How DPDP penalties work
₹250 crore is real
The Schedule to the DPDP Act, 2023 sets a maximum penalty of ₹250 crore for failing to take reasonable security safeguards to prevent a data breach — the single largest cap in the Act.
Penalties stack by obligation
Different failures carry separate caps — breach notification (₹200 cr), children’s data (₹200 cr), Significant Data Fiduciary duties (₹150 cr) and other provisions (₹50 cr) — so exposure adds up across gaps.
Gaps are fixable now
The Board weighs nature, gravity and duration. Closing gaps with a DPDP readiness plan before enforcement is the most reliable way to reduce both exposure and the odds of action.
