DPDPA Assurance Registry

Independent proof that an organisation is DPDPA-ready.

BDAC issues and maintains a public registry of DPDPA readiness credentials, assessed against a transparent, published control set. Buyers can verify a vendor in seconds; organisations can prove their readiness to customers, partners, and procurement.

Verify a credential → How it works

What a BDAC credential means

01

Assessed, not asserted

Readiness is measured against a published 12-domain control set mapped to the DPDP Act and Rules — at Tier 2 and Tier 3, evidence is independently reviewed.

02

Verifiable in seconds

Every credential carries a unique ID and QR that resolves to its live entry here. The registry is the source of truth — a screenshot proves nothing.

03

Independently governed

Published criteria, a technical oversight committee, and a strict conflict-of-interest wall: an assessor never certifies work it helped implement.

Why it holds weight without government accreditation

The same model that makes SOC 2 demanded worldwide with no government behind it: transparent mapped criteria, a live public registry, tiered independent assessment, named-assessor liability, and — above all — buyers who require it. See how it works.

For buyers & for organisations

BUYERS

Trust your supply chain

Require a current BDAC credential from vendors processing personal data on your behalf. Add the mandate clause →

ORGANISATIONS

Prove your readiness

Earn a credential and a public registry entry you can show to customers and procurement. Get certified →

CONSULTANTS & CAs

Become a Facilitator

Prep clients to the published criteria and counter-sign Tier 2 credentials. Apply →