The CCFS-2026 Negative List: Does Your Business Qualify for the Late Fee Waiver?

CCFS-2026 Late Fee Waiver is a major compliance relief scheme introduced by the Ministry of Corporate Affairs (MCA) for inactive and defaulting companies in India. The scheme allows eligible companies to save up to 90% on ROC late filing penalties, regularize pending filings, and avoid severe compliance consequences before the July 15, 2026 deadline.

Is Your Inactive Business Costing You Millions? How CCFS-2026 is an Inexpensive Exit Strategy for You

Many people started companies as part of their entrepreneurial vision. But many of these visions were disrupted. Market trends shifted. Major funding difficulties arose. Internal partner disputes emerged. Other unexpected events occurred. These factors led to total or partial business shutdowns. When these businesses shut down, business owners found new businesses to operate but remained tied to the existing corporate structure.

This undesired neglect creates a significant, yet silent cost on the corporate promoter and the country.

Regulatory requirements from the Ministry of Corporate Affairs govern inactive companies. A company will never automatically shut down just because it is inactive. Instead, an inactive company continues to exist legally. It exists as long as it has not filed for bankruptcy. This remains true even when there are no sales. There may be no funds in the bank. There may be no employee payrolls. There may be no GST filings.

A common misconception among many directors is that, due to the inactivity of their business, it is unnecessary to file compliance forms since they will not have generated any revenue during its period of dormancy. This single belief tends to create very large financial problems. Under the current legal framework, statutory filing defaults will automatically incur an ongoing, unlimited, late filing penalty of ₹100 each day that a failure to file occurs for each form. This can add up over a period of complete dormancy. Promoters of inactive companies eventually receive notices to pay substantial penalties. These penalties have been accumulating over time. The notices arrive during unexpected or urgent times. For example, a promoter may need funds to raise new equity. They may need to secure bank loans. They may want to launch an unrelated new business venture. They may need to conduct corporate due diligence. Or they may need to liquidate the legal entity.

In order to find a solution for this nationwide problem, the Government of India has set up the Companies Compliance Facilitation Scheme 2026 (CCFS-2026) via MCA General Circular No. 01/2026. This amnesty scheme will run from April 15, 2026 to July 15, 2026 and is an unprecedented opportunity for companies that have not reported their compliance with ROC records to correct that compliance at a substantially reduced cost.

The catch is that not all companies are eligible for a clean slate. How your company will exit the CCFS will depend on whether or not your company meets the criteria outlined in the CCFS Negative List. If you do not qualify, you will be excluded from the CCFS, and you will be liable to face further legal liabilities and be subject to active prosecution for your actions.

What is the CCFS-2026 Late Fee Waiver?

CCFS-2026 is designed as an amnesty program specifically for corporations and to reduce excessive fees associated with malfeasance (failure to file). The MCA (Ministry of Corporate Affairs) has developed this financial program to assist small businesses and MSMEs (micro, small and medium-sized enterprises) through elimination of penalties accrued as a result of their failure to appropriately update their statutory records due to the high penalty rates.

In normal times, a business that fails to file the last three years of its annual returns will have with respect to accumulated late fees, likely in excess of ₹200,000 total. CCFS-2026 changes businesses’ financial situation by allowing them three different pathways to multiply the effect of their financial situation:

Understanding the CCFS-2026 Developmentally Based Negative List

The Negative List is a key regulatory barrier to certain types of corporations claiming exemptions from fees. CCFS-2026 clearly defines the categories of companies that are not eligible for fee waivers, penalty relief, or immunity from prosecution.

Filing an MCA21 V3 application without checking eligibility under the Negative List can lead to immediate rejection. It may also result in loss of the filing fee and exposure to strict enforcement actions.

 1. Companies Already Targeted by Active Strike-Off Action

Companies that have already been struck off cannot benefit from CCFS-2026. The scheme is unavailable once the ROC initiates action under Section 248 for non-compliance.

If the ROC issues a final strike-off notice due to non-filing for three or more years, the company becomes ineligible for the amnesty window. In such cases, promoters must follow the lengthy restoration process before the NCLT.

2. Prior Strike-Off or Dormancy Applicants


The following benefits will not be available to businesses that have previously applied to strike themselves off or that previously been marked dormant. If either your business management previously attempted to strike off your business through e-filing Form STK-2 or through e-filing Form MSC-1 to obtain the dormant status prior to April 15, 2026, then you will not have the ability to claim any refunds or to process any application for the discounted fees retroactively.

3. Classified as "Vanish Companies"

In terms of corporate negligence, the "vanish category" represents the ultimate level/type of company failure. By definition from the regulators, this categorization describes companies that obtained public funding or credit and have completely abandoned all regulatory obligations. If your company has a registered office that does not physically exist, has no identifiable operations, and its registered directors cannot be found through conventional channels of communication and have effectively "vanished," it will be permanently listed on the "whitelist" or blacklist. Government will never allow an inexpensive amnesty offer to any untraceable management.

4. Merged / Fiscally Cleared

Entities that ceased to exist due to mergers, restructurings, or court-approved amalgamations are not covered under this framework. Their corporate history already forms part of the surviving entity. Therefore, they are no longer treated as independent legal entities eligible for a fresh compliance status.

5. Entities That are Under Current Investigation

• CCFS-2026 assists legitimate, struggling owners in catching up on real delays — not in helping bad actors escape.

This system exclusively prohibits companies who are currently under an active investigation, fraud inquiry, or structural enforcement action undertaken by:

- The Serious Fraud Investigation Office (SFIO)

- The Enforcement Directorate (ED)

- The Income Tax Department or the Central Board of Direct Taxes (CBDT)

- State and Regional anti-fraud, corporate scan departments

• Companies involved in fake GST billing, tax evasion, money laundering, accommodation entries, or shell company activities will remain on the Negative List. Investigating agencies will strictly monitor such entities.

Critical Regulatory Boundary

CCFS-2026 immunity solely applies, therefore, to the penalties or prosecution for trespass that arise directly from the default of statutory returns. In fine: No protection under law, no corporate immunity, no pardon in respect of corporate fraud, and no exemption in respect of accounting falsification, tax evasion, or any criminal liabilities.

Who Will Benefit from CCFS-2026?

This unprecedented three-month corporate reset fully removes thousands of companies from the Negative List.

Inactive Start-Up Companies Wishing to Achieve a Total Reset

Many entrepreneurs incorporated their privately held companies over the last several economic cycles and have encountered operational walls before getting to the stage of scale-up; for these business owners to qualify for future funding from venture capital firms and to be able to conduct business again through their retained/inactive company(s), the CCFS-2026 provides the opportunity for owners who have an inactive entity with significant compliance issues to regularize their previous complete filing history through the payment of a small fee.

Close Corporations Owned by Families and Traditions

Most family-run businesses created multi-tiered, multi-business corporate divisions that added new lines, but the family later abandoned or failed to develop them. Families can take advantage of this opportunity by removing their already existing debt related to the corporation's previous business model and therefore establishing a strong, low-cost process to close their corporation in a safe manner.

Directors Who Face Eligibility Disqualifications

According to Section 164 of the Act, if any company fails to submit their financial statements and/or annual returns to the Registrar of Companies for a continuous period of three financial years, then the company's directors shall immediately become ineligible for a period of five years. A direct result of being disqualified is that the director will automatically lose his/her Director Identification Number (DIN). The use of this eligibility disqualification can provide a powerful source of protection to a director (by allowing them to obtain a new DIN) if the company has outstanding financial statements/annual return filings.

Forms Eligible For The CCFS-2026 Program

Companies with pending annual filings and heavy late fees can benefit from the CCFS-2026 window. The scheme allows businesses to clear various long-pending annual and event-based compliance forms.

Annual Forms

Structural And Accountability Forms

Exiting And Transitioning Forms

The Support BMA Provides During Your Organisation's Strategic Timeline

To navigate the MCA21 V3 portal successfully during an amnesty window (which provides an opportunity for companies to clear any non-compliance issues in a timely manner) takes a high degree of operational accuracy. BMA is your trusted partner, providing you with corporate growth and organization structure alignment for your entire package of documentation to pass through all the regulatory screening processes without any issues.

Your entire spectrum of services ensures your board of directors will be protected and that you will leave the organization in a clean exit strategy.

1 .Complete Compliance Diagnostics Review 

BMA does not rely on guesswork; we log directly into your master dashboard on the official MCA Portal to conduct a structural compliance audit of ten going back to every unfiled form that dates from a previous financial cycle.  We develop a real-time report showing the total amount of fees you are entitled to receive in reducing the total fees you have incurred, and provide this information prior to your uploading any documents.

2. Financial Reconstruction and Statutory Auditing

Financial reconstruction and statutory auditing cannot be accomplished utilizing a blank or hypothetical informational template as part of the standard registration process.  Each missing yearly record of compliance will be reconstructed by BMA’s firm of accountants in order to provide annual balance sheets in retrospect for any year not complying with the Financial Care Regulations.  Director’s Reports will be established outlining BMA’s firm of accountants are the only independently registered and certified accountants to sign off/ validate a Form AOC-4 Data Package.

3. Aligned Auditor Mandate Prioritization

Processing financial statements through the V3 system architecture has been a significant example of a structural bottleneck due to not having an active verified auditor associated with your Corporate Identification Number (CIN) to develop financial statements. BMA is responsible for preparing and submitting the overdue Form ADT-1 for your company as a priority and fixing all backend system-generated errors associated with your financial statements to ensure they flow smoothly through the system.

4. Managing DSCs and Uploads to Portals

We will audit and verify your management group Director Identification Number (DIN) and update your mandatory DIR-3 KYC filings, so that all directors will have an active status. Our processing team will prepare and coordinate all Digital Crypto Signatures (DSCs) and explicitly complete your data forms according to the CCFS-2026 prompt, ensuring you receive an automatic 90% penalty reduction at payment processing.

Do not commit these high-risk compliance mistakes.

Management teams have to be careful not to trip into operational pitfalls as compliance teams go quickly towards the upcoming summer deadline.

1. Believing in the "No Business" Myth:

Simply repeating “no operations” will not stop an automated MCA compliance algorithm from applying hefty penalties against your company's financial resources. The law imposes an indiscriminate obligation to file until a firm has been removed from the franchise register.

2. Expecting a Last-minute System Extension:

There have historically been founders waiting to file again so they could receive an arbitrary extension from MCA to file with amnesty. The government has repeatedly sent very clear messages that there is a firm no-extension date of July 15th, 2026.

3. Filing Documents Without a Complete Negative List:

Filing non-compliant forms with the intention of being difficult with the system will result in the loss of all the filing fees for any entity in consideration of the drawing of increased government scrutiny attached directly through the governing body.

Conclusion - Take Action Now While You Can

Procrastination when it comes to adhering to compliance regulations is one of the top reasons for companies’ failure to generate any revenue after they close their doors.

Companies can no longer let an inactive company sit idle for years while ignoring compliance requirements to the fullest extent of the law — this old theory is no longer practical in the heavily regulated and electronically monitored climate of India. After the cut-off date of July 15, 2026, the imposition of penalties from the regular penalty regime will recommence on a daily basis at ₹100 per day per form.

The Ministry of Corporate Affairs (MCA) is likely to institute severe penalties under 454 against all defunct corporate entities whose directors have been ignoring compliance requirements for years. The penalties could be significant and may include monetary penalties against the directors and corporate entities as well as movement to the Negative List.

As such, the CCFS-2026 implementation framework provides your company with the best opportunity to reduce potential penalties under the "normal" regime by up to 90%, to create a plan that eliminates any previous non-compliance issues associated with earlier years, and to create a successful exit for your company and a legal exit from the Negative List. Reach out to the compliance team at BMA today for assistance with preparing for compliance with the CCFS-2026 implementation framework and with addressing negative list compliance for your company.

CCFS Scheme 2026: A One-Time Opportunity to clear pending ROC Filings at 90% reduced cost

In today's era, the regulatory compliance framework has become extremely important, and therefore we cannot take it casually. The CCFS Scheme 2026, also known as Companies Compliance Facilitation Scheme (CCFS-2026) is the golden opportunity for Indian companies to regularise the pending filings and to improve compliance position in order to avail the benefit of significant reduction in additional fees and penalties.

Owing to high searches over compliance relief, penalty waivers and ROC filings, the CCFS Scheme has immediately grabbed attention for those companies wanting to get themselves out of further risks.

CCFS Scheme Explained

CCFS Scheme is designed to offer a compliance relief by facilitating the companies having pending statutory compliances to update its status within the specified period of time. This system offers a structured route for the non-compliant companies to achieve compliance in less possible financial risks.

Under the CCFS Scheme, the defaulting company can file its pending documents by way of reduction of penalties so as to remain compliant and reduce regulatory risks.

Why CCFS Scheme is so important in 2026

The importance of the CCFS Scheme in 2026 is driven by the following three factors:

For many businesses, this is not a mere compliance but a way for survival and future credibility.

Key features of the CCFS Scheme

There are a lot of benefits under the CCFS Scheme, some of them being:

  1. Significant reduction in additional fees (up to 90% waiver)
  2. Companies can file the pending documents with minimal additional fees.
  3. Regularise pending compliances
  4. Companies will have to update all the pending records.
  5. Immunity from penalties and prosecution, subject to prescribed conditions under the scheme.
  6. Eligible companies may also opt for dormant status or apply for strike-off at reduced compliance cost under the scheme.

This scheme reduces the chances of authorities charging you under any relevant section with penal provisions.

Cover for all pending filings

These are some of the critical filings:

  1. AOC-4
  2. MGT-7
  3. Director KYC compliances.

Who can benefit from the CCFS Scheme

Every company with any pending ROC filings that is marked as non-compliant with MCA would benefit from the scheme. But, the company that is undergoing any liquidation proceedings and is under some special law or under a regulatory procedure is not covered under the scheme.

Timeline for the CCFS Scheme

15 April 2026 - 15 July 2026

Companies should surely keep an eye on these dates for the smooth compliance process.

Process for Availing CCFS Scheme

  1. The steps to comply under the CCFS Scheme are:
  1. Get yourself to the compliances; Review each of your pending compliances on the MCA website.
  2. Get the necessary documents: Collect your financial statement, Board's report etc and keep them ready for filing.
  3. Get it filed: Submit the forms i.e. AOC-4 or MGT-7 to the respective RoC and pay only the statutory fees as prescribed under the scheme.
  4. Compliances achieved: All your compliances are now done.

Business Benefits

Companies are provided with the following benefits while using the CCFS Scheme:

Risk if we do not take this opportunity

Failure to utilise the scheme may result in heavy additional fees, penalties, potential prosecution, director disqualification, possible strike-off of the company, and increased regulatory scrutiny by MCA. If an organization doesn't capitalize this opportunity then it might end up spending much more on legal compliances and penalties in the future.

How BMA Can Help You.

CCFS SCHEME BY BMA

BMA is known for the end-to-end services offered for the compliances. Book my Accountant can provide you assistance and can act as a partner in all your regulatory requirements and compliance filings, so that you get the optimum benefits out of the CCFS Scheme and further focus on expanding your business growth.

Conclusion

The CCFS Scheme 2026 is an invaluable opportunity that provides companies with a much-needed relief to correct past defaults in compliances without significant financial impact and strengthen future regulatory position. As regulatory scrutiny continues to grow, acting promptly and utilizing this scheme will be crucial for businesses to maintain credibility, avoid legal repercussions, and ensure sustained operational success. It is highly recommended for all companies to thoroughly assess their current compliance standing and take the necessary steps within the designated timeframe to make the most of this important initiative. The relief under the scheme is primarily applicable to additional filing fees, and immunity from penalties or prosecution is subject to compliance with scheme conditions and applicable provisions of law

Disclaimer

 This article is solely for informational and general guidance purposes only. The information provided is based on our understanding of the current regulatory provisions as on the date of writing this article and may be subject to change without any prior notice. No portion of this content shall be considered as legal or professional advice. The Author and the publisher take no responsibility or assume any liability for any actions taken in reliance upon the information in this article.

Complete Guide to Form 15G & 15H TDS Compliance for FY 2025-26

Master the essentials of Form 15G and 15H declarations, validation, and reporting to ensure smooth TDS compliance

Are you struggling with Form 15G and Form 15H compliance for FY 2025-26? As a deductor, managing TDS (Tax Deducted at Source) declarations correctly is crucial to avoid penalties and compliance issues. This comprehensive guide walks you through every step—from collecting declarations to reporting them accurately in your quarterly TDS returns.

Whether you're handling payroll, interest payments, or vendor payments, understanding these forms is essential for seamless tax compliance.

What Are Form 15G and Form 15H?

Form 15G and Form 15H are self-declaration forms submitted by deductees requesting that no TDS (Tax Deducted at Source) be deducted on certain incomes—typically interest, dividends, or other payments—because their total tax liability is expected to be nil.

Key Differences:

With proper Form 15G or 15H declarations in place, you can make payments without deducting TDS. However, correct handling—from collection to reporting—is essential to stay compliant.

Step 1: Timely Collection of Declarations

The Golden Rule: Collect Form 15G or Form 15H at the beginning of the financial year or before the first payment—never after.

Why does timing matter? If a deductee submits a declaration after a payment has already been made, TDS obligations for that earlier payment remain unchanged. The declaration cannot be applied retroactively. This is why proactive collection is non-negotiable for compliance.

Pro Tip: Maintain a collection schedule aligned with your first payment due date. Send reminders to deductees before the financial year begins.

Step 2: Verification & Validation of Declarations

Once a declaration arrives, don't just file it away. Proper verification ensures compliance and prevents future complications.

Essential Verification Checks:

Note: While the responsibility for correctness lies with the declarant, performing reasonable checks as a deductor helps avoid scrutiny, notices, and compliance risks.

Step 3: Assign Unique Identification Numbers (UIN)

After validation, assign a Unique Identification Number (UIN) to each declaration. This is a critical internal control mechanism.

UIN Guidelines:

Proper UIN documentation and digital storage make retrieval easier during audits or tax assessments.

Step 4: Maintain Secure Records

Keep organized, secure records of all Form 15G and 15H declarations—either physically or digitally. These records are essential during:

Best Practice: Use document management systems to store digital copies, maintaining version control and easy accessibility.

Step 5: Process Payments Without TDS

Once a valid Form 15G or 15H is on file, you can proceed with payments without deducting TDS on the specified amount and category.

However, this does not eliminate your reporting obligations. Even when TDS is zero, the transaction must be:

Step 6: Report in Quarterly TDS Returns (Form 26Q)

The most critical compliance step is accurately reporting Form 15G and 15H declarations in your quarterly TDS return (Form 26Q).

What to Report:

Use TIN-NSDL utilities to fill the declaration section in Form 26Q. Ensure consistency: the declared amount must match the payment reported.

Common Reporting Errors to Avoid

Mistakes in TDS reporting can trigger notices and correction filings. Here are the most common pitfalls:

File on Time & Verify on TRACES

Meet TDS return filing deadlines strictly. After filing your Form 26Q, verify the filed data on the TRACES portal (TDS Reconciliation Analysis and Correction Enabling System).

Why verify on TRACES?

Quick Compliance Checklist for FY 2025-26

Key Takeaways

Form 15G and 15H compliance doesn't have to be complicated. By following these six steps—timely collection, proper verification, UIN assignment, secure storage, TDS-free payments, and accurate reporting—you ensure a smooth, risk-free process.

Remember: Compliance is not a one-time task. Review your processes regularly, maintain accurate records, and stay updated with any changes in TDS rules for subsequent financial years.

Struggling with TDS compliance? Our tax compliance software streamlines Form 15G/15H collection, validation, and reporting. Eliminate manual errors and ensure 100% accuracy.

Questions? Reach out to our tax compliance experts or download our detailed Form 15G/15H guide.

Disclaimer

This blog post is published by Book My Accountant (BMA) for informational purposes only. The information provided in this article is based on the Income-tax Act, 1961, and relevant tax regulations as applicable for FY 2025-26. While we have endeavored to ensure accuracy, tax laws are subject to frequent amendments and interpretations may vary based on individual circumstances.

Important: This content does not constitute professional tax, legal, or accounting advice. The information is intended as a general guide and should not be relied upon as a substitute for professional consultation with a qualified tax advisor, Chartered Accountant (CA), or legal professional. Each organization's tax situation is unique, and what applies to one may not apply to another.

Book My Accountant (BMA) does not assume any liability for errors, omissions, or inaccuracies in this content, nor for any loss or damage arising from the use of this information. The readers are advised to:

By reading this blog, you acknowledge that you understand this disclaimer and agree that Book My Accountant (BMA) shall not be held responsible for any financial, legal, or tax decisions made based on the content herein.

For professional assistance with Form 15G/15H compliance, TDS return filing, or any other accounting and tax matters, please contact Book My Accountant (BMA) directly.

Income Tax Act 2025: Myth vs Reality on Privacy & Digital Access

Introduction: Keeping Fear off Facts.

The suggested Income Tax Act 2025 has caused a commotion among taxpayers, entrepreneurs, and specialists. There has been a sense of constant dread at boardrooms and client meetings: Am I now afraid that tax officers now have access to my personal photos, videos, and WhatsApp chats?

The fear is actual. In the current digital era, we live in virtual space in most aspects of our personal and financial lives. But the law as perceived has been ahead of what the law is.

Important Implication: The majority of fears regarding the Income Tax Act 2025 are fallacies. The basic protection mechanisms are present.

Is This Really New? Learning about the Current Powers held by Tax Officers.

The History of Tax Investigative Authority.

The Income Tax Department has not been functioning without investigative authority. Tax officers have wide rights to:

  1. Carry out search and seizure operations.
  2. Calling for information and records.
  3. Look at instances where the income has evaded measurement.
  4. Access undisclosed assets

These powers have changed with the economic and technological developments.

The Digital Records Revolutionized It all.

The move towards the digital records as opposed to the hardcopy books did not spare the tax law. Key developments include:

Court Acceptance of Digital Evidence:

What This Means: It is not a new practice that tax investigations are accessing digital data, as this has been occurring since a long time.

The Fundamental Protection: "Reason to Believe"

Protecting Your Privacy What.

The most important legal prerequisite in any tax investigation is the requirement that there be a reason to believe that:

This is not just a formality. This has been highlighted in a variety of cases as a substantive protection.

No "Fishing Expeditions" Allowed

Tax officers are not allowed to make random searches in the hope of discovering something. Investigations must be:

The Principle of Relevance: Legal Limit of Your Privacy.

What Data Are Analysable?

The legislation does not allow the random access to all information on the seized devices. The area of investigation directly correlates with the purpose of investigation.

Information that is illegally subject to examination:

Privacy: Essential Constitutional Right.

Privacy has become a constitutional right in India. This serves as a constitutional limitation that investigative agencies should not infringe.

Key Rule: Although data may be stored in a device, it is not subject to a legal search unless that information is somehow related to the financial status of the taxpayer.

What is in Real Time Changing: The sense of Virtual Digital Space.

The Real News About Income Tax Act 2025.

The new concept that is pointed to by the proposed framework is the virtual digital space.

This does not add any new powers- it only defines old ones.

Why This Matters

Data storage today is radically different:

Past Situation: The officers were able to access such data but had problems with interpretation.

New Framework: It is stated in the law that when the information in digital and remote data repositories is financially relevant, they may be reviewed.

The Principle behind the Underlying is the same.

Relevance is still the determining factor. The fact that data is available does not imply that it could be legally examined.

Digital Forensics: Technology vs. Legal Authority.

The Modern Investigation Tools with What They Can Do.

Modern methods of digital forensics have enabled the officers to:

The Critical Distinction

A very important distinction lies between:

Technology enhances the effectiveness of enforcement, but does not increase the scope of the law. Relevance, necessity, and proportionality are still in force.

The Check of Overreach by the Judiciary.

Courts Protect Taxpayers

The Indian courts have always served as a protection:

Your Legal Remedies

Taxpayers cannot be powerless. Any abuse to investigative powers can be contested by:

When Pictures and Videos become Relevant.

The situations that are under investigation.

In such cases, visual evidence can legitimately be a part of the investigations:

  1. The undisclosed assets are owned by the company.
  2. Images or videos of valuable property that is not mentioned in returns.

2. High-Value Transactions

3. Lifestyle Inconsistency

The Key Distinction

The analysis is done on its evidentiary value, rather than its personal nature. Law is about income, property, and observance, not spying on personal life.

What This Implicates to Obedient Taxpayers.

The Movement towards Transparency.

The digital ecosystem brings more transparency and accountability, as opposed to surveillance.

Through transactions, communications and social media, your online history can be used to:

What You Need to Know.

This doesn't mean:

It does mean:

Guidance of Professionals and Taxpayers.

In the case of Chartered Accountants & Tax Advisors.

Change the discussion on fear to readiness.

Focus clients on:

Proper Documentation

Accurate Reporting

Digital Hygiene

Substantiation

For Individual Taxpayers

Practical Steps:

✓ Maintain a tidy financial record.

✓ Report all sources of income

✓ Maintain transaction documentation

✓ Check that your lifestyle is in line with stated income.

✓ Do not use informal or cash transactions.

✓ maintain records of major purchases.

The Most Widely known misconceptions of the Income Tax Act 2025.

Myth 1: "Tax officers can now access my personal photos"

Reality: They are not able to view any other photos but those related to your monetary matters. Personal images that have nothing to do with income or possessions are not exposed.

Myth 2: "The law is an infringement of privacy altogether.

Reality: Constitutional rights to privacy and principles of relevance under the law remain. Protective measures have not been removed.

Myth 3: "This is totally new power.

Fact: There have been years of digital access. The 2025 law is not the expansion of authority.

Myth 4: "no one can prevent the government excesses.

Reality: Courts are proactive in interfering with overreaching searches. The misuse can be contested in a legal manner.

The Law Framework Continues to defend you.

Values That Stand the Test of Time.

These defences persist, in spite of technological progress:

"Reason to Believe" Requirement

Relevance Doctrine

Privacy Rights

Judicial Review

The Bottom Line: What Is Really Changing in What Income Tax Act 2025.

What's Different

What Has Always Been.

For Compliant Taxpayers

There is nothing to be afraid of.

The changes are indicative of a shift towards:

Summary: The Best Protection is Information.

The belief that Income Tax Act 2025 will allow unfettered, general access to private digital content is a major fallacy.

The basic principles of investigation are unchanged:

What's Truly Changing

It is not the legal boundaries that are so clear, but rather the ease with which digital spaces are introduced into the legal framework, and the advanced tools that the authorities can use.

Moving Forward

To professionals and taxpayers that comply with taxes:

The introduction of the Income Tax Act 2025 is not something to panic about, but instead an indication that the administration of tax is becoming more open and more technology-focused.

Uncertainty is best countered by informed knowledge. The professionals are expected to offer direction to the clients in a clear, balanced, and confident way.

Key Takeaways Summary

AspectWhat's ChangedWhat Remains
Digital AccessNow explicitly statedStill requires relevance
Data TypesCloud & remote data recognizedPrivacy protections intact
Investigation ToolsMore sophisticated forensicsLegal standards unchanged
Taxpayer ProtectionClearer boundariesJudicial review available

Frequently Asked Questions: Your Vote Matters.

Q1: Is it possible that tax officers can examine my personal photos?

A: Yes, only when they are pertinent to your financial matters. The personal pictures that do not refer to income or assets cannot be legally searched.

Q2 : Can authorities find my WhatsApp private even after they take my phone?

A: Yes, except in case of messages that have evidence of the financial transactions or unreported income. Conversations made privately are guarded.

Q3 : Should I panic over the changes made in 2025?

A: No. Obedient taxpayers need not be afraid, but report and record correctly.

Q4 : Are random searches permitted by the officers?

A: No. They must have a reason to believe that there is evaded taxation. No fishing expeditions are allowed.

Q5 : What shall I do to keep safe?

A: Keep good records, disclose income correctly, do not transact informally and be consistent in your reporting.

Conclusion: Navigate the Future of Taxation with BMA

The Income Tax Act 2025 is designed to modernize India's tax framework, not to invade your privacy. By separating the myths from the realities of digital access, we've aimed to provide clarity and peace of mind. The key lies in understanding the provisions and ensuring diligent compliance.

Don't let uncertainty about digital access or privacy concerns cloud your financial future.

Ready to ensure seamless compliance and complete peace of mind? Contact BMA today for expert guidance on the Income Tax Act 2025 and beyond!

Disclaimer

This website is intended to provide information and education (in general) to the reader and should not be regarded as advice on any issue, including legal advice, tax advice, or compliance advice. Legal requirements, notifications and tax laws may change. Readers should seek professional advice from a qualified professional for a thorough understanding of their own situation or check the latest legal amendments on the government websites.
Book My Accountant (BMA) provides professional services; however, this document's content is not intended to be a substitute for BMA's personal advisory services.

DPDP Act Compliance in India: The Complete 2025 Guide for Businesses

India has finally come on board with the worldwide data privacy movement. The Digital Personal Data Protection (DPDP) Act, 2023 the nation's first data privacy law to be comprehensive, detailed, and separate has become a law.

With the DPDP Rules likely to be notified and phased enforcement to begin in 202526, every business that accesses personal data of Indian citizens needs to figure out what this law requires of them and how they can get compliant with it.

This guide is for all of you startup founders who operate customer databases, SME owners who manage digital operations, Chartered Accountants who offer compliance advisory services to clients, and in, house legal teams of big corporations who develop enterprise, grade privacy frameworks.

If you are hearing about the DPDP Act for the first time or if you want to go a step further in understanding it, consider this your ultimate guide.

We explain it all: the provisions of the Act, its coverage, its specific obligations, the individual rights that it establishes, the monetary penalties for breach up to 250 crores, its comparison with international frameworks like the GDPR, industry, specific issues, and finally, a solid 10, step compliance checklist to help you start the ball rolling.

⚡Quick Stat: Under the DPDP Act, a company can be fined up to 250 crores for a data breach caused by poor security measures. To give you an idea, this is one of the biggest regulatory fines in Indian law at present.

Table of Contents

1. What Is the DPDP Act? A Plain-Language Overview

The Digital Personal Data Protection Act, 2023 (DPDP Act or DPDPA), is India's first comprehensive, standalone legislation that details the entire lifecycle of handling personal data of individuals in digital form, i.e. collection, storage, use, sharing, and deletion. After the DPDP Act was passed by Parliament, it was given Presidential assent on August 11, 2023 and the same day it was notified in the Official Gazette.

Before the enactment of the DPDP Act, data protection in India was a rather disjointed matter with India mainly relying on Section 43A of the Information Technology Act, 2000 and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. Both of which were considered insufficient to handle the scale and complexity of India's contemporary digital economy.

The DPDP Act fills the void. It is grounded on four attribute principles:

  1. Consent: The personal data of an individual shall be processed only if the individual has given his informed, free, specific, and unambiguous consent. 
  2. Purpose Limitation: When data is collected for a particular purpose, it cannot be used for a different purpose unless fresh consent is obtained. 
  3. Data Minimisation: Only such data that is indispensable for the accomplishment of the stated purpose shall be collected. 
  4. Accountability: Data Fiduciaries have a legal obligation to ensure compliance and may be penalised if they fail to meet this obligation. 

The Act also creates the Data Protection Board of India as the regulatory authority which among other things will be responsible for complaint adjudication and penalty imposition.

📌 Note: At present, the DPDP Act is applicable only to 'digital personal data' data that is digitally collected or data which has been digitised after collection. An amendment in the future can broaden it to include offline data also.

2. Legislative History: How India Got Here

India's path to a comprehensive data protection law was length, filled with disagreements, and finally, influenced by some key legal and technological moments in the country.

2017 The Puttaswamy Judgment:

The Supreme Court of India, in a historic nine judge bench, unanimously held that the Right to Privacy is a fundamental right under Article 21 of the Constitution. It was this very decision that made the need for a dedicated data protection law a matter of constitutional necessity.

2018 The Srikrishna Committee Report:

The Justice B.N. Srikrishna Committee presented its report titled 'A Free and Fair Digital Economy: Protecting Privacy, Empowering Indians, ' along with a draft Personal Data Protection Bill. This document became the primary source of inspiration for all subsequent versions of India's data privacy law.

2019 Personal Data Protection Bill Introduced:

The Personal Data Protection Bill, 2019 was introduced in the Lok Sabha and then sent to a Joint Parliamentary Committee (JPC) for further examination. The bill included stringent data localization clauses and broad government exemptions, which were criticized heavily by both industry and civil society.

2021- 22 JPC Report and Revisions:

In December 2021, the JPC handed over its report with 81 amendments to the original Bill and 12 new recommendations that extended the scope of the Bill. Nevertheless, the Bill was withdrawn in August 2022 due to its complexity and the intention to bring more balanced legislation.

August 2023 DPDP Act Enacted:

The Digital Personal Data Protection Bill, 2023 was passed by both Houses of Parliament with a record, breaking speed and the President gave his assent on August 11, 2023. Compared to its predecessors, it was a much more concise law with lots of the content left to be determined by subordinate rules.

2024- 25 Draft DPDP Rules:

MeitY (The Ministry of Electronics and Information Technology) made the draft DPDP Rules available for public consultation. It is anticipated that the Rules will be completed and officially published in 2025, following which businesses will receive formal compliance deadlines.

💡 The DPDP Act is a principle, based law it dictates very general obligations and delegates to Rules and Regulations the defining of procedural specifics. In other words, companies have to get ready for the framework right now even though the smallest details are yet to be finalized.

3. Who Does the DPDP Act Apply To?

The DPDP Act indeed has a wide range of applicability. Knowing whether and how the law applies to your organisation is basically the first step to building a compliance programme.

Territorial Scope

The Act applies to:

This extraterritorial clause is quite significant it means a company headquartered in Singapore, the US, or the UK which has Indian users must comply with the DPDP Act, just like GDPR does with European Union residents.

Who Is a Data Fiduciary?

A Data Fiduciary is any person, company, firm, state or a body of persons whether incorporated or not that alone or together with others, decide the purpose and means of personal data processing.

In layman's terms: if your company makes decisions about why and how personal data is collected, then you are a Data Fiduciary, and hence the full force of the Act's obligations will be imposed on you.

Who are Major Data Fiduciaries?

The Central Government, after considering the amount and nature of data processed, the potential risk to the rights of the Data Principals, the issues related to national security, and some other factors, may declare certain Data Fiduciaries as Major Data Fiduciaries (SDFs). SDFs are required to comply with stricter rules such as:

  1. Compulsory designation of a Data Protection Officer (DPO) located in India
  2. Engaging an independent Data Auditor
  3. Regular Data Protection Impact Assessments (DPIAs)
  4. Addition of obligations as per the Government

Even though the Government has not revealed any official list of SDFs yet, large platforms, social networks, processors of healthcare data, and financial services companies are the most probable ones to be given such designation.

Exceptions Under the DPDP Act

The Act does allow for a few exceptions to its provisions. These are the scenarios:

📌Important: The Government has a wide range of powers to exempt certain government agencies from provisions of the Act on national security, sovereignty, or public order grounds. This part of the law has been criticised by privacy advocates.

4. Key Definitions You Must Know

Getting the terminology right is critical for building an accurate compliance programme. Here are the most important definitions under the DPDP Act:

Personal Data: Any data about an individual who can be identified from or in connection with such data. It is a very broad category basically, it covers any kind of information such as names, phone numbers, email addresses, location data, financial records, health information, and so on.

Data Fiduciary: The person who decides the purpose and the means of the processing of personal data (basically the data controller in GDPR jargon).

Data Processor: A Data Processor is a person who processes personal data on the instruction of a Data Fiduciary. Examples of such persons can be clouding storage companies, payroll processing firms, or CRM software providers.

Data Principal: The individual whose personal data is being processed (the data subject in GDPR terminology).

Consent Manager: A registered entity that enables Data Principals to give, manage, review, and withdraw consent through a user, friendly, interoperable platform.

Processing: It means any action taken on personal data, either manually or through automated means collection, recording, organisation, structuring, storage, adaptation, retrieval, use, disclosure, erasure, or destruction.

Data Protection Board of India: The adjudicatory body set up under the Act to decide complaints, conduct inquiries into breaches, and impose penalties.

5. Core Compliance Obligations for Data Fiduciaries

At the core of the DPDP Act are the obligations imposed on Data Fiduciaries. These are not mere suggestions they constitute legal requirements, and non, compliance may lead to heavy fines.

5.1 Obtaining Valid Consent

Data Fiduciaries should obtain free, specific, informed, unambiguous, and unconditional consent from the Data Principal before they process any of their personal data. The consent request should:

Most importantly, the responsibility for demonstrating that valid consent was obtained rests with the Data Fiduciary. If the matter comes before the Data Protection Board, you'll have to prove that you went after consent in a proper way and got it.

5.2 Lawful Bases Beyond Consent

In addition to consent, the DPDP Act allows certain 'legitimate uses' of personal data without the need for explicit consent. These uses are:

  1. Voluntary Disclosure: When the Data Principal has voluntarily given data for a specific purpose.
  2. State Functions: Processing by the State for welfare and law enforcement purposes.
  3. Medical Emergencies: Processing necessary to respond to life, threatening medical emergencies.
  4. Employment: Processing personal data of employees for legitimate employment purposes.
  5. Public Interest: Processing for certain public interest functions including court proceedings and regulatory activities.

5.3 Purpose Limitation and Data Minimisation

The two principles are interdependent. Data Fiduciaries may only acquire personal data that is essential for the declared, clearly defined purpose and such data can only be used for that purpose. When the purpose is achieved, the data should be deleted unless the law requires keeping it.

On the ground, organisations are required to review their current data collection operations. Using the tactic of 'collecting data that might be useful in the future' like email addresses, phone numbers, or demographics without any clear present use is against the DPDP Act.


5.4 Data Accuracy and Completeness

Data Fiduciaries are expected to take reasonable steps to verify that the personal data they handle are accurate and complete, particularly when such data are used to make decisions about the Data Principal or are shared with other entities. If incorrect or outdated data causes harm, that business could be in receipt of a grievance complaint.

5.5 Security Safeguards

All Data Fiduciaries are required to carry out technical and organisational safeguards that are fit to the purpose of protecting the personal data of a person from breach, loss, unauthorised access, or misuse. The Act does not specify the security standards that must be followed it only refers to 'reasonable security safeguards' however, the requirement is that the security safeguards must match the amount and nature of the data held.

Examples of security and practical measures that can be used to demonstrate compliance with the security requirements are:

Employees to be given regular training on data privacy and security

5.6 Breach Notification

In case of a personal data breach Data Fiduciary is required to notify the Data Protection Board of India and the Data Principals concerned without undue delay once he becomes aware of the breach. The period within which the notification is to be done is a matter that will be set out in the DPDP Rules. Also, the format of the written notification is to be in accordance with that which has been prescribed.

However, the most important thing is that the notification shall be done even if the Data Fiduciary thinks that the breach does not have a damaging effect. The current version of the Act has no materiality threshold.

5.7 Processing children's personal data

The DPDP Act considers anyone under 18 as a special category whose data needs extra protection. A data fiduciary must not process the data of a child or a minor without first:

The government may, through rules, exempt certain categories of data fiduciaries from these requirements, for example, healthcare providers who are processing children's health data during an emergency, but generally, these obligations apply broadly.

5.8 Cross, border data transfers

Personal data collected in India may only be sent to other countries or territories that have been notified by the Central Government as permissible transfer destinations. The government has not yet released its list, but it is expected to follow a risk, based assessment similar to GDPR's adequacy decisions.

Companies that at the moment are routing data through servers, cloud providers, or analytics platforms located in foreign jurisdictions must thoroughly analyse these data flows and be ready to limit them if the country of destination is not included in the approved list.

5.9 Obligations of Data Processors

In cases where a Data Fiduciary hires a third, party Data Processor to deal with personal data on its behalf, a Data Fiduciary remains accountable for the Processor's compliance with the DPDP Act. Agreements with Data Processors should include suitable data protection clauses, and Processors should only process data following the instructions given by the Fiduciary.

6. The 8 Rights of the Data Principal

Among the most important features of the DPDP Act is the array of rights it bestows upon individuals concerning their personal data. As a Data Fiduciary, it is your legal obligation to develop processes, systems, and reaction mechanisms that facilitate the fulfilment of each of these rights.

Right 1: Right to Access Information

All Data Principals possess the right that a Data Fiduciary shall provide them with a brief of what personal data is being processed and the processing activities that are being undertaken. Such information must be given on request and in a manner that is easy to understand.

Right 2: Right to Correction and Updating

Data Principals have the right to ask for correction or updating of personal data if they find it inaccurate, incomplete, or outdated. Data Fiduciaries should comply with such requests without delay and also ensure that downstream processors or recipients are informed of the corrections.

Right 3: Right to Erasure

It is the right that people can ask for their personal data to be deleted when it is no longer necessary for the purpose it was collected, or when they withdraw their consent. This is also called the "Right to be Forgotten."

The right is not absolute, retention required by law takes precedence, but companies must have a clear process to evaluate and implement erasure requests.

Right 4: Right to Grievance Redressal

Every Data Principal has the right to have their grievances addressed by the Data Fiduciary. The Data Fiduciary must publish clear contact information and establish an accessible, timely process for handling data, related complaints. Unsolved grievances can be taken up with the Data Protection Board.

Right 5: Right to Nominate

This is a uniquely Indian innovation that is introduced through the DPDP Act. Data Principals may nominate another person to exercise their data rights on their behalf if they die or become incapable. The same would have the rights to access the healthcare data, financial records and digital assets of the Data Principal.

Right 6: Right to Withdraw Consent

The DPDP Act recognizes the right for a person to give, refuse, or withdraw his/her consent. Consent given under the DPDP Act can be withdrawn at any time, as easily as it was given. Upon the withdrawal of the consent, the processing of the data for purposes related to that consent must be stopped by the Data Fiduciary. Also, the Data Fiduciary can stop providing services if the services are dependent on the processing of data. However, processing that occurred prior to the withdrawal of the consent remains lawful.

Right 7: Right to Know About Breach

Essentially, Data Principals have a right to be informed if the breaches occur which expose their personal data even if this has not been explicitly identified as a separate right in some interpretations. Since Data Fiduciaries become aware of the obligation to have breach detection, assessment, and notification capabilities, a notification of the Data Principal must be inevitably issued accordingly.

Right 8: Right to Approach the Data Protection Board

The Data Protection Board of India is the final forum where Data Principals can approach with their complaints if not resolved satisfactorily by the Data Fiduciary. Moreover, the Board is empowered to investigate, direct, and impose penalties against the Data Fiduciary.

📌Business Implication: The exercise of one Data Principal right translates into an operational obligation for your business. Thus, your business should have documented processes, appointed staff, established response time frames, and maintain audit trails for each category of rights request

7. DPDP Act Penalties: The Full Spectrum

The Data Protection Board of India possesses extensive adjudicatory powers. It can initiate inquiries Suo, motu or on a complaint made by a Data Principal, thereby issuing directions and levying financial penalties. The fines under the DPDP Act rank among the highest in Indian regulatory law.

Some of the key things about penalties:

Per Contravention: Penalties are meted out for the violation, not a business. A company that experiences multiple breaches or contravenes a number of provisions could be subject to multiple penalties for each occurrence.

Factors Considered: The Board, while determining the fine, looks into the nature, seriousness, and period of the breach; the kind and sensitivity of data involved; the number of people affected; whether the violation was repetitive; and the measures taken to lessen the damage.

No Criminal Liability: Unlike some earlier proposals, the DPDP Act does not impose criminal liability (imprisonment) for violations. Penalties are civil/financial in nature. Perspective

💡 Perspective: A 250 crore fine may just be a small figurative error for a global tech giant but may mean the demise of an Indian SME or mid-size company. The DPDP Act's penalties are thus intended to be proportionate but 'proportionate' still means serious.

8. Sector Wise Impact: What Your Industry Needs to Know

The DPDP Act formally covers all sectors; however, the actual impact is very different from one sector to another. So, a sector, wise examination of the most challenging compliance issues is provided below:

A Detailed Look: Fintech and BFSI

Financial services companies, including banks, NBFCs, payment gateways, insurance companies, and wealth management platforms, have access to some of the most sensitive personal and financial data in the economy. For these organizations, compliance with DPDP is combined with adherence to, amongst others, RBI, SEBI, and IRDAI regulations. The main issues are KYC data handling, sharing credit bureau data, processing fraud detection data, and the flow of cross, border payment data.

A Detailed Look: Healthcare

Among them are hospitals, clinics, telemedicine platforms, health insurance companies, and wellness apps that deal with highly confidential health data. While the DPDP Act does not currently establish a separate category of 'sensitive personal data' as its predecessors did, health data is inherently treated as highly confidential because processing it in a harmful way could lead to serious harm to the individuals. Consent is required at a very high level, and data minimisation is essential.

A Detailed Look: EdTech and Schools

On the one hand, educational institutions and EdTech platforms are in a very complicated situation due to the DPDP Act. Student data is not only personal data but also often children's data thus, parental consent is necessary, tracking is prohibited, and targeted advertising is restricted. Those platforms that used to collect large amounts of student behavioural data for personalization will have to greatly change their data architecture.

9. DPDP Act vs. GDPR:

A Side, by, Side Comparison the Indian DPDP Act has often been compared to the European Union's General Data Protection Regulation (GDPR) which became effective in 2018 and is considered the world standard for data privacy law. Here's a brief comparison of the two:

The DPDP Act carries the imprint of the GDPR especially on the fundamental principles consent, purpose limitation, data minimisation and individual rights. Nonetheless, there are some significant differences: it is much less detailed in the aspects of execution, it allows the Indian Government wider powers to grant exemptions and enforce data localisation, and the fines are smaller in absolute terms (however, they can be considered substantial in the Indian business context).

For multinationals that are already GDPR, compliant, DPDP compliance can be realized with a few changes mainly, appointing a Grievance Officer in India, making consent withdrawal mechanisms available for Indian users, and re, examining the restrictions on cross, border transfers.

10. The Role of the Data Protection Board of India.

The Data Protection Board of India (DPBI) is the principal authority that coordinates the implementation and enforcement of the DPDP Act. It is crucial to have a clear understanding of its operations not only to ensure compliance but also to know what to expect when things go awry.

Structure and Composition

The Board is comprised of a chairperson along with other persons that the Central Government may appoint. The appointed members should be experts in data governance, information technology, law, or related disciplines. The Government has not yet officially constituted the Board, which among other reasons explains the delay in enforcement.

Powers of the Board

The Board has the following main powers:

Inquiry Initiation: The Board may Suo motu initiate an inquiry if it has reason to believe that there has been a personal data breach or that a provision of the Act has been violated.

Complaint Adjudication: The Board receives and hears complaints from Data Principals whose rights have been violated.

Penalty Imposition: Following an inquiry, the Board may impose monetary penalties up to the maximum limits set out in the Act.

Directions: The Board may issue binding directions to Data Fiduciaries, including directions to stop processing, erase data, or take specific security measures.

Reference to Courts: Major cases may be referred to the appropriate High Court.

Appeals

Decisions of the Data Protection Board may be appealed to the Telecom Disputes Settlement and Appellate Tribunal (TDSAT) and subsequently to the Supreme Court of India on questions of law. This creates a formal judicial review mechanism for businesses that disagree with the penalty imposed on them.

11. DPDP Act Compliance for SMEs and Startups

Many Indian business owners still believe that the DPDP Act is mainly a concern of large corporations and tech giants which is wrong and may be quite costly for them.

There is no size or turnover threshold under which the DPDP Act becomes inapplicable. If your business collects, stores, or processes the personal data of Indian individuals in digital form irrespective of your revenue, number of your employees, or your business stage you are a Data Fiduciary under the Act.

Reasons Why SMEs Are Particularly Vulnerable

Small and medium enterprises often run into greater risk of DPDP non, compliance for reasons such as:

Legacy Systems: A lot of SMEs still use spreadsheets, WhatsApp groups, and informal databases to handle customer data and no one of these tools is equipped with managing consent or security.

Vendor Reliance: SMEs tap into a great number of SaaS tools, CRMs, and marketing platforms. Naturally, each of these vendors becomes a Data Processor under the DPDP Act, which creates compliance obligations in vendor contracts.

 Lack of Compliance Staff: Whereas large enterprises usually have a legal or privacy department, the majority of SMEs don't. Often the founders or owners are completely unaware of their obligations until they receive a complaint.

Marketing Practices: Traditional SME marketing methods such as cold calling, bulk SMS, and email marketing, should now be re, conceived in terms of obtaining valid consent or legitimate use.

The Good News for SMEs

One of the positives is that even baseline DPDP compliance, from the viewpoint of SMEs, is often not as complicated or costly as the majority initially imagine. The normal path for the small and medium, sized enterprises may only include five major steps: identifying data through audit, refreshing privacy notices, constructing consent mechanisms, educating staff, and checking vendor contracts. An expert's help can turn the process into a systematic and cheap one.

12. Your 10, Step DPDP Act Compliance Checklist

Here's a practical, prioritised schedule of tasks to kick off your DPDP compliance journey. Each element of the plan is meant to be executable no matter what the size of your organisation is.

1. Data Audit

The basis of DPDP compliance. Identify and document each type of personal data your organisation gathers, the reason for the collection, the place of storage, the people with access, the duration of retention, and confirm if you have got the proper consent for its collection and use.

2. Refresh Your Privacy Notice

Do away with your old legalese privacy policy and write it up in clear and simple language. The policy should disclose what data you collect, why, how long you keep it, with whom you share it, and how individuals can carry out their rights. Ordinary users will not be able to understand legal jargon, so get it removed.

3. Establish a consent management system

Create a system that gives people the freedom to grant, view, manage, and revoke their consent anytime.

Having a portal, a settings page, or using a third, party Consent Manager are some of the options.

4. Assign a Grievance Officer

Identify a person (or team) who will be the contact point for customer and user complaints about data. This person's or team's contact details should be easily found on your website and app.

5. Develop Rights Request Workflows

Identify internal processes that are well, documented and used to respond to requests for access, correction, and erasure within the timeframes specified in the DPDP Rules.

6. Review and Update Vendor Contracts

Examine the audit done of all the third, party vendors who handle personal data on your behalf. Add Data Processing Agreements (DPAs) with DPDP, compliant clauses to contracts with CRM providers, cloud platforms, marketing tools, payroll processors, and other data, touching vendors.

7. Carry out Security Safeguards

Make a security assessment. Put in place encryption, access controls, multi, factor authentication, and regular vulnerability scans. Keep a record of your security measures as proof of reasonable care.

8. Build a Breach Response Plan

Create a comprehensive data breach response plan that outlines: how breaches are identified, who is in charge of investigating, how the Board and the individuals affected will be informed, and within what time limit.

9. Implement Children's Data Controls

In case your site currently serves or potentially could serve children under 18, establish age verification and parental consent methods that can be verified. Stop tracking, profiling, and targeted advertising for children who are verified users.

10. Review Cross, Border Data Flows

Identify every international data transfer your business makes: cloud storage locations, analytics platforms, email service providers, and CRMs. Be ready to limit transfers to non, approved jurisdictions once the Government announces its list of approved countries.

13. Frequently Asked Questions About DPDP Act Compliance

Q1: Is the DPDP Act enforceable at present?

The DPDP Act is a law that has been passed but enforcement depends on the announcement of DPDP Rules and the creation of the Data Protection Board. Both are expected to happen in 2025. Nonetheless, companies should already start preparing for compliance, once the Rules are notified, it is unlikely that there will be a long period allowed for implementation.

Q2: Will DPDP Act be applicable to B2B businesses that only use business contact information?

The Act covers 'personal data' of individuals. Corporate email addresses and phone numbers, when used for professional purposes, could be considered a borderline case. However, any information that can identify a person, such as their name, work email, or professional role, is personal data. B2B businesses should not take it for granted that they are out of the scope of the law.

Q3: How does 'verifiable parental consent' for children's data work?

DPDP Act requires parents to provide verifiable consent for their child's data, but the details are left to the DPDP Rules. Probably, the ways will include OTP or digital signature confirmation linked to a parent's Aadhaar or PAN, but the Rules will bring clarity in this matter. Meanwhile, companies should think of ways to implement systems that allow age checking and obtaining parental consent.

Q4: We already comply with GDPR. Do we automatically comply with the DPDP Act?

By being GDPR, compliant, you are very much on track since the basic principles are almost the same. That said, you will still have to make some DPDP, specific changes such as designating a Grievance Officer in India, creating consent withdrawal mechanisms tailored to Indian users, checking cross, border transfer limitations as per Indian law, and making sure your privacy notices comply with DPDP disclosure requirements.

Q5: How long can we retain personal data under the DPDP Act?

The DPDP Act mandates that Data Fiduciaries should hold personal data only for as long as it is necessary for the purpose for which the data was obtained. After the purpose has been served, and there is no legal requirement for retention, the data must be deleted. Companies need to establish and record data retention policies for each type of personal data they possess.

Q6: Are there any penalties for accidental data breaches?

Indeed. The Act treats all breaches without a distinction between those that are malicious and those that are accidental. In a situation where a Data Fiduciary has not implemented reasonable security safeguards, the breach can lead to a penalty of up to 250 crores, intent notwithstanding. This is a clear reminder that security measures should not be left to chance.

Q4: We already comply with GDPR. Do we automatically comply with the DPDP Act?

By being GDPR, compliant, you are very much on track since the basic principles are almost the same. That said, you will still have to make some DPDP, specific changes such as designating a Grievance Officer in India, creating consent withdrawal mechanisms tailored to Indian users, checking cross, border transfer limitations as per Indian law, and making sure your privacy notices comply with DPDP disclosure requirements.

Q5: How long can we retain personal data under the DPDP Act?

The DPDP Act mandates that Data Fiduciaries should hold personal data only for as long as it is necessary for the purpose for which the data was obtained. After the purpose has been served, and there is no legal requirement for retention, the data must be deleted. Companies need to establish and record data retention policies for each type of personal data they possess.

Q6: Are there any penalties for accidental data breaches?

Indeed. The Act treats all breaches without a distinction between those that are malicious and those that are accidental. In a situation where a Data Fiduciary has not implemented reasonable security safeguards, the breach can lead to a penalty of up to 250 crores, intent notwithstanding. This is a clear reminder that security measures should not be left to chance.

Q7: What should be our course of action upon receiving a data access request of a customer?

You should comply with the individuals request by giving them a concise statement of their personal data that you have, and what you are doing with it. The reply must be issued within the period stipulated in the DPDP Rules (the notification is yet to be made, but the 30, day period of GDPR can to be used as a reasonable reference). Develop an internal workflow now so that you are ready when requests are made.

14. How Book My Accountant Supports DPDP Act Compliance

We at Book My Accountant, have years of experience in assisting Indian businesses to manoeuvre through the country's most complicated regulatory frameworks from GST, income tax compliance, ROC filings, FEMA, and corporate law.

DPDP Act compliance is the next big challenge for us, and we are geared up to take you along with us.

Our DPDP compliance services are not only practical and cost, effective but also customized to the size of your business and your industry:

Data Audit & Gap Analysis: We perform an in, depth review of your present procedures for collecting data, point out the discrepancies that exist against DPDP requirements, and give you a prioritized remediation roadmap.

Consent Management Consultation: We assist you in setting up and carrying out the right consent framework that fits your business model. A part of our service includes deciding whether to use a third, party Consent Manager or develop an in, house consent portal

Vendor Contract & DPA Preparation: We analyse your vendor contracts and prepare or modify Data Processing Agreements for a supply chain that complies with DPDP.

Security Advisory: We collaborate with your IT team to conduct a security check, up and suggest adequate technical and organizational measures that align with DPDP requirements.

Employee Training: We provide customized DPDP training to your team members at all levels from top management to ground staff so that everyone recognizes the importance of their compliance roles.

Compliance Maintenance Retainer: As the DPDP Rules are issued and the regulatory environment changes, we extend continuous advisory support to adapt your compliance programme.

Are you a startup that needs a privacy, framework from scratch or a big company that wants to update its policies for DPDP? Book My Accountant is a professional team that offers you the right expertise and tools to achieve compliance in a speedy and cost, effective way.

Conclusion:

Compliance with the DPDP Act Is Not a Choice but It Is Very Much Within Your Reach Digital Personal Data Protection Act, 2023 is a defining moment for India's digital economy. It is the first time that Indian citizens have been given comprehensive and enforceable rights over their personal data. Secondly, it is the first time that Indian businesses regardless of their size and sector have well, defined legal obligations to respect those rights.

The legislation is passed. The Rules are coming. Enforcement will be inevitable. The companies that seize this opportunity to create strong, sincere DPDP compliance strategies will not only stay clear of penalties they will earn customer trust, enhance their data governance infrastructure, and be ahead of the game as data privacy becomes a criterion for Indian consumers.

Those companies that just stand by and watch will get cornered when they try to catch up, they will have to pay more, be under closer watch by regulators, and have their reputation harmed beyond repair.

A Guide to Section 43B(h) of the Income Tax Act, 1961 - MSME Payment Policy

The tax compliance world in India has changed significantly due to the mandatory requirements introduced under Section 43B(h) MSME Compliance of the Income Tax Act, 1961, as amended from time to time. Effective from 1st April 2024 (AY 2024-25), this regulation has created a major shift in how businesses must handle payments to Micro and Small Enterprises registered under the MSMED Act.

This guide has been designed to help Business Owners, Accountants, CFOs and Compliance Officers understand what Section 43B(h) entails, why timely MSME payments are now critical, and how to implement full compliance in a practical and user-friendly manner.

Significance of Section 43B(h) for Your Organisation

The purpose of Section 43B(h) of the Income Tax Act 1961 has been to create the following positive outcomes for businesses based in India:

Under the provisions of this section, any expense claimed by a business for tax deduction cannot be allowed if any payment(s) made by that business to MSMEs occur later than the specified time limits of 15 days or 45 days from the date specified in either a written or oral agreement. Importantly, if you have been able to deduct a particular expense for tax purposes because you have made a payment on the day you incurred it, the only way you can deduct it subsequently is if you... have made a payment within the time specified for your deduction.

Classification of MSMEs According to the MSMED Act

Section 43B(h) only applies to those suppliers whose registration as Micro or Small enterprises was through Udyam Registration.

MSME Classification According to the MSMED Act 2006

Classification of Enterprise  Investment ThresholdAnnual Turnover Threshold
Micro Enterprises≤ ₹1 Crore≤ ₹5 Crore
Small Enterprises  ≤ ₹10 Crore≤ ₹50 Crore

🔹 Medium Enterprises are not included under Section 43B(h).

🔹 Retailers and wholesale suppliers will also not qualify to claim the benefits under Section 43B(h), even if they hold a Udyam Registration.

Legal Framework: Section 15 of the MSMED Act in conjunction with Section 43B(h) of the Income Tax Act

Section 43B (h) relies on the definition of legally permitted times for payment as set forth in Section 15 (MSMED Act 2006).

3.1 Timelines for Payments under Section 15 of the MSMED Act (2006).

a. The Payment Terms of an Agreement (maximum 45 days) Buyers and suppliers agree to mutually-set payment terms of the agreement cannot be longer than forty-five (45) days.

Consequently, neither MSME contracts may require payments within sixty (60) or ninety (90) days of acceptance/delivery.

b. If no written agreement is present, the payment should occur no later than fifteen days from the date of the acceptance, or delivery of the items/services.

What is the Day of Acceptance?
The day on which the items or services were delivered. If the buyer has any issues or concerns regarding the Delivery and they raise the matter in writing within fifteen days of acceptance/delivery, the date when the buyer resolves their issue or concern is considered "the day of acceptance".

3.2 The tax effects of section 43B(h)

Expenses (i.e. A deductible expense) : Where payments made within the 15 to 45 days of the due date (including any portion before the due date), the financial year of the payments shall be deemed to be the year of the deduction.

Non-Expenses (i.e. Not a deductible expense): Where payments made after the 15 to 45 days of the due date, the financial year of the payments shall be deemed to be the year of the payment. You cannot utilize payments prior to the filing of your tax return as per the provisions of section 43B of the Income Tax Act.

An Example to Illustrate

An electronic invoice is sent to a Purchaser on 01-03-2025

Seller Name: A Small Business (with a registered status in India)
Understanding Date of Invoice: 45 days from the date of invoice
Amount of Invoice: ₹100,000.00 (Indian Rupee)

A). Payment made on 10-04-2025

1. Payments made within 45 days

2. Payments dated after end of the financial year

3. Payments are included in financial year 2024-2025

B) Payments made on 01-05-2025

1. Payments made outside of 45-day period

2. Payments made are not allowed in the financial year 2024-2025

3. Payments can only be claimed in the financial year 2025-2026.

Period of Interest for Delay in payment

If a buyer delays payment, the law requires them to pay interest at three times the RBI Bank Rate (as on year-end), compounded monthly.

The above interest will not be tax deductible under Section 80C of Income Tax Act.

Compliance Checklist for Businesses :

Businesses must act NOW to minimize their year-end disallowances.

6.1 Supplier Verification :

6.2 Agreements and Documentation :

6.3 Automated Tracking System :

 6.4 Review Periodically to Determine Tax Effect :

6.5 Tax Audit Reporting - Form 3CD Clause 22 :

It is required that businesses must disclose the following:

Common Risks of Non-Compliance

  1. Have not established formal business agreements → 15 Day Credit will be forced  to make payment.
  2. Have not obtained an Udyam verification → Incorrectly classified under the wrong category.
  3. Have not made payments within a single business day of receipt → Full year payment will be disallowed.
  4. Year End cash flow stress →  Delayed payments
  5. Reporting incorrectly on Form 3CD → At-risk of an audit

Managing payments under the MSMEs' Act is no longer an option; it is now required by law.

Book My Accountant Can Help You Reach 100% Compliance

Book My Accountant (BMA) is a specialist in the area of Vendor Management and MSME compliance w.r.t. 43B(h) advisory services, as well as tax audit documentation.

Within that scope, we provide the following services:

 1. Udyam Certificates/Vendor Due Diligence

2. Agreements Drafted and Standardized

 3. Automated Invoice Tracking

4. Simulations of the 43B(h) at Year-End

5. Tax Audit/Form 3CD Reporting (Clause 22)

Tips for Business Owners :  

Section 43B(h) is non-negotiable and strictly applied. You must pay within 15 or 45 days to claim the deduction; otherwise, the tax authorities will disallow the expense and add it to your taxable income. MSME interest cannot be deducted. The period from February to March could have the highest risk for business owners. Further, audit report preparation requires clean documentation.

Compliance Plan For FY 2024-2025 And FY 2025-2026

  • Identify Vendors of MSME
  • Written Agreements (within 45 Days)
  • Vendor Master Updated
  • Daily Invoice Tracking
  • Payment Prioritised for Due Date Approaching
  • Review MSME for Feb to March
  • Accurate reporting on 3CD
  • If we stay disciplined now, we will avoid large tax losses in the future.

Disclaimer

This website is intended to provide information and education (in general) to the reader and should not be regarded as advice on any issue, including legal advice, tax advice, or compliance advice. Legal requirements, notifications and tax laws may change. Readers should seek professional advice from a qualified professional for a thorough understanding of their own situation or check the latest legal amendments on the government websites.
Book My Accountant (BMA) provides professional services; however, this document's content is not intended to be a substitute for BMA's personal advisory services.

How to Prepare GSTR-9 & 9C: A Full Working Checklist for FY 2024-25

Filing GST annual return (GSTR-9) and reconciliation statement (GSTR-9C) always looks cumbersome for the financial year, as annual GST compliance may look tedious at times. Therefore, this guide will not only take you through that step-by-step process but will also provide a practical checklist of all of that and include links to official documentation for your ease of reference, so you can stay on top of compliance regulations.

What are the GSTR-9 and GSTR-9C forms?

GSTR-9 – Annual Return

In essence, this serves as the summary of your GST data, such as outward supplies, inward supplies, ITC claimed, reversals, tax paid, and adjustments, for the financial year, which is then presented in a consolidated GST return. You can find it covered in the manual of the portal.

GSTR-9C – Reconciliation Statement

This form is required when your aggregate turnover exceeds the limit of ₹ 5 crore (based on threshold limit, which is currently ₹ 5 crore) and you have to provide a reconciliation of your annual return with the audited financials.

Key bullets points:

Structured Step-by-Step Method for Completing GSTR-9

Step 1

Gather the Required Returns & Records

Step 2

Reconcile Outward Supply

Step 3

Reconcile Input Tax Credit (ITC)

Step 4

Examine Tax Liability & Payments

Step 5

Complete GSTR-9 Online

Important tables are as follows:

Step 6: Preview, Compute & File

Structured Step-by-Step Method for Completing GSTR-9C

When it is time to file GSTR-9C, here is the procedure to follow:

Step 1

Download Financial Statements : Audited P&L, Balance Sheet, and Trial Balance as well as the Annual accounts as per Companies Act, or audit requirement applicable for your entity.

Step 2

Turnover Reconciliation :  Turnover based on books vs GSTR-1 vs GSTR-3B vs e-way bills (if applicable) and identifying differences and the reasons for each difference (for example, exports, exempt supplies, etc.)

Step 3

ITC Reconciliation : ITC based on books vs auto-data (GSTR-2B) and consider any blocked credits, reversals and RCM credit (if applicable) differences and provide a report or reason for any unreconciled differences

Step 4

Taxes Paid Reconciliation : Also, compare the tax liability shown in GSTR-9 with the actual tax payments, and adjust any pending or late-paid liability.

Step 5

Part-A for GSTR-9C (Reconciliation Statement) :  In addition, Part A would include turnover, ITC, taxes paid, and any non-reconciled items, accompanied by the reasons for such differences.

Step 6

Certification (Part-B) :  To the extent applicable (as per turnover and audit requirement) to be certified by CA (Chartered Accountant) or CMA (Cost Accountant) attached with audited accounts (and audit report) as well.

GSTR-9 & GSTR-9C: Complete Filing Checklist :

Documents Required

Important Reconciliations

Pre‐Filing Verification

Common Mistakes

Why Choose BookMyAccountant for Your Filing?

If you want a stress-free and accurate filing experience, consider Book My Accountant.

Email or call us today and we will schedule your GST return review and you will never worry about GST compliance again, to be done professionally.

Disclaimer

This Blog provides information only and does not provide any professional tax or legal advice. Although we have made an effort to ensure the material is factually accurate as of the original date of publication, the GST legislation, rule and thresholds can change. Taxpayers should obtain updated provisions from the CBIC official portal, or enlist the services of a qualified tax professional. BookMyAccountant assumes no liability, and is not responsible for any errors or omissions in the information or for any actions taken by any party in reliance upon information contained in this Blog.

Upgrade Alert: 6 Key Changes to GST Invoice Management System (IMS) You Need to Know!

Say Goodbye to ITC Headaches! The New GST System is Coming in October 2025

A significant transition will occur in regard to how taxes are managed by Indian enterprises. The GST Invoice Management System (IMS) will undergo a development and mandatory migration beginning in October 2025, which represents a significant development and will enhance accuracy and transparency throughout the process. The IMS aims to create unmatched flexibility; moreover, it addresses critical business challenges, particularly with respect to Input Tax Credit (ITC) management and buyer-supplier reconciliation.

Here are the 5 crucial updates you must prepare for to ensure seamless GST compliance:

1. The Smarter “Pending” Option is Now Extended to Critical Documents

Previously, the GST portal’s ‘Accept’ or ‘Reject’ choices were too forgiving for businesses; for instance, they compelled you to make decisions hastily, potentially leading to incorrect outcomes. The upgrade to the IMS offers well-deserved flexibility in regards to actions on additional types of documents - 

Why it is important to your business: This additional feature provides comfort that you can mark something as Pending (CN) without having to make an irreversible decision in a hurry. Now you can take your time to mark the Credit Note as Pending until you verify the goods were returned and confirm whether you want to claim it or reverse the ITC.

2. Mandatory Remarks for Rejections or Pending Actions

A major pain point in GST reconciliation has always been the communication gap between buyers and suppliers. If a supplier either rejected or left an invoice or credit note pending, the supplier often had no idea why which initiated the long email threads, delayed adjustments of ITC and continuous back and forth phone calls.

The new IMS update (effective October 2025) is addressing this issue directly by making it mandatory for a recipient to provide remarks every time a recipient:

GST image for ims blog

What’s New

The GST portal will prompt the user to enter a brief remark before finalizing either action. The remark will be instantaneously available to the buyer and supplier on their IMS dashboards.


Examples of Useful Remarks

Why This is Important for Businesses

Increased Transparency

Both parties know exactly why an invoice or note was rejected or left pending; there is no more guessing, and clarification no longer requires back-and-forth communication.

Faster Reconciliation

The suppliers can instantly correct or re-issue the document based on the visible remark, which reduces the dispute cycle from weeks to days.

Better Audit Trail

The remark constitutes part of the document history saved in the GST system, providing a digital trail to facilitate compliance review and audit workflows.

Reduced ITC Disputes

Buyers can rest assured knowing their Input Tax Credit (ITC) will be allowed or put on hold; the status, and reason or reasons are clearly documented on both sides.


Increased Professional Accountability

Because remarks are visible to both users, it facilitates a culture of accuracy, ownership, and problem-solving in every transaction.

3. Critical: New Rules Apply ONLY from October 2025 Onwards

It is very important to note that the new IMS features do not apply to prior transactions. Your organization will be working in a dual system for a period of time:

Document TypeDate of DocumentSystem Rule Followed
New RegimeOctober 2025 or laterPending option, partial ITC reversal, etc.
Old RegimeBefore October 2025Previous rules (no pending, mandatory full ITC reversal, etc.)

Be sure your accounting software and internal processes are immediately able to accommodate the simultaneous existence of both "old" regime documents and "new" regime documents. Your team must accurately identify the date prior to processing any document.

4. Deep Dive: Flexible ITC Reversal

Clarifying Flexible ITC Reversal – A More Intelligent, Proportionate Approach

Beginning October 2025, IMS goes live with Flexible ITC Reversal. This amendment closes the gap between a CN issuance and the recipient’s ITC claim, while promoting flexibility, accuracy, and fairness in GST compliance.

In the previous GST regime (before Oct 2025), a recipient reversing a Credit Note had to reverse the entire ITC linked to that invoice, regardless of what ITC they had actually claimed.

Too much ITC has been reversed, manual reconciliation proves problematic, and buyers and sellers engage in unnecessary disputes.

Example:

A purchaser received an invoice with ₹18,000 GST, and, for various internal accounting reasons, had only claimed ₹10,000 initially. Then, the supplier issued a Credit Note for ₹9,000 GST.The original recipient would reverse ₹9,000 of qualified ITC, even though only half of it was applicable.

With the updated IMS, taxpayers have the flexibility to choose a full or partial ITC reversal depending on their actual ITC claim.

When a Credit Note is issued and a reversal occurs, the IMS asks the recipient the following direct question:

"Do you want to reduce ITC for this record?"

Most likely, the next action will be as follows:

If yes, you are able to enter the exact amount of ITC amount and reduce it for that record - there will be no assumptions of any kind and no obligation of full reversal.

If no, the ITC will remain unchanged - until you choose to manually edit it at additional time (if at all).

This change gives businesses "control" to confirm that the ITC reversal is the same as what their real book entries are - not the assumptions of the ITC reversal from the system.

FeatureOld System (Pre-Oct 2025)New System (Post-Oct 2025)Compliance Impact
Reversal AmountFull ITC reversal on original invoice/debit entry linked to Credit Note.Partial or full reversal can be selected by the recipient.Prevents over-reversal; aligns reversal with actual ITC claimed.
System PromptSystem assumed full reversal; manual correction required.System prompts with “Do you want to reduce ITC for this record?”Improves accuracy, reduces reconciliation disputes.
User ActionNo flexibility – automatic or full reversal expected.‘Yes/No’ choice + editable reversal field.Flexibility ensures book-level accuracy and smoother audits.

Let’s say:

Supplier issues an invoice for ₹1,00,000 + ₹18,000 GST.

The recipient claims ₹10,000 ITC initially due to an internal error; consequently, we must conduct further verification to reconcile the figure with supporting documentation.

Later, the supplier issues a Credit Note reducing the value by ₹50,000 plus ₹9,000 GST; thereafter, the adjustment should be reflected in the records and reconciled with supporting documentation.

Now:

Old System: The recipient would have to reverse the entire ₹9,000, even though only ₹10,000 ITC was ever claimed.

New System (Post-Oct 2025): The system asks whether the recipient wants to reverse ITC.

Recipient selects ‘Yes’ and enters ₹5,000 — half of their originally claimed ₹10,000 ITC.

This ensures perfect alignment between the supplier’s CN and the recipient’s ITC records.

5. New Table in Annual Return (GSTR-9) for Full Transparency

The GST Network (GSTN) has added a new table — Table 6A1 — in the Annual Return (Form GSTR-9)
for FY 2025–26 onward for better clarity and accountability of Input Tax Credit (ITC) in one's GST
return.
The new table aims to give you a complete overview of your ITC movement throughout the financial
year with complete transparency with your books, GSTR-3B, and GSTR-2B.

What Table 6A1 Captures

The new table has three relevant stages of your ITC life cycle:

Total ITC Claimed During the Year –

This is your claimed ITC in total in GSTR-3B for the financial year as at the end of the period.
For example, if the claimed ITC of the year across return(s) comes out to be ₹5,00,000, the amount would appear here. Furthermore, you can verify the figure against your records, and if there is a discrepancy, you can initiate a reconciliation.

Total ITC Reversed Later –

The statement covers scenarios in which ITC was reversed for ineligibility: the recipient did not match the invoice, the vendor was not paid within 180 days, or reversal occurred for any other compliance reason.

For example, you claimed ₹5,00,000 but later reversed ₹50,000 for unmatched invoices.

Final Actual ITC Utilized –

This is the net ITC after reversals, which was eligible, and utilized against tax liability.
Final actual ITC utilized = ₹4,50,000 (Claimed - Reversed [i.e., ₹5,00,000 - ₹50,000]).

Disclaimer:

The purpose of this blog is purely to make people aware and provide information. It is not tax or legal advice. Interpretation may differ and tax law can change. Always consult a professional tax advisor before making any tax or financial decision.

The New Income Tax Act of 2025: A Complete Guide for Taxpayers

A new era is going to dawn in India's tax regime. With effect from April 1, 2026, the Income-tax Act, 2025 will take effect in lieu of the Income-tax Act of 1961, which has been in force for more than 60 years. This is history's biggest tax reform, not another amendment.

The new Act is aimed at modernizing regulations, easing tax compliance, and keeping pace with India's digital economy. Everyone who is a taxpayer -- individuals, start-ups, businesses, or charitable trusts -- will be affected.

Whether you are a private taxpayer, business person, or professional responsible for the preparation of GST returns or electronic tax returns, we at Book My Accountant (BMA) are here to assist you through these changes.

The Need for a New Income Tax Act

After decades of revisions, the Income-tax Act of 1961 had grown too complicated and antiquated. It was challenging for professionals and taxpayers to understand, with over 800 sections and multiple clarifications.

Among the principal concerns were:

To address this, the government unveiled the Income-tax Act, 2025, which was designed from the ground up to give taxpayers a more straightforward, streamlined, and digitally-first system.

Main Features of the New Income Tax Law

With only around 536 sections compared to 800+, the new Act is significantly shorter. A few of the main reforms are as follows:

1. The concept of the tax year

The terms "Assessment Year" and "Previous Year" are no longer interchangeable. From now on, it's just Tax Year, which is less onerous to follow.

2. Digital-First Structure

The government has turned digital in its thinking with full-fledged online notices, time-bound refunds, and faceless assessments. All steps in the compliance process are supposed to be monitored online.

3. VDAs (Virtual Digital Assets)

Cryptocurrency, NFTs, and tokenized assets are defined and taxed for the first time. The unreported holdings can be considered as unaccounted income, and VDA gains are taxable.

4. Plain Words

Heavy legalese is not used in the Act. The language used in the provisions is simpler and more understandable, easy for common taxpayers to read and understand.

5. Notice Before Enforcement

Where there are no exceptional circumstances, advance notification has to be provided by the tax department before any action for enforcement, e.g., search or seizure. This renders the process even more equitable.

6. Charitable Institution and Trust Regulations

There will be exemptions only for valid charitable purposes. There are more stringent reporting requirements and disincentives for gifts anonymously made.

Individuals' New Tax Slabs

The Act now incorporates the new tax slabs announced in the Union Budget 2025. With effect from FY 2025–2026, the following apply:

Range of Incomes (₹) Rate of Taxation
0–4,00,000Zero
Between 4,00,001 and 8,00,0005%
8,00,001–12,00,00010%
12,00,001–16,00,000   15%
16,00,001–20,00,00020%
Between 20,00,001 and 24,00,000 25%
Over 24,00,000 30%

Key Points to Note

The normal deduction was raised to 75,000.

The plan here is to discourage the use of deductions and make it easier to file.

Reductions and Rewards:

The Act retains a few common deductions despite reducing exemptions:

Although the focus on the new regime is more now, 80C investments are still there.

For tax, the Unified Pension Scheme (UPS) is treated on par with the NPS.

Evaluations and Compliance:

The government is emphasizing faceless digital compliance. Some of the major changes include:

Even though these steps streamline the process, they also create privacy issues, with access being in digital format.

Business Provisions:

Non-profits and trusts

The new Act subject’s non-profit organizations to stricter treatment:

This only makes sure that legitimate non-profits are benefiting from tax relief.

Transition Rules

Tax payers and companies ought to update their data, software, and planning techniques well in advance.

Practical Consequences for Individuals

When dealing with Companies

For tax planners and certified accountants

Pros and Cons:

ProsProblems
1. Cleaner, modernized drafting.
2. Simpler abridged sections and slabs.
3. Faster refunds and fairer procedures.
4. Clear rules for digital assets and start-ups.		1. Privacy issues with increased digital access.
2. High-deduction taxpayers (housing loan, PF, LIC) might feel penalized.
3. Enterprises making the transition will have to adjust quickly.

Conclusion

India's tax system has completely changed as a result of the Income-tax Act of 2025. It seeks to align with India's digital economy while making income tax easier, quicker, and more equitable.

For individuals, it means filing tax returns will be less complicated. It represents a shift for companies toward efficient, transparent, and faceless compliance. It's also time for professionals to help clients make the change.

Our goal at Book My Accountant (BMA) is to make this transition as smooth as possible. Our professionals can assist you in meeting your ITR filing deadline, staying in compliance with the new tax regime, and streamlining electronic income tax filing so you can concentrate on what really counts: expansion.

Disclaimer:

The purpose of this blog is purely to make people aware and provide information. It is not tax or legal advice. Interpretation may differ and tax law can change. Always consult a professional tax advisor before making any tax or financial decision.

GST Reform 2025: India's Real Estate and Building Sector Enters A New Era

GST Reform 2025 is set to transform India’s real estate and construction sector. The 56th GST Council Meeting in September 2025 brought sweeping changes that lower GST rates on essential construction materials. This reform aims to reduce project costs, boost housing affordability, and encourage faster infrastructure growth across the country. By easing the tax burden on builders and buyers, GST Reform 2025 marks a new era for India’s real estate industry.

India's construction sector is its growth backbone. It fuels investment, urbanization, and employment through everything from large-scale infrastructure projects to affordable housing developments. Exorbitant GST levies on construction materials forced buyers and builders to absorb astronomical costs for years.

The September 2025 56th GST Council Meeting has brought a sea change to India’s construction industry.The government has finally provided much-awaited relief to real estate buyers, contractors, and builders by reorganizing the GST slabs.

For India's infrastructure development and real estate construction, as well as affordable housing, this is a revolutionary change—it's not just a tax change.

GST Reform 2025: New GST Slabs for Real Estate & Construction

Construction materials were previously classified into a defiling range of GST slabs of 5%, 12%, 18%, and 28%. This led to endless classification disputes, uncertain expenses, and undue weighting on housing affordability.

 All of this is reduced to just two large slabs under the new GST regime:

The government has made GST transparent, certain, and developer-friendly by rationalizing the tax structure

cement : The game changer

Cement: The Game-Changer

The backbone of every project, cement, was earlier taxed at 28%. It is now a far more manageable 18%.

Why is it significant? 20–25% of the cost of construction is from cement alone. This single adjustment alone will save three to five percent in project cost.

Improved margins, faster project launches, and competitive pricing are the outcomes for builders. To buyers, it means that the reasonably priced housing and real estate projects will arrive sooner.

Marbles , stones and brick : the quite champion

Marble, Stones, and Bricks: The Quiet Champions

The tax concessions are not just reserved for cement. Key materials such as travertine blocks, granite, marble, and sand-lime bricks are now added to the 5% slab (previously 12%).

These find widespread use in both residential and commercial properties. The reduction brings luxury and affordability closer to each other by lowering directly the input costs of walling, flooring, and decorative finishes.

All in all, the cost of each layer of your home has come down.

How GST Reform 2025 Benefits Real Estate Developers

Developers and builders have more fiscal flexibility. Here's why:

1. Profitability improves as a function of lower input costs.

2. Reduced disputes and better management of input tax credits come from simplified compliance.

3. Improved cash flow and timely delivery come from faster completion of a project.

This is nothing short of a renaissance for an industry plagued often by delays and slim profit margins.

Bricks, Marble, and Stone: Silent Cost-Savers

Cement is not the only one beaming under the new GST regime. Commodity materials like granite, marble, travertine blocks, and sand-lime bricks have all shifted from the 12% slab to the 5% slab.

Think about it—these are the materials that provide your floor with that shine, your walls with that strength, and your interiors with that timelessness. With GST relief, they're a whole lot more affordable now.

For the developers, it's yet another saving layer. For the purchasers, that means luxury finishes might no longer be completely out of their budget.

GST on Bricks , Marbles and Stones

Why Developers Are Cheering

Why Developers are cheering

Developers have had to bear years of rising input costs and thin margins. The new GST reform gives them much-needed relief.

How things change for them:

  • Lower input costs allow them to finally sleep peacefully while planning projects.
  • Less complicated GST slabs lead to fewer disputes over classification.
  • ITC processing becomes simpler, compliance a breeze.
  • Reduced project duration becomes possible with reduced financial burdens.

For contractors, it's not just about cutting costs—it's about restoring confidence to take on new projects without fear of venturing into losses.

GST Reform 2025: Impact on Real Estate Buyers & Housing Prices

That is what every home purchaser would love to learn. The answer: yes… with a rider.

If you're looking at low-cost housing or mid-income projects, chances are that developers are going to be passing on the savings. You would see discounts, better festive offers, or relaxed payment terms.

But when you're looking at high-end or luxury residential units, developers might want to hold back the savings in a bid to protect their margins.

Either way, the mood is generally upbeat. Buyers are positive, developers are positive. That's a double for the real estate sector.

Commercial and Retail Property: Riding the Wave Too

The reform is not confined to residences.

That means the infrastructural boom will spill over into India's growing urban and commercial world.

The Catch: Why You May Not See Savings Immediately

This is where reality kicks in. Most developers are locked into pre-agreed fixed contracts with negotiated cost. These cannot be changed overnight.

So, if immediate discounts are on your mind, you may have to wait. The real impact will manifest gradually—especially in new projects commissioned after September 2025.

But safe to say: the direction is set, and it's in the direction of affordable housing and reduced building costs.

Quick Snapshot: Old vs New GST Rates

MaterialOld GST RateNew GST Rate
Cement28%18%
Granite / Marble / Travertine12%5%
Sand-lime bricks12%5%
Works Stone inlay / marble12%5%

This clear-to-read table shows just how radical the change is. These aren't minor tweaks—they're definite cost cuts that will be noticed by developers and buyers in every project budget.

The Bigger Picture

Essentially, the GST reform 2025 is a matter of giving construction and real estate a second chance. Lower taxes on critical inputs mean more projects, stricter deadlines, and better margins.

For India, it is growth.

More homes. More office space. More infrastructure.

And above all, closer to the "Housing for All" reality.

Need Expert Guidance?

Whether you’re a developer planning your next big project or a homebuyer trying to understand how GST affects property prices, BMA here to simplify the numbers for you.

Ring us today for specialist advice and personalized guidance.

Disclaimer

This blog is designed for general information purposes only. The information is based on the 56th GST Council meeting news of September 2025. Take professional tax advice before taking any financial and business decisions in relation to GST.

Team BMA