Consent Manager registration, under Rule 4.

The Consent Manager, defined.

Before the eligibility test, it helps to be clear on what the role actually is — and what it is not.

A Consent Manager is a single point of contact through which a Data Principal can manage their consent across multiple Data Fiduciaries — giving, reviewing, and withdrawing it through one accountable, interoperable interface. It is a registered entity, accountable to the Board, and it acts on behalf of the Data Principal, not the Fiduciary.

Being a good consent platform is not the same as being a registered Consent Manager. The first is a product capability; the second is a regulated status with eligibility criteria and ongoing obligations under Rule 4. A Fiduciary can run excellent consent operations without ever being a Consent Manager — and most will.

Who Rule 4 lets register.

Rule 4 sets criteria that are as much about jurisdiction and architecture as about features.

• India-incorporated company. A Consent Manager must be a company incorporated in India, with the financial and operational capacity the Rules require. A foreign-incorporated platform cannot register, regardless of how capable its consent features are.
• Data residency. Consent records and related data handled by the Consent Manager must be held consistent with the residency expectations the framework sets — Indian data, governed under Indian law, on infrastructure that meets the requirement.
• Interoperability. The whole point of a Consent Manager is that it works across Fiduciaries. Rule 4 expects the platform to be interoperable — to expose and consume consent in a standard way so a Data Principal's consent can be managed in one place across many services.
• Sound governance. Certified, auditable practices and a governance posture the Board can hold accountable — registration is a standing relationship, not a one-time form.

When registration opens.

The timeline is fixed, and it shapes what is worth doing today versus what has to wait.

The registration window for Consent Managers under Rule 4 opens on 13 November 2026. That is the date from which eligible India-incorporated entities can apply. It is also why no platform can truthfully claim to be a registered Consent Manager before then — the register does not yet accept applications.

Vishwaas AI is built to register — it is preparing for Rule 4, not already registered. Our architecture is India-incorporated, India-resident, and interoperable by design so that when the window opens we are ready to apply. We are explicit about that distinction: "built to register" is an honest statement of readiness; "registered" would be a claim no one can yet make.

Fiduciaries vs Consent-Manager-aspirants.

The right move today depends on which side of the relationship you are on.

If you are a Data Fiduciary, you do not need to become a Consent Manager. Your job is to run compliant consent — free, specific, informed, withdrawable, and provable — and to be ready to integrate with Consent Managers once they are registered and interoperable. Build your consent operations on a tamper-evident, append-only foundation now, so that integration later is a connection, not a rebuild.

If you aspire to register as a Consent Manager, the work starts before the window opens. India-incorporation, data-residency, interoperable architecture, and an auditable governance posture cannot be assembled in the weeks before 13 November 2026. The entities that register early will be the ones that built for it well in advance.

Either way, the foundational requirement is the same: consent that is verifiable, withdrawable, and held in a form that survives scrutiny.