The board-level guide to DPDP, CERT-In, SEBI CSCRF, RBI, IRDAI and NCIIPC. Critical dates, the multi-regulator control overlay, and a costed 2026 build plan.
Built by Proactive Data Systems, a Cisco Preferred Partner under the Cisco 360 Partner Program. Over 35 years of Indian enterprise IT Infra experience.
Updated May 2026.
India's cyber compliance timeline is set. The Digital Personal Data Protection (DPDP) Act hard enforcement lands on 13 May 2027 with penalties up to ?250 crore. Consent Manager activates on 13 November 2026. SEBI's Software Bill of Materials mandate landed on 5 May 2026. The Indian Computer Emergency Response Team (CERT-In) six-hour clock runs every day. Build it right in 2026, or pay for it in 2027.
Primary CTA: Get the Free Roadmap
Secondary CTA: Book the Compliance Workshop
Critical Dates: 2026 to 2027
| Date | Event |
|---|---|
| 5 May 2026 | SEBI SBOM mandate for critical applications at SEBI-regulated entities |
| 13 November 2026 | DPDP Consent Manager framework activates |
| Q1 2027 (industry-recommended) | Significant Data Fiduciary readiness window: DPO, independent auditor, DPIA |
| 13 May 2027 | DPDP hard enforcement; penalties up to ?250 crore (US$26.24 million) |
Three figures that travel: penalty ceiling ?250 crore for major violations. CERT-In reporting clock: six hours. DPDP breach reporting clock: without delay plus a 72-hour detailed report.
What's Inside the Roadmap
The roadmap covers:
-
The Indian cyber regulatory landscape on one page: DPDP, CERT-In, NCIIPC, RBI, SEBI CSCRF, IRDAI, CEA, DoT.
-
Every critical date from May 2026 to May 2027, with the legal trigger for each.
-
The DPDP Rule 6 control set, explained for a CISO.
-
The Consent Manager framework: what enterprises must build before 13 November 2026.
-
Significant Data Fiduciary readiness: the DPO, audit and DPIA steps to land before Q1 2027.
-
The technical controls that satisfy multiple regulators at once.
-
A six-step build plan for 2026 with sequencing.
-
The CERT-In six-hour reporting workflow and how it interacts with DPDP's 72-hour clock.
-
The sectoral overlays for BFSI, capital markets, insurance, power and telecom.
Forty pages. Twenty-three tables. One reading.
What You'll Do With This
- Identify which of the eight Indian regulators apply to your estate.
- Map your existing controls against the multi-regulator overlay table.
- Build a defensible 2026 plan you can take to the board.
Used by CISOs and DPOs at BFSI, manufacturing and ITeS enterprises across India.
Who This Roadmap Is For
CIOs, CISOs, Data Protection Officers, Chief Risk Officers, Heads of Compliance and Legal teams in Indian enterprises across BFSI, manufacturing, ITeS and BPO, healthcare, power and telecom. Particularly relevant to organisations likely to be designated as Significant Data Fiduciaries that operate in regulated sectors with parallel regulator clocks, or that hold personal data of European and US end-customers through foreign principals.
If you are designing the 2026 cyber compliance build plan, this roadmap saves the weeks of cross-referencing it would otherwise take.
Why Trust This Roadmap
Reviewed by Alok Sah, Head, Cybersecurity, Proactive Data Systems, with the Proactive security and compliance practice. Cross-checked against Data Protection Board notifications, the CERT-In Direction, the SEBI master circular and the published guidelines of every named regulator. Sources listed at the back of the PDF.
Proactive Data Systems is a Preferred Partner under the Cisco 360 Partner Program across Networking, Security, Collaboration and Cloud & AI. We have run cyber compliance programmes for Indian enterprises in BFSI, manufacturing and ITeS for over three decades.
Two ways to start.
Free. Get the roadmap. Forty pages. PDF. Inbox in sixty seconds.
Faster. Book the two-hour India Cyber Compliance Workshop. We sit with your CISO, DPO and risk lead, walk your estate against the roadmap, and hand you a gap map and a costed 2026 build plan within ten working days.
Closing the tab? The roadmap will be in your inbox before you finish your coffee.
