TL;DR
- DPDP general data: can host anywhere; whitelist of "safe countries" still being notified.
- RBI payments data: must be stored in India. End-of-day mirror to India is OK.
- Healthcare: not strictly mandated yet but auditors expect India hosting.
- Government / RFP work: India hosting is usually a hard requirement.
What the rules actually say (2026)
DPDP Act 2023 + Rules
Personal data of Data Principals can be transferred outside India to any country UNLESS specifically restricted by Government notification. As of 2026, no broad restriction — but specific sectors (banking, insurance, telecom, healthcare) have sectoral rules.
RBI (payments)
Payment-related data — including the full transaction lifecycle — must be stored only in India. You can process abroad but must end-of-day mirror to India servers. Most gateways (Razorpay, Cashfree) handle this for you.
Sectoral rules
- Healthcare: ABDM (Ayushman Bharat Digital Mission) requires India-region for HRP-registered systems
- Government / public sector RFPs: usually require India hosting + sometimes specific MeitY-empanelled DCs
- Defence / strategic: airgapped + on-prem typically
Hosting options in India
| Provider | India regions | Best for | Approx ₹/mo (small SaaS) |
|---|---|---|---|
| AWS | Mumbai (ap-south-1), Hyderabad (ap-south-2) | Enterprise, regulated, scale | ₹8K+ |
| Google Cloud | Mumbai, Delhi NCR | BigQuery / ML workloads | ₹6K+ |
| Azure | Pune, Mumbai, Chennai, Hyderabad | MS-stack shops, government | ₹8K+ |
| DigitalOcean | Bangalore | SMB SaaS, dev-friendly | ₹2-5K |
| Hetzner | (no India region) | Avoid for India-required | — |
| E2E Cloud (Indian) | Delhi, Mumbai | Government, MeitY-empanelled | ₹3-8K |
| CtrlS / NxtGen / Yotta | Multi-city India | Tier-3+ DC needs | Variable, on-request |
What we ship for typical clients
- SMB SaaS, no regulated data: DigitalOcean Bangalore (cost-effective) or Vercel (frontend) + Neon Postgres (backend)
- Healthcare / fintech / regulated: AWS Mumbai region with documented region pinning
- Government RFP: AWS Mumbai or E2E Cloud (MeitY-empanelled)
- Pure compliance / sensitive: Indian Pvt Cloud (CtrlS / NxtGen)
Don't over-engineer for hypothetical compliance. Most SMB SaaS / D2C / consumer apps can host on DO Bangalore or AWS Mumbai with zero issues. Add stricter providers only when you have a real contract or sector requirement. DPDP guide
Last reviewed: 27 April 2026.
Want this built for you?
Talk to Kashvi — 30-min call, honest assessment, no pitch deck.