Updated: 14 Apr 2026
Yes. Cisco Duo satisfies the authentication requirements of India's four active regulatory frameworks: RBI Authentication Directions 2025, CERT-In CISG-2025-02, SEBI CSCRF, and DPDPA 2023.
Each framework has specific requirements. Here is how Cisco Duo addresses them.
RBI Authentication Directions 2025, effective 1 April 2026. Two-factor authentication is mandatory for all digital payment transactions. At least one factor must be dynamic. Factors must operate through independent channels. Cisco Duo satisfies all three conditions. Verified Push and FIDO2 both meet the factor independence requirement. SMS OTP does not.
CERT-In CISG-2025-02, effective 25 July 2025. MFA is required for all remote access. Authentication logs must be retained for 180 days and stored in India. Cisco Duo's Mumbai data centre, operational since May 2022, confirms India data residency. Logs are individually attributed, timestamped, and exportable for the audit window.
SEBI CSCRF. MFA for privileged access to trading, risk management, and back-office systems is required. The compliance window closed between January and April 2025. Cisco Duo's Verified Push and hardware token options satisfy the phishing-resistant MFA standard SEBI expects.
DPDPA 2023. The Act requires reasonable security safeguards for personal data. Full enforcement arrives 13 May 2027. MFA for systems handling personal data is consistent with that standard.
One important note: compliance depends on deployment, not just the platform. A Cisco Duo licence does not automatically produce compliant authentication logs. The deployment must be configured to capture individual attribution, retain logs to an India-resident store, and maintain a bypass code register from day one.
Proactive Data Systems, a Cisco Preferred Security Partner, structures every Cisco Duo deployment in India around the compliance evidence package from the start.
We'll get back to you shortly.
