Why Enterprise AI cannot train freely under India’s DPDP Act
Most AI founders assume that if users give consent to use their data, they can use it to improve their models.
That assumption does not hold in India.
The DPDP Act turns consent into a system constraint, not a one time permission.
India’s Digital Personal Data Protection Act, 2023 and the DPDP Rules, 2025, while introducing privacy rights in personal data, create a set of structural constraints on how enterprise AI is built, trained, deployed and monetised in India.
1. Consent architecture vs continuous and agentic AI
The fundamental tension arises from the DPDP Act’s consent architecture, which ties consent to a specified purpose, while AI by its nature is continuous, adaptive and iterative. Under the DPDP Act, consent must be free, specific, informed and unambiguous. It signifies agreement to processing of personal data for a specified purpose and is limited to such personal data as is necessary for that purpose. Withdrawal of consent requires cessation of processing and deletion of data.
Agentic systems do not operate for static specified purposes. They evolve tasks and optimise outputs through model improvement loops involving fine tuning and feedback learning that extend beyond original purpose boundaries. The DPDP framework is not designed for this kind of iterative reuse and cross context learning.
Enterprise AI is not always designed around personal data, but once deployed across communications, workflows and feedback cycles, it almost always processes it. The tying of consent to specified purposes does not reflect how AI systems derive value from reuse of data across use cases. Enterprise AI routinely repurposes data across workflows. Under the DPDP Act, an AI developer cannot freely reuse customer data to improve general models. This limits the ability to scale through shared learning across deployments.
While promoting deployment and adoption of AI systems across sectors is a core objective of India’s AI Mission, the DPDP Act and Rules do not directly engage with a basic feature of AI systems, which is the use of data for training.
2. Training data ambiguity
In modern AI systems, data input into the system by the user is logged, analysed and reused for improvement. The system is inherently iterative. Data used to generate outputs, commonly described as inference data, becomes training data over time.
The DPDP Act ties consent to a specified purpose. Training is not the same purpose as the service requested by the user. It therefore requires separate consent and explicit disclosure of that purpose. There is no practical equivalent of blanket consent for open ended training within the DPDP framework.
AI companies often state that they use data to provide the service and improve the model. Under the DPDP Act, that position has to be unpacked. Consent for training must be separately obtained. The DPDP framework does not replicate the GDPR’s more flexible lawful bases such as legitimate interest.
This creates a founder level risk. The model improvement pipeline can become legally exposed, particularly in enterprise copilots and SaaS systems built on feedback loops.
The implication is structural. A dynamic consent layer is not something that can be added later. It has to be built into product architecture from the outset.
3. Data Fiduciary cannot delegate responsibility
The DPDP Act defines the entity that determines the purpose and means of processing as the Data Fiduciary. A Data Fiduciary carries statutory obligations, including implementing reasonable security safeguards, erasing data upon withdrawal of consent, and complying with retention requirements.
Responsibility remains with the Data Fiduciary and cannot be shifted through contract, even where processing is outsourced to processors or vendors.
In enterprise AI, the stack typically involves a hyperscaler, a model provider, an integrator and the enterprise client. Under the DPDP framework, regulatory exposure follows position in the stack, not contractual allocation of risk. This is often misaligned with how AI startups structure liability.
Agentic AI introduces an additional layer of complexity. In certain deployments, it may in practice influence or shape the purpose and means of processing. In such cases, the deployer of the system, rather than the client, may be characterised as the Data Fiduciary. The concept of a single entity controlling purpose and means sits uneasily with distributed and adaptive AI systems.
4. Conclusion
For an AI founder, the DPDP Act forces structural choices.
First, you do not own the data. You have a conditional right to use it, tied to the consent obtained for a specified purpose.
Second, consent is not a one time event. It becomes a live system dependency. Data flows, consent layers and training pipelines have to be designed together.
The real exposure is not the initial use of personal data, but the silent transition from incidental use at the inference stage to systematic reuse for model improvement.
Aparna Viswanathan
Bar at Law (of Lincoln’s Inn), Attorney (admitted in NY, DC, CA)
AMALA AI Legal Consultants Srl
https://www.linkedin.com/pulse/why-enterprise-ai-cannot-train-freely-under-indias-dpdp-viswanathan-g2nvc/
