Private Sector Participation in India’s Space Sector

Reaching for the Stars: Private Sector Participation in India’s Space Sector

India’s recent achievements in space exploration have garnered significant global attention (e.g., Chandrayaan-3’s soft-landing on the lunar south pole; Aditya-L1’s solar study mission; and hitting key milestones in terms of achieving manned spaceflight capabilities as part of the Gaganyaan project). However, private sector participation in space activities continues to be hamstrung through a combination of: (i) financial constraints (e.g., a lack of access to capital, including continued challenges with respect to securing asset-based financing, such as on account of the mobility of such underlying assets); along with (ii) regulatory ambiguity (e.g., in terms of attributing and quantifying liability, including in respect of third-party liability insurance, as well as with regard to corresponding caps).
Nevertheless, several new initiatives in India hold promise, such as: (i) the Indian Space Policy, 2023; (ii) a stated commitment to increase the country’s global market share, including by moving away from a demand-based model to a supply-centric approach; (iii) the ongoing and time-bound processing of private sector applications (related to space activities) by the Indian National Space Promotion and Authorization Center (IN-SPACe) – a single-window nodal agency – including for the purpose of assisting erstwhile vendors and suppliers to move up the value chain; (iv) the aggregation of user requirements by NewSpace India Limited – a Central Government-owned enterprise – including for the purpose of utilizing new space assets optimally based on determinations of stakeholder accountability, as well as creating new ones based on demand confirmations; along with (v) the launch of the SpaceTech Innovation Network (SpIN) in order to foster entrepreneurial innovation – especially in respect of startups and SMEs.
This note outlines India’s efforts to enhance and improve upon space regulation – including through reforms and liberalization – while also highlighting obstacles in both policy and practice.


India’s Digital Public Infrastructure DPDP Act

India’s Digital Public Infrastructure Could Have All the Answers to Questions Under the DPDP Act

Confusion abounds among key stakeholders of India Inc. with respect to consent management and allied concerns under India’s newly published Digital Persona Data Protection Act, 2023. This is especially true in the context of age verification requirements, along with the means of obtaining verifiable parental consent for children’s data. However, India’s digital public infrastructure could provide all the right answers – eventually. This note explores and examines how.


Modifications to Schemes of Arrangement

Modifications to Schemes of Arrangement

Once a scheme of arrangement has been approved by its shareholders or the relevant National Company Law Tribunal, what, if any, modifications are permissible to the scheme of arrangement without seeking fresh shareholder approval?

This note considers the legal framework for modifications to approved schemes of arrangement. It also examines the proposed merger of Zee Entertainment with Sony Pictures India where this question potentially arises for consideration.


Contractual Arrangements Under India’s New Data Protection Law

Contractual Arrangements Under India’s New Data Protection Law: A Data Fiduciary’s Guide to the Data Processing Universe

In light of India’s new Digital Personal Data Protection Act, 2023 (the “DPDP Act”), organizations need to check whether and to what extent such new compliance regime applies to them and their operations. In this regard, they may need to improve their existing IT and cybersecurity systems. Relatedly, organizations should monitor entities in their supply chains with respect to data processing obligations. In particular, existing contractual arrangements may need to be reviewed, and future data processing agreements (“DPAs”) must be negotiated in light of the new law.

Unlike the GDPR which places certain direct regulatory obligations on data processors, the DPDP Act appears to attribute sole responsibility upon the main custodians of data even when the actual processing is undertaken by data processors pursuant to a contract or other arrangement. Therefore, organizations have to ensure that their own statutory obligations remain mirrored in their supply chain, as well as in delegated/outsourced data processing tasks.

Accordingly, this note discusses due diligence and risk assessment/mitigation strategies; key lessons from the GDPR; necessary clauses in a DPA; the possibility of transferring liability through, and the inclusion of appropriate indemnity provisions in, such DPAs; as well as ensuring confidentiality and security, along with business continuity and disaster recovery, in such contexts.


Managing Consent

Yes Means Yes: Managing Consent Under India’s New Data Protection Law

Unlike the EU’s GDPR (which allows non-consensual data processing under various circumstances), India’s new Digital Personal Data Protection Act, 2023 (the “DPDP Act”) relies heavily on consent as a ground for processing personal data. Other than a few ‘legitimate uses’ specified in the DPDP Act, consent will be the only legal basis for processing digital personal data in India once the law enters into force. This note discusses the role of consent managers and the potential of notice-and-consent management platforms (both inhouse and outsourced) to help entities comply with their obligations under the DPDP Act.


Digital Personal Data Protection Act 2023

It’s Personal: A Roadmap for Data Mapping in Digital India

Although India’s newly published Digital Personal Data Protection Act, 2023 (the “DPDP Act”) is not yet in force, it is likely to take effect soon. Accordingly, while entities wait for the government to notify discrete provisions of the DPDP Act along with specific rules under it, they could use this transitional phase to align themselves to the requirements of the new regime and prepare for future obligations. Before anything else, organizations could draw up a compliance roadmap, the starting point of which should include a comprehensive data mapping exercise.
Organizational databases are likely to contain vast volumes of digitized information, not all of which may be considered ‘personal’ data. This note discusses the main features of the data mapping process, including the determination of, and the processual prerogatives with respect to, personal information contained in mixed datasets – where organizational data inventories are likely to comprise both personal and non-personal data.


Digital Personal Data Protection Act 2023

All Aboard: Getting Ready for India’s New Data Protection Journey

The Digital Personal Data Protection Act, 2023 (the “DPDP”) is poised to (re)define India’s legal framework with respect to the processing of digital personal data.
This new regime is designed to be an overarching one, irrespective of data category (in terms of sensitivity) or entity type. While provisions of the DPDP are likely to be notified soon, all organizations need to check whether and to what extent the DPDP applies to them and their operations.


Digital Personal Data Protection Act 2023

India’s New Law: The Digital Personal Data Protection Act, 2023

This note provides an overview of the Digital Personal Data Protection Act, 2023 that was published in the official gazette pursuant to a notification dated August 11, 2023. The Act will become effective from the date(s) notified by the Central Government, and different dates may be notified for different provisions. Also, rules may be notified in future, not inconsistent with the provisions of the Act, to carry out the purposes of the Act. The Act seeks to overhaul the current legal framework governing personal data in India. Accordingly, the Act establishes a legal framework to protect digital personal data, including by prohibiting the unauthorized use, alteration or sharing of information in a way that compromises the confidentiality, integrity and/or accuracy of such data. In this regard, the Act distinguishes among a data principal, data fiduciary and data processor, and provides rights for data principals and imposes obligations on data fiduciaries. The Act applies to consent managers as well.


’22/’23 Vision: Because India’s 2022 Draft Data Protection Law is so Last Year

A new version (the “23 Draft”) of India’s long-awaited Digital Personal Data Protection law (“DPDP”) is being moved for consideration and passing in the Lok Sabha today, i.e., Monday, August 7, 2023.
India has made several attempts over the last few years, including in terms of parliamentary tabling (and withdrawal), to introduce a comprehensive legal framework for data protection. However, the 23 Draft of DPDP was introduced in the Lok Sabha only late last week.
As such, it is a revised version of a previous DPDP draft that was released in November last year for public comments (the “22 Draft”). While the revised version contains several incremental changes compared to the 22 Draft, some such differences may prove significant in the long run.
A detailed analysis of the 23 Draft, along with an in-depth review relative to its prior iterations, will soon follow. Meanwhile, a few key takeaways from the current version in light of the changes made to the 22 Draft are highlighted here.
Accordingly, this note comprises two parts. Part I discusses the legislative status and possibilities with respect to DPDP’s 23 Draft. Part II provides a summary of key changes made to the 22 Draft, as currently reflected in the 23 Draft.