Which Indian regulations apply to your WhatsApp business?
Answer 5 questions. Get a personalised, actionable checklist covering DPDP, RBI, IRDAI, AIGF, Section 194BA, NHCX, SEBI BRSR, GST e-invoice, Consumer Protection (E-commerce) Rules, and the WhatsApp 24-hour session window.
What industry best describes your business?
We map sector-specific regulators (RBI, IRDAI, AIGF, DGCA, FSSAI, RERA, etc.)
Frequently asked questions
Is the DPDP Act 2023 actually enforced yet?+
Yes. The Digital Personal Data Protection Act 2023 was notified and the Rules were issued in early 2025. The Data Protection Board of India (DPBI) is operational from 2026. Any Indian business that collects personal data (name, phone, address, email, KYC, location) of customers is a Data Fiduciary and must obtain explicit, granular, withdrawable consent — including for WhatsApp opt-ins. Penalties go up to ₹250 crore per breach. Even SMBs with under ₹50L revenue are covered if they handle personal data.
How does the WhatsApp 24-hour session window affect compliance?+
Meta's WhatsApp Business policy treats every conversation as one of four categories — marketing, utility, authentication, or service. A free-form service reply is only allowed inside the 24-hour customer service window opened by an inbound user message. Outside that window you MUST use a pre-approved template and pay marketing or utility rates. Sending marketing messages disguised as utility is a policy violation that can lead to phone number quality downgrades and bans. RichAutomate enforces this automatically.
I run a small gaming app — do I really need to follow AIGF rules and Section 194BA?+
If your app involves real-money skill gaming or fantasy sports, both apply from day one. AIGF (All India Gaming Federation) Self-Regulatory Code mandates KYC at onboarding, deposit limits, time/spend nudges, and responsible-gaming disclosures on every promotional message including WhatsApp. Section 194BA of the Income Tax Act requires 30% TDS deduction on net winnings at withdrawal, with quarterly returns to CBDT. Missing either invites RBI/MEITY scrutiny and disallowance of expenses.
What is NHCX FHIR and when does it matter?+
The National Health Claims Exchange (NHCX) is the IRDAI + NHA platform that standardises hospital-insurer cashless claims using HL7 FHIR R4 schemas. From the IRDAI Cashless Master Circular (July 2024, enforced 2025-26), all health insurance cashless claims must flow through NHCX with FHIR-formatted documents. Hospitals, TPAs and insurers exchanging claim data on WhatsApp must use the FHIR JSON payload — plain PDF or photo submissions are being phased out.
My company is under ₹50 crore — do I still need SEBI BRSR?+
BRSR (Business Responsibility and Sustainability Reporting) is mandatory only for the top 1,000 listed companies by market cap. If you are an unlisted SMB under ₹500 crore revenue, BRSR does not apply directly — but BRSR Lite is increasingly demanded by enterprise buyers in their vendor onboarding. Plan for it if you supply to listed companies.
Is my audit result legally binding advice?+
No. This is an educational self-audit to help Indian SMBs identify which regulatory regimes likely apply to their WhatsApp Business setup. It is not legal advice. For binding interpretation, consult a qualified Indian lawyer or your compliance officer. Citations point to public regulatory texts and our own deep-research guides.