Dhwaj & Associates

The Insolvency and Bankruptcy Code, 2016 (IBC), incorporates the pivotal concept of a moratorium period during insolvency proceedings, effectively halting all actions against the corporate debtor. This pause not only provides a protective shield for the debtor but also creates an environment conducive to restructuring and resolution efforts. Purpose of the Moratorium Period 1.1 The moratorium under the IBC is a critical mechanism designed to facilitate the insolvency resolution process. Its primary objectives are: Asset Protection: Prevents the dissipation or alienation of the corporate debtor's assets during the resolution process. Breathing Space: Provides a "calm period" for the corporate debtor to focus on restructuring or resolution without the pressure of ongoing or new legal proceedings. Collective Resolution: Ensures that creditors act collectively through the insolvency process rather than pursuing individual claims. Value Maximisation: Preserves the corporate debtor's value as a going concern, benefiting all stakeholders, including creditors, employees, and shareholders. Legal Provisions Governing the Moratorium 2.1 The moratorium is primarily governed by Section 14of the IBC for corporate debtors and Section 96 for individuals and personal guarantors. Section 14: Corporate Debtors 2.2 Trigger: The moratorium is imposed upon the admission of a Corporate Insolvency Resolution Process (CIRP) application by the National Company Law Tribunal (NCLT). 2.3 Prohibitions: Institution or continuation of suits or proceedings against the corporate debtor. Transfer, alienation, or disposal of the corporate debtor's assets. Foreclosure, recovery, or enforcement of security interests. Recovery of property in possession of the corporate debtor by an owner or lessor. 2.4 Exceptions: Transactions notified by the Central Government (Section 14(3)(a)). Actions against guarantors of the corporate debtor (Section 14(3)(b)). 2.5 Duration: The moratorium remains in effect until the CIRP is completed, a resolution plan is approved, or a liquidation order is passed(Section 14(4)). Section 96: Individuals and Personal Guarantors Interim Moratorium: Triggered upon the filing of an insolvency application and continues until the application is admitted or rejected. Prohibitions: Creditors are barred from initiating or continuing legal proceedings in respect of any debt owed by the individual or personal guarantor. Implications for Creditors and Debtors 3.1 For Creditors Stay on Recovery Actions: Creditors cannot initiate or continue recovery actions, including enforcement of security interests, during the moratorium. Collective Process: Creditors must submit their claims to the resolution professional and participate in the collective insolvency resolution process. Impact on Secured Creditors: Secured creditors are temporarily barred from enforcing their security interests, which may delay their recovery. 3.2 For Debtors Asset Protection: The moratorium safeguards the corporate debtor's assets from individual creditor actions. Operational Continuity: Essential contracts and services cannot be terminated, allowing the debtor to continue operations as a going concern. Potential Misuse: In the case of personal guarantors, the interim moratorium does not restrict the debtor from transferring or alienating assets, which could lead to misuse. Judicial Interpretations and Recent Developments Mohanraj v. Shah Brothers Ispat Pvt. Ltd. (2021): The Hon'ble Supreme Court has clarified that Section 14 of the Insolvency and Bankruptcy Code (IBC) extends to proceedings under Sections 138 and 141 of the Negotiable Instruments Act, 1881, but only in relation to the corporate debtor. Consequently, cheque bounce proceedings against the corporate debtor are stayed during the moratorium period. However, such proceedings can still be initiated or continued against the directors of the corporate debtor. China Development Bank vs Doha Bank OPSC and others: The Supreme Court has ruled that a moratorium imposed under Section 14 of the Insolvency and Bankruptcy Code, 2016, does not extinguish a claim. The Court clarified that Section 14 prohibits the initiation or continuation of legal proceedings against the corporate debtor, the transfer of assets, the enforcement of security interests, and similar actions. Power Grid Corporation of India Ltd. v. Jyoti Structures Ltd: Courts have clarified that the moratorium does not apply to proceedings initiated by the corporate debtor if such proceedings are beneficial to the debtor's financial position. Indian Overseas Bank v. RCM Infrastructure Ltd. (2021): The NCLAT clarified that the moratorium prohibits the institution or continuation of suits or proceedings against the corporate debtor, SARFAESI proceedings cannot be continued against Corporate Debtor once CIRP starts and Moratorium is ordered including execution of judgments or decrees. Challenges and Criticisms  Uncertainty in Scope: Contradictory judicial interpretations have created uncertainty regarding the scope of the moratorium, particularly for arbitration proceedings and proceedings initiated by the corporate debtor. Delay in Resolution: The moratorium can lead to delays in the resolution process, especially if courts are required to determine whether specific proceedings fall within its ambit. Impact on Creditors: The blanket stay on recovery actions can disadvantage creditors, particularly secured creditors, who may face delays in realising their claims. Conclusion The moratorium under the IBC is a cornerstone of the insolvency resolution framework, balancing the interests of creditors and debtors. It ensures the preservation of the corporate debtor's assets and provides a collective resolution mechanism. The practice also reveals that a moratorium does not always accelerate restructuring; in some cases, it leads to delays. However, judicial interpretations and recent developments have highlighted the need for greater clarity and potential legislative amendments to address ambiguities and prevent misuse.  

On January 3rd, 2025, the Ministry of Electronics and Information Technology, Government of India took a significant step toward strengthening data protection by releasing the draft Digital Personal Data Protection Rules, 2025 (“Draft Rules”). These Draft Rules are designed to provide the operational framework for the Digital Personal Data Protection Act, 2023 (“DPDPA”), and had requested public feedback until February 18th, 2025. This initiative is expected to transform the governance of digital personal data in the country, balancing privacy rights with technological progress. Enacted in 2023, the DPDPA regulates the processing of digital personal data to address rising concerns pertaining to the misuse of personal information. While the DPDPA sets the foundation for privacy protections, its effectiveness relies on well-defined protocols that the new rules aim to deliver. By establishing this regulatory framework, the Indian government seeks to empower citizens with greater data control while fostering innovation and economic development in its diverse digital economy. Key Features: Establishment of the Data Protection Board of India The Draft Rules provide for the immediate establishment of the Data Protection Board of India (“Board”), which will oversee the enforcement of the DPDPA. The Board will handle complaints, impose penalties, and facilitate dispute resolution. Its role in enforcing compliance and protecting user privacy will be crucial to the long-term success of India’s privacy regulations. Improved Notices and Transparency Under the Draft Rules, data fiduciaries (organizations controlling the processing of personal data) need to ensure that privacy notices are clear, comprehensive, and easily understandable. These notices should clearly specify the nature of the data collected, the purpose of the data collection, and how the data will be used. In addition, users must have access to streamlined processes for withdrawing consent, submitting grievances, and exercising their privacy rights. The emphasis on detailed and user-friendly privacy notices aligns with global standards such as the EU’s General Data Protection Regulation (“GDPR”). As a result, businesses may need to re-evaluate their data collection practices and marketing strategies, especially regarding how consent is obtained and managed. Registration and Obligations of Consent Managers The Draft Rules lay down the procedure that entities must follow to register as consent managers. Entities seeking registration as a consent manager must fulfill the conditions outlined in Part A of the First Schedule and apply to the DPB. Upon review, the DPB may grant or deny registration based on the applicant’s compliance with the stipulated requirements. Registered consent managers must adhere to obligations specified in Part B of the First Schedule, ensuring robust consent management mechanisms. If a consent manager is found non-compliant, the DPB may issue directives to rectify non-adherence. In severe cases, the DPB may suspend or cancel the registration of a consent manager to safeguard data principals' interests. The DPB also retains the authority to request relevant information from consent managers as needed. Parental and Guardian Consent for Minors For data related to children, the Draft Rules impose strict requirements to verify parental or guardian consent. However, verifying both the user’s age and the guardian’s identity may pose practical challenges. Entities operating in India will need to build reliable processes to address these requirements while navigating complex Indian legal frameworks for guardianship. Prompt Reporting of Data Breaches In the event of a data breach, organizations must promptly notify both the Data Protection Board of India (“DPB”) and the affected individuals. The initial breach notification should be followed by a comprehensive report within 72 hours, detailing the incident’s scope, cause, and corrective actions. Unlike GDPR, India’s framework does not set a materiality threshold, meaning even minor breaches may require reporting. This could lead to an influx of breach notifications and place additional demands on businesses to manage incident response workflows. Global organizations will need to integrate these reporting obligations with other compliance protocols, such as those enforced by India’s Computer Emergency Response Team and various industry regulators. International Data Transfers Although the DPDPA allows cross-border data flows, the Draft Rules authorize the government to impose specific conditions for sensitive data transfers. For large-scale data handlers, this could lead to potential data localization requirements, affecting how multinational companies manage global data operations. Entities will need to monitor these developments closely, as conflicts may arise between India’s data protection laws and international obligations, particularly in areas like surveillance and law enforcement access. Reasonable Security Safeguards The Draft Rules impose stringent security measures that data fiduciaries must implement to protect personal data from breaches. These reasonable security safeguards include, at a minimum: Data security measures such as encryption, obfuscation, masking, or virtual tokens mapped to personal data. Access controls to secure computer resources used by data fiduciaries and data processors. Monitoring mechanisms to track access to personal data through logs, audits, and reviews, enabling the detection of unauthorized access, investigation, and remediation. Business continuity measures such as data backups to ensure continued processing in case of compromise to confidentiality, integrity, or availability of personal data. Retention of logs and personal data for a period of one year, unless another law specifies otherwise, to facilitate breach detection and response. Contractual obligations for data processors to implement appropriate security safeguards. Technical and organizational measures to ensure compliance with security standards. Additional Obligations of Significant Data Fiduciaries Significant Data Fiduciaries must adhere to enhanced compliance obligations, including: conducting a Data Protection Impact Assessment (DPIA) and an audit every 12 months, submitting a report with significant findings from the DPIA and audit to the DPB, ensuring that algorithmic software used in processing personal data does not pose risks to data principals’ rights, and complying with data localization mandates for specific categories of personal data as determined by the Indian government. Rights of Data Principals To facilitate the exercise of rights by Data Principals, Data Fiduciaries and Consent Managers must: Publish details on their website or app regarding how Data Principals can request to exercise their rights. Specify identifiers such as usernames or customer IDs required for such requests. Ensure an effective grievance redressal system, specifying response timelines and implementing appropriate technical and organizational measures. Enable Data Principals to nominate individuals for exercising rights on their behalf, as per the terms of service and applicable laws. Looking Forward The Draft Rules represent a significant advancement in India’s approach to data protection, positioning the country as a global leader in privacy regulation. However, they also introduce new challenges for businesses, particularly those operating internationally. By aligning with global standards while introducing unique elements such as consent managers, India’s regulatory framework is expected to influence privacy practices worldwide. Organizations that adapt swiftly to these requirements will not only ensure compliance but also gain a competitive advantage in one of the world’s most important digital economies.