Introduction

India and the European Union (“EU”) recently announced the political conclusion of a historic Free Trade Agreement (“FTA”), following nearly 20 years of intermittent negotiations. Both parties have described it as “the mother of all deals.” The agreement was made at the India-EU Summit on January 27, 2026. However, the FTA cannot be considered legally concluded until the final treaty text is released and formally adopted by the parties through their respective domestic procedures.

For both parties, this represents a pivotal geopolitical and economic movement, symbolizing the strengthened strategic partnership amid fragmented global trade and shifting supply chains. Beneath the headlines of tariff liberalisation and expanded market access, however, lies a much more contentious regulatory landscape. The central challenge of this FTA was less about tariffs and more about the interaction between two distinct regulatory philosophies, particularly at the intersection of trade, Intellectual Property (“IP”), and data protection.

This article examines the legal and policy dimensions of the negotiations, focusing specifically on Intellectual Property Rights (“IPR”) and data protection. These domains constitute the “new frontier” of trade regulation, where the EU’s high-standard harmonisation approach, often described as the Brussels Effect, meets India’s firm defence of its developmental priorities and public health safeguards.

I. Divergent IPR Regimes: Core Tensions and Stance

While the IP regimes of India and the EU differ in several respects, the central dispute is between the EU’s TRIPS-plus aspirations and India’s protective stance toward its domestic generic industry and public health priorities. The EU has consistently advocated for TRIPS-plus standards that extend protections beyond the minimum requirements of the World Trade Organisation (“WTO”) TRIPS Agreement[i]. In contrast, India has guarded its domestic l framework under the Patents Act, 1970[ii], which is foundational to maintain its position as the “pharmacy of the world”, and sustaining its generic industry.

TRIPS-plus measures discussed in the negotiations include Patent Term Extensions (“PTE”), patent linkage to drug registration, and Data Exclusivity (“DE”) periods

PTE is a mechanism designed to compensate patent holders for time lost during the regulatory approval process by national authorities, such as the Central Drugs Standard Control Organisation, such delays can effectively reduce the standard 20-year patent term. DE, on the other hand, prevents the general manufacturers from relying on the innovator’s clinical trial data to obtain marketing authorization for a specified period, typically five to eight years, regardless of whether a patent remains in force. This delays generic entry independently of patent protection.

Various critics, including the World Health Organisation, argue that such measures not only go beyond TRIPS but also undermine public health by delaying the availability of generic medicines[iii].

The negotiations also touched upon the threshold of “inventive step” as provided by Indian law and maintained by Indian courts. Section 3(d) of the Indian Patents Act[iv] provides that unless “new forms” of known substances show significantly enhanced therapeutic efficacy, they cannot be patented. Although introduced through an amendment in 2005, this safeguard was intended to prevent “evergreening”- the extension of monopolies through minor or trivial modifications.

The landmark judgement in Novartis AG v. Union of India[v] affirmed this safeguard. Subsequent judicial decisions have consistently reinforced this interpretation, reflecting India’s balanced interpretation of TRIPS flexibilities, to ensure that patent protection does not come at the cost of public health[vi]. On the contrary, EU firms have long argued section (d) constitutes a restrictive or discriminatory practice. However, courts in India have consistently applied the provision in a principled and uniform manner, maintaining a high evidentiary threshold.

The EU’s negotiating position has been influenced by industry advocacy. For example. BusinessEurope, a European business group, urged the “enforcement of international standards on IPR” and the provision of strong patent protections for European firms[vii]. At the same time, the EU’s own trade sustainability impact assessment recommended that IP provisions “not go beyond the minimum standards” of TRIPS to safeguard access to medicine[viii].

India has consistently resisted TRIPS-plus proposals. The Indian generic drug industry and patient advocacy groups have also warned that data exclusivity would “block generic competition” and deny affordable medicines to patients[ix]. The Ministry of Commerce affirmed in July 2025 that India will not allow any evergreening and will retain the strict patentability tests of section 3(d) of the Patents Act[x].

India has a precedent for safeguarding its commitment to public health, having successfully defended its generic industry in the UK-India trade deal. The final text of the UK-India deal excludes mandates for PTE and DE[xi]. This set a high threshold for the EU, as Indian negotiators argued that any departure from this stance would lead to evergreening.

While India has been consistent in its stance on the above issues, a press release[xii] from the European Commission dated 27th January 2026 states that the FTA has ensured “a high level of protection and enforcement of IPR” and adds that the agreement “brings Indian and EU IP laws closer.” However, at this stage, these references by the European Commission should be understood only as political signaling in press communications, rather than as confirmation of binding TRIPS-plus commitments. It will be interesting to see the final text of the FTA on whether such references translate into concrete legal obligations or merely reiterate existing enforcement standards under TRIPS.

II. Data Protection: A Complex Regulatory Landscape

Data protection has equally been contentious. The EU’s data protection framework is anchored in the General Data Protection Regulation[xiii] (“GDPR”) and complementary member-state laws, which together constitute one of the world’s most stringent data protection regimes. On the other hand, India’s framework is based upon the newly enacted Digital Personal Data Protection Act 2023 (“DPDP”)[xiv], a relatively new and evolving regime. The EU-India FTA’s Chapter 9 specifically deals with Digital Trade, and reportedly, the negotiators reached an in-principle agreement on it by mid-2025 only[xv].  In addition to addressing e-commerce, online consumer rules, and electronic signatures, this chapter also addresses cross-border data flows. From the outset, the EU has remained cautious regarding personal data transfers.

GDPR as a Non-Tariff Barrier and "Regulatory Conditionality"

Compliance with GDPR is resource-intensive. In the absence of an EU adequacy decision recognising India as providing an equivalent level of protection, Indian firms processing EU personal data must rely on standard contractual clauses or other transfer mechanisms. These requirements impose compliance costs that can function as de facto non-tariff barriers to digital trade. 

The two regimes differ in important respects. The GDPR imposes additional safeguards for “special categories” of personal data, whereas the DPDP Act does not create a distinct category of sensitive personal data. The scope of individual rights, consent architecture, and regulatory oversight mechanisms also differ.

This is important because without similar levels of data protection, it is difficult for the EU to recognise India as a “data secure country.” The lack of adequacy status means that Indian companies must set up costly compliance structures, use standard contractual clauses, or seek individual data transfer approvals, which are often considered de facto non-tariff barriers. Legally speaking, GDPR is extraterritorial because it applies its standards to foreign processors, even if the domestic data protection law differs.

Localization and Sovereignty

India has historically prioritised data sovereignty and retained the policy space to mandate localisation in certain sectors. The Indian policy approach[xvi], as reflected in sectoral regulations, is to retain the right to require the localisation of sensitive data and restrict cross-border flows “for reasons of sovereignty, public order, or friendly relations.” On the other hand, the EU, in general, opposes cross-border data restrictions as trade barriers and has always advocated for free cross-border data flows with trust, an approach grounded in GDPR’s adequacy framework[xvii].

A binding FTA commitment mandating unrestricted cross-border flows could constrain India’s regulatory autonomy and potentially outpace domestic policy development. A more balanced solution may lie in mutual adequacy arrangements grounded in shared principles while respecting legal differences.

A more balanced outcome would be less about how much the GDPR is replicated and more about a mutual adequacy arrangement. Such an arrangement must be based on shared principles of protection with workable arrangements for interoperability and compliance that are sensitive to differences in legal systems. Policy analysts also suggest that, instead of seeking full adequacy, India should pursue sectoral adequacy decisions for the IT services and BPO sectors[xviii]. Sectoral adequacy is also allowed as per Article 45 of the GDPR.

Interoperability and Mutual Recognition

India and the EU have used the Trade and Technology Council (“TTC”) as a “fast-track” channel for regulatory cooperation in emerging areas. The outcomes of the second ministerial meeting of the TTC were announced in February 2025 and focused on the interoperability of Digital Public Infrastructures (DPIs), such as the Indian Unified Payments Interface (UPI) and the EU’s digital identity systems[xix]. It also discussed the recognition of e-signatures, packaging, and these technical harmonisation efforts as market facilitators without deeply embedding substantive data protection mandates. The TTC has been a platform for addressing technical divergences in the Digital Trade chapter of the FTA.

The policy analyst also proposed extending the TTC mandate from DPI interoperability to joint regulatory sandboxing, enabling testing of cross-border data flows under joint supervision to foster trust and capacity-building.

Conclusion

The India-EU FTA negotiations demonstrate that the core interest is not about tariffs but about regulatory authority. In the IP domain, India has maintained a firm legal stance against TRIPS-plus commitments, though a binding FTA commitment mandating unrestricted cross-border flows could constrain India’s regulatory autonomy and potentially outpace domestic policy development.

The GDPR’s adequacy framework imposes structural constraints on India’s digital trade strategy, yet comprehensive harmonisation is neither politically nor economically desirable. The sustainable path forward lies not in imposed convergence but in calibrated interoperability—through sectoral adequacy, mutual recognition mechanisms, and institutional platforms such as the Trade and Technology Council.

Ultimately, the future regulatory landscape will depend on how these mechanisms are operationalised in the final FTA text.

References:

[i] Agreement on Trade-Related Aspects of Intellectual Property Rights (adopted 15 April 1994, entered into force 1 January 1995) 1869 UNTS 299.
[ii] The Patents Act 1970 (India).
[iii] World Health Organization, Data Exclusivity and Other “TRIPS-Plus” Measures (WHO, 2025) accessed 28 January 2026.
[iv] The Patents Act 1970 (India) s 3(d).
[v] Novartis AG v. Union of India, (2013) 6 SCC 1
[vi] ‘High Court clarifies the scope of Section 3(d) of the Indian Patents Act’ (Lexology, 9 June 2025) accessed 29 January 2026.
[vii] European Parliamentary Research Service, EU-India Free Trade Agreement (EPRS Briefing, PE 757.588, January 2024)  accessed 27 January 2026.
[viii] MSF Access Campaign, ‘EU must drop all intellectual property provisions that go beyond WTO requirements in trade negotiations with India, as recommended in today’s SIA report’ (MSF Access, 29 February 2024)
[ix] The Economic Times, ‘Ministries split on drug data exclusivity’ The Economic Times (Online, 15 January 2026) 
[x] The Economic Times, ‘India will not allow evergreening of patents: Piyush Goyal’ The Economic Times (Online, 13 November 2025) accessed 27 January 2026.
[xi] The Economic Times, ‘India-UK trade pact does not mandate patent term extensions or data exclusivity’ The Economic Times (Online, 25 July 2025) accessed 27 January 2026.
[xii] European Commission, ‘EU and India conclude negotiations on a Free Trade Agreement’ (Press Release IP/26/184, 27 January 2026) accessed 27 January 2026.
[xiii] General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016
[xiv] Digital Personal Data Protection Act, 2023 (India)
[xv] European Parliament, Legislative Train Schedule: EU-India Free Trade Agreement – Progress on Chapters Including Digital Trade (European Union, July 2025) accessed 28 January 2026.
[xvi] Karthika Rajmohan, Data Localization: India’s Tryst with Data Sovereignty (TechPolicy.Press, 23 January 2025) accessed 28 January 2026.
[xvii] European Commission, Free flow of non-personal data (Shaping Europe’s Digital Future) accessed 28 January 2026
[xviii] Vivekananda International Foundation, ‘The India–EU FTA: Current state of play’ (VIF Commentary, 21 November 2025)
[xix] European Commission, ‘Key outcomes of the second EU–India Trade and Technology Council’ (Digital Strategy, 2025) accessed 27 January 2026.

Gaurav Gupta is the Founder and Managing Partner at Bridge Counsels & Deependra Kumar Kushwaha is a 5th (final) year Student at Dharmashashtra National Law University and Intern at Bridge Counsels.