Charmian Aw and Roshni Patel of Hogan Lovells write:
India’s Ministry of Electronics and Information Technology (MeitY) released in June 2025 a Business Requirement Document for Consent Management Under the DPDP Act, 2023 (BRD).
The BRD, while not legally binding, provides technical and functional guidance on implementing a consent management system (CMS) under India’s Digital Personal Data Protection (DPDP) Act.
The BRD offers a detailed breakdown of core components of a CMS, including consent lifecycle management, a user dashboard, notifications, and grievance redress mechanisms. It also outlines administrative capabilities, including user role management and data retention policy configuration to ensure operational efficiency and compliance.
Read more at Chronicle of Data Protection.