What are the key statutory references for Consent Managers?

The key statutory references include: DPDPA Section 6(9), DPDP Rules 2025 Rule 4, DPDP Rules 2025 Rule 5, DPDP Rules 2025 Rule 6.

What are the main takeaways from the Consent Managers visual guide?

Consent Managers enable centralised consent management across Data Fiduciaries Must be registered with Data Protection Board Interoperability standards mandate standardised consent artefacts Consent via Consent Managers has equivalent validity to direct consent Consent Managers bear fiduciary accountability to Data Principals

Consent Management

Consent Manager Framework

Interoperable consent infrastructure under DPDP Rules 2025

24 January 2026

4 min read

Visual Guide

Executive Summary

Consent Managers emerge as intermediaries enabling Data Principals to manage consent across multiple Data Fiduciaries through a single, interoperable platform registered with the Data Protection Board.

Consent Manager Framework — AMLEGALS DPDPA Visual Guide Series

The Consent Manager Innovation

Section 6(9) and the DPDP Rules introduce Consent Managers as a novel institutional innovation in India's data protection architecture.

These entities register with the Data Protection Board and serve as intermediaries. They enable Data Principals to provide, manage, review, and withdraw consent across multiple Data Fiduciaries through a unified interface.

This addresses consent fatigue, where individuals overwhelmed by consent requests either disengage entirely or give blanket approvals without meaningful consideration. Consent Managers must satisfy registration requirements including demonstrated technical capability, interoperability compliance, and financial stability to ensure service continuity. They operate as fiduciaries to Data Principals, creating accountability for consent management integrity.

Interoperability and Accountability

The Rules mandate interoperability between Consent Managers and Data Fiduciaries. This requires standardised consent artefact formats that can be verified across platforms. Legacy systems may need substantial modification to interact with Consent Manager infrastructure.

Data Fiduciaries must honour consent provided through registered Consent Managers with the same validity as direct consent. They must also maintain capability to verify consent authenticity.

Consent Managers bear accountability for their platforms' integrity. This includes security of consent records and accuracy of consent status communications. The framework creates a consent marketplace where Data Principals may select Consent Managers based on service quality, interface usability, and additional features. This could introduce competitive dynamics that improve consent management experience over time.

Key Takeaways

1Consent Managers enable centralised consent management across Data Fiduciaries
2Must be registered with Data Protection Board
3Interoperability standards mandate standardised consent artefacts
4Consent via Consent Managers has equivalent validity to direct consent
5Consent Managers bear fiduciary accountability to Data Principals

Back to All Visual Guides