corporate law

IRDAI 2025 Regulations: Essential Guidelines for Insurance Data Maintenance and Sharing

Overview of IRDAI's 2025 Regulations on Information Maintenance and Sharing

The Insurance Regulatory and Development Authority of India (IRDAI) has announced the “Maintenance of Information by the Regulated Entities and Sharing of Information by the Authority” Regulations, 2025, effective upon its publication in the Official Gazette. These regulations require insurers and intermediaries to safeguard key operational data electronically, ensuring security and legal compliance. Their primary purpose is to enhance data governance and preparedness for regulatory inquiries as stipulated in the Insurance Act, 1938.

This article outlines the provisions pertaining to data sharing, confidentiality, and record maintenance required under the new regulations.

Key Objectives of the Regulations

The regulations are designed to achieve the following objectives:

  • Data Maintenance: Insurers must store operational data in an electronic format while maintaining compliance with applicable laws and integrating a structured data governance framework.

  • Investigative Readiness: Insurers and intermediaries are required to maintain relevant data essential for investigations conducted by officers under Section 33 of the Insurance Act, 1938.

  • Confidential Information Sharing: The regulations outline stringent guidelines for the sharing of confidential information, necessitating consent from affected entities. Information release is contingent on legal and public interest considerations.

  • Board-Approved Policies: Insurers must develop and maintain board-approved records on data management, security measures, and disaster recovery.

  • Geographic Record Storage: All records should be stored solely within India to ensure accessibility for regulatory oversight.

Structure of the Regulations

Chapter 1: Sharing of Confidential Information

5. Information Categorization

  • Information requested may be divided into:
    • Public domain information.
    • Non-public information held by the Authority.

6. Purpose of Information Requests

  • Requests may be made for various purposes including:
    • Statutory or regulatory functions by domestic bodies.
    • Public information under Section 20 of the Insurance Act, 1938.

7. Disclosure Protocol

  • Public information can be freely shared.
  • For non-public information, requests will require:
    • Written consent from the Requesting entity.
    • Requirements set forth by relevant laws.
    • Prior consent from the Requested Entity before information release.

Chapter 2: Maintenance of Insurance Records

8. Record Keeping Obligations

  • Each insurer must keep records of policies and claims, ensuring that:
    • Records are comprehensive and accurate.
    • Systems are equipped with security protocols.
    • Data is stored only in India.

9. Board Policies for Record Maintenance

  • Insurers must form board-approved strategies that cover:
    • Implementation plans for record keeping.
    • Security and privacy standards for policyholder data.
    • Disaster recovery and data archival processes.

10. Optimizing Accessibility of Records

  • Records should be organized to facilitate efficient business operations and compliance with all regulatory frameworks.

Chapter 3: Minimum Information for Investigative Purposes

11. Insurer Requirements

  • Insurers must retain all operational and legal records at their main business location.

12. Intermediary Requirements

  • Similar to insurers, intermediaries must keep records compliant with the extant laws and applicable guidelines.

Additional Provisions and Regulations

  • Each insurer and intermediary must maintain additional records pertaining to specific transactions, marketing efforts, and financial dealings.
  • The authority may issue clarifications or guidelines as necessary to facilitate the implementation of these regulations.

Conclusion

The IRDAI’s 2025 regulations are pivotal to enhancing the integrity and transparency of India's insurance industry. By mandating robust data maintenance practices and ensuring proper information sharing protocols, these regulations will aid in fostering public trust and regulatory compliance. Entities within the insurance sector are urged to adapt their operations in line with these requirements to maintain compliance and safeguard confidential information effectively.