LEGAL ASPECTS OF CLOUD COMPUTING IN INDIA: BRIDGING INNOVATION AND REGULATION

Cloud computing has become central to India’s digital transformation, offering scalable and on-demand services but also raising significant legal challenges. India does not have a dedicated cloud law; instead, the framework is derived from general statutes such as the Information Technology Act, 2000, the Indian Contract Act, 1872, and the Arbitration and Conciliation Act, 1996. Privacy and data protection are addressed through the Digital Personal Data Protection Act, 2023, which introduces consent-based processing, user rights, and conditional cross-border transfers, alongside the earlier SPDI Rules. Key issues include privacy, security liability, jurisdiction in cross-border data storage, and contractual imbalances in cloud agreements. Government initiatives like the GI Cloud (Meghraj) project, recognition of data centres as infrastructure, and the Draft Data Centre Policy, 2020 show efforts to support sovereignty and innovation. Market trends indicate rapid adoption, with both global providers (AWS, Microsoft, Google) and Indian IT firms (TCS, Infosys) expanding services. While India’s legal landscape for cloud computing is evolving, gaps remain in localization requirements, provider accountability, and interoperability standards. Strengthening statutory clarity and regulatory benchmarks will be crucial to balance innovation, consumer protection, and data sovereignty.