What is WhatsApp business messaging compliance in India?
WhatsApp business messaging compliance in India sits on three legs at once: Meta's own Business Messaging Policy, India's Digital Personal Data Protection Act (DPDP), and WhatsApp's template-approval rules. In practice that means you need documented opt-in before you message a customer, an obvious way for them to opt out, data handling that collects and keeps only what you actually use, and message content that is honest and matches its declared template category. Unlike bulk SMS, WhatsApp has no TRAI DLT registration layer for headers and templates, but that does not make consent optional. Get these fundamentals right and you unlock the upside: higher deliverability, better quality rating, fewer blocks, and lower cost per outcome. Below is exactly what an Indian business needs to do, and where InfiQ, an official Meta Business Partner, keeps you inside the lines from day one.
Quick answer
Compliance = valid opt-in + easy opt-out + DPDP-grade data handling + honest, category-accurate templates. No TRAI DLT layer, but Meta policy and consent still apply, and getting it right lowers blocks and cost.The three rulebooks you have to satisfy
There is no single 'WhatsApp compliance' checklist in India. You are answering to three authorities at once, and all three must be satisfied. First, Meta's WhatsApp Business Messaging Policy and Commerce Policy govern what you may send, how you collect consent, and which industries are restricted. Second, India's DPDP Act treats phone numbers, order history, and chat content as personal data, so you need a lawful basis (consent), a stated purpose, and the ability to honour deletion and access requests. Third, WhatsApp's template review system enforces content quality and correct categorisation at the message level before anything goes out. Break any one and the consequences differ: a Meta policy breach can suspend your number, a DPDP lapse creates legal and reputational exposure, and a template mismatch gets your message rejected or recategorised. The reassuring part is that the same discipline, clean consent and honest content, keeps all three happy at once.
- Meta policy: consent, allowed use cases, commerce restrictions
- DPDP Act: lawful basis, purpose limitation, opt-out and deletion rights
- WhatsApp template review: correct category and truthful content
Opt-in is the foundation, and it has to be provable
Every business-initiated message on WhatsApp requires prior opt-in, and 'we bought a list' is never valid consent. The opt-in must come from the user, be specific about receiving WhatsApp messages from your business, and be captured somewhere you can later prove it. Common valid sources are a website checkbox, a Click-to-WhatsApp ad, a keyword the customer sends first, a checkout consent line, or an in-store form. Two details Indian teams often miss: opt-in for utility or transactional updates does not automatically cover marketing offers, so treat marketing consent separately; and you should store when, where, and how each contact opted in, not just a yes/no flag. This consent record is what protects your quality rating when a few recipients report a message, and it is exactly what a DPDP enquiry would ask you to show. InfiQ captures opt-in at the point of collection and keeps it attached to the contact, so you are never guessing where a number came from.
Opt-out, honesty, and data minimisation in daily operations
Compliance is not a one-time setup, it is how you run every campaign. Make opting out effortless: honour STOP-style replies, offer a clear 'stop promotions' path, and stop sending the moment someone blocks or complains, because block rate directly drags down your quality rating and messaging limits. Keep content honest and on-category, promotional offers go in marketing templates, order and account updates in utility, OTPs in authentication, and never disguise an ad as a shipping update to dodge cost. On the data side, DPDP's principle of minimisation means collecting only fields you genuinely use, keeping them only as long as you need, and being ready to delete a customer's data on request. Personalisation should draw on data the customer knowingly gave you, not scraped or inferred attributes. Done well, this restraint is also good marketing: opted-in, relevant, respectful messaging is what earns high open rates on WhatsApp in the first place.
- Honour STOP and any opt-out instantly; stop on blocks and complaints
- Match every message to its true category; never mislabel to save money
- Collect and retain only the customer data you actually use
- Be able to delete or export a customer's data on request (DPDP)
How this shapes cost, and where InfiQ fits
Compliance and cost are linked, because WhatsApp bills per delivered message by category (marketing, utility, or authentication) since Meta moved off per-conversation billing on 1 July 2025. The 24-hour service window remains a free window to reply to a customer who messaged you first today, it is not a billing unit — though service-window replies are free only until 30 September 2026 and become chargeable from 1 October 2026. Two compliance habits directly lower your bill: replying inside that free window instead of firing a fresh template, and categorising honestly so genuine utility updates are charged at utility rates rather than being recategorised as marketing. As an official Meta Business Partner, InfiQ sets you up correctly, verified business, correct template categories, consent capture, opt-out handling, and full ownership of your WhatsApp account, so you are compliant and cost-aware from day one. Pricing is transparent ₹ pricing (ex-GST), and you can model your own message mix before you commit.