IDfy Wins MeitY’s Code for Consent DPDP Innovation Challenge

IDfy

Mumbai: IDfy has emerged as the winner of Code for Consent: The DPDP Innovation Challenge, a competition organized by the MeitY Startup Hub in collaboration with the National e-Governance Division (NeGD) under the Ministry of Electronics and Information Technology (MeitY). Jio Platforms Limited was named the runner-up.

According to the organizers, IDfy’s submission demonstrated strong alignment with the Digital Personal Data Protection (DPDP) Act, while showcasing notable innovation, technical robustness, and the practical applicability of its privacy and data governance platform.

The evaluation highlighted consent management as the entry point for end-to-end DPDP implementation.

The recognition places IDfy, a 15-year-old trust stack company, and Privy by IDfy, its privacy and data governance platform, at a significant point in India’s transition from privacy readiness to privacy execution.

As enterprises prepare for the operational requirements of the DPDP Act, the challenge evaluated whether organizations can obtain and manage user consent, govern personal data, and produce verifiable compliance evidence under India’s new privacy framework.

Challenge Focused on Enterprise-Scale DPDP Readiness

The competition was designed to identify systems capable of supporting consent management and enterprise-scale data governance required under the Digital Personal Data Protection Act, 2023.

With DPDP implementation drawing closer, consent is increasingly becoming a core system requirement rather than merely a compliance obligation.

The government-backed challenge emphasized solutions capable of operating effectively in real-world enterprise environments.

For enterprises, DPDP implementation requires visibility into where personal data resides, how it is classified, how it moves across systems and vendors, where risks exist, and whether organizations can produce evidence when required.

As a result, capabilities such as data discovery and classification, Data Security Posture Management (DSPM), third-party risk management, privacy impact assessments, and rights management have become central to compliance.

Entries in the competition were evaluated on technical capability, functional performance, and legal compliance readiness before finalists delivered live demonstrations and presentations.

The challenge also indicated that future DPDP compliance will extend beyond consent notices to integrated systems capable of governing consent, personal data, risks, user rights, and audit evidence across enterprise environments.

Also Read: FinTech Funding Q1 2026: India Raises $513M as Deal Count Drops 54%, Signaling Shift to Larger Bets

Privy by IDfy Built for Enterprise Privacy Governance

IDfy developed Privy as a privacy and data governance platform to help enterprises prepare for large-scale DPDP implementation.

The company maintains that while consent collection is the first step, enterprises must also understand where personal data resides, how it moves between systems and vendors, who has access to it, how data principal rights are fulfilled, and whether verifiable evidence can be produced during regulatory reviews.

Privy addresses these broader requirements through:

  • Consent governance
  • Data discovery and classification through Data Compass
  • Data principal rights management
  • Privacy risk assessments
  • Third-party risk management
  • Privacy-enhancing technologies
  • DSPM
  • Enterprise-wide compliance evidence

The platform builds upon IDfy’s 15 years of experience in identity verification, fraud prevention, and risk intelligence, where audit-ready documentation and large-scale operations have long been essential.

“The DPDP Act is forcing a boardroom shift in how companies treat trust and accountability,” said Malcolm Gomes, COO of IDfy and head of Privy. “What made this challenge different was the depth of the evaluation. It wasn’t a pitch. We were tested on legal readiness, technical robustness, and interoperability, then had to demonstrate it live. That validated something we’ve argued for a while: consent capture is the easy part.

The hard part is governing data across discovery, access, rights, and evidence at enterprise scale, and being able to prove it. With IDfy’s 15 years of experience in building trust infrastructure for Indian enterprises, Privy brings the same execution depth to privacy and data governance. This recognition from MeitY Startup Hub and NeGD strengthens our belief that India needs DPDP infrastructure that is scalable, interoperable, technically robust, and built for real-world adoption.”

Enterprises Shift from Compliance Checklists to Privacy Infrastructure

The recognition comes as privacy governance gains increasing attention at the boardroom level.

As personal data flows across products, vendors, and customer journeys, organizations are moving beyond one-time compliance initiatives toward continuous privacy infrastructure capable of supporting ongoing DPDP obligations.

According to the company, Privy by IDfy is currently used across banking, insurance, NBFCs, fintech, ecommerce, telecom, and professional services.

Its enterprise customers include:

  • Axis Bank
  • HSBC
  • Federal Bank
  • Shriram Finance
  • Aditya Birla Capital
  • Housing.com
  • Airtel
  • Shoppers Stop
  • Teleperformance

The company stated that the platform has more than 50 live enterprise implementations, covering nearly 500 million users and processing between 70 million and 80 million consent notices, making it one of the country’s largest ongoing DPDP implementation initiatives.

Extending IDfy’s TrustStack into Privacy

For IDfy, privacy governance represents a natural extension of its existing trust infrastructure.

The company says its 15 years in identity verification and fraud prevention have provided experience with India’s personal data ecosystem, including multilingual consent requirements, physical and digital data collection processes, and industry-specific customer data management practices.

Over the years, IDfy has built what it describes as its TrustStack across customer, employee, partner, and vendor journeys. Privy extends this foundation into privacy and data governance by providing interoperability, operational scale, and audit-ready evidence.

The company also notes that AI governance, cybersecurity, privacy, and vendor risk management are increasingly interconnected. A single data exposure may simultaneously create cybersecurity risks, privacy obligations, vendor management issues, and AI governance challenges.

Privy is positioned to help enterprises build the controls and evidence required to manage these overlapping responsibilities.

The announcement of the challenge results provides broader visibility to IDfy’s approach of building practical infrastructure for organizations preparing to implement the DPDP Act.

As implementation timelines move closer, enterprises will increasingly require systems capable of supporting data principal rights and demonstrating accountability at scale.

Author

  • Salil Urunkar

    Salil Urunkar is a senior journalist and the editorial mind behind Sahyadri Startups. With years of experience covering Pune’s entrepreneurial rise, he’s passionate about telling the real stories of founders, disruptors, and game-changers.

Back to top