Dataspace Security
Home / Knowledge Center / Advisory
Advisory

DPDP consent managers: what the 2025 Draft Rules actually require

Registration thresholds, interoperability duties and what Data Fiduciaries must build regardless.

28 June 2026 · 7 min read · Dataspace Research

The Draft Rules give consent managers a concrete shape: registered entities with net-worth thresholds, interoperability obligations and a fiduciary duty to the data principal. What most coverage misses is the implication for ordinary Data Fiduciaries — you must be able to receive, honor and log consent signals from these platforms, whether or not you ever contract with one.

Build the ledger first

Whatever final form the Rules take, a queryable consent ledger — who consented, to what purpose, when, via which channel, withdrawn when — is the load-bearing artifact. Retrofitting one after enforcement begins is the expensive path; the GovernanceOps consent ledger exists precisely so it's a configuration, not a project.

From the same team

This research comes from real engagements.

The consultants who wrote it run the assessments and the platform behind it. Bring us the question your board is asking.

Talk to an Expert