|
GRAFFITI #1
Draft Amendments Propose Online Licence Fee System for Copyrighted Works
The Ministry of Commerce and Industry has released Draft Copyright (Amendment) Rules, 2025 to the Copyright Rules, 2013 on 5th June 2025 (“Draft Rules”), which is available at
https://egazette.gov.in/(S(bwajf2ki2e2afjvna3k40q3s))/ViewPDF.aspx.
The proposed amendments introduces a dedicated online payment system for the owners/licensors of literary works, instrumental works, and sound recordings to collect licence fees associated with the public communication of these works. The Draft Rules specifies, payment of license fees must be made exclusively through this prescribed online mechanism, with no alternative methods permitted.
This Draft Rule has been published for public consultation. Stakeholders and members of public may submit any objections or suggestions to the Additional Secretary (DPIIT) via email or post (ipr7-dipp@gov.in) within 30 days of the notification's publication.
|
|
|
|
GRAFFITI #2
CCPA Issues Advisory Requiring Self-Audits to Detect Dark Patterns
The Central Consumer Protection Authority (CCPA) has issued an advisory on 5th June 2025 (“Advisory”) directing all e-commerce platforms to conduct self-audits within 3 months from the date of its issuance.
The Advisory aims to detect and eliminate deceptive dark patterns that manipulate consumer choices. It has been issued pursuant to the Guidelines for Prevention and Regulation of Dark Patterns 2023.
The CCPA further encourages platforms to submit self-declarations confirming their websites are free of dark patterns, in order to ensure fair and transparent digital ecosystem. Additionally, the Advisory calls all e-commerce platforms, industry associations, consumer organisations, and academic institutions to circulate the Advisory and encourage internal audits to prevent use of dark patterns.
|
|
|
|
GRAFFITI #3
TRAI-RBI Pilot on Digital Consent Registry for Telemarketing
The Telecom Commercial Communications Customer Preference Regulations (TCCCPR), 2018 mandates that entities must acquire customer consent digitally and register such consent in a digital consent registry maintained by telecom service providers, to enable verification before conducting telemarketing.
To operationalise this consent registration framework, the Telecom Regulatory Authority of India (TRAI) has initiated a pilot project in collaboration with Reserve Bank of India (RBI) and all banks. This pilot project will be used to validate the operational, technical and regulatory aspects of the proposed consent management system.
|
|
|
|
GRAFFITI #4
RBI Mandates Due Diligence for AePS Operators to Combat Fraud
The Reserve Bank of India (RBI) has issued new Directions titled Aadhaar Enabled Payment System - Due Diligence of AePS Touchpoint Operators dated 26th June 2025 (“Directions”) requiring banks to enhance due diligence for AePS touchpoint operators in response to increasing fraud incidents involving identity theft.
Under these Directions, any bank that onboards AePS touchpoint operators must conduct robust due diligence and periodic KYC checks to verify the identity. Banks are also required to implement ongoing transaction monitoring and apply risk-based operational controls such as location profiling and transaction velocity limits to proactively detect suspicious activity.
Additionally, the Directions mandate system-level safeguards to ensure that the APIs are not misused beyond their intended AePS operations. These measures are aimed at enhancing the security, integrity, and reliability of the Aadhaar Enabled Payment System and mitigating the risks associated with fraud and misuse.
|
|
|
|
GRAFFITI #5
SEBI Extends Cybersecurity Compliance Deadline for Regulated Entities
The Securities and Exchange Board of India (SEBI) had released Cybersecurity and Cyber Resilience Framework (CSCRF) for SEBI Regulated Entities (REs) on 20th August 2024 (“Cybersecurity Framework”), aimed at strengthening the data protection and IT Infrastructure across all SEBI regulated entities.
The entities for which this is applicable are:
| Market Infrastructure Institutions (MIIs) |
Stock Exchanges, Clearing Corporations, Depositories. |
| Other Market Participants |
Stock Brokers, Depository Participants, Asset Management Companies (AMCs), Portfolio Managers, Alternative Investment Funds (AIFs), Venture Capital Funds (VCFs), KYC Registration Agencies (KRAs), Registrars and Share Transfer Agents (RTAs) |
SEBI has granted a two-month extension for implementing the Cybersecurity Framework, extending the deadline till 31st August 2025. This extension applies to all regulated entities except market infrastructure institutions, KYC registrations agencies, and qualified registrars to an issue and share transfer agents.
The Cybersecurity Framework sets out detailed requirements to enhance cybersecurity preparedness, ensure robust risk management practices, and improve resilience against cyber threats in India’s securities markets.
|
|
|
|
GRAFFITI #6
MeitY Issues Guidelines for Implementing Consent Management under DPDP Act
India's Digital Personal Data Protection Act, 2023 (DPDP Act) introduces strict consent management obligations for all data fiduciaries. To facilitate effective implementation, the Ministry of Electronics and Information Technology (MeitY) has released a Business Requirement Document (BRD) that provides detailed guidelines for developing and maintaining a Consent Management Systems (CMS).
The BRD serves as a comprehensive guideline for implementing consent management processes, including the collection, validation, updating, renewal and withdrawal of the consent by data principals. These measures are designed to ensure that data fiduciaries manage user consent in a transparent, secure, and user-friendly manner in compliance with the DPDP Act.
You can read our detailed article on this at https://www.lexology.com/library/detail.aspx?g=350ecb5e-e78f-4563-aa5b-2d0baa859a5d
|
|
|
|
|
|
