The Indian government is implementing a unified digital consent framework
The initiative is designed to be a definitive shift toward user-centric digital governance, ensuring that control over personal data is explicit, revocable, and instant across all digital touchpoints. It represents a vital step in building trust within the nation’s rapidly evolving digital economy.
How New Framework Works
The system is built on a convergence of regulatory efforts across finance, telecom, and general data protection:
RBI’s Digital Lending Rules: These require banks and lending platforms to get explicit borrower consent for data collection. Users must be able to restrict third-party sharing and revoke their consent at any point.
TRAI’s Digital Consent Registry: To combat commercial spam, this pilot project creates a secure, real-time registry—initially for the banking sector—that verifies a user’s consent before they receive any commercial communication.
The BRDCMS Blueprint: The architectural backbone, the Business Requirement Document for Consent Management System (BRDCMS), provides the technical infrastructure. It ensures that a user’s decision—such as withdrawing consent on a lending app—is automatically updated and reflected across the telecom and commercial communication systems.
The framework’s core goal is transparency and user control. Every data decision will be logged, audited, and tracked, providing citizens with a clear, complete picture of how their personal information is being used across financial services and other platforms.
Furthermore, the new rules reinforce data localisation, requiring sensitive user information to be stored on servers within India, a measure intended to align national security with robust privacy protections.
