Regulation
The rules that shape a deployment
In regulated Indian industries, the architecture is downstream of the regulation. These pages cover the laws and directions that decide where data lives, who can audit a decision, and how fast an incident must be reported — and how Vihaya’s audit-grade, in-VPC design is built to map onto each. None of this is legal advice; compliance is the regulated entity’s determination.
- Data protectionDPDP Act 2023India’s federal personal-data law: data-fiduciary obligations, notice + consent, and breach notification — with penalties up to ₹250 crore.Read more
- BankingRBI IT outsourcingThe Master Direction governing how banks and NBFCs outsource IT: audit rights, BCP/DR, and exit management.Read more
- BankingRBI data localisationThe 2018 directive requiring payment-system data to be stored only in India — and what in-VPC deployment means for it.Read more
- InsuranceIRDAI cyber securityThe information-and-cyber-security guidelines binding Indian insurers: board oversight, audit rights, and incident reporting.Read more
- Incident responseCERT-In reportingThe six-hour incident-reporting window under CERT-In’s 2022 directions, and how audit events make it operationally achievable.Read more
- Capital marketsSEBI cloud frameworkSEBI’s framework for adoption of cloud services by regulated entities: governance, data ownership, and exit obligations.Read more
- HealthcareABDMAyushman Bharat Digital Mission: the FHIR-based health-information exchange, the ABHA ID, and what ingest looks like.Read more
Next step
Map your compliance posture to the architecture
We walk through the DPDP / RBI / IRDAI artefacts a pilot SOW would include. 30-minute call.
Talk to us about a pilot