The notification of the Digital Personal Data Protection (DPDP) Rules 2025, last week, has not only initiated the countdown for compliance by companies, but also opened a new technology space – that of consent management. With consent managers mandated to be registered within 12 months of the notification of the rules, a fresh window has emerged for startups to build platforms that will help users track, approve and withdraw permissions for use of their personal data across digital services.
The earliest adopters are expected to come from BFSI, followed by digital-first sectors like gaming, social media, retail and telecom where data flows are high and personalisation is central to business models, analysts said.
Under the DPDP Act, consent managers will serve as the single interface for individuals to view and control how their data is processed. They must provide interoperable platforms through which users can manage consent across multiple companies like banks, social media platforms, online retailers, telecom operators, etc.
For businesses, these entities will help fulfil mandatory obligations such as informing users about existing personal data held by the company, obtaining explicit consent for continued processing and deleting data once it is no longer required for the stated purpose.
According to analysts, this model is sure to spark interest among startups specialising in identity verification, document infrastructure, authentication, onboarding and data governance. Many of these companies already assist enterprises in collecting digital consent, verifying user identity and managing compliance, and are sure to now explore whether to evolve into full-fledged consent managers or offer modular compliance suites to businesses instead. Analysts said that such startup firms may now start preparing to apply for licences once the registration channel opens.
Further, in the coming days the business model around consent management would start evolving. The industry expects pricing to revolve around per-user or per-consent charges, subscription-based structures, or bundled offerings that could include building and operating the consent portal itself.
According to industry observers, the emerging ecosystem could be similar to the account aggregator framework that transformed data sharing in finance. The consent manager space could similarly become a central layer of the digital infrastructure, provided interoperability is enforced so that users can view and control all their consents through a single application irrespective of the company or sector.