IDfy Wins MeitY–NeGD DPDP Innovation Challenge

On July 8, 2026, Baldor Technologies Pvt. Ltd., operating as IDfy, announced that it had won the Code for Consent: The DPDP Innovation Challenge, a competition organised by the MeitY Startup Hub in collaboration with the National e‑Governance Division (NeGD) under the Ministry of Electronics and Information Technology. Jio Platforms Limited was named the runner‑up.

The evaluators highlighted IDfy’s strong alignment with the Digital Personal Data Protection Act, 2023, citing notable innovation, technical robustness and the practical applicability of its privacy and data‑governance platform, Privy by IDfy, with consent management serving as the entry point to end‑to‑end DPDP implementation.

The challenge was designed to test systems on technical, functional and legal readiness through live demonstrations, reflecting the imminent enforcement of the DPDP Act where consent is shifting from a compliance after‑thought to a system‑level requirement. Enterprises will need visibility into data location, classification, movement across systems and vendors, risk exposure and the ability to produce verifiable evidence when required. Consequently, capabilities such as data discovery & classification, DSPM, third‑party risk management, privacy impact assessments and rights management are becoming central to compliance.

Privy by IDfy is built to address this broader compliance arc. The platform covers consent governance, data discovery and classification via Data Compass, data‑principal rights management, privacy risk assessments, third‑party risk management, privacy‑enhancing technologies, DSPM and compliance evidence across the data lifecycle. It leverages IDfy’s fifteen‑year experience in identity verification, fraud prevention and risk intelligence, where audit‑ready records and scalability are already standard.

"The DPDP Act is forcing a boardroom shift in how companies treat trust and accountability," said Malcolm Gomes, COO of IDfy and head of Privy. He noted that the challenge’s depth—testing legal readiness, technical robustness and interoperability followed by live demos—validated IDfy’s argument that consent capture is the easy part, while governing data, rights and evidence at enterprise scale is the real challenge.

The market is moving from a checklist approach to treating DPDP compliance as continuous operational infrastructure. Privy’s footprint reflects this shift, with over 50 live implementations across sectors such as banking, insurance, NBFCs, fintech, e‑commerce, telecom and professional services. Notable clients include Axis Bank, HSBC, Federal Bank, Shriram Finance, Aditya Birla Capital, Housing.com, Airtel, Shoppers Stop and Teleperformance. Across these deployments, Privy supports close to 500 million users and has processed between 70 million and 80 million consent notices, making it one of the largest ongoing DPDP implementation efforts in India.

IDfy positions privacy governance as a logical extension of its TrustStack, built over fifteen years to secure customer, employee, partner and vendor journeys. The convergence of AI, cybersecurity and privacy concerns means that a single data exposure can trigger multiple governance requirements, and Privy is positioned to provide the control and evidence layer needed in this complex digital ecosystem.

The public release of the result provides wider visibility to IDfy’s strategic bet that Indian enterprises will require practical, scalable infrastructure to honour data‑principal rights and demonstrate accountability at scale as the DPDP implementation deadline approaches.

---