India's New Method to Safeguard Kids Online with Age Checks

Published Date : 8/22/2025 

India is taking a unique approach to safeguarding children online by implementing age verification measures as part of the Digital Personal Data Protection Act (DPDPA). This article explores the implications and challenges of this new legislation. 

As in digital identity, India is charting an unexplored course in pursuit of goals shared with nations around the world on keeping children from online harms. The Digital Personal Data Protection Act (DPDPA) is a significant step in this direction, introducing age assurance requirements for organizations serving Indian customers or users over the internet.

CMS Induslaw Partner Shreya Suri explained the implications of the DPDPA for businesses and Indian internet users, both children and adults, in a Biometric Update webinar on “Age Verification in India: Technology, Policy, and the Digital Personal Data Protection Act” this week.

When we talk about consent, there are two layers,” she explains. “One is taking consent from the data principal. The second layer is where the data principal, or the person whose data is being processed, is a minor. The DPDPA therefore introduces age assurance requirements for organizations serving Indian customers or users over the internet, due to its requirement for online services to collect “verifiable parental consent” to process children’s data. But what that means in implementation is still being decided.

Social & Media Matters CEO Pratishtha Arora described a change in India’s internet culture over the past decade, from limited access and widely-shared fears to a different set of fears based in large part on increased access. This shift highlights the growing need for robust online safety measures, especially for children.

Iain Corby, ED of the Age Verification Provider’s Association (AVPA), shared early lessons from the implementation of the UK’s Online Safety Act, some of which could help inform policy decisions in India. He also pointed out that the one ready example of requiring parental consent for online data processing elsewhere in the world, California’s COPPA, uses a system that would likely not comply with the DPDPA.

Biometric Update Reporter and Analyst Joel R. McConvey noted that in these early days of the market, age assurance providers have yet to come to grips with how to localize their services to solve for common challenges in different legal and social contexts. Critics have also pointed out features of India’s internet culture that are different from places like the UK and California add further complications, both social and practical.

Click here to watch this webinar for free on-demand. 

Frequently Asked Questions (FAQS): 

Q: What is the Digital Personal Data Protection Act (DPDPA)?

A: The DPDPA is a law in India that introduces age assurance requirements for organizations serving Indian customers or users over the internet, requiring online services to collect verifiable parental consent to process children’s data.

Q: Why is age verification important in India?

A: Age verification is crucial in India to protect children from online harms and ensure that their data is processed with verifiable parental consent, as mandated by the DPDPA.

Q: What are the challenges in implementing age verification in India?

A: Challenges include localizing age assurance services to fit India's unique legal and social contexts, and addressing the practical and social complexities of India’s internet culture.

Q: How does the UK’s Online Safety Act inform India's age verification policies?

A: The UK’s Online Safety Act provides early lessons and best practices that can inform India's age verification policies, though the systems may differ due to local contexts.

Q: What is the role of parental consent in the DPDPA?

A: Parental consent is a critical component of the DPDPA, as it requires online services to obtain verifiable parental consent before processing children’s data. 

More Related Topics :