Section 40: Power to make rules

Q: What does Section 40 of The Digital Personal Data Protection Act, 2023 (DPDP) deal with?

Section 40 DPDP pertains to "Power to make rules". It is part of the The Digital Personal Data Protection Act, 2023, a legislation enacted by the Parliament of India. Section 40 of The Digital Personal Data Protection Act, 2023 (DPDP) governs power to make rules. As verified on 21 May 2026.

Q: Is Section 40 DPDP still in force?

Yes, Section 40 of the The Digital Personal Data Protection Act, 2023 is currently in force across the Republic of India.

Q: What is धारा 40 DPDP?

धारा 40 DPDP is the Devanagari Hindi reference for Section 40 of the The Digital Personal Data Protection Act, 2023. Section 40 of The Digital Personal Data Protection Act, 2023 (DPDP) governs power to make rules. As verified on 21 May 2026.

Q: What is Dhara 40 DPDP?

Dhara 40 DPDP is the Roman Hindi reference for Section 40 of the The Digital Personal Data Protection Act, 2023. "Dhara" means "Section" in Hindi. Section 40 of The Digital Personal Data Protection Act, 2023 (DPDP) governs power to make rules. As verified on 21 May 2026.

Q: How to cite Section 40 of The Digital Personal Data Protection Act, 2023?

Cite as: "Section 40, The Digital Personal Data Protection Act, 2023 (DPDP)" in legal briefs. For academic writing, use the BlueBook format: The Digital Personal Data Protection Act, 2023, § 40 (India).

Law on Tips Editorial Board

(1) The Central Government may, by notification, make rules for carrying out the provisions of this Act.

(2) In particular, and without prejudice to the generality of the foregoing power, such rules may provide for all or any of the following matters, namely:—

the manner and purposes for which the Data Principal may be provided subsidy, benefit, service, certificate, licence or permit under clause (b) of section 7;
the form and manner for giving intimation of personal data breach under sub-section (6) of section 8;
the manner of obtaining verifiable consent under sub-section (1) of section 9;
the classes of Data Fiduciaries and purposes to which the provisions of sub-sections (1) and (3) of section 9 shall not apply, and conditions therefor under sub-section (4) of section 9;
the measures to be undertaken by a Significant Data Fiduciary under sub-clause (iii) of clause (c) of sub-section (2) of section 10;
the other information which may be obtained by a Data Principal under clause (c) of sub-section (1) of section 11;
the manner of making a request for erasure under sub-section (3) of section 12;
the period within which the Data Fiduciary or Consent Manager shall respond to grievances under sub-section (2) of section 13;
the manner in which a Data Principal may nominate under sub-section (1) of section 14;
the standards for research, archiving or statistical purposes under clause (b) of sub-section (2) of section 17;
the manner of appointment of the Chairperson and other Members under sub-section (2) of section 19;
the salary, allowances and other terms and conditions of service of the Chairperson and other Members under sub-section (1) of section 20;
the procedure to be observed by the Board under sub-section (1) of section 23;
the terms and conditions of appointment and service of officers and employees under section 24;
the techno-legal measures to be adopted by the Board under sub-section (1) of section 28;
the procedure to be followed by the Board while conducting an inquiry under sub-section (3) of section 28;
the form and fee for filing an appeal under sub-section (2) of section 29;
the manner and mechanism for alternate dispute resolution under section 31;
the manner of obligations of Consent Manager under sub-section (7) of section 6;
the manner, technical, operational, financial and other conditions for registration of Consent Manager under sub-section (8) of section 6; and
any other matter which is to be, or may be, prescribed, or in respect of which provision is to be, or may be, made by rules.

Law on Tips(LOTS)

Section 40

Power to make rules

What is Section 40 of The Digital Personal Data Protection Act, 2023 (DPDP)?

Key Facts & Information

Frequently Asked Questions