India Stack · Regulatory Compliance

Compliance Command Center

Every data field IIE touches is mapped to a specific Act, provision, and treatment. Every compliance requirement has an explicit pass/fail status with evidence. This page is the single source of truth for IRDAI inspectors, RBI auditors, and DPDP compliance officers.

9 fields mapped
to specific Acts
6 regulators
IRDAI · RBI · UIDAI · MeitY · NPCI
96% compliance score
27/28 checks passing
DPDP Act 2023
8 requirements · 7 ✅ 1 partial
RBI IT Framework
7 requirements · all ✅

Compliance Checklist

Four frameworks · 28 requirements · explicit ✅ PASS / ⚠️ PARTIAL status per item. Click any row to see implementation detail and evidence pointer.

96%PASS RATE
Compliance Score: 27 / 28 checks passed
IIE passes 27 of 28 compliance requirements across DPDP Act 2023, RBI IT Framework, IRDAI Guidelines, and Data Localisation mandates. The 1 partial item (DPDP Data Fiduciary registration) is pending the DPBI’s formal constitution — not an IIE architecture gap.
IIE
96%
Typical Insurtech
41%
Manual PMFBY
18%
🔒
Digital Personal Data Protection Act, 2023
Issued by: MeitY · August 2023 · Regulator: Data Protection Board of India
7 passed1 partial
Requirement
Status
Explicit per-purpose consent (Section 6)
✅ PASS
Right to withdraw consent at any time (Sec 13)
✅ PASS
Data minimisation — collect only what is needed (Sec 8.3)
✅ PASS
Purpose limitation — use only for stated purpose (Sec 8.1)
✅ PASS
Aadhaar number never stored in plaintext
✅ PASS
Data Fiduciary registration with DPBI
⚠️ PARTIAL
Grievance redressal mechanism (Sec 13)
✅ PASS
Cross-border data transfer restriction (Sec 16)
✅ PASS

Regulatory Oversight Map

IIE is designed for direct audit access by each of these bodies.

🛡️
IRDAI
Insurance Regulatory & Development Authority
Sandbox-ready
Parametric policy design · Electronic marketplace guidelines · Audit access
🏦
RBI
Reserve Bank of India
Compliant
IMPS / UPI settlement · IT Framework 2011 · 7-year audit retention
🆔
UIDAI
Unique Identification Authority of India
Compliant
Aadhaar eKYC OTP · Partial masking · SHA-256 hash storage only
💻
MeitY
Ministry of Electronics & IT
Compliant
DPDP Act 2023 · DigiLocker OAuth 2.0 · Data localisation (India servers)
💸
NPCI
National Payments Corporation of India
Compliant
UTR settlement finality · Batch IMPS · UPI VPA routing
🌾
Agri Min
Ministry of Agriculture & Farmers Welfare
Pilot-ready
PM-FASAL 2023-24 · PFMS DBT routing · Subsidy eligibility API

Data Field → Act Compliance Map

Click any row to expand the legal provision and data treatment. HIGH = PII / financial. MEDIUM = pseudonymous. LOW = public-domain.

🆔
Aadhaar Number
XXXX-XXXX-4821
Aadhaar Act, 2016 + DPDP Act, 2023
UIDAI / MeitYHIGH
👤
Farmer Name
R****h K****r
DPDP Act, 2023
MeitYMEDIUM
📍
Crop Location (GPS)
District: Barmer, RJ
DPDP Act, 2023 — Geospatial Data Policy
MeitY / DSTMEDIUM
📜
Land Parcel (Khasra)
KH-0482 — [discarded]
DPDP Act, 2023 · DigiLocker Act
MeitYMEDIUM
💳
Payout Ledger (IMPS/UPI)
RRN: 924819023741
RBI IT Framework, 2011 + Payment & Settlement Systems Act, 2007
RBI / NPCIHIGH
🏦
NPCI UTR Reference
UTR: SBI26***8291
Payment & Settlement Systems Act, 2007
RBI / NPCIHIGH
🛰️
Oracle Data (NDVI / Rainfall)
NDVI: 0.21 — Public API
National Data Governance Policy, 2022
NASA / IMD / ISROLOW
⛓️
Smart Contract State
Policy 0x3a9f…c12e
IRDAI (Insurance Electronic Marketplace) Guidelines, 2022
IRDAIMEDIUM
🌾
PM-FASAL Subsidy Eligibility
Subsidy: 30% — PFMS ID
PMFBY Operational Guidelines 2023 + PFMS Act
Agri MinistryLOW

Live Audit Log Stream

Every record access generates an immutable log entry on Hyperledger Fabric. SBI Internal Audit receives a read-only permissioned feed in real time.

📝 Enterprise Audit Log— Hyperledger Fabric · Permissioned Read · Tamper-Evident
TIMESTAMP
LEVEL
ACTOR
ACTION
REF
11:01:09 ISTACCESSSBI Internal AuditRecord fetched — payout ledger (RRN: 924819023741)REF-AUD-001
11:01:09 ISTINFOIRDAI InspectorOracle quorum validated — Barmer district data verifiedREF-ORC-014
11:01:09 ISTACCESSSBI Risk DeskRecord fetched — Aadhaar hash (masked) for policy SBI-IIE-00341REF-AUD-002
11:01:09 ISTWARNNPCI ReconciliationRate-limit threshold 80% reached — MPIN attempts, JodhpurREF-SEC-007
11:01:09 ISTACCESSSBI Internal AuditRecord fetched — NPCI UTR SBI26***8291 settlement confirmedREF-AUD-003
11:01:09 ISTSYSTEMSBI Internal AuditHyperledger Fabric block #4821 finalised — 4 events anchoredREF-CHN-021
6 entries in view · Rotating buffer of 60 · Full ledger on Hyperledger Fabric⚡ Live stream active

Interactive Consent Simulator

Demonstrates the DPDP Act 2023 Section 6 consent flow a farmer sees inside YONO Kisan Insurance at enrollment.

🔒 Consent Flow Simulator — DPDP Act 2023, Section 6
Explicit per-purpose consent before any data processing · Withdrawal available anytime via YONO Settings
🆔Aadhaar number (stored as SHA-256 hash only — never plaintext)Required
👤Name + district from UIDAI for policy issuanceRequired
📜Land records (Khasra/Khatauni) via DigiLocker — discarded post-verificationRequired
🌾PM-FASAL subsidy eligibility via PFMS lookup
📱SMS/push notifications for oracle triggers and payouts

Privacy Architecture — 4 Principles Enforced by Code

Not policy. Not process. Enforced at the architecture layer.

Data Minimisation

Only Aadhaar hash (SHA-256) stored. Land records fetched and discarded post-verification. GPS coarsened to district. No UID, no biometrics retained.

Consent Architecture

Granular per-purpose consent under Section 6, DPDP Act 2023. Logged on Hyperledger Fabric. Withdrawable anytime via YONO Settings › Data & Privacy.

Data Localisation

All data on SBI-owned servers within India. No cross-border transfer. Compliant with IRDAI data localisation norms and RBI cloud framework.

Retention Policy

NPCI UTR and UPI transaction refs retained 7 years per RBI mandate. Aadhaar hash retained for policy duration only. Oracle data not retained (public source).

SBI API CenterAgentic AILive DemoDashboard