a diverse set of stakeholders including multinational/international corporations or services providers with or without corporate presence in India, particularly in the e-commerce and IT industry are now subject to carry out compliance thereunder. From a practical perspective, stakeholders under the statue – including international or domestic business(es) operating in India – may qualify as Data Fiduciary or Data Processor or both. While businesses qualifying simply as a Data Processor will admittedly have a relatively lesser compliance burden under the DPDPA, they can still expect to deal with contractual obligations and negotiations regarding statutorily prescribed practices and procedures as part of their business arrangements/dealings with Indian stakeholders. Further, while the DPDPA does not impose specific restrictions or requirements on the transfer of data overseas, it – unlike the SPDI Rules – provides for prohibition of transfer of personal data to certain foreign jurisdictions or territories, as may be “blacklisted” by the Indian Government. This aspect of the DPDPA carries significant implications for businesses reliant upon outsourcing or overseas operations or otherwise operating in industries where data processing is integral to the offering of goods and services. Such businesses may face significant challenges in conducting business with Indian customers – since should the foreign country or territory, where important affiliates or partners are located, be blacklisted by the Indian Government subject to the DPDPA. Considerations & Best Practices for Businesses If a territory or country is blacklisted by the Indian Government, it is implicit that any collection or processing of data by relevant affiliates or partners in such territory or country will also be restricted. For adequately safeguarding business interests, it thus becomes necessary for relevant stakeholders to seek advisory to align their practices with the procedures prescribed in the DPDPA as well as to understand the recourse available to them under the statute. Illustratively, it can be inferred that the statutory exemptions set out in the DPDPA are largely intended to facilitate the discharge of official functions by law enforcement, banking and judicial authorities in India. For multinational and other business organizations, however, it is relevant to note that the statute exempts the processing of personal data where such processing is carried out as part of a merger or amalgamation or similar arrangement between two or more corporate entities. Further, it exempts the processing of data subject to a contract between a domestic party (located in India) and a foreign party. Consequently, relevant stakeholders – in particular businesses involved in outsourcing services or goods to or from India or business groups having or seeking control or ownership of entities in India – can employ the aforementioned two exemptions as grounds to transfer personal data of Data Principals to a foreign jurisdiction which has been blacklisted by the Indian Government prospectively (in exercise of its powers under the DPDPA) – provided that data transfers are otherwise conducted in alignment with the requirements under the DPDPA. To provide context, relevant considerations and requirements for stakeholders under the DPDPA include collection of informed consent from Data Principals, including for transfer of their; the management of such consent (including accounting for withdrawal of consent); employment of adequate protocols and contractual arrangements with third parties for maintaining confidentiality and security of data and/or handling of requests from Data Principals for retention/erasure/correction of data etc. In addition to the DPDPA, stakeholders must be prepared also for additional compliance under applicable laws and sector-specific regulations in India which prescribe a higher threshold of protection for the transfer and protection of personal data in India. For reference, these include relevant regulations of the Reserve Bank of India (RBI), Telecom Regulatory Authority of India (TRAI), Securities and Exchange Board of India (SEBI) and the Insurance Regulatory and Development Authority (IRDAI), per which requirements are set out for applicable stakeholders in relation to localization of storage of certain kinds of data and records. Interestingly, the SPDI Rules are also included within the scope of applicable laws at present – and will remain applicable until the time the DPDPA is fully implemented in India. Author: Ms. Ashneet Hanspal (Senior Associate)

Introduction India, with its dynamic and diverse economy, has become one of the most attractive destinations for business expansion and investment. Whether you are setting up a new business or managing an existing enterprise, complying with regulatory and legal requirements is crucial. Among these obligations, annual filings are significant for businesses operating in India. These filings ensure compliance with Indian corporate laws, tax regulations, and financial reporting standards, contributing to transparency and accountability. Here’s a detailed overview of the essential annual filings businesses need to make while operating in India. We have categorised the filings based on the applicability of the following enactments: A. Companies Act, 2013 Annual Return Filing with the Ministry of Corporate Affairs (MCA) Every company in India is required to complete the annual filing with the concerned Registrar of Companies (ROC), MCA, upon conclusion of the Annual General Meeting (“AGM”) every year. These filings are: Form AOC-4: This form is required to be filed to submit the financial statements, including the balance sheet, profit and loss account, and directors’ report of a company. This form needs to be filed within thirty days from the date of the AGM. In case of delay in filing the return, there is per-day penalty applicable to it. In case financial statements are not adopted in AGM, then un-adopted financial statements need to be filed within thirty days of the date of AGM (due date of AGM if AGM not held or extended due date, if any). Once financial statements are adopted, the company shall file the adopted financial statements within thirty days of the AGM (actual or adjourned, whichever is applicable). Form AOC-4 CFS:Every company having one or more subsidiaries is required to prepare the consolidated financial statements of the company and of all the subsidiaries. Such financial statements, duly adopted in the AGM of the company, shall be filed with the ROC within thirty days of the date of AGM. Form AOC-4 XBRL: Certain classes of companies as notified under Companies (Filing of documents and forms in Extensible Business Reporting Language) Rules, 2015 by the Central Government are required to mandatorily file their financial statement in Extensible Business Reporting Language (XBRL) format. It shall be filed with the ROC within thirty days of the date of the AGM. Form MGT-7/MGT-7A: This is the Annual Return, which contains information about the company, including its directors, shareholders, and corporate governance practices. It must be filed by every company within sixty days from the date of the AGM. In case of delay in filing the return, there is a per day penalty applicable to it. MGT-14: In the case of any resolution passed as a special resolution in the AGM or if the AGM is being conducted through video conferencing or other video audio mode, in such a case, Form MGT-14 is required to be filed within thirty days from the date of the AGM. Director’s Report and Financial Statements The companies must prepare and approve the director’s report and financial statements before the due date of the AGM. These documents must be signed by the directors of the company and are required to be adopted at the AGM. The director’s report provides an overview of the company’s financial health, corporate governance practices, and future business outlook. The financial statements—comprising the balance sheet, profit & loss account, and cash flow statement—reflect the financial performance of the company for the preceding financial year. Compliances under the Companies Act, 2013 The other event-based annual compliances required to be undertaken by the companies are as follows, including but not limited to: Form MSME Return: All companies who get supplies of goods or services from micro and small enterprises and whose payments to micro and small enterprise suppliers exceed forty five days from the date of acceptance or the date of deemed acceptance of the goods or services as per the provisions of Section 9 of the Micro, Small and Medium Enterprises Development Act, 2006 (27 of 2006), shall submit a half-yearly return to the MCA. Hence, the due dates for the MSME, if applicable, are April 30 and October 30, every financial year. Form DPT-3: Pursuant to the provisions of Rule 16 of the Companies (Acceptance of Deposits) Rules, 2014, every company shall, on or before the 30th day of June of every year, file with the ROC, a return in e-Form DPT-3 for deposits and/or particulars of transactions not considered as deposits as on March 31, of that year. Form PAS-6: Pursuant to Rule 9A and 9B of the Companies (Prospectus and Allotment of Securities) Rules, 2014, every unlisted public company and private company, other than a small company, is required to submit Form PAS-6 to the concerned ROC within sixty days from the conclusion of each half year duly certified by a company secretary in practice or chartered accountant in practice. B. Foreign Exchange Management Act, 1999 Foreign Liabilities and Assets Return (“FLA”): A company that has received foreign direct investment directly or indirectly in the previous year(s), including the current year, shall submit form FLA to the Reserve Bank of India on or before the 15th day of July of each year (Year for this purpose shall be reckoned as April to March). ECB 2 Return: A company that has raised External Commercial Borrowings (“ECB”) from outside India is required to report actual ECB transactions through Form ECB 2 Return through the AD Category I bank on a monthly basis so as to reach the Department of Statistics and Information Management (“DSIM”) within seven working days from the close of the month to which it relates. Annual Performance Report (“APR”): An Indian company acquiring equity capital in a foreign entity, which is reckoned as Overseas Direct Investment (ODI), shall submit an APR with respect to each foreign entity every year till the company is invested in such foreign entity, by December 31st, and where the accounting year of the foreign entity ends on December 31st, the APR shall be submitted by December 31st of the next year. Conclusion In conclusion, businesses operating in India must navigate a complex regulatory environment that includes a variety of annual filings to maintain compliance with corporate, tax, and foreign exchange laws. The filings under the Companies Act, 2013, such as the submission of financial statements, annual returns, and other event-based compliance forms, are essential to ensure transparency and accountability in business operations. Furthermore, businesses engaged in foreign direct investment (FDI) or external commercial borrowings (ECB) must comply with reporting obligations under the Foreign Exchange Management Act (FEMA), including FLA returns and APR submissions. Staying updated on these annual filing requirements is crucial for businesses to avoid penalties and legal issues. The diverse range of filings also highlights the importance of maintaining accurate and timely records, which not only ensures regulatory compliance but also enhances the company’s credibility in the market. Businesses must prioritize these filings as part of their overall governance strategy to foster sustainable growth and avoid potential legal complications. Author Details: Ms. Shweta Singh (Senior Associate) of Ahlawat & Associates    

India’s online gaming industry has seen exponential growth due to technological progress and increased internet access. As the online gaming industry expands, the complexity of its legal landscape has deepened, which is primarily governed by numerous legislation that predominantly cover a variety of legal areas viz. intellectual property rights, taxation, advertising, and information technology. Moreover, states in India have their own state-specific gaming laws due to the subject falling in the State List under the Indian Constitution, which indicates a lack of centralized legislation. Consequently, Indian Courts have tried to regulate the online gaming industry through judicial precedents that regulate key aspects of the gaming sector. I. Overview of Regulatory Framework The regulation of online gaming in India remains fragmented across states and intersects with several other legislations in the country. The primary legislation under which online gaming is largely legislated is the Public Gambling Act, 1867, which regulates and prohibits offline games of chance (but not offline games of skill). In this regard, Section 12 of the Act makes it clear that this legislation does not apply to games of skill. However, it is to be noted that post the enactment of the Constitution of India, 1950, the various state legislatures in India have received the authority to regulate and govern betting, gambling and allied activities within the territory of their respective state territories. Consequently, this has led to numerous legislations being enacted in various states across the country to regulate online games in the state. Recently, the Madras High Court in the case of All India Gaming Federation v. State and Ors., WP 13203 of 2023, nullified the Tamil Nadu Government’s ban on online rummy and poker, and held that that the Tamil Nadu Prohibition of Online Gambling and Regulation of Online Games Act, 2022 cannot be entirely declared unconstitutional and hence, the Act will be applicable only to games of chance. Therefore, the Hon’ble Court specified that the ban can be imposed on games of chance, but it should not extend to Rummy and Poker, which are considered games of skill. Game of Skill vs. Game of Chance The terms “game of chance” and “game of skill” have not been decisively defined in any Indian legislation (including gaming and gambling legislation existing at both the central and state level in India) in a comprehensive manner. However, the Indian judiciary has adjudicated upon and interpreted the terms at length in various judicial decisions. Thereby, whether a game qualifies as a “game of skill” or a “game of chance” in India is required to be determined keeping in mind the relevant criterion laid down by the Indian judiciary. The above aspect has also been affirmed in the case of Manoranjithan Manamyil Mandram v State of Tamil Nadu[1] wherein, the Madras High Court held that to determine what constitutes a game of chance or skill is a “question of fact” and is to accordingly be decided on the basis of facts and circumstances on a case-to-case basis. Further, as regards a “game of mere skill”, the Madras High Court held that a game of mere skill (which includes games based on skill, and a competition wherein success depends on a “substantial degree of skill”) will not constitute gambling. In contrast, a game of chance is where the aspect of luck or chance dominates skill or affects the outcome of the game. II. Regulation of Online Gaming: Recent Developments and Outlook for 2024 (a) Information Technology (Intermediary Guidelines and Digital Media and Ethics Code) Rules, 2021: Amendments One of the most notable developments is the amendment of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, in April 2023. This amendment expanded the scope of the IT rules and included online gaming in the same sphere by defining the terms ‘online game’ and ‘online real money game’. Under the amended rules, all online gaming platforms/intermediaries which offer an online real money game qualify as an ‘online gaming intermediary’ under the IT Rules and are required to undertake some compliances and exercise due diligence in a manner similar to the due diligence required by intermediaries in social media and e-commerce spheres under Rule 3 and 4 of the IT Rules. The guidelines require online gaming intermediaries to publish privacy policies and terms of use, verify users before allowing access to real-money games, and implement a grievance redressal mechanism for user complaints. (b) Tax Regulation on Online Games In August 2023, amendments to the Integrated Goods and Services Tax Act, 2017, and the Central Goods and Services Tax Act, 2017, required foreign-based gaming intermediaries offering services in India to register with Indian tax authorities and comply with local tax laws. Further, the GST Council also finalized its decision and levied a tax of 28% on monies deposited by users and/or the full face value of the bets placed on online gaming, casinos and horse-trading. Prior to this decision, the earlier regime allowed for an 18% tax on the gross gaming revenue (GGR). The GGR was calculated as the difference between the money wagered by the players and the amount paid as winnings. (c) Ethical Gaming Practices and Government Advisories on Advertisements. With the addition of the internet to gaming, advertisements have become a part of the online gaming experience and the industry. However, the prevalence of advertisements in online gaming introduces risks of unfair practices or surrogate advertising, which are regulated under the existing laws such as the Consumer Protection Act 2019, Press Council Act, 1978, and Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 which prohibit the advertisements/promotion of betting and gambling . MIB’s advisories agianst surrogate advertising for online gaming  On August 25, 2023, the Ministry of Information & Broadcasting (“MIB”) issued an advisory to registered newspapers, private television channels, publishers of news and current affairs content on digital media, online advertisement intermediaries, and social media platforms asking them to refrain from publishing, broadcasting advertisements of online betting platforms and/or any such product/service depicting these platforms in a surrogate manner. CCPA’s Advisory on Prohibition of Advertising, Promotion, and Endorsement of Unlawful Activities  On March 6, 2024, CCPA also issued an advisory stating that celebrities and influencers should refrain from endorsing and promoting illegal betting and gambling activities as when a celebrity/influencer endorses or promotes something, consumers often perceive it as an acceptable activity. In view thereof, the Advisory specifically provides that celebrities and influencers can also be held equally liable for participating in an illegal activity. III. Recent Judicial Pronouncements: Galactus Funware Technology v. State of Karnataka (2022) In this case, the High Court of Karnataka on February 14, 2022 quashed various provisions of the Karnataka Police (Amendment) Act, 2021 thereby lifting the blanket ban on all games (including online skill games) played for stakes. The Court further held that the Amendment Act is violative of Article 14 of the Constitution as it does not recognize the difference between a ‘game of skill’ and a ‘game of chance’, thus treating distinct activities equally. All India Gaming Federation v. State and Ors., (WP 13203 of 2023) In this case, the Madras High Court nullified the Tamil Nadu Government’s ban on online rummy and poker and specified that the ban can be imposed only on games of chance and not on games of skill such as Rummy and Poker. The Court while partly allowing a batch of writ petitions further held that the Tamil Nadu Prohibition of Online Gambling and Regulation of Online Games Act, 2022 cannot be entirely declared unconstitutional and hence, the Act will be applicable only to games of chance. The Court further held that the definition of ‘online gambling’ under Section 2(i) of the Act, shall be read as restricted to ‘games of chance’ and not games involving skill viz. rummy and poker. IV. Conclusion India’s online gaming industry holds significant revenue potential but faces challenges due to fragmented regulations across states, outdated laws, and recent amendments. As the online gaming industry continues to grow, there is an urgent need for comprehensive legal reform to create a more consistent and unified regulatory framework. Instead of regulating the industry by amending the IT Rules, 2021, the government should consider updating existing laws and creating separate central legislation including the framework of self-regulatory bodies, to protect consumer interests and encourage responsible gaming practices. Authors: Ashneet Hanspal and  Parag Singhal Footnotes [1] AIR 2005 Mad 261

In this dynamic world of growing businesses and evolving economic landscape, India has emerged as the prime destination for facilitating business expansion.With its robust legal framework, favorable location, advanced infrastructure and varied talent pool, India provides a sustainable environment and a lucrative industry for investors to establish and expand their business. In this article, we explore why India is considered the best destination for international businesses to expand, with primary focus on the growing economy, favorable government policies, forthcoming legislative reforms and the vast market potential. India: A Growing Economy India’s economy has proven to be the fastest growing in recent years, throughout the world. The country has become the fifth-largest economy globally and aims at joining the top three global economic powers soon. According to the International Monetary Fund (IMF)[1], India’s economy is expected to grow for the year 2024-2025 at a rate of 6.5% attributable to the vigorous domestic demand and increasing working-age population. The Indian economy is supported by strong foundational policies laid by the Reserve Bank of India (RBI), which is vital in maintaining stability in the monetary framework. The RBI intends to control inflation, while providing continued and sustainable economic growth, by precisely modifying the interest rates and managing liquidity. Furthermore, the resilience of India’s economy has also boosted the stock market to record all-time highs, reflecting investor confidence in the country’s long-term growth prospects. Additionally, the economy is pushed forward owing to the country’s dynamic and large population, with 65% of Indians under the age of 35. With an increase in economic growth, businesses tend to expand and attract more investments, which results in a higher demand for a dynamic workforce across various industries. This demographic dividend provides a significant advantage for businesses as they can utilize a pool of young, skilled and cost-effective workforce. The dynamic workforce available in India has attracted various multinational companies to set up base and operate in India, specifically in IT, manufacturing and service sectors. As per the employment data included in the Periodic Labor Force Survey (PLFS) and the RBI’s KLEMS Data, India generated more than 8 crore employment opportunities from 2017-2018 to 2021-2022[2] which highlights the impact of the effective government initiatives aimed at boosting employment across sectors. While the rise in the economic growth boosts job creation in the nation, it also provides the Indian Government with the incentive and means to enhance the benefits and social security provided to the public which consequently contributes to a more sustainable and successful economy. Furthermore, with an improved connectivity and a rise in the technological capabilities, India’s digital transformation has been remarkable. The nation’s Information Technology (IT) sector is one of the largest sectors contributing significantly to the Indian economy. The Government’s drive for a digital economy through initiatives like Digital India, has played a key role in the increased digital access and is transforming the country into a digitally empowered society. Favorable Government Policies The Government of India has implemented several initiatives and policies to attract foreign investment and create a thriving business environment. The primary objective of the initiatives is to create a strong ecosystem that nurtures and protects businesses and innovation, ultimately generating large-scale employment opportunities and leading to the sustainable economic growth of the country. Register your Company in India – Company Registration Services in India We have listed few of the key government initiatives that contribute to India as an attractive business destination: Digital India Launched in 2015, the Digital India is a flagship initiative which aims at creating a digitally empowered society and knowledge economy. Strengthening the digital revolution, the purpose of this initiative is to ensure that the public services are made accessible to the citizens of India electronically by improving online infrastructure and internet connectivity. The Digital India initiative ensures continuous governance, transitioning from cumbersome analogue processes to seamless online platforms. This initiative has a significant impact on various sectors including, without limitation, education, healthcare and finance and focuses on providing high-speed internet across India, especially in remote and rural areas. The Digital India initiative has made significant developments in making government services more accessible to the public and promotes digital literacy throughout the country, making it an attractive spot for businesses to set base. Make in India The Make in India initiative, launched in 2014, intends to transform India into a global manufacturing destination and has been identified to give boost to entrepreneurship, across the varied sectors in India. The initiative primarily focuses on sectors including automobiles, defense, biotechnology, aviation, food processing, media and entertainment and railways. The Government launched the initiative to create a favorable environment for investments, develop an efficient infrastructure and make new sectors available for foreign capital. This initiative encourages both domestic and international business to commence manufacturing in India and provides various incentives such as simplified regulations, tax breaks and subsidies. Startup India Startup India, launched in 2016, is a flagship initiative of the Government of India with the agenda to actively support startups and entrepreneurs. The initiative provides mentorship and incubation support to startups subject to fulfillment of various conditions, encouraging innovation and helping new businesses rise at a quicker pace. With the intention to attract more businesses, the initiative provides various incentives and benefits to startups including easier compliance, reduction in patent registration fee, tax exemptions and access to fundings by the government. The Startup India initiative has launched several programs with the objective of building a robust start up ecosystem, attracting entrepreneurs and investors from around the globe. Atma Nirbhar Bharat The Self-Reliant India initiative (Atma Nirbhar Bharat Abhigyan) was launched with the vision to boost local manufacturing, reduce dependency on imports and promote indigenous products. The key objective of this initiative is to establish India as a global supply chain hub and to enter global markets to export goods. By promoting local manufacturing and products, the initiative intends to boost the country’s economy and create employment opportunities. This initiative emphasizes self-reliance and features job creation, education reforms, ease of doing business and agricultural boost. The use of local products and services resultantly creates a favorable environment for entrepreneurs to enter and tap into the growing demand for products made in India. Foreign Direct Investment (FDI) Liberalization The Government of India introduced and formulated an investor friendly FDI policy under which FDI up to 100% is permitted under the automatic route in most sectors and activities. The liberalized entry routes under the current FDI policy are aimed to attract potential investors as it has made it easier for foreign companies to invest in India. This liberalization attracted high levels of FDI specifically in sectors like retail, e-commerce, infrastructure and manufacturing. The resulting inflow of capital and technology has had a transformative impact on the growing economy of India, leading to job creation, infrastructure development, and enhanced global integration. Forthcoming Legislative Reforms and Proposed Regulations With the aim to safeguard personal data, the Government of India intends to implement a comprehensive legislation namely Digital Personal Data Protection Act, 2023 (“DPDP Act”) to establish clear guidelines with respect to data collection, storage, processing and usage and further mandates businesses to ensure the privacy and security of personal data in compliance with the provisions thereunder. This assurance of security and privacy is crucial for businesses, specifically for those in sectors like e-commerce and fintech where sensitive personal information is processed frequently. With the implementation of the DPDP Act, international businesses can now innovate and conduct their business activities without the fear of lack of regulatory certainty. The DPDP Act has received parliamentary approval and is proposed to come into effect in 2024. It aligns with the global protection standards like the General Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act. With the implementation of the DPDP Act, India shall also offer a regulatory framework at par with the international frameworks, allowing businesses to reduce their compliance costs and complexity. Further, businesses concerned about data security can enter the Indian market with ease and confidence in the security standards laid down by the DPDP Act. As part of the legislative reforms, the Government of India, through the Jan Vishwas (Amendment of Provisions) Act, 2023 (“Jan Vishwas Act”), aims to amend 183 (one hundred and eighty-three) provisions in 42 central statutes of India which is planned to be implemented in a phased-out manner. The Jan Vishwas Act amends various legislations including, without limitation, the Information Technology Act, 2000, the Payment and Settlement Systems Act, 2007, the Copyright Act, 1957, the Legal Metrology Act, 2009, the Environment Protection Act, 1986 and the Trademarks Act, 1999. The Jan Vishwas Act contains a slew of amendments that are bound to impact businesses operating in India as well as businesses that intend to operate in India. One of the key features of the Jan Vishwas Act is the decriminalization of minor, technical and procedural violations. Criminal consequences for unintended or minor defaults act as a barrier for international businesses considering to setup business domestically in India. The amendments introduced under the Jan Vishwas Act lower the risks associated with minor defaults that may occur while establishing businesses and offer a favorable business environment. The reduction in the criminal liabilities of businesses aims to and shall bolster foreign investment in India. Furthermore, the Government has recently introduced 4 (four) labor codes, with the aim of amending the labor landscape. These are the Occupational Safety, Health and Working Conditions Code, Code on Wages, Industrial Relations Code and Code on Social Security. While these labor codes have received parliamentary approval, they are yet to come into force. The implementation of these labor codes shall bring with it an employer friendly labor market, making it easier for businesses to hire, manage and retain employees. The labor codes simplify compliance requirements and reduce regulatory burdens for employers, particularly for labor exclusive sectors such as the manufacturing sector. The flexibility introduced with these labor codes is likely to drive the economic growth and attract investment at both domestic and international levels. Vast Market Potential As India has now cemented its position as among the world’s major economies, India has become an attractive market for countries to tap into and establish their businesses. Considering the large population, India also makes it an attractive consumer market for manufactured goods and services. With a majority of the Indian population residing in rural areas, the Government introduced initiatives such as Pradhan Mantri Gram Sadak Yojana for rural development. Owing to such schemes and initiatives, the infrastructure and connectivity in the rural areas have significantly improved, offering international businesses opportunities to establish and expand into these specific regions. The nation’s growing middle class, rising incomes, development and urbanization enhances its market appeal for international businesses. The everchanging consumer market and the shifts in the consumer behavior in India offers new opportunities for international companies to establish their presence in India in sectors including retail, e-commerce and entertainment. Furthermore, establishing e-commerce platforms in India is an approach through which businesses intend to reach the Indian consumer market and has witnessed significant advancements as this platform offers a convenient and efficient way to purchase global products and services. Given that India’s digital landscape has been growing at a rapid speed, the digital transformation of the country has created new opportunities for establishing businesses. The Government’s drive to create a cashless economy through schemes like Aadhar-enabled payments and Unified Payments Interface (UPI) payments has given entrepreneurs a boost to adopt digital payments and transactions. Additionally, India’s geographic location offers access to vast markets of South Asia, Central Asia and the Middle East, making it an ideal choice to set up businesses. This advantage promotes international trade, access to regional supply chains and provides businesses with an opportunity to expand their reach beyond the borders of India. Furthermore, India has pursued free trade agreements with major global economies which makes it easier for businesses in India to reach international markets under favorable trade terms. Conclusion To support business operations and smooth functioning, India has enacted strict and sector-specific legal and regulatory framework to conduct businesses and streamline foreign investments. Furthermore, India provides robust legal framework and governance with respect to commercial contract enforcement, protection of intellectual property and dispute resolution systems. Navigating the central and state specific legislations while while setting up a business in India requires legal expertise, however India’s commitment to protecting investor’s rights makes it a safe and favorable destination for international businesses. With a supportive legal framework, skilled workforce and a vast consumer market, India aims to continuously emerge as the ideal place to set up a business. Additionally, advancements in technology and infrastructure and a supportive startup ecosystem, enhance India’s appeal for entrepreneurs to establish business. The country’s growing economy, coupled with the government initiatives, offers a dynamic market and conducive environment for both international and domestic businesses. Authors: Sheena Ogra (Partner) and Shreyika Walia (Associate) of Ahlawat & Associates Footnotes [1] Press Information Bureau: Ministry of Finance- India shines as IMF upgrades GDP forecast to 7% in FY24-25 [2] Press Information Bureau: Employment Data