Maheshwari & Co. Advocates & Legal Consultants

The intersection of fashion and intellectual property (IP) presents a complex and often contradictory legal landscape. In contemporary fashion, the cyclical emergence of trends poses complex challenges for legal protection, particularly in the context of intellectual property (IP). A central and on-going question in this context is whether a design can be so "trendy" or common that it cannot receive trademark protection. This inquiry examines the main principles of trademark law, particularly the ideas of distinctiveness and aesthetic functionality. It also highlights the risky situation for a design that suffers from its own commercial success. Trademark Law in Fashion: Foundational Principles Trademark law is vital in the fashion world, serving as a legal mechanism that safeguards distinctive elements, like a brand’s name, logo, or design that differentiate its offerings from others. However, its scope is limited; it does not extend to every creative aspect, but rather focuses on protecting identifiers that signify brand origin. Instead, it aims to help consumers consistently recognize the origin of goods and services based on distinctive signs, safeguarding both consumer trust and commercial goodwill. Each creation represents an intangible asset that, if not adequately protected, may be vulnerable to imitations, counterfeiting, and strategic information leaks that could compromise the company’s position. India’s trademark system operates under the provisions of the Trademark Act enacted in 1999. It enables designers to secure legal rights over brand names, logos, emblems, or even distinctive visual elements that define their fashion lines. Trademark law in fashion is anchored in several core principles. First, a mark must possess distinctiveness, to be recognized as identifying a specific source. Secondly, the non-functionality rule ensures that utilitarian features. To secure legal protection, trademarks must be actively utilized in the marketplace. This entails their visible presence on products or within advertising materials, serving to identify and distinguish the source of goods or services. Mere registration without genuine commercial use does not suffice; continuous and lawful use is essential to establish and maintain trademark rights. Finally, trademark law provides protection against consumer confusion, allowing fashion brands to take action against imitators whose products may mislead consumers about their origin. Why Most Fashion Designs Don't Qualify for Trademarks Fashion designs, despite their inherent creativity, rarely secure trademark protection due to specific legal criteria. Trademark law primarily guards’ elements that uniquely identify a product's source. Most clothing designs—be it particular cuts, silhouettes, or aesthetic details—are perceived as decorative or functional rather than brand identifiers. Unless a design achieves singular, widespread recognition as originating from one specific company (e.g., Burberry's distinct check), it falls short of this core trademark purpose. A key hurdle is distinctiveness. Designs must either be inherently unique or gain consumer association with a single source through extensive, exclusive use, as exemplified by Louis Vuitton's renowned monogram. However, fashion trends, by their very nature, are widely adopted and imitated, rapidly diluting any potential distinctiveness and preventing them from serving as reliable source indicators. Furthermore, trademark law excludes features that are primarily functional or essential to a product's use, such as a basic garment construction. Similarly, purely ornamental elements that don't convey commercial origin, like generic patterns, are not eligible for trademark status. This framework also aims to preserve the "fashion commons," preventing perpetual monopolies over design elements crucial for the industry's artistic and economic dynamism, thereby fostering continuous innovation rather than hindering it. The Impact of Trendiness on Trademark Eligibility A fashion design that is too trendy is often, by nature, fleeting and widely adopted by many actors in the industry. This widespread adoption undermines its distinctiveness—a core requirement for trademark registration. When a trend is generic, ephemeral, or lacking in source-identifying function, trademark protection is inappropriate: Furthermore, when a design becomes popularized across the market, it risks being viewed as a common style rather than a proprietary mark. As a result, the more a fashion feature blends into a trend, the less likely it is to qualify for trademark protection, as it may fail to signal a single source or avoid consumer confusion. In Aditya Birla Fashion and Retail Ltd. v. Manish Johar,[1] Aditya Birla Fashion, owner of the “ALLEN SOLLY” brand, discovered that Manish Johar was manufacturing and selling counterfeit goods bearing deceptively similar branding. These products were also being circulated online. The Hon’ble Saket District Court recognized plaintiff’s trademark rights and found that the defendant’s goods were intended to deceive consumers. Permanent injunctive relief was granted, and the Hon’ble Court ordered that counterfeit stock be seized and destroyed. This ruling showcased Indian court’s increasing attention to impose stringent remedies against counterfeiting, including injunctions and destructions of infringing products, thereby protecting consumer trust and brand’s goodwill. In the case of Ritika Private Limited v. BIBA Apparels Private Limited[2], owner of the celebrated “RITU KUMAR” label sued BIBA Apparels. Ritika alleged that BIBA had copied its garment designs. However, the Hon’ble Delhi High Court clarified that once an artistic work is industrially applied and reproduced more than 50 times, copyright protection discontinues as per Section 15(2) of the Copyright Act unless the design is registered under the Designs Act, 2000. Since, Ritika’s designs were unregistered, its claim failed. Similarly, in the case of Microfibres Inc. v. Girdhar & Co.,[3] Microfibres, a textile manufacturer claimed that Girdhar & Co. had copied its upholstery fabric designs. The plaintiff pleaded that the patterns should be protected as artistic works under the Copyright Act. The Hon’ble Delhi High Court emphasized that once an artistic work is applied to an industrial product; it ceases to qualify for copyright and falls within the ambit of the Designs Act. Since Microfibres had not registered its designs, no protection was available. The Hon’ble Supreme Court later affirmed this decision underlining the legislative intent to prevent dual protection and harmonize the two statutes. In the case of Rajesh Masrani v. Tahiliani Design Private Ltd.,[4] Rajesh Masrani alleged that Tarun Tahiliani’s fashion house had copied his fabric prints. The defense argued that the works were unregistered designs, and hence not enforceable under the Designs Act. The Hon’ble Delhi High Court held that the plainitff’s prints were original artistic works as per Section 2(c) of the Copyright Act, and therefore protectable since the designs had not been mass produced beyond the threshold of Section 15(2), copyright subsisted. The defendant’s appeal was dismissed. Aesthetic Functionality Doctrine A significant obstacle in securing trademark protection for fashion designs lies in the doctrine of aesthetic functionality. This principle holds that a feature cannot be monopolized as a trademark if it is primary appeal lies in its aesthetic value or if it confers a competitive advantage of source identification. The rationale is to ensure that no single brand can claim exclusivity over design elements that consumer are drawn to for their beauty or style, rather than for brand association. Courts frequently reply on competitive necessity test to determine whether a feature qualifies as aesthetic functionality. The more a design reflects a prevailing trend, the greater the likelihood that it will be regarded as an aesthetic choice necessary for the competitors to adopt freely. In such circumstances, trademark protection is denied to avoid restricting legitimate competition in the marketplace. A recent and instructive example of Indian jurisprudence can be found in the case of Royal Country of Berkshire Polo Club Ltd & Ors v. Lifestyle Equities C V & Ors[5], also known as Beverly Hills Polo Club (BHPC) case. In early 2025, the Hon’ble Delhi High Court ordered an Amazon subsidiary to pay USD 39 Million (approximately INR 340 Crore) in damages for selling apparel featuring a logo nearly indistinguishable from the BHPC trademark. The Hon’ble Delhi High Court’s ruling emphasized that brand identifying elements, regardless of aesthetic appeal are entitled to protection where they serve as strong indicators of source and reputation. Unlike cases involving purely decorative motifs that fail to signal origin and thus fall prey to the doctrine of aesthetic functionality, BHPC’s logo had achieved brand distinctiveness and consumer recognition. The Hon’ble Delhi High Court’s approach reinforces that courts will protect decorative designs when they play a clear source identifying role, reaffirming that distinctiveness, not ornamentally, remains the guiding principle in trademark enforcement. For fashion and lifestyle brands, the BHPC decision provides a compelling blueprint i.e., registering and cultivating distinctive, recognizable designs is essential to ensuring legal protection, not just foe aesthetic merit, but as embodiments of brand identity. Conclusion A design cannot be deemed “too trendy” to trademark in the legal sense; rather, trendiness itself is antithetical to the distinctiveness and source-indicating function necessary for trademark protection. Trend-driven, short-lived designs usually enter the public domain, available for all to use, unless and until they gain sufficient secondary meaning to become inextricably linked with a single brand. For fashion innovators, robust protection lies in a layered IP strategy involving design registration, trademark cultivation, and copyright protection. [1] TM No. 7/2017 [2] CS(OS) No. 182/2011 [3] 128 (2006) DLT 238 [4] FAO (OS) No. 393/2008 [5] 2023 SCC OnLine Del 5347 Authored by Mr. Ketan Joshi, Senior Associate

Introduction Today, the world has become a global village, at least in the economic sense. In this increasingly interconnected global economy, corporate distress rarely respects national borders. It is not unknown that every country has multinational enterprises that are operating across various jurisdictions, which inevitably requires that there should be an insolvency regime that cooperates internationally so that there can be preservation of the value of the assets and at the same time there is equitable treatment of the creditor, thereby leading to efficient resolution of cross-border insolvency. The Insolvency and Bankruptcy Code, 2016 (“IBC”) revitalized the domestic insolvency resolution as soon as it was brought into action. Prior to the IBC, the condition of the distressed entities was not so good because there was no consolidated law, but after the arrival of the IBC regime, the resolution process streamlined the insolvency process. While IBC has been appreciated for revitalizing domestic insolvency resolution, it remains silent on a formal mechanism to recognize and cooperate with foreign insolvency proceedings. This lacuna leaves Indian resolution professionals and foreign stakeholders in a precarious position: India benefits from having its Corporate Insolvency Resolution Processes (“CIRPs”) recognized abroad, such as in the recent decision in Singapore in Re Compuage Infocom Ltd. decision. Yet India itself offers no reciprocal framework to foreign proceedings. Current Legal Framework in India The IBC provides a regime for insolvency and bankruptcy of companies, limited liability partnerships, and individuals. It has the main objective of first doing resolution and then liquidation in the domestic proceedings to preserve the value of the assets and balance the interests of all stakeholders while providing a time-bound framework for resolving insolvency cases. However, it incorporates only two provisions addressing cross-border insolvency in a limited, reciprocal manner: Section 234 -Agreements with foreign countries. “(1) The Central Government may enter into an agreement with the Government of any country outside India for enforcing the provisions of this Code. (2) The Central Government may, by notification in the Official Gazette, direct that the application of provisions of this Code in relation to assets or property of corporate debtor or debtor, including a personal guarantor of a corporate debtor, as the case may be, situated at any place in a country outside India with which reciprocal arrangements have been made, shall be subject to such conditions as may be specified.” As per this section, the Indian government can make a bilateral treaty with any other country to help enforce the rules of the IBC in that country. Once such an agreement exists, the government can officially notify that the IBC provisions will apply to the assets of the Indian companies or individuals, which includes debtors or guarantors that are located in that foreign country. However, this will only apply if the country agrees to do the same for the Indian authorities, which in simple terms means reciprocity. Section 235: Letter of request to a country outside India in certain cases. “(1) Notwithstanding anything contained in this Code or any law for the time being in force if, in the course of insolvency resolution process, or liquidation or bankruptcy proceedings, as the case may be, under this Code, the resolution professional, liquidator or bankruptcy trustee, as the case may be, is of the opinion that assets of the corporate debtor or debtor, including a personal guarantor of a corporate debtor, are situated in a country outside India with which reciprocal arrangements have been made under section 234, he may make an application to the Adjudicating Authority that evidence or action relating to such assets is required in connection with such process or proceeding. (2) The Adjudicating Authority on receipt of an application under sub-section (1) and, on being satisfied that evidence or action relating to assets under sub-section (1) is required in connection with insolvency resolution process or liquidation or bankruptcy proceeding, may issue a letter of request to a court or an authority of such country competent to deal with such request.” In order to understand what Section 235 says, let's take an example wherein a company undergoing insolvency in India owns a building in Dubai. Now, if India and the UAE have a reciprocal arrangement under Section 234, then the Resolution Professional can apply in NCLT, asking to take action on the Dubai property, and if the tribunal agrees then it can send a formal request to UAE court to take the necessary action, like freezing or selling of the assets. However, even after almost a decade of IBC, no reciprocal agreements under Sections 234–235 have been concluded. Thus, these provisions remain inoperative. Further, in the absence of formal cross-border insolvency legislation, the Indian courts have only way of enforcing an insolvency decree is via section 13 of the Code of Civil Procedure for the recognition and the enforcement of the foreign judgment that relies on the fact that it satisfies the provisions therein. Why Recognition Without Reciprocity Is a Global Trend? The answer to the question as to why recognition without reciprocity is becoming a global trend is simple and identifiable; this is the era of globalized commerce, wherein businesses operate across jurisdictions and the corporate debtors hold assets and owe obligations not just in one country. Consequently, this gave rise to the need for national insolvency regimes to address the complexity of cross-border insolvency in a manner that is coordinated, efficient, and equitable. We have to understand that at the heart of the global trend lies the principle of modified universalism, which balances the need for a single, centralized insolvency process with the sovereignty and interests of local jurisdictions. This philosophy is embodied in the UNCITRAL Model Law on Cross-Border Insolvency (1997), which has now been adopted, with or without modification, in over 60 states and 63 jurisdictions, including the United States, United Kingdom, Singapore, Australia, Japan, and other multiple jurisdictions, enabling smooth cross-border insolvency. This model law is intentionally neutral on reciprocity, which means that it does not require the adopting countries to condition their recognition of the foreign insolvency proceedings on whether the initiating country would do the same or not. This is basically done with the approach that encourages open coordination and recognizes that the benefits of facilitating the efficient cross-border resolution outweigh the potential cost of asymmetry. However, it must also be recognized that despite the inclusive spirit of the model law there are few jurisdictions, such as Mexico, South Africa, and Romania, that have inserted reciprocity clauses that condition recognition on mutual treatment. These clauses have however been widely criticized for being counterproductive. As discussed in India’s 2018 Insolvency Law Committee (ILC) report and reinforced by comparative academic commentary, reciprocity creates regulatory fragmentation, slows down the legal process, and undermines the very goal of harmonization. Now, considering the Indian perspective, Sections 234 and 235 of the IBC have proven to be a bottleneck. It is to be noted that as of mid-2025, India has not signed any reciprocal agreement which renders the provisions ineffective in practice. The absence of an enacted cross-border insolvency law ultimately means that India remains a passive recipient of the recognition abroad while offering no equivalent legal certainty to the foreign investors or the insolvency practitioners operating in India. Considering the reasons for the recognition without reciprocity, there are three key drivers: 1. Value Preservation and Economic Efficiency: The individuals in these proceedings are obviously commercially driven, which ultimately makes their goal to be the preservation of the value of the assets and at the same time be economically efficient. It is no secret that multiple jurisdictions and local courts will lead to delay in the recognition and can lead to a “race to the courthouse,” where local creditors attempt to seize assets before foreign proceedings are acknowledged. 2. Enhancing Global Credibility and Investment Climate: Jurisdictions that extend recognition to foreign proceedings build their reputation as legally mature, creditor-friendly, and cooperative. 3. Judicial Predictability and Legal Certainty: A harmonized legal regime based on objective criteria simplifies litigation, reduces costs, and enhances procedural fairness. The Model Law’s framework (Articles 15–17) for recognition and relief provides a uniform path forward that is missing from India’s current ad hoc and discretionary mechanisms. The Re Camouflage Case and Its Implications Recently, Singapore High Court’s decision in Re Compuage Infocom Ltd [2025] SGHC 49 marked a moment in cross-border insolvency jurisprudence involving India. For the first time, a Corporate Insolvency Resolution Process was initiated under India’s IBC regime which was formally recognized as a “foreign main proceeding” in a jurisdiction that had adopted the UNCITRAL Model Law on Cross-Border Insolvency. Facts of the case were simple: Compuage Infocom Ltd (CIL), an Indian company, was undergoing CIRP under NCLT Mumbai and the appointed Resolution Professional, Mr. Gajesh Jain, sought recognition of the Indian proceedings in Singapore to access and administer assets held there. The Singapore High Court undertook a detailed examination of the criteria under the Model Law, including the definition of “foreign proceeding,” and considered the status of NCLT as a foreign court and whether India was CIL’s Center of Main Interest. The court of Singapore then concluded affirmatively on all counts that is a. CIRP was collective, judicial, and reorganization-focused; b. NCLT was deemed a competent adjudicatory body; and c. India was the COMI based on operational and managerial control. With this, RP got control over the assets that were situated in Singapore, but it imposed a moratorium on the local enforcement actions. The court withheld the automatic repartition, emphasizing the need to protect local creditors. With this, there was the exercise of modified universalism, which cooperated with the other jurisdiction without sacrificing local interest, which is located and reflected in the heart of the Model Law’s philosophy. It also exposed India’s policy gap: Singapore recognized Indian proceedings, yet India has no reciprocal framework to do the same, owing to its reliance on outdated provisions under Sections 234 and 235 of the IBC, which are dependent on bilateral treaties that have not materialized. With this comes practical and reputational consequences for India which are as follows: a. First, Indian RPs can benefit from global recognition, but foreign insolvency professionals cannot access Indian jurisdictions with equivalent clarity or certainty. b. Second, while the ruling enhances confidence in India’s domestic procedures, it may also pressure India to adopt the Draft Part Z based on the Model Law, currently pending legislative action. Missed Opportunities in Indian Jurisprudence It is undeniable that the insolvency regime in India has improved significantly, but with regard to the cross-border insolvency regime, it still lacks, and here are the missed opportunities in Indian jurisprudence: a. The insolvency bankruptcy code was enacted in 2016, and soon after that, the need for cross-border was realized, and therefore, the Insolvency Law Committee recommended Draft Part Z’s inclusion to address the complexities of insolvency cases involving assets and creditors across different countries. Although Draft Part Z promised structured recognition of both foreign main and non-main proceedings, automatic moratoria, and clear standards for cooperation, it remains unnotified nearly seven years on, forcing stakeholders into ad hoc bilateral protocols rather than a uniform statutory regime. b. Second, the Jet Airways case, which depicts the judicial hesitation to embrace cross-border coordination. In this case the Mumbai NCLT initially rejected the Dutch trustee’s recognition, but the NCLAT partially rectified this by admitting the trustee “without voting rights” and sanctioning a bespoke Cross-Border Insolvency Protocol . This case highlighted the potential for cooperation and the risk that, absent clear law, courts will default to a territorialist posture, delaying asset pooling and value maximization. c. Third, in Videocon Industries, the NCLT sought to “lift the veil” over four foreign subsidiaries to include their assets, but the NCLAT stayed that order and, in effect, excluded significant overseas value from the resolution pool. Now this happens because there is no explicit statutory authority to administer. d. Fourth, India’s reliance on Sections 234–235 IBC (reciprocal treaties and letters of request) continues to be sterile, as there have been no bilateral agreements concluded, rendering these provisions dormant. India’s Draft Framework and Why It Remains Stalled India’s Draft cross-border insolvency framework is based on the UNCITRAL Model Law and remains inexplicably stalled despite growing global integration and increased foreign investment. The delay is not just about the bureaucratic sluggishness; it highlights other issues such as India's persistent consciousness towards relinquishing control in the transnational insolvency matters. The government has hesitated to implement it, citing concerns over judicial discretion, regulatory overlap, and potential misuse. However, one major reason is the fear of giving too much power to the foreign courts in matters involving Indian creditors and assets. Also, the Draft lacks certain clarity on the reciprocity that triggers the uneasiness about enforcing the Indian judgments abroad which might lead to the gap between the global north and global south as well. The Indian government might also be focused upon the sovereign rights that it can realize while keeping the insolvency regime to itself, particularly safeguarding the public interest. Without stronger political will and trust in institutional mechanisms, India risks remaining an outlier in global insolvency cooperation, which is repulsive to investor confidence and cross-border trade. Conclusion The global trend toward recognition without reciprocity reflects an international consensus that efficient cross-border insolvency mechanisms are relevant to economic stability, investor protection, and legal predictability. By continuing to insist on reciprocity and bilateral treaties, India risks isolating itself from this cooperative framework because legislative inertia not only hampers Indian creditors’ ability to recover abroad but also disincentivizes foreign participation in Indian restructurings. It is, therefore, essential that India align itself with the Model Law’s principles and become a proactive contributor to the global insolvency architecture. While at the same time protecting the local and the domestic interests of the creditors. Authored by Mr. Vipul Maheshwari, Managing Partner

The Indian corporate environment is characterized by its volatile mix of opportunities, aspiration and complex regulatory frameworks especially with the country's emerging status as one of the largest markets globally. With numerous opportunities, it has attracted a significant number of foreign investments, especially through acquisitions and joint ventures (JVs). Foreign companies, entering into JVs or acquisitions, often face challenges due to India’s complex regulatory environment that may affect their operations. To mitigate these risks, exit clauses are a critical element in such JV agreements, as they provide a clear roadmap for foreign partners wishing to divest or exit the business. Put options, being one of the exit options, enable investors to sell their shares to the issuing company or other shareholders at a set price within a stipulated period, allowing shareholders to define their exit strategy clearly. By clearly defining the terms under which a foreign partner can exit the joint venture, these clauses help manage the inherent uncertainty of the Indian market, providing foreign entities with a more favorable environment to engage in business partnerships while balancing risks and returns. Hence, a put-on option allows the put buyer to exercise the option within the designated expiration time at a predetermined price Such clauses are vital in fostering trust between local and foreign partners, ensuring that the latter have an exit strategy in place, which enhances the overall attractiveness of India as a destination for foreign direct investment (FDI). PUT OPTION:  A SWORD AND SHIELD A put option gives the holder the power to sell an asset at a pre-determined price within a specified timeframe. The duality of this instrument makes it constraining: it works as both a defensive shield (limiting downside risks) and a strategic sword (leveraging power in negotiations). However, it is important to emphasize that exercising the put option by a foreign partner also involves various legal, regulatory, and administrative issues challenges related to the enforcement of such clauses. These issues must be carefully considered when drafting the definitive agreements or invoking these options in cross-border contexts. Since India is an exchange-controlled state, the framework and regulations of Foreign Exchange Management Act, 1999 (FEMA) govern transactions between residents and non-residents. Foreign Exchange Management Act (FEMA) plays a crucial role in ensuring compliance with the FDI framework, particularly concerning the transfer of equity from international investors to Indian enterprises to ensure that any such transfers align with valuation norms and adhere to the sectoral caps set by the FDI policy. A key challenge for foreign investors lies in share valuation, as FEMA requires the sale to occur at fair market value. This can create complications when executing the put option, especially if the parties disagree on the share price. Traditionally, put options were considered speculative instruments since their performance depended on future events. Under the Securities Contract Regulation Act of 1956 (SCRA), such options were deemed invalid because they did not come under any of the definitions for spot delivery or derivative contracts. The legal position was clarified when SEBI issued a notification on October 3, 2013 for the first time permitting contracts in shareholders agreements or provisions in the articles of association, providing for a put/ call option. The October 2013 Notification permitted put/call option clauses subject to satisfaction of the underlying conditions which included compliance with FEMA. The latest judgment of a Division Bench of the Bombay High Court, in Percept Finserve Private Limited v. Edelweiss Financial Services Limited upheld the enforceability of a put option clause in a share purchase agreement, that was executed prior to the October 2013 Notification. Moreover, concerning Foreign Exchange Management Act of 1999 (FEMA), put options that give assured returns to investors were considered a contravention of regulations that forbid guaranteed returns on investments. In numerous cases, the Court upheld the put option while requiring RBI permission for the remittance. The Bombay High Court's decision in Videocon Industries Ltd. v. Intesa Saupaolo SPA[1] "interpreted the phrase with the general or special permission of the Reserve Bank of India as not requiring prior permission and stated that contracts were not invalid for lack of permission. A public interest lawsuit was brought in the Calcutta High Court in Sanjib Kumar Dan v. Union of India and Ors [2]to clarify that guaranteed returns on equity investments are unlawful. The court denied the petition, which upheld the existence of adequate rules. In this regard, the case of “NTT Docomo V. Tata Sons” is a landmark judgment which is more than a legal dispute between two corporate giants, revolving around breach of a shareholder agreement related to the sale of shares in the Indian telecom company Tata Teleservices. The case helps in exploring the broader context of corporate governance practices in India along with the significant legal, strategic, and financial ramifications. The case revealed that put options, when partnered with contractual obligations, serves more than just financial hedges but they also become tools for enforcing accountability in joint ventures and safeguarding investments in unpredictable market. Exercising put options in a complex legal framework As one of the world’s most promising investment destinations, India attracts foreign investors eager to stake their claim. Regardless, for these shareholders, particularly those entering through acquisitions or joint ventures (JV’s), the Indian regulatory framework often complicates otherwise straightforward financial strategies. Among these complexities lies the issue of put options, a simple seeming contractual mechanism that becomes entangled in a legal and regulatory hurdle when exercised in India.  While offering a crucial exit strategy for investors, the put options open up the labyrinth of valuation norms, compliance mandates, and judicial scrutiny for foreign shareholder. The most immediate challenge foreign shareholders face is the compliance burden imposed by Indian regulations: FEMA’s Valuation Norms: FEMA mandates that the transfer of shares must be at or above the fair market value for foreign investors selling to residents. However, this requirement often clashes with the predetermined pricing in a put option. In the case the agreed upon price is below the fair market value, the transaction maybe deemed non-compliant, leaving the foreign investor in a precarious position. Sectoral Caps and Restrictions: FEMA also governs sector-specific FDI caps. For instance, investments in susceptible sectors like defense or telecommunications face additional scrutiny, making the exercise of put options even more complicated. Foreign investors frequently encounter delays in obtaining the necessary regulatory approvals: Role of the RBI: the reserve bank of India plays a crucial role in approving remittance related to put options. Even if the courts uphold, executing the payment to a foreign shareholder may require explicit RBI permission. These approvals can be time-consuming, leading to prolonged uncertainty for investors. Enforcement Uncertainty: Despite regulatory clarifications, the enforcement of put options remains inconsistent. This inconsistency stems from differing interpretations of laws across jurisdiction, further complicating the process. Exercising a put option in India often triggers tax implications that can erode the financial benefits of the transaction: Capital Gains Tax: Foreign shareholders may be liable for capital gains tax on the proceeds of the share sale. The tax rate is dependent on the holding period and the type of capital asset. For example, the short-term gains may attract higher tax rates, while long term gains could benefit from tax treaties between India and the investor’s home country. Withholding Tax: Indian companies executing the payment under a put option may also be required to withhold tax before remitting funds to the foreign shareholder. Ensuring compliance with these provisions can add another layer of complexity. Indian courts have played a pivotal role in shaping the enforceability of put options, but they also highlight the challenge investors face: Guaranteed Returns and FEMA Compliance: courts have repeatedly held that put options offering guaranteed returns contravene FEMA. For example, in “Sanjib Kumar Dan V. Union of India”, the court emphasized that equity investments must carry an inherent risk, and guaranteed returns undermine this principle. Rewriting shareholder agreements: in several cases, courts have scrutinized shareholder agreements to ensure they align with the Indian laws. This has led to a growing emphasis on drafting agreements with built-in flexibility to adapt to regulatory changes. The cornerstone of navigating the legal framework is a well-drafted shareholder agreement. Foreign investors must anticipate potential challenges and craft agreements that: Incorporate Indian Legal standards: Provisions must align with FEMA, SEBI guidelines, and sector-specific regulations to ensure enforceability. Provide Dispute Resolution Mechanism: given the likelihood of disputes, agreements should include robust arbitration clauses and specify governing law to minimize delays in enforcement. Provides Dispute Resolution Mechanisms: Given the likelihood of disputes, agreements should include robust arbitration clauses and specify governing law to minimize delays in enforcement. Plan for Exit timing: Investors should account for regulatory delays and build timelines into the agreement to avoid indefinite postponements. Exercising put options in India requires more than a basic understanding of contractual rights. It demands: Proactive compliance: staying updated with evolving regulations, particularly FEMA amendments and SEBI guidelines. Strategic Collaboration: Engaging with local legal counsel to navigate approvals and align strategies with Indian regulatory frameworks. Flexibility in Agreements: Structuring contracts that allows for renegotiation in case of regulatory conflicts. CONCLUSION While India offers immense potential for foreign investors, the exercise of put option remains a complex and nuanced process. At its core, the put option represents a delicate balancing Act between safeguarding investor rights and ensuring compliance with India’s evolving legal framework. The requirement to adhere to FEMA’s valuation norms, navigate sectoral caps, and secure RBI permissions reflects the complexities of operating in an exchange-controlled system. While these measures are designed to preserve market integrity and align with public policy, they also demand that investors remain vigilant, informed, and pro-active in structuring their agreements and business strategies. Despite these challenges, the future hold promises. India’s legal and regulatory environment is gradually maturing, with reforms aimed at creating a more predictable and investor friendly ecosystem. SEBI’s notifications, judicial clarity, and the governments ongoing efforts to streamline FDI policies are all steps in the right direction. These developments reflect India’s recognition of the critical role foreign investment plays in its economic growth story. For foreign shareholders, the path forward requires a combination of legal expertise, strategic foresight, and a willingness to embrace the intricacies of India’s regulatory framework. Success lies in understanding the markets unique challenges and leveraging its opportunities. Exercising put options, though complex, can be a powerful tool when wielded with preparation and precision. India remains a land of immense potential for foreign investors, offering opportunities that are as vast as its regulatory landscape is intricate. The put option, once seen as a speculative gamble, now stands as a symbol of India’s evolving approach to business partnerships. By, rising to meet the challenges of this framework, foreign shareholders not only safeguard their investments but also contribute to a more robust and globally integrated Indian economy. Author: Ms. Jyotsna Chaturvedi, Head – Corporate Practice. Footnotes [1] Intesa Sanpaolo S.P.A vs Videocon Industries Limited on 5 December, 2013 available at https://indiankanoon.org/doc/19525454/ [2]Sanjib Kumar Das vs Union Of India & Ors on 10 September, 2021 available at  https://indiankanoon.org/doc/98831369/

India's independence in 1947 was accompanied by the tragic partition, which led to large-scale violence, displacement, and loss of life. Many individuals were unable to migrate to their desired countries due to the chaos. Once the situation normalised, people sought citizenship in the country where their families resided. However, when the Indo-Pak wars of 1965 broke out in the country. To safe guard the public of India, the Indian government led to the issuing notifications via its Notification No. 12/2/65-E Pty dated 10.09.1965 and S.O. 5511 dated 18.12.1971 under the Defence of India Rules 1962, stating that all immovable properties in India belonging to Pakistani nationals would be vested in the Custodian of Enemy Property for India.This is in pursuance of the war, as if the Pakistani nationals remained the owner of the Property in the Indian territory. Under those circumstances, the Property might be misused for planning and plotting terrorism, which will ultimately lead to endangering the lives of the general public of India. To regulate such properties, the government, in furtherance of the notification, had introduced the Enemy Property Act of 1968. This Act defined an "Enemy" as any person who had acquired the citizenship of an enemy country. In accordance with the Act, the Country will be termed as Enemy Country if at any point in time in the past the Country was at war with India or might be in future will be considered as an Enemy Country. At present, India has engaged in wars with Pakistan and China, and consequently, the Indian citizens who have acquired the Citizenship of these two countries are classified as "Enemies" under the Act. Consequently, any property owned by such individuals in India is designated as "Enemy Property." However, in accordance with Section 2(b), the "enemy" or "enemy subject" or "enemy firm" means a person or country who or which was an enemy, an enemy subject or an enemy firm, as the case may be, under the Defence of India Act, 1962 and the Defence of India Rules, 1962 but does not include a citizen of India. Consequently, it can be determined that the Legal heirs who have not acquired citizenship of the Enemy Country will have Ownership rights over the Property being owned by the Enemy, and if not, the Property will be vested in the name of the Custodian. The Custodian will be managing and administrating the Property. Furthermore, in accordance with Section 6, despite the property vested in the name of theCustodian, the enemy or an enemy subject or an enemy firm can transfer the Property to an Indian Citizen since the Enemy is the owner of the Property and the Custodian acts as a Trustee. However, if the Central Government felt that such a transfer was/is injurious to the public interest or was/is made with a view to evading or defeating the vesting of the property in the Custodian. Afterwards, the Central Government, after giving a reasonable opportunity to the transferee to be heard,subsequently passed an order/declared the transfer void. In furtherance, the property will continue to be vested or deemed to be vested in the name of the Custodian. However, the same led to the Multiplicity of the case related to the same subject matter in the Hon’ble High courts and Supreme Court. Legal Debate A critical legal debate arose regarding whether an enemy or their legal heirs retained any rights over their vested property in the name of the Custodian. In the landmark judgment of Union of India & Ors. Vs. Mohammed Amir Mohammad Khandecided on 21.10.2005, the Supreme Court held that under the Enemy Property Act, the title of an Enemy's Property does not transfer to the Custodian. Instead, the Custodian only assumes possession, control, and management of the property. The judgment clarified that the Enemy remains the legal owner of the property. Furthermore, the Supreme Court ruled that if a legal heir has never acquired Enemy Country Citizenship, they have a rightful claim to the Enemy Property. Additionally, as per the act, if ownership is transferred to an Indian citizen, the property ceases to be classified as enemy property. This ensured that lawful owners preserved their property rights. However, it was clarified in the act that if the Central Government feels it is against the Public interest, then the said transfer can be termed void, and the Property will continue vesting in the name of the Custodian. JUDGEMENT LINK The 2017 Amendment and Its Implications Under those circumstances, where the afore stated judgement was in effect. The Central Government amended the Enemy Property Act in 2017, drastically altering the legal provisions. The amendment stripped legal heirs of their rights and declared any Legal Heirs rights over the enemy property as an Indian citizen as illegal / not in accordance with the Law. In accordance with the Amendment, in furtherance of the definition as stated in the Enemy Property Act, 1968, the act further added that it does not include a citizen of India other than those citizens of India, being the legal heir and successor of the "enemy" or "enemy subject" or "enemy firm” which means the Indian Citizen being the legal heir and successor cannot have the right over the Property. Consequently, the rights of the Legal Heirs over the property have been seized. This amendment also applied retrospectively, raising concerns about violations of legal heirs' rights. Even the amended act prohibited the transfer of the property vested in the name of a Custodian via an enemy, enemy subject or enemy firm. Consequently, it can be determined that the Property, once acquired the title of the Enemy Property, will remain as an Enemy Property. However, under these circumstances, the question arises via the said amendment concerning who will be the owner of the Property, whether it will be the Central Government, the Enemy or his Legal Heirs being the Indian Citizen. Supreme Court Stance Post Amendments The Supreme Court recently revisited the issue in Lucknow Nagar Nigam & Ors. Vs. Kohli Brothers Colour Lab Pvt. Ltd. & Ors. decided on 22.02.2024 on the afore-stated issue. The Court reaffirmed that the Custodian of Enemy Property does not acquire ownership. Rather, it only acts as a trustee for the management and administration of such properties. The Court emphasised that there is no transfer of ownership from the original owner to the Custodian or the Union of India. Consequently, enemy properties do not become Union properties or the Central Government Property. From the above judgments, it is clear that the enemy remains the lawful owner of their property, and such property can be transferred to Indian citizens or legal heirs. However, the 2017 amendment has fundamentally altered this principle by retroactively revoking these rights. The Supreme Court has yet to decide conclusively on the retrospective applicability of these amendments as they potentially violate the property rights of legal heirs and transferees. The forthcoming judicial decisions will play a crucial role in determining the fate of such properties and their rightful owners in India. However, the Central Government, via its notification no. CG-DL-E-17102024-258001, dated 16.10.2024, had issued Guidelines for the Disposal of Enemy Property. JUDGEMENT LINK Central Government Latest Notification The Central Government has introduced a significant amendment impacting the valuation and sale of enemy properties, particularly concerning the rights of occupants. Under the revised guidelines, long-term occupants now have the first right to purchase these properties—specifically those valued below ₹1 crore in rural areas and ₹5 crore in urban areas. If an occupant chooses not to purchase, the property will be disposed of according to existing regulations. This amendment reflects the evolving legal stance on enemy property, aligning with various Supreme Court judgments that emphasize providing stability to long-term occupants. However, while this move appears to offer a fairer approach, it raises critical legal concerns, especially in light of the 2017 amendments that retrospectively revoked the rights of legal heirs. This change could create potential conflicts between occupants, legal heirs, and transferees of enemy property who acquired ownership before the 2017 amendment. Does this new provision strike the right balance between stability for occupants and justice for rightful heirs? Or does it further complicate the legal landscape surrounding enemy properties in India? The Supreme Court of India has yet to decide on the aforementioned questions. NOTIFICATION Conclusion The legal status of enemy property in India remains a contentious issue, shaped by evolving judicial interpretations and legislative amendments. While the Supreme Court has consistently held that the Custodian does not acquire ownership but merely manages such properties, the 2017 amendment significantly altered this principle by retrospectively stripping legal heirs of their rights. This raises serious concerns about fairness and property rights, particularly for those who never acquired citizenship of enemy country. As legal challenges continue, the judiciary’s future stance will be crucial in balancing national security concerns with individual property rights, ultimately shaping the fate of enemy properties in India.   Author - Akhand Pratap Singh Chauhan, Partner Co-Author - Sachin Sharma, Assessment Intern  

In an era where information dissemination occurs in milliseconds, the concept of privacy seems to be a dream. The internet has transformed into a vast repository of personal data, making it difficult for individuals to control their digital footprints. The Right to be Forgotten (RTBF) emerges as a safeguard to protect individuals' privacy by allowing them to request the removal of specific personal data from search engines and online platforms when such information is inaccurate, inadequate, irrelevant, or excessive under particular conditions. Right to be forgotten, also referred to as Right to be Erasure means an individual can claim for deletion of specific personal data available on the search engines or other online platforms which are inadequate, inaccurate, irrelevant or excessive within specific conditions. The evolution of this right traces back to 1998, when a Spaniard faced some financial difficulties and wanted to auction his property. The advertisement was published in a newspaper and later found its way onto the internet, since then he has never been forgotten. Even after his financial crunches were over, online search results continued to portray him bankrupt, tarnishing his reputation. Seeking redress, he approached the European Court of Justice (ECJ), the court ruled against search engine, affirming that residents of the European Union (EU) could request the removal of certain personal information from search engines, subject to restrictions. This landmark decision gave birth to the concept of the Right to be Forgotten. In India, case of Justice K.S. Puttaswamy v. Union of India opened the gateway to the debate over the Right to be Forgotten. The Supreme Court of India recognized Right to Privacy as a Fundamental Right under the Constitution, which implicitly recognize the Right to be Forgotten. However, the Court clarified that this right is not absolute and should be applied in cases where personal data is no longer relevant or serves no legitimate public interest. INDIA’S STAND ON RIGHT TO BE FORGOTTEN: LEGAL PERSPECTIVE AND DEVELOPMENTS. India does not have any codified law on the Right to be Forgotten. But the concept has received judicial recognition through various judgments. The Supreme Court’s ruling in K.S. Puttaswamy v. Union of India (2017) was a pivotal moment, establishing the Right to Privacy under Article 21 of the Constitution of India and opening avenues for RTBF. The roots of Right to Privacy in India can be traced back to Rajagopal v. State of Tamil Nadu (1994), where the Supreme Court upheld the Right to Be Let Alone, but subject to exceptions for public documents and judicial records that serve legitimate public interest. Several High Courts and Supreme Court have also weighed in on the matter: Kerala High Court (2016, Civil W.P. No. 9478 of 2016) directed Indian Kanoon, a legal database, to remove a judgment revealing the identity of a rape victim. Gujarat High Court (Dharanraj Bhanushankar Dave v. State of Gujarat & Ors., 2017) declined a petition to remove non-reported judgments from search engines, stating that their publication does not infringe any Fundamental Rights. Karnataka High Court (Sri Vasunathan v. The Registrar General, High Court of Karnataka & Ors., 2017) acknowledged RTBF as an evolving legal principle and permitted the redaction of the name of the petitioner’s daughter from court records, balancing modesty, privacy, and the evolving right to be forgotten. Delhi High Court (Zulfiqar Ahman Khan v. Quintillion Business Media Pvt. Ltd., 2019) affirmed that RTBF and the Right to Be Let Alone are integral aspects of privacy of an individual. Delhi High Court (Jorawar Singh Mundy v. Union of India & Ors.) deliberated on whether privacy rights should outweigh public access to judicial records. The debate still ongoing in Indian jurisprudence. Supreme Court (Ikanoon Software Development Pvt. Ltd. v. Karthick Theodore, 2024) overturned a Madras High Court judgment that had granted an acquitted petitioner’s request to remove his name from a sexual assault judgment. The Supreme Court ruled that judicial decisions are public records and RTBF cannot be invoked in every situation. Additionally, Information Technology Rules, 2021 and the Digital Personal Data Protection Act, 2023 provide limited recognition of RTBF. Under these provisions, intermediaries must remove content violating privacy rights within 24 hours, and individuals may seek data erasure where applicable. GLOBAL OUTLOOK ON DELETING THE UNFORGETTABLE MEMORIES OF THE INTERNET Legal adoption of the Right to be Forgotten across Globe: European Union: The debate over RTBF sparked by ECJ ruling in Google Spain SL v. Agencia Española de Protección de Datos (AEPD) This set a precedent, allowing individuals to request for deletion of information that is inaccurate, inadequate, irrelevant, or excessive. The General Data Protection Regulation (GDPR, 2017) further cemented this right under Article 17 (Right to Erasure). Japan: Japan was the first country in Asia to adopt the Data Protection Regulation to protect the interest of its citizens. The Protection of Personal Information Act empowers individuals to demand data suspension or deletion if used beyond its stated purpose or without consent. Australia: The RTBF is not explicitly recognized by the Australian laws, but Australian Privacy Principles (APP) mandate that businesses destroy or de-identify outdated, incomplete, or misleading personal information upon request. United States: The First Amendment's emphasis on freedom of speech creates significant hurdles for implementing RTBF. However, some states, such as California, offer limited rights to request data removal. On the contrary, some states like California provide limited rights to allow an individual to make requests for deletion of data from the internet. RIGHT TO BE FORGOTTEN – THE CHALLENGES AHEAD Despite its growing recognition, RTBF faces significant legal, technical, and ethical challenges: Jurisdictional Conflicts: The borderless nature of the internet complicates enforcement. Should RTBF apply only within a specific nation or globally? Conflicts with Other Rights: RTBF risks infringing upon Freedom of Speech and the Right to Information. The removal of information may hinder public access to knowledge, especially in matters of public interest. Threat to Journalism: Unchecked implementation of RTBF may curtail journalistic freedom, limiting the dissemination of critical information. Technical and Ethical Concerns: Filtering and determining the extent of data removal pose challenges. Who decides what is irrelevant or excessive, and how should this be enforced? THE WAY FORWARD Universal Recognition and Legal Framework: There is a pressing need for a standardized global legal framework to ensure consistent enforcement of RTBF while protecting competing rights. Harmonization with Other Rights: A balanced approach among all the rights is necessary, ensuring RTBF does not unduly curtail freedom of expression or restrict public access to legitimate information. CONCLUSION In the digital era where the footprint of the internet is traced everywhere, the Right to be Forgotten is the need of this hour. As concerns over data protection continue to rise, RTBF has emerged as a significant legal development. However, its implementation must strike a balance between privacy rights, public interest, and freedom of expression. The evolving legal discourse surrounding RTBF underscores its importance in shaping the future of digital privacy, and ongoing efforts aim to integrate it into a well-defined statutory framework. While the internet’s memory may never be fully erased, RTBF strives to ensure that individuals can regain control over their personal narratives in the digital world. Author: Mr. Vipul Maheshwari, Managing Partner

On May 8, 2025, the Reserve Bank of India (RBI) issued a very significant notification in respect of the regulatory framework governing Foreign Portfolio Investor (FPI) investment in India's corporate debt market. In removing the short-term investment limit, and the concentration limit, for FPIs investing in India via the general route, the RBI is signaling its commitment to develop a more transparent, liquid, and internationally competitive bond market.[1] This is part of a series of steps that would foster foreign capital inflows, enhance domestic financial market depth, and bring India's regulatory framework in line with international best practices. In the past, there were two restrictions related to FPI investment in Indian corporate debt applicable under the Master Directions - Reserve Bank of India (Non-Resident Investment in Debt Instruments) Directions, 2025. The first restriction was the "short-term investment limit" that limited FPI amounts in corporate debt securities with residual maturity up to one year, to 30% of the total corporate debt portfolio based on a daily measurement. The second restriction was a concentration limit that capped investments (with related persons) by the FPI in corporate debt securities at 15% long-term FPI and at 10% for other FPIs in respect to their maximum investment limit.[2] Initially, these policies were designed to assist with market stability, managing short-termism, and monitoring systemic risks (Provisions to this effect were contained in a scheme entitled "FPIs in the corporate bond market"). However, these clearly had operational problems and restricted active FPI engagement. Essentially, it meant that FPIs had to sell bonds that had less than one year of residual maturity, or increase the total amount of bonds (to comply with the 30% cap), and the amount of bonds they purchased was somewhat wasted; in early 2025 FPIs had only exploited 14.3% (₹1.1 lakh crore) of the total potential limit of ₹7.63 lakh crore. Additionally, the restriction imposed on FPIs prevented them from responding to market opportunities and steward capital prudently. To ameliorate these issues, the RBI had steadily increased limits for FPIs and now cover ₹8.22 lakh crore from April to September 2025, and ₹8.80 lakh crore from October 2025 to March 2026. Thus, the May 2025 notification represented not a fundamental shift, but merely a pragmatic optimization of the compliance regime so that it could deal with the real frustrations experienced by global investors and improve efficiency within India's corporate bond market. The 2025 Relaxations: Nature, Rationale, and Global Alignment On May 8, 2025, the Reserve Bank of India (RBI) released a notification[3] that caused a major shift in regulation, when it removed two significant restrictions on foreign portfolio investors ('FPIs'), investing in corporate debt through the General route: the short-term investment limit and the concentration limit. The short-term investment limit which had been defined by the Master Directions (RBI Non-Resident Investment in Debt Instruments, 2025) to restrict FPIs from holding more than 30% of their corporate debt portfolio at any time in instruments with a residual maturity of up to one year.[4] The concentration limit was defined, to prevent any single FPI (and related) entity from having exposure to 15% of the highest investment limit proposed for long term FPIs or 10% for others. These limits were set in place to address the threat to market stability posed by capital flows (as a result of excess volatility from short-term holdings) and concentration posed by large pools in a few entities. The RBI eliminated these caps based on the premise that FPI investment limits in corporate debt are barely utilized (around 14.3 % in total in early 2025). Industry inputs also confirmed that these limits created operational issues such as forced rebalancing, and tying up inefficiently assigned or allocated capital which caused FPIs to invest less than their available limits. Deregulation is designed to provide more flexibility for FPIs to manage their portfolio and will hopefully foster more active investing and liquidity in the market. Relaxing limits will help align India's framework with what is common in the rest of the world. For example, many EM and developed markets do not implement as strict regulations on foreign holdings of short-term debt, or no restrictions on indicating concentration of ownership by foreign investors, therefore allowing more Foreigners to invest and making it easier to capital to move in and out of EM. Therefore, RBI's deregulation should help India's ability to get added to global bond indices (e.g. JPMorgan GBI-EM), and increase foreign investment in India. Overall, the 2025 relaxations represent a pragmatic and strategic response by the RBI to market reality, and investor concerns to support an ongoing effort to deepen India's corporate debt market with a focus on regulatory monitoring. Capital Market Deepening and Economic Implications The RBI's May 2025 relaxations have the potential to substantially deepen India's corporate debt market by allowing FPIs to invest more flexibly and efficiently than before. The removal of short-term investment and concentration limits will likely prompt greater foreign capital inflows, which have historically been hampered by regulations and restrictions. One of the biggest benefits of these relaxations is the expected increase in FPI ownership. The removal of the 30% limit on short-term corporate debt securities now means that FPIs can hold securities at any maturity without having to adjust their portfolios, thus reducing transaction costs for the issuers and complexity of operations for the FPIs' operations.  The removal of concentration limits means that FPIs can now put larger amounts into preferred issuers or sectors, improving investment decisions and implementing a better risk engineered portfolio. This flexibility is expected to draw a broader group of institutional global investors, such as sovereign wealth funds, pension funds and asset managers wanting diversified coverage of India's robust growing corporate sector. The addition of FPIs and larger ownership of corporate securities as investors will enhance liquidity, which is an important condition for an active corporate bond market. As more liquidity is added into the market, price discovery is more sustainable, bid-ask spreads are narrower, and the cost of trading is lower, thus encouraging issuers and investors to participate further. For Indian corporates, these developments mean greater access to long-term funding at competitive rates, facilitating business expansion and infrastructure spending. This economic development aspect is particularly relevant, in so far as the corporate bond market deepening is aligned to India's broader financial sector reforms designed to reduce reliance on bank credit and promote alternative sources of capital. A healthy bond market exists alongside equity markets and bank channels of supply, better characterized by a more resilient and diversified financial system. Finally, the RBI's alignment of India's FPI investment direction with global best practices increases India's capacity for inclusion in major global bond indices. Such inclusion generates passive inflows from global funds into the Indian bond market, further integrating the market to global capital flows. Overall, the 2025 relaxations should lead to a more liquid, efficient, and globally integrated corporate debt market which has spillover effects for economic development and financial stability. Systemic Risk, Volatility, and Regulatory Safeguards Although the 2025 relaxations from the RBI are widely expected to expand the corporate debt market and draw in additional foreign capital, they also introduce new aspects of risk that may require closer attention from regulators. The two risk areas that are of particular concern are the potential increase in market volatility arising from changes in FPI flows and the general increase of systemic risk arising from removing previous restrictions. By removing the short-term investment limit, the portfolio of FPIs can now allocate a significantly larger portion to shorter maturity instruments, which are typically more sensitive to fluctuations in risk sentiment and changes in the global interest rate environment. In conditions of extreme financial stress (also called contagion) or rapid changes in monetary policy from central banks (in the current example the US), foreign capital could exit the market at very high speeds, exerting pressure on bond prices and the INR. Not only could the resulting volatility affect the corporate debt market, but volatility on such a large scale could also increase the risk of embarrassment for the financial system (in the worst-case scenario if lots of people are forced to liquidate), especially if there is a lot of debt currently held by FPIs in a short space of time. Likewise, the removal of the concentration limit increases the risk of undue concentration in issuers or sectors. If a handful of large FPIs were to over concentrate their holdings in a handful of corporate bonds - then any negative event, for example a credit downgrade or default, could have exaggerated consequences that could potentially lead to contagion across the market. This risk is more pronounced in emerging markets, where there are likely to be fewer investors in general, and likely also to have less depth in the market. In order to mitigate these risks, the RBI has retained various macro prudential tools and regulatory safeguards. The central bank has the ability to reinstate restrictions, or impose restrictive measures, if the risks evolve into a systemic risk. In addition to monitoring FPI flows, the simple introduction of regulation requiring increased disclosure will ensure that updating disclosures is another risk management control not only for FPIs, but for all investors. Clear coordination with the SEBI provides the necessary "forward looking" mechanism for basic information sharing, and the extension of FPI monitoring risk management will be added layers of FPI investment management and ongoing recognition of the limits of authority by the RBI. The introduction of basic stress testing and scenarios fitting the various volatility ranges will be an important addition to risk management for showing the resilience of the corporate bond market to upside and downside external shocks. In summary the 2025 relaxations are a welcome step forward to developing a bond market, however the success of the measures will rely on the continuous vigilance of the RBI to recognize and respond to risk in an expanding global environment. Trade Integration, Foreign Relations, and Policy Effectiveness The RBI's 2025 foreign portfolio investor (FPI) relaxations to corporate debt securities must also be understood in the context of India’s larger economic diplomacy objectives in an increasingly integrated global financial system. The liberalization of FPI norms accompanying rather significant developments in India’s trade policy, most notably the India-UK Free Trade Agreement (FTA) and the UK’s reduction of import duties on Indian goods. Trade agreements such as these are established to encourage the exchange of goods and services but more broadly as an impetus to facilitate cross-border investment flows. As such, it is particularly relevant and timely to talk about India’s capital market regulations alongside international expectations. By liberalizing FPI norms, India is signaling support for financial openness and a welcome alignment of its regulatory framework with global expectations, thus enhancing its appeal to foreign investors. Especially as India seeks inclusion to large global bond indexes, which requires clear, predictable, and investor-friendly regulatory frameworks. Once India is included in indexes, this can lead to significant passive inflows from most international funds further developing and deepening the corporate bond market in India and the country’s integration with international capital markets. The success of these reforms depends on the RBI's Master Directions (Non-Resident Investment in Debt Instruments, 2025), which present an integrated and dynamic regime for foreign investment in Indian debt[5]. The Master Directions have been constructed to be flexible, allowing the RBI the ability to move quickly to capitalize on prevailing market conditions and stakeholder input. The relaxations instituted in May 2025 are a clear indication of this flexibility, reflecting a consultative process that considered the investors' needs while ensuring the continued exercise of macroprudential oversight. The early feedback from the market has been mostly favorable, with domestic corporates and international investors appreciating the regulatory clarity and operational leeway afforded them. However, a meaningful indication of whether the policy is effective will be in whether the RBI is able to maintain the openness now afforded to the market space while appropriately moderating risk, ensuring that more foreign capital can flow into India and lead to sustained economic benefits, without undermining financial stability. The recent reforms of the RBI offer a clear and concise path forward for India's aspirations to be better integrated into trade and investment; but they also have a strong line of attack for reaffirming both the legitimacy and reliability of regulatory institutions within India, at a crucial time when India is evolving as a major player on the global stage. Authored by Ms. Jyostna Chaturvedi, Head - Corporate Practice and Shreya Mazumdar, Associate References "India-UK FTA: Tariff Reductions and Market Access," Ministry of Commerce, https://commerce.gov.in/fta/india-uk-fta-details/ "RBI relaxes requirement for investment by FPIs in Corporate Debt Securities," SCC Online Blog (13 May 2025), https://www.scconline.com/blog/post/2025/05/13/rbi-relaxes-requirement-for-investment-by-fpis-in-corporate-debt-securities/ "RBI’s Financial Stability Report," RBI (June 2024), https://www.rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=56067 "SEBI’s role in monitoring FPI flows," SEBI (May 2025), https://www.sebi.gov.in/legal/circulars/may-2025/sebi-role-in-fpi-monitoring [1] RBI, https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12847&Mode=0 [2] RBI, https://m.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=12765#F_i [3] RBI, https://www.rbi.org.in/commonman/English/scripts/FAQs.aspx?Id=836 [4] RBI, https://www.rbi.org.in/commonman/English/scripts/Notification.aspx?Id=856 [5] RBI, https://rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=12765    

A tragic incident recently occurred where an Air India Flight 171, a Boeing 787 Dreamliner, after just taking off from Ahmedabad got crashed within a few minutes. In accordance with the Data from the Airport Authority, the last recorded altitude of the plane was at 625 feet off the ground, just immediately after takeoff. It flew just 2 km more. The flight was carrying 230 passengers and 12 crew members. However, except for one passenger, all the passengers and the crew members died on the spot.  Moreover, the flight crashed into the B.J. Medical College Hostel's mess and, as per the report, killed around 19 people and injured at least 60 more on the ground. The flight was a scheduled international passenger flight operated by Air India from Ahmedabad Airport in India to London Gatwick Airport in the United Kingdom. After the 2010 air crash incident wherein the 2-year-old aircraft had crashed outside Mangalore airport in Karnataka on May 22, killing 158 people when it burst into flames after overshooting a tabletop runway and plunging into a nearby forest. This is the tragic incident wherein the Air India Flight 171 crashed and killed around 300 people. The Air India Flight 171 crashed in the B.J. Medical College Hostel's mess, causing damage to the properties nearby, approximately 2 square kilometres. This event has reportedly triggered what could be India's largest aviation liability, exceeding 1,000 crores. In this article, we will discuss and try to understand what kinds of liability arise because of this plane crash on the airlines and the country, and under which law. LAWS OF INDIA GOVERNING THE AIRPLANE INCIDENT The Aircraft (Investigation of Accidents and Incidents) Rules, 2012, were notified by the Central Government of India through a Gazette Notification. This notification was published as G.S.R. 536(E) on July 5, 2012. These rules were formulated based on the ICAO (International Civil Aviation Organisation) SARPs (Standards and Recommended Practices) and the Indian Civil Aviation scenario. The purpose of these rules was to establish a framework for investigating aircraft accidents and incidents, which led to the establishment of the Aircraft Accident Investigation Bureau (AAIB). As per the Definition of the Accident in the Act, it refers to an event related to the operation of a manned or unmanned aircraft occurring between boarding and disembarkation (for manned) or from readiness to engine shutdown (for unmanned), resulting in either: fatal or serious injury caused by being in or coming into contact with the aircraft or jet blast (excluding natural causes, self-inflicted harm, assaults, or injuries to hidden stowaways); aircraft damage or structural failure affecting performance or safety, requiring major repair or replacement (excluding minor or localized damage to components like engines, propellers, tires, or panels); or the aircraft being missing or completely inaccessible. In these types of cases of aircraft accidents, the airline is primarily liable for compensating victims, and the amount can vary. For international flights, the Montreal Convention sets a minimum compensation of around 1.4 crore per passenger, while domestic flights are also subject to this convention's standards. However, if negligence on the airline's part is proven, the compensation can exceed this capped amount. The Aircraft (Investigation of Accidents and Incidents) Rules, 2012, and subsequent amendments primarily focus on the investigation process and don't directly dictate compensation amounts, but they do establish the framework for investigation and reporting. The Air India Flight 171 took off from Ahmedabad Airport in India and was going to London Gatwick Airport in the United Kingdom, which means it was an International flight. Therefore, the liability would be covered under an International Convention. In this case, the damage caused to the passengers will be governed under the Montreal Convention, 1999, also known as the 'Convention for the Unification of Certain Rules for International Carriage by Air'. Montreal Convention, 1999 India was the 91st country to ratify the Montreal Convention 1999. The Convention was effective for India on 30th June 2009, wherein the death of a passenger, there is a strict liability of 100,000 SDRs. As per Article 17, the liability of an air carrier is limited under specific conditions. The carrier is liable for a passenger’s death or bodily injury only if the accident occurred on board the aircraft or during embarking or disembarking operations. As per Article 21, the air carrier cannot exclude or limit its liability for passenger death or injury damages up to 100,000 Special Drawing Rights (SDRs) per passenger. For damages exceeding this amount, the carrier is not liable if it proves that the harm was not due to its own negligence or that of its employees or agents, or that the damage was entirely caused by a third party’s negligence or wrongful act. The SDR is an international reserve asset created by the IMF to supplement the official reserves of its member countries. As per Article 24, the SDR amounts are reviewed and adjusted every 5 years for inflation. Thereafter, the current SDR amount is updated by the International Civil Aviation Organisation in the month of October,2024. As per the reports, one SDR is equal to 122 INR. The Kerala High Court division bench in the case of National Aviation Company Of India Ltd vs S.Abdul Salam dated 25.10.2011 has held that while an air carrier’s liability for passenger death or injury in an air accident is unlimited, only actual damages proven by the victim or claimants are payable, either through settlement or by a competent civil court. The law does not mandate any minimum compensation under Rule 21(1) or any other provision, although carriers are encouraged to offer reasonable ex gratia payments to avoid prolonged litigation. In the absence of a settlement, claimants must establish the extent of damages in court. The carrier may defend itself by proving contributory negligence on the part of the passenger. For claims exceeding the threshold, the carrier can escape additional liability only by proving that the accident was not due to its own or its agents' negligence, or was solely caused by a third party, failing. Judgement Link Who is to claim compensation The legal heirs or dependents of the deceased can file a claim for compensation. In case of injury, the passenger themselves can do so. The amount depends on the proof of damage or loss (for claims beyond the strict liability limit). As per Article 33, an action for damages may be initiated, at the plaintiff’s choice, in the territory of a State Party either where the carrier is domiciled, has its principal place of business, where the contract was made through a business location, or at the place of destination. In cases involving death or injury of a passenger, the plaintiff may also sue in the State where the passenger had their principal and permanent residence at the time of the accident, provided the carrier operates services to or from that State under its own or a partner carrier’s aircraft, and conducts its business from premises it owns or leases. CONCLUSION The tragic crash of Air India Flight 171, resulting in nearly 300 fatalities and massive property damage, marks one of the most catastrophic aviation disasters in India’s history, raising critical questions about airline accountability and systemic safety failures. Governed by the Montreal Convention, 1999, and India’s Aircraft (Investigation of Accidents and Incidents) Rules, 2012, the legal framework mandates strict liability up to 100,000 SDRs per passenger, with scope for higher compensation if negligence is proven. Legal heirs of the deceased can seek damages through various jurisdictions, though claims beyond the fixed threshold require evidence and may involve prolonged litigation. The crash not only exposes the country to liabilities exceeding ₹1,000 crore but also highlights the urgent need for stronger aviation safety standards, accountability mechanisms, and crisis response systems to prevent such devastating incidents in the future. Author: Mr Akhand Pratap Singh Chauhan, Partner Co-Author: Mr. Sachin Sharma, Assessment Intern

Abstract The Digital Personal Data Protection Act, 2023 (DPDP Act) and the Draft DPDP Rules, 2025 are a milestone piece of legislation in India's data protection landscape. The Act prescribes a clear legislative framework for the processing, storing, sharing, and collecting of personal data, to enable digital privacy. The following article deals with important definitions within the Act, such as personal data, data principal, data fiduciary, and data processor, to help understand the compliance requirements. The article states procedural requirements such as valid consent being obtained, transparent notices given, and categorization of the data. It also addresses the practical compliance actions, such as in-house data mapping, security arrangements such as encryption and multi-factor authentication, and provisions about the cross-border transfer of data. Also, it enlightens on the most important provisions of the draft 2025 Rules, specifically those concerning consent management, notice requirements, and the State's role in data processing. Overall, the article is a practical manual for enterprises to adapt to new legal requirements while upholding data protection and the rights of users under the changing Indian privacy framework. Introduction The Digital Personal Data Protection Act, 2023 (DPDP Act), read with the draft Digital Personal Data Protection Rules, 2025 (DPDP Rules), constitute the keystone in India’s efforts to regulate the collection, processing, and protection of digital personal data. These regulations serve to protect privacy rights while outlining legal parameters for businesses. Here’s where we will explore how these regulations create the mechanics around data collection and analysis, while also contextually defining terms for how this works that preceded the Act. History and Evolution of the Act The legal framework of India for data protection was initiated with the historic Supreme Court decision in Justice K.S. Puttaswamy (Retd.) v. Union of India, which adjudged the right of privacy to be a constitutional right under Article 21 of the Constitution. The Court emphasized that privacy is the core of the liberty of individuals and set out the test of proportionality for any restriction. This decision gave constitutional bases for a sound system of data protection that influenced the key features of the Digital Personal Data Protection (DPDP) Act, 2023, such as informed consent, data minimization, and rights of the individual about personal data. Before the DPDP Act, the Information Technology (IT) Act, 2000, was the major law governing digital data. Yet, it provided scant protection, with just Sections 43A and 72A protecting personal data security. The digital economy is evolving, and with it, we've seen a rise in data misuse that has exposed the gaps in the IT Act. This situation called for a comprehensive data protection law. It was in 2017 that the Justice B.N. Srikrishna Committee was established to tackle these matters, recommending a rights-based framework based on responsibility, consent, and localisation of data. This gave way to the Personal Data Protection (PDP) Bill in 2019. The bill came under criticism due to its robust data localization requirement and the general powers granted by it to the government under Section 35. Following delays and 81 amendments proposed by the Joint Parliamentary Committee, the PDP Bill was withdrawn in 2022. Subsequently, the DPDP Bill, 2022, was brought, with a more balanced and business-friendly approach, and was finally enacted as the DPDP Act, 2023. The Act creates a consent-based regime, enshrines roles such as data fiduciaries and principals, gives individuals the right to access, correct, and delete data, and imposes draconian penalties for non-compliance, a huge leap towards privacy-oriented data governance in India. Key Definitions in the act involved in gathering and processing the personal data under this act: Data Fiduciary- It signifies that any individual who alone or together with other individuals determines the purpose and method of processing of personal data. Data Principal- A Data Principal is the person to whom the personal data refers. If the person is a child or an individual with disability, their legitimate guardian represents them. Data Principals have rights under the DPDP Act, such as accessing, correcting, or deleting their data. Personal Data- It refers to any information relating to a natural person who is or can be identified by such information. Consent Manager- A Consent Manager is an individual or company that assists people (referred to as Data Principals) in controlling their permission (consent) on the use of their personal data. They facilitate people to provide, monitor, or withdraw their consent whenever needed. Consent Managers must adhere to tight guidelines so the process remains transparent, safe, and easy to use Procedure for Collecting and Analysing Data under DPDP Act and Rules[1] Notice sent for processing data by Data Fiduciary to Data Principal under the Draft DPDP Rules of 2025 and the Digital Personal Data Protection Act of 2023, a Data Fiduciary has to provide a clear and distinct notice to the Data Principal prior to collecting or processing any personal data. This notice must be composed in clear, simple language and must specify the kinds of personal data being gathered, the grounds for processing as per law, and the character of the goods or services. The notice must also notify the Data Principal of their rights, such as the right to withdraw consent, rectify their data, and lodge complaints with the Data Protection Board. Even if prior consent was received before the implementation of the Act, the Data Fiduciary is nonetheless required to give a new notice with all necessary information. The notice should be standalone, understandable in isolation, and available in both electronic and print media as necessary. The Data Fiduciary should also keep a record of notices given and issue a revised notice if there are any alterations in the purpose or means of data processing. This helps in ensuring transparency, accountability, and safeguarding personal data in accordance with the DPDP regime.  Reasonable Security safeguards undertaken by Data Fiduciary[2] For the secure processing of personal information, the Data Fiduciary will be required to employ a range of reasonable measures to secure data. These would be technical ones, such as encryption, masking, and obfuscation, as well as virtual tokens, for securing the confidentiality, integrity, and availability of personal information. Compelling access controls and regular surveillance of computer facilities, complete with periodic logging of activity will have to be instituted to detect unauthorized access and provide for effective investigation and remediation. Furthermore, the Data Fiduciary needs to provide data retention and business continuity by keeping regular data backups and keeping logs and personal data for a minimum period of one year, unless otherwise mandated by law. Contractually, Data Fiduciaries should ensure that Data Processors are also bound to implement similar safeguards. Organizational and technical measures shall be taken to effectively enforce these obligations, with the expression "computer resource" being interpreted as per the Information Technology Act, 2000. Role of the Consent Manager while processing the data of the Data Principal[3] A Consent Manager, under Section 2(g) of the DPDP Act, 2023, is a registered organization with the Data Protection Board that provides for the provision, administration, evaluation, and revocation of consent by Data Principals using an accessible, transparent, and interoperable platform. The task can be administered internally in an organization or contracted out to a third-party legal organization. The DPDPA suggests a process where a Data Fiduciary hires a Consent Manager to handle consent and act in the interest of the Data Principal. This structure follows the B.N. Srikrishna Committee's suggestion of taking a fiduciary approach to protecting data and putting individual consent at the centre of processing digital data. The key function of a Consent Manager is to ensure that consent is sought in an informed, purpose-specific, and verifiable way. They keep records of consent, enable its withdrawal, and ensure that consent comes before any data processing. Serving as a middleman between Data Fiduciaries and Data Principals, Consent Managers facilitate transparency and user control over personal data. By stopping unauthorized data gathering and making sure that there is accountability, they establish trust within the digital environment and maintain the fundamental tenets of the DPDP Act. Legal Compliance for obtaining valid consent from the Data Principal[4] Section 6 of the Digital Personal Data Protection Act, 2023, defines the legal standards and requirements for obtaining proper consent from the Data Principal (the person whose data is being processed). Consent must be free, specific, informed, unconditional, and unambiguous, with a clear affirmative action. It should relate only to the personal data necessary for a specific purpose. For example, if a telemedicine app requests consent to access both health data (for its services) and the contact list (which is unrelated), only the consent for health data is valid. Any consent that violates the Act or other existing laws will be considered invalid to that extent. For instance, if an insurance company asks for consent to waive the right to complain to the Data Protection Board, that part of the consent will be void. Consent must be presented in plain language, in English or any language listed in the Eighth Schedule of the Constitution and must include the contact details of the Data Protection Officer or authorized person. Data Principals have the right to withdraw consent at any time, and the withdrawal process should be as simple as the process of giving consent. However, the consequences of withdrawal (such as loss of access to services) will be borne by the Data Principal and will not affect processing done before the withdrawal. For example, if someone withdraws consent after placing and paying for an order, the order will still be fulfilled. Once consent is withdrawn, the Data Fiduciary and any associated Data Processor must cease processing the personal data unless allowed by law. Consent may also be managed through Consent Managers, who act on behalf of Data Principals and must be registered with the Data Protection Board. In legal proceedings, the burden of proving valid consent lies with the Data Fiduciary. Intimation of Data Breach to Data Principal[5] a. Immediate Intimation to Data Principals: The Data Fiduciary must promptly inform each affected Data Principal in a clear, concise, and plain manner through their registered mode of communication (such as user account, email, or mobile number). The notice must include: i. Nature, extent, timing, and location of the breach, ii. Likely consequences for the individual, iii. Mitigation measures being taken, iv. Personal safety measures the individual can adopt, v. Contact details of a responsible person to answer queries. b. Notification to the Data Protection Board (Initial Report): The Data Fiduciary must immediately inform the Board with a basic description of the breach, covering its nature, extent, timing, location, and likely impact, even before a full investigation is complete. c. Follow-up Detailed Report within 72 Hours: Within 72 hours of becoming aware of the breach (or a longer time if permitted by the Board), the Data Fiduciary must submit A report of all notifications sent to affected Data Principals. i. Detailed breach information, ii. Circumstances and reasons leading to it, iii. Risk mitigation measures taken or proposed, iv. Identity of the person responsible (if known), v. Remedial actions to avoid future incidents. Obligations of a Data Fiduciary while collecting and analysing the data of the Data Principal[6] a. Accountability and Engagement of Data Processors: A Data Fiduciary remains fully responsible for complying with the Act and its rules, even if the Data Principal fails to fulfil their duties or regardless of any contrary agreement. It may engage or appoint a Data Processor to process personal data on its behalf, but only under a valid contract and solely for activities related to providing goods or services to Data Principals. b. Data Usage and Accuracy for Disclosure or Decision-Making: If personal information is utilized to make decisions that have an impact on a Data Principal or is released to another Data Fiduciary, the initial Data Fiduciary should guarantee the completeness, accuracy, and consistency of the data. c. Security Measures and Breach Intimation: A Data Fiduciary must implement suitable technical and organizational measures to follow the provisions of the Act and prevent data breaches. This includes protecting data in its control and any processing done by a Data Processor. In case of a data breach, it must notify both the Data Protection Board and each affected Data Principal in the prescribed manner. d. Data Retention and Erasure Obligations: Unless obligated under a requirement to maintain data according to law, a Data Fiduciary has to destroy personal data when consent is withdrawn by the Data Principal or if purpose of data is reasonably understood as fulfilled—whichever comes first. e. Transparency, Grievance Redressal, and Communication: The Data Fiduciary must publish the contact information of a Data Protection Officer or another responsible person to address queries. Additionally, it must set up an effective grievance redressal mechanism for Data Principals. A Data Principal is considered inactive if she hasn't contacted the Fiduciary through any form—physical or electronic—within a prescribed period. In case of processing the data of a minor or a person with a disability, the data fiduciary has certain duties to carry out the processing of their personal data[7] a. Mandatory Verifiable Consent Before processing a child's personal data or the personal data of an individual with a disability with a lawful guardian, a Data Fiduciary is required to get verifiable consent of the parent of the child or the lawful guardian, as the case may be. The phrase "consent of the parent" shall embrace the consent of a lawful guardian where such applies. The process and manner of obtaining this consent shall be as prescribed under the Rules b. Protection of Child’s Well-being Data Fiduciaries are strictly prohibited from processing personal data in ways that may have a detrimental effect on the well-being of a child. This is a precautionary measure to prevent misuse of children's data and to uphold their safety and dignity online. c. Ban on Tracking and Targeted Advertising The Act bars Data Fiduciaries from engaging in tracking, behavioural monitoring, or targeted advertising directed specifically at children. These restrictions aim to protect children from being manipulated or exploited through personalized content or advertisements. d. Exemptions for Certain Fiduciaries The Central Government may exempt a Data Fiduciary from obtaining parental consent and from restrictions on tracking, behavioural monitoring, and targeted advertising if it is satisfied that the Data Fiduciary processes children’s data in a verifiably safe manner. This exemption applies only after a government notification and may specify an age( which shall be above 18) above which these obligations no longer apply. It is granted on a case-by-case basis and aims to balance child data protection with innovation. e. Due Diligence and Identity Verification Data Fiduciaries shall apply technical and organizational measures sufficient to enable a parent or guardian's consent to be verified. They shall ensure that the consenting party is an adult by examining trustworthy identity and age information available to the Fiduciary or voluntarily supplied information, such as a virtual token provided by a legally recognized body, such as a Digital Locker service provider. In case if a company is handling a large amount of a personal data of the individuals and has been asked to handle that data by the government, then they are known as Significant Data Fiduciary, and therefore, they have the following obligations as mentioned below: Designation and Criteria for Notification: The Central Government can issue any Data Fiduciary or class of Data Fiduciaries as an Important Data Fiduciary depending upon the quantum and sensitivity of personal data being processed, threats to Data Principals' rights, effects on national sovereignty and integrity, electoral democracy, state security, and public order. Mandatory Appointments: A Significant Data Fiduciary must appoint a Data Protection Officer (DPO) who will be based in India, report directly to the board or equivalent governing body, represent the organization under the Act, and serve as the contact for grievance redressal. It must also appoint an independent data auditor to evaluate its compliance with the Act. Annual Assessments and Audits: Each twelve months, a Significant Data Fiduciary needs to perform a Data Protection Impact Assessment (DPIA) and data audit to ensure compliance with the Act and related rules in effective way. DPIA should outline purpose of processing, rights of Data Principals, and contain an assessment and control of related risks. Reporting Requirements: The entity must ensure that the individuals or bodies conducting the DPIA and audit furnish a report to the Data Protection Board, highlighting any significant observations or findings, as part of regulatory oversight. Algorithmic and Data Localization Compliance: Significant Data Fiduciaries need to make sure that any algorithmic software they use for data processing respects the rights of Data Principals. They also need to ensure that the personal and traffic data, defined by the Central Government, remain in India and are processed domestically, according to the guidelines laid down by the government on localisation. The Data Principal then has a right to access its data once processed and analysed by the Data Fiduciary, and its rights are enumerated as follows: Right to Access Personal Data[8]: Under Section 11, a Data Principal has the right to request a summary of her personal data that a Data Fiduciary is processing. This includes details about how her data is being handled. She has the right to know who else, such as other Data Fiduciaries and Data Processors, her data has been passed on to, and a description of that transferred data. And she can request any other information about her personal data and its processing. But note that this right does not extend to sharing data with other Data Fiduciaries that are legally permitted to ask for data for purposes such as crime prevention, investigations, prosecution, or responding to cyber incidents. Right of Correction and Data Deletion[9]: Under Section 12, people have the right to request corrections for any incorrect or misleading personal information, to complete any gaps in their details, and to rectify any old information. They also have the right to have their personal data deleted. Right to Grievance Redressal[10]: According to Section 13, the Data Principal has the right to seek grievance redressal from a Data Fiduciary or Consent Manager if there is any failure in fulfilling obligations or if her rights are violated. The Data Fiduciary or Consent Manager is required to respond to such grievances within a prescribed time frame. Importantly, the Data Principal must exhaust these grievance redressal avenues before she can escalate the issue to the Data Protection Board. Right to Nominate Another Individual[11]: Section 14 states that a Data Principal may nominate some other person to exercise her rights in case she dies or is incapable. The word "incapable" covers cases of unsoundness of mind or physical infirmity preventing her from exercising her rights. Nomination must be done as prescribed under the Act and it facilitates continuity in protecting her data rights. Scope and Limitations of Rights: While the Act extends substantive rights to the Data Principal, there are certain restrictions. For example, the right of the Data Principal to access data relating to data sharing does not hold when a Data Fiduciary is forced to share data with lawfully authorized agencies in order to prevent or investigate an offence or cyber-attack. Such exceptions do not allow law enforcement and national security interests to suffer while still preserving data protection norms. They also have the following duties which they shall adhere to while giving their consent for access to their personal data, they are as follows:[12] Compliance with Laws: The Data Principal must comply with all applicable laws while exercising her rights under the Act. No Impersonation: She must not impersonate another person when providing her personal data for any specific purpose. No Suppression of Material Information: She should not hide or suppress important information while providing personal data for any official documents or government-issued IDs. No False Grievances: The Data Principal should not file false or frivolous complaints or grievances with a Data Fiduciary or the Data Protection Board. Authentic Information for Corrections: While requesting correction or erasure of personal data, she must provide only verifiably authentic information. Data Transfer across Borders[13] The Central Government can restrict the transfer of personal data outside India by Data Fiduciaries through formal notifications, subject to specific conditions. This power is used to protect national interests or data security. However, suppose any existing Indian laws require stricter protection or local storage (such as regulations from the Reserve Bank of India for payment data). In that case, those rules will take precedence over the general provisions for cross-border data transfer. In contrast to the GDPR, which is based on an adequacy model, India has government-approved restrictions on a concern related to data protection. The Digital Personal Data Protection Act, 2023 contains a few exemptions from its provisions in certain situations. They are processing personal data to enforce legal rights, by courts or regulators to conduct judicial or supervisory tasks, for law enforcement, for cross-border contractual obligations, and in the case of mergers, demergers, or insolvency-related assessments of companies The Act also exempts processing by state instrumentalities for reasons such as national security, sovereignty, or public order, and for research, archiving, or statistical purposes if no decision specific to a Data Principal is taken. Additionally, the government may exempt certain Data Fiduciaries, including recognized startups, from specific compliance obligations based on their size and nature of data processed. Furthermore, certain provisions do not apply to processing by the State where no decision affecting the Data Principal is involved. Lastly, the Central Government may, within five years, exempt specific classes of Data Fiduciaries from any provisions of the Act through official notification. Composition and Structure of the Data Protection Board of India[14] The Central Government will establish the Data Protection Board of India on a notified date to enforce the provisions of the Act. This Board will function as a body corporate with its own legal identity, capable of owning property, entering contracts, and being sued or suing in its name. It will consist of a chairperson and other Members as determined by the government. The Central Government will appoint these individuals and must possess integrity along with expertise or experience in fields like data governance, law, dispute resolution, ICT, or digital economy, with at least one member being a legal expert. Powers and Functions of the Board[15] The Data Protection Board of India is empowered to take immediate remedial actions and conduct inquiries in case of personal data breaches and impose penalties as necessary. It addresses complaints from Data Principals against Data Fiduciaries or Consent Managers and can also act on referrals from the government or courts. The Board monitors Consent Managers for compliance and can penalize breaches, including those related to registration conditions. It also investigates intermediary breaches referred by the Central Government. Additionally, the Board may issue binding directions, and has the authority to modify, suspend, or cancel them based on representations or government references. Appeal to the Tribunal from Board’s orders[16] Any person aggrieved by an order of the Data Protection Board of India can appeal to the Appellate Tribunal within 60 days, with the possibility of extension if a valid reason for delay is shown. The Tribunal, functioning entirely through digital means, hears all parties and may confirm, modify, or cancel the Board’s order, with its decisions holding the same force as a civil court decree. Appeals are best concluded in six months, and delays have to be justified in writing. The Board can also refer disputes to mediation or take voluntary undertakings from the person to settle issues without considering them to be violations, subject to the condition that the undertakings are fulfilled. Penalties imposed by the board[17] The Digital Personal Data Protection Act, 2023 (DPDPA) also authorizes the Data Protection Board to levy financial fines on organisations that violate its provisions. The Act Schedule mandates differential penalties depending on the type of breach, with the maximum being ₹250 crore (approximately USD 30 million) for non-compliance by a Data Fiduciary in putting reasonable security practices in place, and ₹200 crore (approximately USD 24 million) for non-compliance in reporting a personal data breach The Board is to report into consideration many factors while determining the penalty amount, including the level of seriousness and gravity of the violation, kind of penalty data, economic advantage or loss prevented, attempts to mitigate the violation, and overall impact of the penalty on the subject entity. Fines may be levied against Data Fiduciaries, Consent Managers, and intermediaries based on the kind of breach. For example, Consent Managers could be fined for failing to adhere to their obligations or registration requirements, and intermediaries could be fined for refusing to block access to data as ordered by the Central Government. Individuals are not, however, granted the right to claim compensation, which might dissuade them from instituting proceedings. The Board should increase transparency by publishing its reasoned decisions and issuing guidance on penalty determination. Conclusion In summary, the Digital Personal Data Protection (DPDP) Act of 2023 and its forthcoming Rules are a turning point in the manner India addresses data governance and privacy. The Act is founded on the constitutional definition of privacy as a human right and establishes a consent model that prioritizes transparency, accountability, and user control over personal data. It fills the legislative gap left by the IT Act of 2000 and puts India's data protection policies on par with the world. The obligations placed on Data Fiduciaries like adoption of strong technical measures and ensuring data minimization and legitimate processing, are an indication of the government's intent to foster privacy and innovation both. While the Act grants people the right to access, correct, and delete their data, it also aims to balance such rights, national interest, and ease of doing business. How the DPDP Rules are implemented will be key to successful implementation and enforcement to create a safe, responsible, and rights-based digital environment in India. This bill is not just a legislative amendment; it's a step towards building trust in India's fast-expanding digital economy. Authored by Mr. Ketan Joshi, Senior Associate REFERENCES A Deep Dive into India’s Draft DPDP Rules, Ikigai Law (Jan. 5, 2025), https://www.ikigailaw.com/article/614/from-principles-to-practice-a-deep-dive-into-indias-draft-dpdp-rules. Prashant Phillips Paritosh Chauhan Abhishek Singh, Consent Managers under Digital Personal Data Protection Act, Lakshmikumaran Sridharan Attorneys (Jan. 30, 2024), https://www.lakshmisri.com/insights/articles/consent-managers-under-digital-personal-data-protection-act/. India's DPDP Act to enable Indian firms align with global standards, International Business Times (Mar. 31, 2025), https://www.ibtimes.co.in/world-backup-day-2025-indias-dpdp-act-enable-indian-firms-align-global-standards-881596. The Role of a Consent Manager Under the DPDP Act, King Stubb & Kasiva (Mar. 31, 2025), https://ksandk.com/data-protection-and-data-privacy/the-role-of-a-consent-manager-under-the-dpdp-act/. Digital Personal Data Protection Act, 2023 – A Brief Analysis, Bar and Bench (Aug. 20, 2023), https://www.barandbench.com/law-firms/view-point/digital-personal-data-protection-act-2023-a-brief-analysis. Enforcement and Penalties under the DPDPA, 2023, Tsaaro Consulting (Mar. 18, 2025), https://tsaaro.com/blogs/enforcement-and-penalties-under-the-dpdpa-2023-and-draft-dpdp-rules-2025/. Enforcement and Penalties under the DPDPA, 2023, Usercentrics (Feb. 21, 2024), https://usercentrics.com/knowledge-hub/india-digital-personal-data-protection-act-dpdpa/. [1] Section 4, 5 of DPDP Act [2] Rule 6 of DPDP Rules [3] Rule 4 of DPDP Rules [4] Section 6 of DPDP Act [5] Rule 7 of DPDP Rules [6] Section 8 of DPDP Act [7] Section 9 of DPDP Act [8] Section 11 of DPDP Act [9] Section 12 of DPDP Act [10] Section 13 of DPDP Act [11] Section 14 of DPDP Act [12] Section 15 of DPDP Act [13] Section 16, 17 of DPDP Act [14] Section 18 of DPDP Act [15] Section 27 of DPDP Act [16] Section 29 of DPDP Act [17] Section 33 of DPDP Act