Serving Indian Enterprises, Startups & Boards
Helping Indian organizations navigate the DPDP Act, CERT-In mandates, ISO 42001, and global AI regulations — with expert governance advisory, Enterprise Architecture guidance, and Technology Strategy that turns compliance into competitive advantage.
About Cybercalm
Cybercalm is India's independent advisory platform focused on helping organizations manage risks from AI systems, cybersecurity threats, and data privacy obligations under Indian and global regulatory frameworks.
Led by Maya MS — an Enterprise Architect and Governance Advisor with over 20+ years of experience — Cybercalm brings deep technical expertise and practical governance leadership to Indian enterprises, startups, fintechs, and boards.
We specialize in India's DPDP Act, 2023, CERT-In cyber directions, SEBI CSCRF, and RBI cybersecurity frameworks — alongside international standards ISO 42001, ISO 27001, GDPR, and the EU AI Act.
Our approach is methodical, jargon-free, and designed for Indian business realities — delivering governance programs that regulators, boards, and investors rely on.
India's CERT-In directions mandate 6-hour incident reporting, virtual asset obligations, and log retention for minimum 180 days. Non-compliance attracts penalties.
India's Data Protection Law
India's landmark data protection legislation is now in force. The DPDP Act introduces binding obligations for every organization that collects, processes, or stores the personal data of Indian citizens.
Whether you are a startup, enterprise, healthcare platform, or fintech — DPDP compliance is now a board-level priority. Penalties can reach ₹250 crore.
Cybercalm provides end-to-end DPDP readiness advisory — from gap assessment and policy drafting to DPO appointment support and ongoing compliance management.
Non-compliance with DPDP Act obligations carries penalties up to ₹250 crore per violation.
Advisory Services
Responsible AI governance frameworks aligned with ISO 42001, EU AI Act, and MeitY's emerging AI policy.
Meeting CERT-In, SEBI CSCRF, and RBI mandates with security governance programs built for Indian regulations.
End-to-end DPDP Act compliance advisory — India's most urgent regulatory priority — plus GDPR for EU-facing businesses.
Senior governance leadership on demand — ideal for Indian startups and scaleups that need a CISO or CDPO without full-time cost.
Who We Serve
Build AI governance from day one. DPDP Act compliance, ISO 42001 readiness, and EU AI Act advisory for Indian AI-native companies scaling globally.
Navigate RBI Cybersecurity Framework, SEBI CSCRF 2024, and DPDP Act — advisory tailored for India's banking, financial services, and insurance sector.
Board-ready cyber risk briefings, AI governance dashboards, and DPDP compliance status reporting for enterprise leadership and audit committees.
Sensitive personal data under DPDP Act carries heightened obligations. Sector-specific privacy governance for India's healthcare and education platforms.
Dual-compliance advisory for Indian companies subject to DPDP Act domestically and GDPR, EU AI Act, or other international frameworks.
Mandatory CERT-In direction compliance — 6-hour incident reporting, VPN/cloud usage reporting, and log retention for critical sector organizations.
India Regulatory Landscape
Binding Data Fiduciary obligations, consent requirements, data principal rights, and cross-border transfer rules. Penalties up to ₹250 crore.
Mandatory 6-hour incident reporting, 180-day log retention, VPN and cloud usage reporting for all Indian organizations.
Mandatory cybersecurity framework for stock brokers, depositories, mutual funds, and all SEBI-regulated entities.
Cybersecurity and IT risk management requirements for banks, NBFCs, and payment system operators.
Indian SaaS platforms and AI developers serving EU markets must comply with the EU AI Act — including conformity assessments for high-risk AI systems.
The international standard for AI governance. Enterprise clients and global partners are now requiring ISO 42001 compliance in vendor agreements.
AI Governance in Practice
India is witnessing rapid AI adoption across banking, healthcare, e-commerce, HR, and government. Yet most organizations lack governance structures to manage AI risks — creating significant regulatory, reputational, and operational exposure.
MeitY's AI policy framework is evolving. The EU AI Act already applies to Indian companies serving European markets. ISO 42001 is now appearing in enterprise vendor agreements as a mandatory requirement.
Cybercalm helps Indian organizations design, implement, and maintain AI governance programs that satisfy regulators, investors, and customers — with practical frameworks built for Indian business realities.
Identifying bias, explainability failures, data quality risks, and regulatory gaps in AI systems.
Policies, controls, roles, and oversight structures for responsible AI across the product lifecycle.
Gap assessments and implementation roadmap for the international AI management system standard.
Conformity assessment support for Indian AI companies serving EU clients and markets.
Translating AI governance risk into clear narratives for boards, audit committees, and investors.
Resources & Insights
India's Digital Personal Data Protection Act is now in force. This practical guide covers key obligations for Data Fiduciaries, compliance timelines, penalties for non-compliance, and step-by-step actions for every organization — regardless of size or sector.
6-hour reporting, 180-day log retention — a compliance checklist for Indian companies.
SEBI's Cybersecurity Framework obligations for brokers, AMCs, and advisors explained.
Enterprise clients and global partners now require ISO 42001. A guide for Indian AI product companies.
How Indian software companies serving European markets must respond to the EU AI Act.
Get in Touch
