โ† All jurisdictions

Asia

India

32%DSA alignment

India has one genuine in-force DSA-style mandate (monthly SSMI compliance reports) plus in-force CSAM-detection duties, while its strongest child-protection and accountability rules under the DPDP Act do not take legal effect until 14 May 2027.

In forceIT Rules 2021 (Intermediary Guidelines) (2021)ยท MeitY
ProposedDigital Personal Data Protection Act 2023 + Rules 2025 (2023)ยท Data Protection Board of India

Scored against the DSA

Each obligation the DSA imposes on very large platforms, and whether Indiaโ€™s law requires the same. Cells cover DSA-style, user-protective transparency and accountability only.

  • Required by law
  • Partial / emerging
  • No such obligation
  • Undetermined

Transparency

  • No such obligation

    Public ad libraryDSA Art. 39

    No platform ad-library; the only ad-transparency rule is Election Commission pre-certification of political ads (a clearance regime).

  • Required

    Transparency reportsDSA Art. 15 / 24 / 42

    IT Rules 2021 Rule 4(1)(d): Significant Social Media Intermediaries (over 5M users) publish monthly compliance reports.

    Source โ†—
  • No such obligation

    Researcher data accessDSA Art. 40

    No DSA Art. 40 analogue.

  • No such obligation

    Reach disclosureDSA Art. 24(2)

    The 5M SSMI threshold triggers duties, but no law requires publishing periodic active-user numbers.

Accountability

  • No such obligation

    Systemic risk assessmentDSA Art. 34โ€“35

    No content systemic-risk-assessment duty; the DPDP impact assessment is privacy-scoped and commences 14 May 2027.

  • Independent auditDSA Art. 37

    DPDP Rule 13 mandates independent annual audits for Significant Data Fiduciaries, but data-protection scoped and commences 14 May 2027.

    Source โ†—
  • No such obligation

    Algorithmic transparencyDSA Art. 27 / 38

    No recommender-transparency or non-profiling-feed mandate; DPDP algorithmic due-diligence is internal, not user-facing.

  • Regulator + penaltiesDSA Art. 49โ€“52, 74

    The Data Protection Board can fine up to 250 crore rupees, but its powers commence 14 May 2027; IT Rules breaches only cost safe-harbour.

    Source โ†—

Child protection

  • No profiling ads to minorsDSA Art. 26(3) / 28

    DPDP s.9(3) bans targeted advertising and behavioural monitoring of under-18s; enacted but commences 14 May 2027.

    Source โ†—
  • Age assuranceBeyond the DSA

    DPDP Rules require verifiable parental consent with age verification; enacted but commences 14 May 2027.

    Source โ†—
  • Child-safety duty of careDSA Art. 28

    In force: IT Rules Rule 4(4) requires SSMIs to proactively detect CSAM; the broader DPDP child-wellbeing duty commences 14 May 2027.

    Source โ†—

On the horizon

What's being debated

Digital India Act (to replace the IT Act 2000)

Risk-based classification of platforms, algorithmic/recommender transparency and enhanced intermediary accountability, alongside deepfake-labelling and traceability provisions.

Latest: The long-promised DIA remains in draft with public consultation expected in 2026; MeitY issued interim IT Rules amendments on synthetic/AI-generated content in Oct 2025. source โ†—

Compare every jurisdiction

India is one of 30 non-EU jurisdictions we scored against the DSA. See them all side by side.