The May-June 2026 cycle in Indian cyber and data-protection practice is dominated by the DPDP Rules 2025 first-year operationalisation, the transitional jurisprudence under Section 43A of the IT Act 2000 in its final operative phase, and the continuing post-Kunal Kamra recalibration of the intermediary-liability framework. A focused round-up of what changed in policy, what changed in the courts, and what practitioners are tracking.