Decisions made about individuals solely by automated means without meaningful human involvement in the process.
Automated decision-making refers to decisions taken about Data Principals solely by technological means without meaningful human intervention. This includes algorithmic credit scoring, automated loan approvals, AI-driven recruitment screening, and algorithmic content moderation. Under DPDPA Rules 2025, Significant Data Fiduciaries must conduct impact assessments for automated processing and maintain algorithmic accountability records.
If your product makes automated decisions affecting users — loan approvals, insurance pricing, content filtering — you face heightened obligations including impact assessments and potentially human oversight requirements.
A Bengaluru lending startup uses ML models to auto-approve or reject loan applications in seconds. Under DPDPA, it must document the algorithm in its registry, conduct a DPIA, and ensure Data Principals can challenge automated rejections.
Automated recommendations (like product suggestions) may not trigger the same obligations as automated decisions with legal or significant effects. The key distinction is whether the decision materially affects the individual.
DPDPA Shield automates Compliance Dashboard. See how →