India’s MedTech ecosystem now extends beyond physical devices to include connected systems, diagnostics, IoT, and AI-driven solutions. However, regulation remains fragmented. While medical devices are governed by the Central Drugs Standard Control Organisation (CDSCO) through the Medical Devices Rules, 2017, software and IoT-based technologies are not.
With the Digital Personal Data Protection Act (DPDPA) coming into force, this gap is no longer sustainable. MedTech solutions increasingly process sensitive health data, often across borders. Almost 70 per cent of Indian medical devices are imported from foreign suppliers. This creates a need for system-level data-flow governance across the entire MedTech ecosystem. This includes hospitals, device manufacturers, software developers, and AI deployers. Just as strong regulatory standards exist for clinical evidence, similar standards are now required for data and AI governance. Embedding Privacy by Design and adopting global standards such as IS/ISO 27701, IS/ISO 42001, and ABHA (Ayushman Bharat Health Account) will be key to ensuring compliant and future-ready MedTech systems.
ABOUT THE AUTHOR
S Chandrasekhar
S Chandrasekhar is the MD & CEO of K&S Digiprotect. He has over 32 years of experience. He is a Lead Auditor and Implementor- ISO-27001 (2022) and is qualified as a Lead Privacy Auditor (DSCI) and Certified Information Privacy Manager (CIPM) by the International Institute of Privacy Professionals (IAPP).
- chandrasekhar@knsdigiprotect.com