Cross Identity Offers Free AI Platform to Tackle India's DPDP Compliance Lag

BENGALURU, India – April 06, 2026 – In a significant move aimed at accelerating India's lagging data privacy readiness, Identity and Access Management (IAM) firm Cross Identity today announced it is offering its AI-powered compliance platform, VISHWAAS AI, at zero license cost. The offer, which provides lifetime license access to organizations that onboard before June 30, 2026, makes a high-value enterprise solution, typically priced at an average of ₹50 lakh annually, accessible to a market struggling to prepare for the Digital Personal Data Protection (DPDP) Act.

The initiative marks the company's 25th anniversary and directly confronts a critical challenge facing India Inc.: widespread unpreparedness for the nation's new data privacy regime. With the DPDP Rules, 2025, now notified and enforcement timelines looming, the pressure on businesses to operationalize compliance has become immense.

A Response to Widespread Unreadiness

Cross Identity's strategic decision comes as multiple industry reports paint a stark picture of the compliance landscape. Recent studies from major consulting firms like PwC and EY suggest that nearly 80% of Indian organizations remain significantly underprepared for the DPDP Act's stringent requirements. An EY study found that 81% of enterprises have not yet established the necessary governance structures, while a PwC analysis revealed that only 9% of firms' privacy policies met the Act's standard for “free, specific, and informed” consent.

Businesses are grappling with a host of challenges, from fragmented customer data stored across disparate legacy systems to the immense operational difficulty of implementing and managing auditable consent mechanisms at scale. Many are still trying to interpret complex regulatory requirements, such as the 72-hour breach notification window and the robust management of data principal rights. This gap between regulatory mandate and operational capability is precisely what the VISHWAAS AI platform aims to close.

“With DPDP, the challenge is no longer awareness, it is execution,” said Binod Singh, Founder & CEO of Cross Identity, in the company's announcement. “Most organizations understand what is required but lack the systems to implement it. We built VISHWAAS as the only platform that brings together assessment, execution, and security for DPDP in a single system.”

Technology to Bridge the Compliance Gap

Built specifically for India's regulatory environment, VISHWAAS AI distinguishes itself with several key technical features designed to provide legally defensible proof of compliance. Its most notable feature is a “proof-first” architecture that creates cryptographically verifiable consent records. Unlike simple database timestamps, which can be challenged, VISHWAAS AI uses a combination of SHA-256 hash chains, RSA digital signatures, and trusted third-party timestamps. This creates an immutable, append-only ledger of consent events, providing organizations with robust evidence for audits, regulatory reviews, and legal proceedings.

This level of technical assurance is critical under the new law, where the burden of proof for valid consent rests squarely on the organization processing the data. The platform also includes 'All About DPDPA,' an integrated readiness assessment layer that helps businesses evaluate their current compliance posture and identify specific gaps across areas like consent management, data breach response, and data principal rights management.

Further tailoring its solution to the Indian market, the platform supports deployment and privacy notices in 22 Indian languages, a crucial feature for ensuring that consent is truly “informed” across India’s diverse population. The system is designed with over 15 modules to address the full spectrum of DPDP obligations, from automated data discovery and inventory to vendor management and real-time breach reporting dashboards.

A Disruptive Move in a Growing Market

Cross Identity's zero-cost licensing model is a highly disruptive tactic in India's burgeoning privacy management software market, which is projected to exceed USD 330 million by 2030. The space is becoming crowded with a mix of global GRC giants like OneTrust and a host of India-native solutions such as GoTrust, Seqrite, and Complynz, all vying to capture market share.

While competitors offer a range of pricing models, from freemium tiers for basic services to expensive enterprise-level subscriptions, Cross Identity's decision to waive the entire license fee for a comprehensive platform is unprecedented. This “land and expand” strategy aims to rapidly embed VISHWAAS AI within a large number of organizations. While the core license is free for early adopters, the company's business model includes monetization through optional paid add-ons, such as cloud hosting, premium support, and professional services for implementation and integration.

By removing the significant upfront financial barrier, the company not only accelerates adoption but also places immense competitive pressure on other vendors. The move could reshape the market dynamics, forcing competitors to re-evaluate their pricing and value propositions to stay relevant.

From Identity Management to Privacy Governance

The launch of VISHWAAS AI represents a strategic evolution for Cross Identity, leveraging its 25-year foundation in the IAM sector to address the adjacent and increasingly intertwined field of data privacy. As regulations like the DPDP Act take hold, the convergence of identity and privacy management has become a critical need for modern enterprises. Managing who has access to data (identity) is now inseparable from managing the permissions and rights associated with that data (privacy).

By extending its expertise into privacy governance, Cross Identity is positioning itself as a more comprehensive provider of digital trust solutions. This move reflects a broader industry trend where securing digital identity is no longer just about authentication and access control but also about upholding an individual's right to data privacy.

With the platform now available, organizations have a limited window to take advantage of the zero-cost offer and fast-track their journey toward compliance. As enforcement of the DPDP Act begins to ramp up, the ability to demonstrate structured, verifiable, and scalable privacy management will become a key determinant of both regulatory standing and customer trust in the Indian digital economy.