Compliance Command Center
Every data field IIE touches is mapped to a specific Act, provision, and treatment. Every compliance requirement has an explicit pass/fail status with evidence. This page is the single source of truth for IRDAI inspectors, RBI auditors, and DPDP compliance officers.
Compliance Checklist
Four frameworks · 28 requirements · explicit ✅ PASS / ⚠️ PARTIAL status per item. Click any row to see implementation detail and evidence pointer.
Regulatory Oversight Map
IIE is designed for direct audit access by each of these bodies.
Data Field → Act Compliance Map
Click any row to expand the legal provision and data treatment. HIGH = PII / financial. MEDIUM = pseudonymous. LOW = public-domain.
Live Audit Log Stream
Every record access generates an immutable log entry on Hyperledger Fabric. SBI Internal Audit receives a read-only permissioned feed in real time.
Interactive Consent Simulator
Demonstrates the DPDP Act 2023 Section 6 consent flow a farmer sees inside YONO Kisan Insurance at enrollment.
Privacy Architecture — 4 Principles Enforced by Code
Not policy. Not process. Enforced at the architecture layer.
Only Aadhaar hash (SHA-256) stored. Land records fetched and discarded post-verification. GPS coarsened to district. No UID, no biometrics retained.
Granular per-purpose consent under Section 6, DPDP Act 2023. Logged on Hyperledger Fabric. Withdrawable anytime via YONO Settings › Data & Privacy.
All data on SBI-owned servers within India. No cross-border transfer. Compliant with IRDAI data localisation norms and RBI cloud framework.
NPCI UTR and UPI transaction refs retained 7 years per RBI mandate. Aadhaar hash retained for policy duration only. Oracle data not retained (public source).