Cybersecurity Regulations in India 2025: A Complete Cloud Compliance Guide

India's Regulatory Landscape Has Changed

India achieved Tier 1 status in the Global Cybersecurity Index 2024 with a score of 98.49/100, signalling maturing regulatory enforcement. For Indian businesses using cloud services, multiple new frameworks now apply.

Key Regulations in 2025

• DPDP Act 2023 — restrictions on cross-border data transfer, mandatory localisation for certain categories
• CERT-In Directions 2022 — 6-hour incident reporting, 180-day log retention within India
• SEBI CSCRF — cybersecurity framework for capital market entities
• Telecommunications Cyber Security Rules 2024 — security requirements for telecom infrastructure

AstraCMITS provides cloud compliance assessments aligned with CERT-In, DPDP, and GMP requirements.