Despite the rise of data-driven software systems in the modern digital landscape, data governance under a legal framework remains a critical challenge. In India, the Digital Personal Data Protection (DPDP) Act mandates rigorous data privacy and compliance requirements, necessitating software frameworks that are both ethical and regulation-aware. From a software development perspective, traditional compliance tools often rely on hard-coded rules and static configurations, making them inflexible to dynamic policy updates or evolving legal contexts. Additionally, their monolithic architectures obscure decision-making processes, creating black-box behavior in critical governance workflows. Developing responsible AI software demands transparency, traceability, and adaptive enforcement mechanisms that make ethical decisions explainable. To address this challenge, a novel agentic framework is introduced to embed compliance logic directly into software agents that govern and adapt data policies. In this paper, the implementation focuses on the DPDP Act. The framework integrates KYU Agent and Compliance Agent for this purpose. KYU (Know-YourUser) Agent supports semantic understanding, user trustworthiness modelling and Compliance Agent uses data sensitivity reasoning within a goal-driven, agentic pipeline. The proposed framework, built using an open-sourced agentic framework and has been evaluated across ten diverse domains, including healthcare, education, and e-commerce. Its effectiveness under DPDP, measured via an Anonymization Score, demonstrates scalable, compliant data governance through masking, pseudonymization, and generalization strategies tailored to domain-specific needs. The proposed framework delivers scalable, transparent, and compliant data governance through collaborative agents, dynamic policy enforcement, and domain-aware anonymization.

翻译：尽管数据驱动的软件系统在现代数字环境中日益普及，但在法律框架下实现数据治理仍然是一项关键挑战。在印度，《数字个人数据保护法案》规定了严格的数据隐私与合规要求，亟需兼具伦理意识与法规遵从性的软件框架。从软件开发视角看，传统合规工具通常依赖硬编码规则与静态配置，难以适应动态政策更新或不断演进的法律环境。此外，其单体式架构遮蔽了决策过程，导致关键治理工作流中出现黑箱行为。开发负责任的人工智能软件需要透明度、可追溯性及自适应执行机制，以使伦理决策可解释。为应对这一挑战，本文提出一种新型代理框架，将合规逻辑直接嵌入到治理与适配数据策略的软件代理中。本文聚焦于DPDP法案的实现，为此集成了KYU代理与合规代理：KYU代理支持语义理解与用户可信度建模，合规代理则在目标驱动的代理流程中执行数据敏感性推理。该框架基于开源代理框架构建，已在医疗、教育、电子商务等十个不同领域完成评估。通过针对领域需求定制的掩码、假名化与泛化策略，其基于匿名化评分衡量的DPDP合规效能，证明了该框架可实现可扩展的合规数据治理。所提出的框架通过协作代理、动态策略执行与领域感知的匿名化技术，最终实现了可扩展、透明且合规的数据治理。