Skip to main content
Guides
CMP
Consent Management Platform
DPDPA
India
Data Privacy
Compliance

What is a Consent Management Platform (CMP)? India Guide 2026

A consent management platform (CMP) is a software tool that helps businesses collect, record, and manage user consent for data processing. Under India's DPDPA 2023, every business collecting personal data must use a CMP. This guide explains what a CMP does, why you need one, and how to choose the right one for India.

Consently Team
1 March 2026
7 min read

What is a Consent Management Platform (CMP)?

A Consent Management Platform (CMP) is a software solution that helps organisations collect, record, manage, and honour user consent for data processing activities. When a user visits a website or app and agrees (or disagrees) to how their data is used, the CMP captures that decision, stores it securely, and enforces it across your systems.

Under India's Digital Personal Data Protection Act, 2023 (DPDPA) and the notified DPDP Rules 2025, every business that collects personal data of Indian residents must implement a consent management system. A CMP is the technical tool that makes this possible.

CMP vs Consent Manager: The DPDPA Distinction You Must Know

The DPDPA introduces a specific legal entity called a "Consent Manager" — a government-registered intermediary that manages consent on behalf of data principals across multiple platforms. Registration for Consent Managers opens on 13 November 2026.

A CMP (Consent Management Platform), on the other hand, is the technical software tool that your business uses to manage consent for your own users. You do not need to register as a Consent Manager — you simply need a CMP to comply with DPDPA's notice and consent requirements.

FeatureCMP (Technical Tool)Consent Manager (Legal Entity)
What it isSoftware tool for your website/appGovt-registered intermediary
Who needs itEvery business collecting personal dataEntities offering consent management services
DPDPA requirementImplied by consent obligationsRegistration from Nov 2026
ExampleConsently.inRegulated consent management services

What Does a CMP Actually Do?

A modern CMP performs six core functions:

  1. Collects Consent: Presents a consent banner or notice to users before processing their data, with clear language in their preferred language.
  2. Records Consent: Stores a timestamped, tamper-proof record of what the user agreed to, when, and how — the audit trail required under DPDPA.
  3. Purpose-Based Consent: Allows users to consent separately for different purposes (e.g., marketing vs. analytics vs. essential services).
  4. Consent Withdrawal: Provides users a simple mechanism to withdraw consent at any time — mandatory under Section 6 of DPDPA.
  5. Cookie Scanning: Automatically detects and classifies cookies and trackers on your website.
  6. Multilingual Support: Delivers consent notices in the user's language — critical for India's diverse population.

Why Every Indian Business Needs a CMP in 2026

The DPDP Rules 2025 were notified on 13 November 2025, operationalising India's data protection framework. The enforcement timeline is:

  • 13 November 2026: Consent Manager registration opens; Data Protection Board established.
  • 13 May 2027: Full enforcement — consent, privacy notice, and security requirements become legally binding.

Penalties for non-compliance can reach up to ₹250 Crores. Businesses that implement a CMP now have a head start — avoiding a compliance rush in 2027.

Key Features to Look for in an India-Ready CMP

  • DPDPA-native design: Purpose-based consent matching DPDPA's structure (not just GDPR retrofitted)
  • 22 Indian languages: Supports all Schedule 8 languages (Hindi, Tamil, Bengali, Telugu, etc.)
  • Indian data residency: Data stored on servers within India
  • Zero-PII Consent IDs: Tracks consent without storing personally identifiable information
  • Cookie scanner: Auto-detects and categorises cookies on your website
  • Data Principal Rights: Handles access, correction, and erasure requests
  • Audit trail: Timestamped, exportable consent records for regulatory inspection

Frequently Asked Questions

Is a CMP mandatory under DPDPA?

While DPDPA does not explicitly mandate a "CMP product," it requires businesses to obtain free, specific, informed, unconditional, and unambiguous consent before processing personal data — and to maintain verifiable records of that consent. A CMP is the practical tool to meet these requirements. Full enforcement begins May 13, 2027.

Can I use a GDPR CMP for DPDPA compliance?

Not directly. GDPR CMPs are built around six legal bases for processing; DPDPA relies primarily on consent with limited exceptions. You need a CMP natively built for DPDPA — or one that explicitly supports DPDPA configurations, multilingual Indian languages, and Indian data residency.

How much does a CMP cost in India?

Consently.in offers a free tier for up to 5,000 consents per month — ideal for startups and small businesses. Premium plans start at ₹999/month. Enterprise plans at ₹2,499/month cover unlimited consents, advanced analytics, and dedicated support.

What is the difference between a cookie consent tool and a CMP?

A cookie consent tool handles cookie banners only. A full CMP handles cookie consent plus DPDPA purpose-based consent, data principal rights, consent records management, and privacy notices — the complete compliance picture.

Get Started with Consently — India's DPDPA-Native CMP

Consently.in is India's first consent management platform natively built for DPDPA 2023. Key differentiators:

  • Only platform built ground-up for DPDPA (not adapted from GDPR tools)
  • 22 Indian Schedule 8 languages via Bhashini API
  • Indian data residency (Mumbai servers)
  • Zero-PII Consent ID system — an industry first
  • Free tier: ₹0/month for up to 5,000 consents

View plans and pricing →

Share this article
TwitterLinkedIn