BDAC issues and maintains a public registry of DPDPA readiness credentials, assessed against a transparent, published control set. Buyers can verify a vendor in seconds; organisations can prove their readiness to customers, partners, and procurement.
Readiness is measured against a published 12-domain control set mapped to the DPDP Act and Rules — at Tier 2 and Tier 3, evidence is independently reviewed.
Every credential carries a unique ID and QR that resolves to its live entry here. The registry is the source of truth — a screenshot proves nothing.
Published criteria, a technical oversight committee, and a strict conflict-of-interest wall: an assessor never certifies work it helped implement.
The same model that makes SOC 2 demanded worldwide with no government behind it: transparent mapped criteria, a live public registry, tiered independent assessment, named-assessor liability, and — above all — buyers who require it. See how it works.
Require a current BDAC credential from vendors processing personal data on your behalf. Add the mandate clause →
Earn a credential and a public registry entry you can show to customers and procurement. Get certified →
Prep clients to the published criteria and counter-sign Tier 2 credentials. Apply →