TCS is prepared to apply for a DPDP "consent manager" permit
TCS Eyes Consent Manager Role Under India’s New Data Protection Rules
Tata Consultancy Services (TCS) is reportedly preparing to apply for a “consent manager” permit under India’s Digital Personal Data Protection (DPDP) rules, according to sources familiar with the matter. Reliance’s Jio Platforms is already in the race for what is emerging as one of India’s largest data-governance opportunities.
The country’s new data protection regime is expected to create a ₹10,000-crore compliance-as-a-service market over the next three years, as businesses invest in privacy automation and services to comply with the rules, consulting firm EY India said. Of this, consent management alone could represent roughly ₹1,000 crore, or 10% of the market.
For TCS, entering the consent management space could open a scalable new revenue stream, as enterprises increasingly seek end-to-end solutions for data governance, including data discovery, mapping, compliance reporting, audit trails, and breach management.
According to Mini Gupta, Partner at EY India, there are two distinct opportunities in this market:
-
Consent management technology providers – offering platforms that data fiduciaries can use to manage user consent.
-
Government-empanelled consent managers – acting as neutral intermediaries between individuals and companies, providing an independent layer of trust and transparency.
“Early players in the empanelled consent manager model stand to gain significant market penetration,” Gupta said.
Under the DPDP Act, a consent manager (CM) is a registered entity that operates a neutral, interoperable, privacy-enabled platform, allowing users to give, review, withdraw, or modify consent for data fiduciaries. To qualify, applicants must be incorporated in India and have a minimum net worth of ₹2 crore.
The IT Ministry recently selected six companies for its “Code for Consent” challenge to demonstrate proof-of-concept: Jio Platforms, Baldor Technologies (IDfy), VertexTech Labs (Redacto), Quagga Tech (Zoop), Concur, and Aurelion Future Forge.
Gupta noted that the interoperable nature of consent managers could allow them to operate across sectors such as BFSI, health, and telecom, giving access to identity tokens across platforms. On the commercial side, pricing is expected to follow a hybrid model, combining a base fee for platform access and consent lifecycle management with a usage-based fee per consent transaction and for value-added services.
While the DPDP rules prohibit consent managers from monetising personal data, aggregated, anonymised insights or services built on metadata remain allowable, providing additional avenues for commercialisation.
