India's BIS and DSCI seek industry input

India just opened a small but unusually practical door for cyber and privacy policy: the Data Security Council of India asked companies and experts to send input on national standards priorities, and that points straight at the Bureau of Indian Standards process that turns those priorities into Indian standards. (dsci.in) (bis.gov.in) The Bureau of Indian Standards is the body that writes India’s official standards, and its own 2022 Standards National Action Plan says those standards are built through technical committees with stakeholder consultation and consensus. (bis.gov.in) In cybersecurity, the relevant Bureau of Indian Standards committee is called LITD 17, and a 2025 Bureau of Indian Standards compendium says that committee mirrors the international committee ISO/IEC JTC 1/SC 27 on information security, cybersecurity, and privacy protection. (services.bis.gov.in) That mirror matters because it is how domestic standards work like an adapter plug: Indian experts debate a topic inside the Bureau of Indian Standards committee, and those positions can then feed into the international table instead of arriving after the rules are already written. (services.bis.gov.in) (bis.gov.in) The 2025 Bureau of Indian Standards compendium lists the main subjects already in play, including information security management systems, cryptographic techniques and key management, evaluation of information technology security, identity management, biometrics, and data privacy and protection. (services.bis.gov.in) This is landing while India is moving from broad privacy law to detailed implementation. The Digital Personal Data Protection Act became law on August 11, 2023, and it sets the legal frame for how digital personal data can be processed. (indiacode.nic.in) Law tells companies what they must do, but standards usually tell them how to do it in practice. That is why a consultation on privacy and cybersecurity standards matters more than it sounds: it can shape the checklists, controls, and common definitions that firms will actually build into products and audits. (indiacode.nic.in) (services.bis.gov.in) The Data Security Council of India has been building toward this for a while. Its 2024-25 privacy report says it ran a Data Protection Summit, privacy workshops, sector-specific guides, and work on cross-border privacy rules, which means it already has an industry network ready to turn complaints and edge cases into standards proposals. (dsci.in) For companies, this is the stage where niche problems can still get written into the blueprint. A bank, hospital, software exporter, or startup can argue now for India-specific profiles on breach handling, consent flows, encryption practices, or audit expectations before those ideas harden into national and then international norms. (dsci.in) (services.bis.gov.in) The Bureau of Indian Standards even keeps a public drafts portal for standards open for comments, which shows the machinery for consultation already exists. What the Data Security Council of India appears to be doing now is feeding that machinery with cybersecurity and privacy priorities while the field is still being defined. (bis.gov.in) (dsci.in)