The Year India Wrote the Fine Print on Technology

If 2024 was when India announced big ambitions around artificial intelligence and digital governance, 2025 was when the country started writing the fine print.

Data protection rules, content takedown procedures, cybersecurity audits, and research funding all took clearer shape this year. The changes were driven by a series of notifications, draft policies, and budget decisions that together signaled a shift from intent to enforcement.

Much of the work was procedural. Ministries focused on who could issue takedown orders and how they should be reviewed, how organizations should demonstrate cybersecurity readiness, and how personal data protections would actually operate in practice.

At the same time, the government began putting real capital behind research and artificial intelligence infrastructure, while opening a new debate on how generative AI should pay for copyrighted training data.

Taken together, these moves marked a turning point. A look at the year’s key decisions shows India moving away from headline-driven tech policy toward the slower, more consequential work of setting rules, building institutions, and defining how digital growth will be governed in practice.

1. DPDP rules turn privacy law into a compliance clock

The most consequential regulatory step came in November, when the government notified the Digital Personal Data Protection Rules, 2025, operationalizing the Digital Personal Data Protection Act, 2023.

The rules spell out how personal data can be collected, processed, stored, and erased, and how individuals can exercise rights over their data. They also formally establish the compliance architecture around consent, grievance redressal, and enforcement through the Data Protection Board of India.

Implementation will be staggered, with commencement timelines notified in stages, giving companies and government departments time to adjust systems and processes before full enforcement bites. That rollout is likely to shape compliance planning well into 2026.

2. Takedown orders get a tighter chain of custody

In October, the government amended Rule 3(1)(d) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, tightening the procedure for online content removal.

The amendment is procedural. It sets out safeguards around how directions are issued and reviewed, including clearer specification of unlawful content, senior-level authorization, and periodic review. Platforms remain obligated to act on lawful orders, but the amendments add traceability and accountability to how those orders are issued.

The update reflects a broader regulatory shift in 2025 toward tightening paperwork and process rather than expanding discretionary power.

3. CERT-In shifts cyber from checklists to audit discipline

Cybersecurity policy was shaped less by new legislation and more by regulatory instruments. On 25 July, the Indian Computer Emergency Response Team (CERT-In) issued its Comprehensive Cyber Security Audit Policy Guidelines.

The guidelines lay out expectations for how organizations should conduct audits, assess vulnerabilities, and demonstrate ongoing readiness, particularly in sensitive and regulated sectors. The emphasis is on repeatable audit processes rather than one-time compliance exercises.

CERT-In’s role as India’s national incident-response agency, designated under the Information Technology Act, places these guidelines at the center of the country’s cybersecurity posture. Alongside CERT-In, the National Critical Information Infrastructure Protection Centre continues to lead protection of critical information infrastructure across sectors such as power, telecom, and banking.

4. RDI scheme tries to pull private R&D off the sidelines

On 1 July, the Union Cabinet approved the Research Development and Innovation (RDI) Scheme with an outlay of ₹1 trillion, marking one of the largest policy pushes to stimulate private-sector research.

The scheme is designed to offer long-tenor, low- or zero-interest financing to encourage companies to invest in high-risk, long-horizon research across strategic and emerging technologies. Instead of grants alone, the government is using concessional finance to crowd in private capital.

The architecture is deliberately layered. A Special Purpose Fund under the Anusandhan National Research Foundation will route financing through second-level fund managers, embedding market discipline into public R&D funding.

5. AI gets a line item in education policy

In the Union Budget 2025–26, presented on 1 February, the government announced a Centre of Excellence in Artificial Intelligence for education, backed by ₹500 crore.

The emphasis is on using AI to improve learning outcomes, teaching methods, and education delivery, rather than headline-grabbing job or enrollment targets. Details on institutional structure and implementation are expected to evolve through subsequent guidelines.

The announcement signals a shift toward treating AI not just as an industrial or startup concern, but as a foundational capability within public education systems.

6. IndiaAI moves from announcements to compute capacity

Although the IndiaAI Mission was approved earlier, 2025 marked a shift toward execution. Government communication during the year emphasized compute capacity, shared infrastructure, and deployment rather than new announcements.

A government note in October highlighted progress on scaling AI computing resources, reinforcing the government’s push to treat compute capacity as a shared national capability rather than a purely research initiative. The focus was on enabling access rather than backing individual companies or applications.

The framing matters. By 2025, IndiaAI was no longer about whether the state should support AI development, but about how quickly it could build the capacity to do so at scale.

7. Telecom policy stays in draft mode but sets the direction

India’s National Telecom Policy 2025 (NTP-25) moved through consultation rather than finalization during the year. In July, the Department of Telecommunications released a draft policy document for public feedback.

The draft outlines ambitions around universal connectivity, resilient networks, domestic manufacturing, and next-generation technologies, but officials made clear in a parliamentary response later in the year that the policy remained under drafting.

The telecom story, then, is one of intent and consultation rather than closure, with key decisions deferred to subsequent iterations.

8. Copyright meets model training and licensing enters the frame

In December, the government opened a new policy front. The Department for Promotion of Industry and Internal Trade (DPIIT) published the first part of a working paper on the intersection of copyright and generative artificial intelligence, titled ‘One Nation, One License, One Payment.’

The paper explores whether AI developers should be required to license copyrighted works used for training, and how remuneration could be structured. It is a proposal, not law, but it signals that India is preparing for a more formal framework around AI training data.

The debate is sharpened by ongoing litigation, including lawsuits filed by Indian media organizations against AI companies, making the issue both theoretical and immediate.