The Ministry of Electronics and Information Technology in India (MeitY) has introduced a revised regulatory framework for the online gaming sector, adopting what it calls a “light-touch” approach that keeps most online social games outside mandatory registration or classification requirements.
Announced by MeitY Secretary S. Krishnan, the Promotion and Regulation of Online Gaming Rules, 2026 are set to come into force on May 1, operationalising the provisions of the PROG Act, 2025 while attempting to strike a balance between oversight and ease of doing business.
At the centre of the framework is a newly constituted Online Gaming Authority, a digital office under MeitY that brings together representatives from finance, information and broadcasting, health, sports, power, justice and external affairs signalling a cross-sectoral approach to governance in a space that cuts across policy domains.
The rules redraw the regulatory boundaries by clearly distinguishing between prohibited real-money gaming formats and permissible categories such as online social games and e-sports. Crucially, classification or “determination” of a game will not be automatic. It will be triggered only in three cases: when initiated by the authority, when a service provider applies (especially for e-sports), or when the government notifies specific categories.
Once triggered, the determination process will follow a 90 day timeline, with outcomes issued through formal orders that apply only to the specific game and publisher, rather than across similar titles.
Registration, too, has been narrowed in scope. It will apply only to notified categories involving financial risk or large-scale participation, along with all e-sports titles. As of now, no categories have been formally notified, with the provision described as enabling rather than mandatory.
Beyond classification, the framework leans heavily on compliance and user safety. Platforms will be required to implement technical and behavioural safeguards, alongside a two-tier grievance redressal system and an appellate route through the authority. Additional obligations include data retention, cybersecurity standards, financial transaction monitoring and periodic reporting extending compliance responsibilities to banks and financial institutions as well.
Structurally, the rules simplify earlier drafts by removing provisions such as a separate section on promoting e-sports and the concept of “material change,” reducing room for interpretational ambiguity. The authority itself will comprise six members, with stricter quorum norms and faster emergency response timelines cut from seven days to three.
Registration validity has been extended to up to 10 years, while suspension and cancellation processes now include a mandatory opportunity for hearing, reflecting a more formalised enforcement mechanism.
The ministry said the revisions incorporate feedback from around 2500 stakeholders, spanning industry, academia, think tanks and legal experts many of whom had flagged concerns around definitions, governance structures and regulatory clarity.
