By Ketki Agrawal and Bhaavi Agrawal
Recently, the Parliamentary Standing Committee on Finance (PSCF) released its report on the evolving role of the Competition Commission of India (CCI) in the digital landscape. Separately, the Ministry of Corporate Affairs (MCA) also announced the launch of a market study to assess the impact of ex-ante competition regulations for digital markets.
Notably, back in March 2024, the MCA had released a draft Digital Competition Bill (DCB), now withdrawn, for stakeholder consultation, targeting tech giants with obligations around fair access, self-preferencing and data use. After a lull since the 2024 stakeholder consultation, the market study along with the PSCF’s report points towards a renewed interest in appropriately regulating digital market competition.
Simultaneously, India is preparing to roll out the Digital Personal Data Protection Act (DPDP), a horizontal privacy framework regulating how entities collect, process, and store personal data. Separately, the Digital India Act, which is under formulation, aims to replace the dated IT Act, covering AI, content moderation, cybersecurity, and platform accountability.
In isolation, each of these digital laws can be smoothly implemented. In combination, they risk creating regulatory duplication and compliance fatigue.
Multiple laws, one problem: compliance burden
Compliance building is time-consuming, and digital ecosystems are fast paced. Together, they present a paradox to regulators: how does one regulate without slowing digital growth? Comparable obligations spread across legislations, will inevitably seed confusion, create inefficiencies and ultimately impact well-intentioned compliance systems.
Picture a digital bank operating in India, already subject to stringent data governance norms laid down by the RBI. After the DPDP’s implementation, the bank will have to separately ensure compliance with an additional regime, one that brings with it independent data usage obligations. Importantly, these new rules will coexist with legacy provisions under the IT Act, which remain operational for now.
Additionally, the bank, if “significant” enough may also be impacted under the draft DCB and exposed to yet another regulatory lens. This will burden the bank with another set of data-sharing obligations that may, in substance, mirror certain other data protection principles. An existing legislation - the Competition Act, 2002 also does not preclude the CCI from imposing similar obligations on big-sized data fiduciaries. Take for example, the remedies imposed on WhatsApp and Meta for violating competition principles in their data collection and sharing policies. They were directed to pause data-sharing for advertising purposes for five years, ensure transparency in data-sharing for core purposes, and provide users with an opt-out option for non-core data uses.
Burnt out before compliance even begins.
The growing proliferation of regulatory obligations carries serious implications. This is also at crossroads with the government's vision of a thriving startup culture in India. As businesses wrap their heads around interpreting and implementing overlapping obligations, a discernable impact on innovation will slowly begin to set in. In particular, startups and mid-sized companies may defer launching new digital products/ services simply to avoid the legal uncertainty surrounding compliance. With duplicative laws, legal advice becomes expensive, risk appetites shrink, and investor confidence falters.
Forget small companies, payment gateways including Google Pay, PhonePe, and Amazon Pay have requested an exemption from DPDP’s provisions, even before its rules are notified. Their concerns center on the requirement to obtain explicit consent for each transaction, including recurring payments. The industry warns that this obligation would introduce significant friction and operational costs, particularly impacting smaller fintechs who may struggle to upgrade their infrastructure to effectively comply.
Similarly, the IAMAI has warned that ambiguities in the DPDP around verifying voluntary disclosure of publicly available personal data, could increase compliance burden on AI companies, essentially stifling innovation.
If the big players are already feeling the heat, how will smaller ones cope with the compliance burden? The European equivalent of the DPDP, the General Data Protection Regulation (GDPR) is also witnessing a similar fate. Seven years since enforcement, the legislation is being re-visited to assess ease of compliance for smaller companies. Reforms are being contemplated to simplify norms and reduce red tape for businesses drowning in paperwork.
Way forward: coordination, not duplication.
If cross-regulation is a necessary evil, then efforts must be made at the formulation stage to untangle the potential regulatory web.
The first step is institutional. Regulators must speak with each other and not just episodically. While the DPDP mentions coordination with sectoral regulators, this principle must be operationalised to result in harmonised enforcement protocols among the relevant regulators. This is not a novel idea. The PSCF’s report also endorses inter-regulatory harmony. Also, in the UK, the Digital Regulation Cooperation Forum brings together key regulators to streamline oversight and reduce compliance burdens.
Secondly, legislative clarity is essential. As newer laws come, they must expressly repeal or subsume provisions in older laws. Ambiguities arising from concurrent jurisdiction can only be resolved through clear statutory hierarchy, not overlapping claims of supremacy.
With the proposed market study for DCB, there is a timely opportunity to examine the regulatory brown-field and sharpen DCB’s focus to core-competition issues. If similar steps are taken for each digital law in the pipeline, India could possibly set them up for success. Otherwise, India risks building a regulatory house of cards, well-intentioned, but structurally unsound.
(Ketki Agrawal is Principal Associate and Bhaavi Agrawal Senior Associate at Economic Laws Practice.)
Views are personal and do not represent the stand of this publication.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
