Consent Manager
A DPDP-specific registered intermediary through which Data Principals can centrally give, manage, review, and withdraw consent across multiple Data Fiduciaries.
Full Definition
The Consent Manager is one of the DPDP Act's most innovative features — a novel concept globally with no direct equivalent in the GDPR. Section 6(9) of the DPDP Act and Rule 4 (Phase 2, operative from November 2026) establish a framework for registered entities called Consent Managers. A Data Principal can use a Consent Manager as a single interface to manage their consent across multiple Data Fiduciaries — granting consent for one service, reviewing what data a company holds, and withdrawing consent without visiting each company's individual platform. Consent Managers must be registered with the Data Protection Board of India and must meet interoperability, security, and accountability standards prescribed in the Rules.
In Indian Law
DPDP Act 2023, Section 6(9) and Rule 4 (G.S.R. 846(E), notified 13 November 2025, operative November 2026). The framework is modelled in part on the Account Aggregator (AA) framework under RBI, which demonstrated the viability of consent intermediaries in India's financial sector. Consent Managers are expected to be key infrastructure for DPDP compliance — enabling Data Principals to exercise their rights at scale without depending on each Fiduciary's individual interface.
Related Legal Sections
Frequently Asked Questions
When will Consent Managers become operational under the DPDP Act?
Rule 4 governing Consent Manager registration was notified on 13 November 2025 and comes into force in Phase 2 — November 2026. From that date, entities can apply for registration as Consent Managers.