Once the Act is notified (anticipated in late 2025 or 2026), the government is likely to prescribe staggered compliance dates. For example, large fiduciaries may need to comply immediately on notification, whereas startups/MSMEs might be granted an additional grace period (e.g., a few months extra) to meet certain obligations. All organizations should be prepared for enforcement at short notice, as authorities have emphasized that extensive delays (like the two-year GDPR transition) will not be given.

In summary, enterprise compliance teams should treat the Act as imminent: the foundational law has been passed, draft rules are in the final stages, and the government has signaled that enforcement will commence after a brief phased rollout. As of November 2025, organizations have a narrow runway to achieve compliance before the DPDP regime officially takes effect.