New compliance requirements aim to give users greater control over personal data, with developers facing tighter deadlines and stricter disclosure standards

App developers are facing a new set of data-privacy requirements taking effect in the coming weeks, as regulators move to tighten oversight of how mobile applications collect, store, and share user information.

The updated framework, issued by the Digital Standards Authority, requires developers to provide clearer in-app disclosures about data collection practices, obtain explicit consent before sharing user data with third parties, and implement stronger encryption standards for sensitive personal information. Industry observers describe the changes as among the most significant privacy updates affecting app developers in recent years.

“These rules are designed to close gaps that have allowed data-sharing practices to operate with too little visibility for users,” said Karen Ibrahim, senior policy advisor at the Digital Standards Authority, in a statement accompanying the announcement. Ibrahim’s remarks are illustrative of the regulator’s broader rationale for the updated framework.

Compliance Deadlines Add Pressure for Developers

According to the new guidelines, larger app publishers will have 90 days to bring their platforms into compliance, while smaller independent developers will be given an additional 60-day grace period in recognition of more limited compliance resources. Developers who fail to meet the deadlines could face removal from major app marketplaces or financial penalties, depending on the severity of the violation.

Industry groups representing app developers have expressed mixed reactions, with some welcoming the added clarity around consent requirements while others have raised concerns about the compressed compliance timeline, particularly for smaller development teams with limited legal and engineering resources.

What Developers Should Expect

Technology analysts say the rules are likely to accelerate broader industry trends toward privacy-by-design development practices, where data protection considerations are built into apps from the earliest stages of development rather than added later. “Developers who treat this as a checklist exercise will likely struggle, while those who rethink their data architecture early will be better positioned long term,” said Owen Bracewell, technology analyst at the Ferris Institute, in comments framed as illustrative of broader industry guidance.

The Digital Standards Authority said additional compliance resources for developers will be published in the coming weeks.