What is FSSAI? The Food Safety and Standards Authority of India (FSSAI) is the apex regulatory body established under the Ministry of Health & Family Welfare, Government of India. It is responsible for ensuring food safety and regulating the manufacture, storage, distribution, sale, and import of food in India. Every Food Business Operator (FBO) in India must obtain either FSSAI Registration or FSSAI License, depending on the scale and nature of operations. Key FSSAI Compliance Requirements 1. FSSAI Registration and Licensing All FBOs must obtain prior registration or license before commencing operations. Three categories: FSSAI Basic Registration – for petty food businesses and small-scale operators State FSSAI License – for medium-sized businesses operating within one state Central FSSAI License – for large businesses, multi-state operations, exporters, and importers 2. Display of FSSAI License FSSAI license/registration number must be prominently displayed at the premises Mandatory printing on packaged food labels 3. Labeling and Packaging Compliance All packaged food must comply with FSSAI Packaging and Labeling Regulations, including: Ingredients list Nutritional information FSSAI license number Veg/Non-veg logo Expiry/best before date Manufacturer details 4.Record Keeping and Traceability FBOs must maintain: Raw material purchase records Production logs Storage and distribution records Sales records for traceability General FSSAI Compliance Checklist (All FBOs) Requirement Description FSSAI Registration/License Obtain appropriate category license Display of License Visible at premises and packaging Hygiene Compliance Follow Schedule 4 standards FSMS Implementation HACCP-based system mandatory Food Testing Regular lab testing of products Labeling Compliance Follow FSSAI labeling rules FoSTaC Training Train food handlers Record Maintenance Maintain traceability records Annual Returns File Form D1/D2 where applicable Consumer Grievance System Mechanism for complaints Food Recall System Emergency recall procedure Safe Water & Equipment Hygienic operations Pest Control Regular pest management No Adulteration Strict prohibition of unsafe additives Why FSSAI Compliance is Critical 🛡️ Legal Protection – Avoid penalties, suspension, and prosecution 🏷️ Consumer Trust – Enhances brand credibility 🚀 Business Expansion – Essential for scaling, exports, and partnerships ✅ Quality Assurance – Ensures consistent food safety standards 📈 Market Access – Mandatory for online platforms and institutional buyers This article is for general informational purposes only and does not constitute legal advice. Readers are advised to seek professional legal consultation for specific situations. The author assumes no liability for actions taken based on this content.
India doesn’t lack laws on women’s safety. It lacks something else IMPLEMENTATION
FSSAI: India’s Silent Food Police
Misleading Food Labels Under Scanner For years, most Indians looked at the FSSAI logo on food packets as a mere formality. But 2026 has changed that perception dramatically. The Food Safety and Standards Authority of India (FSSAI) has now become one of the most aggressive regulators in the country, targeting misleading branding, adulteration, hygiene violations, and fake “healthy” claims. And interestingly, the biggest brands are now under scrutiny. The “Healthy” Food Scam Under Scanner In June 2026, FSSAI issued notices to several food companies for allegedly misleading consumers through labels such as: “Healthy” “Organic” “Zero Maida” “Plant-Based Vegan” “True Vitamin” This marks a major shift in Indian food law. Earlier, the focus was mainly on adulteration. Now, FSSAI is also regulating consumer psychology and deceptive marketing. A packet saying “healthy” may now invite legal scrutiny if the claim cannot be scientifically justified. Mislabelled ORS Drinks Removed FSSAI also ordered the removal of several drinks falsely marketed as “ORS” in 2026. The regulator clarified that only products complying with medically recognized Oral Rehydration Solution standards can use the ORS label. This is significant because consumers often rely upon such drinks during dehydration or illness, assuming them to be medically safe. 2026 has revealed one important reality: Food law is no longer just about hygiene inspections. It now involves: Consumer protection False advertising Product liability Digital evidence Influencer marketing Public health accountability Businesses can no longer hide behind attractive packaging and technical loopholes. Conclusion India’s food industry is expanding rapidly, but so are consumer risks. From misleading “healthy” labels to adulterated products and viral contamination complaints, FSSAI is finally pushing food businesses toward accountability. For consumers, the lesson is simple: Never trust packaging blindly. And for food companies, compliance is no longer optional, it is reputational survival. #FSSAI,#Foodlaws,#Mislabelled,#Legalmetrology
POSH Compliance for Companies in India
The Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013 commonly known as the POSH Act, is no longer treated as a mere HR formality. In 2026, regulators, courts, investors, and employees are increasingly scrutinizing whether companies are genuinely compliant or merely maintaining paperwork. Non-compliance can expose organizations to legal penalties, reputational damage, employee attrition, and even investor concerns. Recent reports indicate that many organizations still fail to constitute proper Internal Committees (ICs), conduct training, or follow lawful inquiry procedures. Government authorities have also started workplace inspections and digital monitoring through the SHe-Box framework. What is the POSH Act? The POSH Act was enacted to: Prevent sexual harassment at workplaces Provide a complaint redressal mechanism Ensure a safe working environment for women The law applies across: Private companies Startups LLPs Hospitals NGOs Educational institutions Corporate offices Remote and hybrid workplaces The definition of “workplace” under the Act is intentionally broad and includes: Offices Work travel Virtual meetings Company events Offsite gatherings Transportation provided by employer Courts and experts increasingly recognize that workplace harassment is not restricted to physical office premises. Which Companies Must Comply with POSH? Every organization with 10 or more employees is required to constitute an Internal Committee (IC). The employee count includes: Permanent employees Interns Consultants Contract workers Temporary staff Apprentices Probationers Even startups crossing the 10-employee threshold are required to comply immediately. For establishments having fewer than 10 employees, complaints may be referred to the Local Committee constituted by the District Officer. Mandatory POSH Compliance Requirements for Companies Constitution of Internal Committee (IC) Under Section 4 of the POSH Act, every eligible employer must constitute an Internal Committee comprising: One senior woman employee as Presiding Officer Minimum two employee members One external member familiar with women’s rights or social work At least 50% women members Improper constitution of the IC can invalidate the entire inquiry process. POSH Policy Every employer should have a comprehensive POSH policy covering: Definition of sexual harassment Complaint procedure Inquiry process Confidentiality obligations Disciplinary actions Protection against retaliation A generic HR policy alone is insufficient. Employee Awareness & POSH Training Section 19 of the POSH Act imposes a duty upon employers to conduct: Awareness workshops Employee sensitization sessions IC member training Leadership orientation Many organizations fail compliance because training is conducted only on paper. Display of Notices Employers are required to display: POSH policy Consequences of sexual harassment Details of IC members Complaint process These notices should be visible at conspicuous places in the workplace. Timely Inquiry Process The POSH Act prescribes statutory timelines: Complaint filing: Within 3 months Inquiry completion: Within 90 days Employer action: Within 60 days from report Failure to adhere to timelines may expose the organization to legal challenge. Annual POSH Report Organizations are required to file annual reports containing: Number of complaints received Complaints resolved Pending matters Awareness programs conducted Several authorities now actively monitor annual POSH filings and disclosures. Penalties for Non-Compliance Under Section 26 of the POSH Act: First violation may attract penalty up to ₹50,000 Repeat violations may lead to: Cancellation of license Withdrawal of registration Regulatory action However, financial penalties are only one aspect. The larger risks include: Reputational harm Social media exposure Litigation Employee distrust Investor due diligence concerns Startups have reportedly faced investor scrutiny solely due to missing POSH compliance frameworks. Recent Legal Developments in POSH Recent judicial and regulatory developments indicate stricter enforcement trends: Delhi High Court on Parallel Inquiries The Delhi High Court recently clarified that employers cannot bypass the statutory POSH mechanism through parallel investigations. Government Workplace Inspections Authorities have initiated inspections to verify: Proper IC constitution Training records Complaint mechanisms Policy implementation SHe-Box Monitoring The Government’s SHe-Box portal has enhanced digital oversight for workplace harassment complaints. Common Mistakes Companies Make Organizations often assume they are compliant merely because: They have an HR department An anti-harassment clause exists in employment contracts No complaint has been received In reality, common lapses include: Non-functional ICs Improper external members Lack of training documentation Failure to maintain confidentiality Procedural irregularities during inquiry These lapses can significantly weaken the company’s legal position. Why POSH Compliance is Important Beyond Law Effective POSH implementation helps organizations: Build safer workplaces Improve employee trust Reduce legal exposure Strengthen ESG and governance standards Enhance investor confidence Protect brand reputation Modern compliance expectations now treat POSH as a governance obligation rather than merely an HR responsibility. FAQs on POSH Compliance Is POSH mandatory for startups? Yes. Once a startup has 10 or more employees, constituting an Internal Committee becomes mandatory. Is POSH applicable to work-from-home situations? Yes. Virtual workplaces and remote interactions can fall within the scope of the POSH Act. Can complaints be filed after resignation? Yes, in certain cases, provided the incident occurred during employment. Does POSH apply during office parties? Yes, office outings and work-related social gatherings may qualify as workplace extensions. Can employers conduct separate investigations outside POSH? Courts have increasingly discouraged parallel mechanisms that bypass the statutory process.
Healthcare Data Privacy in India
Beyond the DPDP Act: The Expanding Framework of Data Privacy in India’s Healthcare Sector Healthcare data is among the most sensitive categories of personal information. Unlike ordinary personal data, medical records expose an individual’s physical condition, mental health, genetic traits, reproductive choices, disabilities, and even financial vulnerabilities. In the digital era where hospitals, telemedicine platforms, insurance providers, pharmacies, wearable devices, and AI diagnostic systems continuously process patient information protecting healthcare data is no longer merely a compliance obligation. It has become a constitutional necessity and a question of public trust. Much of the recent discussion in India revolves around the Digital Personal Data Protection Act, 2023 (DPDP Act). While the DPDP Act undoubtedly forms the backbone of India’s emerging privacy regime, healthcare data privacy in India is governed by a far wider and fragmented legal ecosystem. Several sectoral laws, constitutional principles, ethical regulations, cybersecurity rules, and judicial precedents collectively shape the obligations of healthcare institutions. This article examines the broader legal architecture governing healthcare data privacy in India and argues that healthcare privacy must be viewed through a multi-layered regulatory lens rather than through the DPDP Act alone. Healthcare Data: Why It Requires Special Protection Healthcare information differs fundamentally from ordinary personal data because of its permanence and sensitivity. A leaked password can be changed; a leaked diagnosis cannot. Medical data may expose conditions relating to HIV status, psychiatric illnesses, infertility treatment, gender transition, or genetic disorders information capable of causing discrimination, stigma, and social exclusion. The digitization of healthcare through electronic health records (EHRs), telemedicine, health-tech startups, and AI-driven diagnostics has significantly increased both the utility and vulnerability of health data. Cyberattacks on hospitals, unauthorized data sharing by applications, and insurance profiling practices have demonstrated that healthcare institutions are increasingly attractive targets for data exploitation. Consequently, legal protection of healthcare data is no longer only about confidentiality between doctor and patient; it is also about cybersecurity, consent architecture, algorithmic accountability, and informational self-determination. Constitutional Foundation: Privacy as a Fundamental Right The legal foundation for healthcare data privacy in India originates not from the DPDP Act but from the landmark judgment in Justice K.S. Puttaswamy v. Union of India (2017), where the Supreme Court recognized privacy as a fundamental right under Article 21 of the Constitution. The judgment emphasized informational privacy and acknowledged that individuals must retain control over dissemination of personal information. Importantly, the Court recognized that medical records form part of the “zone of privacy” deserving constitutional protection. This constitutional recognition transformed data privacy from a contractual or statutory issue into a rights-based framework. Healthcare entities therefore do not merely handle data; they process constitutionally protected personal information. The DPDP Act, 2023: A General Framework, Not a Complete Code The DPDP Act introduced India’s first comprehensive data protection framework and applies to digital personal data processed within India. Healthcare providers, hospitals, laboratories, telemedicine companies, insurers, and health-tech platforms fall within its scope when processing patient information. The Act imposes obligations relating to: lawful processing of personal data; informed consent; purpose limitation; data minimization; reasonable security safeguards; and grievance redressal mechanisms. Healthcare organizations must also notify breaches and ensure that data is processed only for legitimate purposes. However, the DPDP Act is not healthcare-specific. It does not comprehensively address: medical confidentiality; doctor-patient privilege; genetic data governance; clinical research ethics; AI-based medical profiling; or cross-border health data interoperability. Therefore, relying solely on the DPDP Act provides an incomplete understanding of healthcare privacy obligations. Information Technology Act and SPDI Rules Before the DPDP Act, healthcare privacy was primarily regulated under the Information Technology Act, 2000 and the Sensitive Personal Data or Information Rules, 2011 (SPDI Rules). The SPDI Rules explicitly classify: physical health conditions; medical records; and biometric information as “sensitive personal data or information.” Under these rules, body corporates handling health data are required to: obtain consent before collection; maintain privacy policies; implement reasonable security practices; and prevent unauthorized disclosure. Although the DPDP Act has altered the legal landscape, the IT Act continues to remain relevant, especially in relation to cybersecurity obligations and compensation for negligent handling of sensitive information under Section 43A. In practice, hospitals may face overlapping obligations under both the IT framework and the DPDP regime until full regulatory harmonization occurs. National Digital Health Mission and ABDM Framework India’s healthcare ecosystem is undergoing rapid digitization through the Ayushman Bharat Digital Mission (ABDM), which seeks to create interoperable digital health infrastructure. The ABDM framework introduces: Health IDs; digital health records; consent managers; and health information exchanges. While the initiative promises efficiency and accessibility, it also creates unprecedented centralized repositories of medical data. The Health Data Management Policy under ABDM attempts to incorporate privacy principles such as: consent-based sharing; purpose limitation; audit trails; and user control. However, concerns remain regarding: re-identification risks; data centralization; private-sector access; cybersecurity vulnerabilities; and surveillance implications. The future of healthcare privacy in India will depend significantly on how ABDM balances innovation with constitutional privacy safeguards. Medical Ethics and Professional Confidentiality Long before data protection statutes emerged, patient confidentiality existed as an ethical obligation under medical jurisprudence. The National Medical Commission’s Code of Ethics imposes duties on medical practitioners to maintain confidentiality of patient information except in legally justified circumstances. This ethical obligation creates an additional layer of accountability. Even where statutory privacy provisions are ambiguous, healthcare professionals may still face disciplinary consequences for unauthorized disclosures. The principle of confidentiality also intersects with tort law, contractual obligations, and consumer protection claims. Telemedicine and Digital Health Platforms The rise of telemedicine platforms has expanded privacy concerns beyond traditional hospitals. Telemedicine Practice Guidelines issued by the Government of India require registered medical practitioners to maintain confidentiality and ensure secure handling of patient information during virtual consultations. However, digital health platforms often collect far more information than necessary, including: location data; behavioral patterns; device identifiers; and lifestyle metrics. Many health applications share data with advertisers, analytics companies, or third-party service providers without meaningful informed consent. This raises an important question: when healthcare becomes platform, should patient data be treated
Direct Selling Compliance: The Hidden Key to Long Term Growth
The direct selling industry is no longer what it was 10 years ago. Today’s successful direct selling companies are not built merely on products, aggressive recruitment, or motivational seminars. They are built on compliance, consumer trust, technology, legal clarity, and sustainable compensation structures. Yet, despite the market potential, a large number of direct selling businesses collapse within the first few years. Why? Because most founders focus on growth before structure. And in direct selling, that is the fastest route to regulatory scrutiny, distributor distrust, and operational instability. The Biggest Misconception in Direct Selling Many entrepreneurs still believe that direct selling is “easy scaling.” Launch a product. Create a network. Offer commissions. Grow aggressively. But modern regulators, consumers, and even distributors are asking deeper questions: Is the compensation model legally sustainable? Is the business genuinely product-driven? Are distributor earnings realistic and transparent? Does the company comply with evolving direct selling regulations? Is the documentation legally defensible? The companies that survive are the ones that answer these questions before expansion. The Industry Has Changed Permanently Governments across the world are tightening oversight on direct selling models. Consumers are more aware. Distributors are more cautious. Digital footprints are permanent. And Social media amplifies both credibility and controversy instantly. In this environment, a poorly structured direct selling company is not just risky — it is vulnerable. What worked in the past no longer works today. Modern direct selling businesses require: Strong legal architecture Clear distributor agreements Ethical compensation frameworks Consumer-centric policies Regulatory alignment Reputation management Transparent operational systems Without these, scaling becomes dangerous instead of profitable. The Difference Between a Network and a Real Business A real direct selling business creates long term consumer demand. A weak direct selling business survives only on recruitment momentum. That distinction matters enormously. The strongest direct selling companies in today’s market understand that sustainability comes from: Product retention Customer loyalty Distributor confidence Compliance-first growth Long-term brand credibility Not hype. Not pressure selling. Not unrealistic income projections. The future belongs to businesses that combine entrepreneurship with governance. Why Founders Need Strategic Guidance Early One of the most expensive mistakes founders make is seeking professional advice only after problems begin. By the time notices arrive, payment gateways freeze, distributors complain, or regulators start asking questions the damage is already significant. Strong companies are built proactively. The smartest founders today are investing early in: Business structuring Compensation plan analysis Compliance systems Distributor documentation Internal policies Risk assessment Regulatory positioning Because prevention is always cheaper than crisis management. The Real Opportunity in Direct Selling Despite the challenges, direct selling remains one of the most powerful business models when executed correctly. Why? Because it combines: Entrepreneurship Community-driven growth Product scalability Distribution efficiency Personal branding Digital commerce But only disciplined businesses will dominate the next decade. The era of “fast money” models is fading. The era of professionally structured direct selling companies has begun. Final Thought Direct selling is not dying. It is evolving. And the businesses that understand compliance, ethics, strategy, and long-term positioning will lead the industry forward. The future will not belong to the loudest Direct Selling companies. It will belong to the most credible ones. #DirectSelling #NetworkMarketing #MLM #BusinessCompliance #Entrepreneurship #DirectSellingIndia #LegalStrategy #BusinessGrowth
Direct Selling Compliance in India 2026: Legal Requirements for MLM & Network Marketing Companies
The direct selling industry in India has emerged as a legally recognised and rapidly expanding sector, regulated primarily under the Consumer Protection (Direct Selling) Rules, 2021, along with the 2023 amendments issued under the Consumer Protection Act, 2019. The regulatory environment has continued to evolve in recent years. Amendments introduced in 2023 clarified the legal definition of direct selling, while the 2025 reforms to consumer protection enforcement established mandatory online grievance mechanisms and imposed a 90-day timeline for dispute resolution. In addition, a July 2024 notification issued by the Food Safety and Standards Authority of India (FSSAI) introduced a specialised compliance category for direct sellers dealing in food and wellness products. This memorandum outlines the current legal framework, compliance obligations, prohibited activities, and regulatory considerations relevant to entities operating in the Indian direct selling sector. Historical and Legislative Context Before 2021, India did not have a dedicated legal framework governing direct selling. As a result, businesses in the sector often faced scrutiny under the Prize Chits and Money Circulation Scheme (Banning) Act, 1978. Formal statutory recognition of “direct selling” was introduced through Section 2(13) of the Consumer Protection Act, 2019, which defines the activity as the marketing, distribution, and sale of goods or services through a network of sellers rather than permanent retail outlets. Subsequent amendments and regulatory notifications have refined this framework over time. Current Legal Framework (as of 3 May 2026) The regulatory structure applicable to direct selling in India is multi-dimensional and involves several interrelated statutes and regulations: Consumer Protection (Direct Selling) Rules, 2021 (as amended in 2023): These rules establish the primary compliance framework, define key concepts, and prescribe obligations for direct selling entities (DSEs) and direct sellers. Consumer Protection Act, 2019 (including 2025 reforms): Provides broader consumer rights protections, including online complaint filing, stricter accountability standards, and accelerated adjudication timelines. Companies Act, 2013 and LLP Act, 2008: Require DSEs to be duly incorporated prior to commencing operations in India. Income Tax and GST Laws: Mandate PAN, TAN, and GST registration along with maintenance and filing of tax records. Food Safety and Standards Act, 2006: Requires food and nutraceutical direct sellers to register under the dedicated “Direct Seller” category introduced in FoSCoS during 2024. Foreign Exchange Management Act, 1999 and FDI Policy: Govern foreign investment structures and compliance obligations applicable to overseas direct selling entities operating in India. Prize Chits and Money Circulation Scheme (Banning) Act, 1978: Continues to prohibit fraudulent money circulation and pyramid schemes. Registration and Structural Compliance Any DSE intending to operate in India must complete several pre-operational formalities, including: Registration with the Department for Promotion of Industry and Internal Trade (DPIIT). Incorporation as a company, partnership firm, or LLP. Establishment of a registered office within India. Procurement of PAN, TAN, and GSTIN registrations. Acquisition of sector-specific licences, including FSSAI or CDSCO approvals where applicable. Maintenance of a functional website containing details of products, pricing, grievance mechanisms, and contact information. Entities are also required to maintain statutory and financial records at their registered office, including incorporation documents, tax filings, audited financial statements, and records of direct sellers and customer transactions. Mandatory Compliance Officers The Rules require DSEs to appoint designated officers, including: A Chief Compliance Officer, responsible for legal and regulatory compliance; A Nodal Contact Person, who must be an Indian resident available for coordination with law enforcement authorities; and A Grievance Officer, responsible for acknowledging complaints within 48 hours and resolving them within one month. Duties and Obligations of Direct Selling Entities DSEs are subject to extensive operational and consumer protection obligations. These include: Maintaining transparent and regularly updated online disclosures; Executing written agreements with direct sellers; Monitoring the conduct of network participants; Ensuring consumer data remains stored within India; and Prohibiting entry fees or registration charges for participation in the business model. Consumer protection duties include timely delivery of goods, mandatory acceptance of returns for defective products, and transparent disclosure of cancellation and refund rights. Under the 2025 reforms, complaints filed through the government’s centralised online portal must be acknowledged within 48 hours and resolved within 30 days. Restrictions and Prohibited Practices The regulatory framework imposes strict prohibitions on activities commonly associated with unlawful schemes. These include: Pyramid structures where compensation is driven primarily by recruitment rather than product sales; Money circulation schemes prohibited under the 1978 Act; Charging joining or subscription fees; Misleading or deceptive marketing practices; and Unverified health or medical claims relating to products. Direct sellers are additionally prohibited from visiting consumers without prior appointments or identity verification and may not distribute unauthorised promotional material. Consumer Rights and Cooling-Off Period Consumers are entitled to receive complete product and compensation plan disclosures before enrolment or purchase. They also possess rights relating to refunds, complaint resolution, and data privacy. Although the Rules do not prescribe a mandatory cooling-off period, industry practice generally recommends a minimum period of 30 days for cancellation without penalty. Applicability to Foreign Direct Selling Entities The Direct Selling Rules apply not only to Indian entities but also to foreign-incorporated businesses offering goods or services to consumers in India. Overseas DSEs must therefore: Maintain a registered office in India; Appoint resident compliance officers; Ensure Indian consumer data remains within India; and Structure investments in compliance with FEMA and FDI regulations. The RBI’s expanded 2025 interpretation of “control” has increased scrutiny of layered ownership structures and indirect foreign influence arrangements. Regulatory and Industry Bodies Key authorities and industry organisations relevant to the sector include: The Ministry of Consumer Affairs; DPIIT; The Indian Direct Selling Association (IDSA); The Federation of Indian Direct Selling Industries (FIDSI); FSSAI; and State-level regulatory authorities. Industry Overview India’s direct selling market has experienced substantial growth in recent years. By 2025, the sector accounted for approximately 5.7% of global direct selling revenue, with health and wellness products contributing the largest share of industry earnings. Cosmetics and personal care products represent the fastest-growing segment, while the industry continues to generate large-scale employment and entrepreneurial opportunities, particularly for women. Emerging Regulatory Trends Several developments are expected
FAQS: DIGITAL PERSONAL DATA PROTECTION ACT
1. What is the Digital Personal Data Protection Act, 2023? The Digital Personal Data Protection Act, 2023 is India’s primary law governing the processing of digital personal data. It lays down obligations for organizations handling personal data and grants rights to individuals whose data is being processed. 2. When does the DPDP Act apply? The Act applies when: Personal data is collected in digital form; or Personal data is collected offline and later digitized. It applies to processing within India and also outside India if goods or services are offered to individuals in India. 3. What is “personal data” under the DPDP Act? Personal data means any data about an individual who is identifiable by or in relation to such data. Examples may include: Name Mobile number Email address Aadhaar details IP address Health information Financial details 4. Is consent mandatory under the DPDP Act? Consent is one of the lawful grounds for processing personal data. Consent must be: Free Specific Informed Unconditional Unambiguous Given through clear affirmative action 5. What rights do individuals have under the DPDP Act? Data Principals have rights including: Right to access information about personal data Right to correction and erasure Right to grievance redressal Right to nominate another person in certain cases 6. Can a person withdraw consent? Yes. A Data Principal has the right to withdraw consent at any time. The withdrawal process should be as easy as giving consent. 7.Can personal data be transferred outside India? Cross-border transfer of personal data is permitted except to countries that may be specifically restricted by the Central Government. Disclaimer These FAQs are for general informational purposes only and do not constitute legal advice. The applicability of the Digital Personal Data Protection Act, 2023 depends on specific facts, business models, and regulatory developments. Organizations should seek professional legal advice for compliance assessment.
Bias and Discrimination in Healthcare Algorithms in India
India’s healthcare sector is rapidly adopting artificial intelligence for diagnostics, insurance assessments, telemedicine, and hospital management. However, concerns are growing that healthcare algorithms may unintentionally discriminate against vulnerable populations. A major concern in India is data imbalance. Many AI healthcare systems are trained using urban hospital data, while rural populations, lower-income groups, and regional communities remain underrepresented. This creates a risk that algorithms may perform accurately for privileged populations but poorly for others. During the COVID-19 pandemic in India, concerns were raised about digital exclusion in healthcare systems such as telemedicine platforms and the CoWIN vaccine registration portal. Many citizens without smartphones, reliable internet access, or digital literacy faced difficulties accessing healthcare services and vaccine appointments. The Supreme Court of India itself acknowledged the country’s “digital divide” while questioning mandatory online registration policies for vaccination. Legal scholars and policy experts argued that excessive dependence on digital systems could disproportionately disadvantage. India’s legal framework is also evolving around health data and algorithmic accountability. The Digital Personal Data Protection Act has increased attention on consent, data usage, and automated processing of sensitive personal data, including health information. In addition, the NITI Aayog has issued discussions and strategy papers emphasizing responsible AI and the need to prevent bias in healthcare technologies. The challenge for India is unique: if healthcare algorithms are trained on unequal social and economic realities, technology may unintentionally deepen existing healthcare inequalities instead of reducing them. As AI adoption expands, Indian hospitals, insurers, and health-tech startups may increasingly face legal scrutiny over transparency, fairness, and accountability in automated healthcare decisions.
India’s Labour Codes 2025: Compliance, Inspections & HR Readiness
India’s labour codes on Wages, Social Security, Industrial Relations, and Occupational Safety & Health have consolidated 29 laws into 4 streamlined frameworks. While this simplifies compliance, it also sharpens inspection protocols. Inspectors now rely on digital dashboards, risk-based selection, and surprise visits. ✅ Action Points for HR & Compliance Conduct a labour code audit before inspections. Maintain digital + physical records for redundancy. File annual returns on time and keep acknowledgments. Train managers on employee rights under the codes. Engage external advisors for gap analysis. The new labour codes are not just about avoiding penalties they are about trust, transparency, and workplace culture. Inspectors catch the same gaps employees notice. Closing them strengthens both compliance and credibility, positioning organisations as responsible employers in India’s evolving economy.