National Data Governance Framework Policy

The National Data Governance Framework Policy (NDGFP) was released in draft form by India's Ministry of Electronics and Information Technology (MeitY) in May 2022, superseding the earlier and withdrawn draft "India Data Accessibility and Use Policy" of February 2022, which had attracted criticism for proposing to monetise and sell government data. The policy derives its rationale from the constitutional and statutory architecture governing the Indian state's information assets, and is conceived as a companion instrument to the Digital Personal Data Protection Act, 2023, which governs personal data, while the NDGFP concerns itself principally with the governance and sharing of non-personal data and anonymised datasets held across government departments. It builds upon recommendations of the B.N. Srikrishna Committee (2018) on data protection and the Kris Gopalakrishnan Committee report on the governance of non-personal data, situating itself within the broader Digital India programme launched in 2015.

Procedurally, the framework's central mechanism is the establishment of an India Data Management Office (IDMO), to be constituted within the Digital India Corporation under MeitY. The IDMO is charged with framing, managing, reviewing, and periodically revising the policy, and with designing the rules, standards, and guidelines that all central government ministries and departments must observe. Under the framework, each ministry and department designates a Chief Data Officer or a Data Management Unit responsible for implementing IDMO standards, classifying datasets, and ensuring metadata is catalogued in a standardised, machine-readable form. Datasets are to be identified, anonymised where they contain personal elements, and made available through a designated platform for access by government entities, researchers, startups, and academia.

The framework introduces several operative instruments beyond the IDMO. It contemplates the creation of an India Datasets programme, comprising non-personal and anonymised datasets sourced from central government entities, with state governments encouraged to contribute voluntarily. Access is to be mediated through standardised protocols and, in some readings of the draft, through Application Programming Interfaces (APIs) and a data-exchange platform. The policy distinguishes between data shared freely for public and research use and data that may be accessed by Indian startups and entities under defined conditions. It also prescribes data-quality standards, common metadata schemas, interoperability requirements, and retention and storage norms intended to break departmental data silos and reduce duplicative collection across the bureaucracy.

In the contemporary policy landscape, the draft has moved in tandem with the Digital Personal Data Protection Act, 2023, enacted by Parliament and assented to in August 2023, and with the wider digital-economy agenda articulated by MeitY in New Delhi. The IDMO's eventual notification was envisaged to follow consultation rounds conducted through 2022. Stakeholders including the Internet and Mobile Association of India, civil-society bodies such as the Internet Freedom Foundation, and industry associations submitted comments during the public consultation window. The framework is frequently invoked alongside the proposed Digital India Act, intended to replace the Information Technology Act, 2000, signalling a coordinated overhaul of India's digital statutory base.

The NDGFP must be distinguished from adjacent instruments with which it is easily conflated. It is not the Digital Personal Data Protection Act, which regulates the processing of identifiable personal data and creates a Data Protection Board; the NDGFP deliberately confines itself to non-personal and anonymised data. It is likewise distinct from the National Data Sharing and Accessibility Policy (NDSAP) of 2012, an earlier and narrower open-data instrument operationalised through the data.gov.in portal. It differs again from sectoral account-aggregator and consent-architecture frameworks under the Reserve Bank of India, and from the Open Government Data ecosystem, in that the NDGFP is explicitly oriented toward enabling artificial-intelligence and analytics innovation by furnishing large, standardised, anonymised datasets.

Controversy has attended the draft on several fronts. Critics warned that anonymisation is reversible through re-identification techniques, that the policy lacked statutory backing and a clear grievance-redress mechanism, and that monetisation concerns, though softened from the earlier accessibility draft, were not fully dispelled. Questions persist over the federal dimension: data held by state governments falls largely outside compulsory coverage, and "Public Order" and "Police" being State subjects under the Seventh Schedule complicate centralised mandates. Observers also noted tension with the principle of purpose limitation, since pooling datasets for unspecified future innovation sits uneasily against data-minimisation norms. As of the draft's circulation, the policy had not been notified into operative force, and its final contours awaited the IDMO's constitution.

For the working practitioner, the NDGFP is significant as the connective tissue of India's emerging data-state. Desk officers and policy researchers should treat it as the supply-side complement to the DPDP Act's rights-based regime: where one protects the individual, the other mobilises the state's aggregate informational capital for governance analytics, evidence-based policymaking, and the domestic AI sector. Diplomats tracking India's digital-sovereignty posture, data-localisation debates, and cross-border data-flow negotiations should read the framework as evidence of New Delhi's preference for state-curated, nationally pooled data assets over open transnational flows, a stance that shapes India's positions in fora such as the G20 Digital Economy Working Group and bilateral digital-trade discussions.