> ## Documentation Index
> Fetch the complete documentation index at: https://docs.responsibleailabs.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# DPDP: Require

> Get required DPDP actions for each workflow step. Covers data collection, processing, decision-making, communication, retention, and DSR handling with section-level guidance.

<Info>
  **Overview:** [Compliance API](/api-reference/compliance-overview) | **Credits:** 0.3 per call
</Info>

Given the current state of a user journey, returns what the application must do right now. Requires an active session (create one via [`/session`](/api-reference/dpdp-session) first, then emit events to build state).

## Parameters

<ParamField body="session_id" type="string" required>
  Active [compliance session](/api-reference/dpdp-session) ID.
</ParamField>

<ParamField body="workflow_step" type="string" required>
  Current workflow step. Options: `data_collection`, `data_processing`, `decision_making`, `decision_communication`, `data_retention`, `dsr_handling`.
</ParamField>

<ParamField body="context" type="object">
  Step-specific context (e.g., `decision_type`, `decision_outcome`, `retention_days`).
</ParamField>

## Workflow steps

| Step                     | What the app is doing                          |
| ------------------------ | ---------------------------------------------- |
| `data_collection`        | Gathering personal data from the user          |
| `data_processing`        | Processing collected data for a purpose        |
| `decision_making`        | Making an automated or semi-automated decision |
| `decision_communication` | Communicating the decision to the user         |
| `data_retention`         | Storing data beyond immediate processing       |
| `dsr_handling`           | Responding to a Data Subject Request           |

## Required actions by step

**`data_collection`:**

* `show_notice` (S.5): if notice not yet shown
* `obtain_consent` (S.6): if consent not active for purpose
* `verify_parental_consent` (S.9): if child session

**`data_processing`:**

* `obtain_consent` (S.6): if consent expired or withdrawn
* `disable_tracking` (S.9(3)): if child session
* `disable_behavioral_monitoring` (S.9(3)): if child session
* `disable_targeted_advertising` (S.9(3)): if child session
* `data_minimization` (S.4(2)): always recommended

**`decision_making`:**

* `ensure_accuracy` (S.8(3)): data must be accurate for decisions
* `log_decision_factors` (S.8): recommended for auditability

**`decision_communication`:**

* `show_explanation` (S.8(3)): explain basis of decision
* `expose_appeal_link` (S.13): grievance redressal mechanism
* `disclose_ai_involvement` (S.5): if automated processing was used
* `show_rights_notice` (S.11-14): data principal rights

**`data_retention`:**

* `define_retention_period` (S.8(7)): if not yet defined
* `send_pre_erasure_notice` (S.8(7)): before retention expires
* `execute_erasure` (S.8(7)): when retention period lapses

**`dsr_handling`:**

* `acknowledge_dsr` (S.11-13): immediate acknowledgement
* `complete_dsr_response` (S.11-13): within SLA (priority escalates near deadline)

## Request

```bash theme={null}
curl -X POST https://api.responsibleailabs.ai/railscore/v1/compliance/dpdp/require \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_RAIL_API_KEY" \
  -d '{
    "session_id": "sess_abc123def456",
    "workflow_step": "decision_communication",
    "context": {
      "decision_type": "loan_eligibility",
      "decision_outcome": "approved"
    }
  }'
```

## Response

```json theme={null}
{
  "result": {
    "required_actions": [
      {
        "type": "show_explanation",
        "priority": 1,
        "reason": "S.8(3): The Data Principal must be informed of the basis for any decision that affects them.",
        "section": "Section 8(3)",
        "details": "Provide a clear, plain-language explanation of why the decision was made, including key factors considered."
      },
      {
        "type": "expose_appeal_link",
        "priority": 1,
        "reason": "S.13: The Data Principal has the right to grievance redressal.",
        "section": "Section 13",
        "details": "Display a link or button to initiate a grievance or appeal against this decision."
      },
      {
        "type": "disclose_ai_involvement",
        "priority": 2,
        "reason": "S.5: If the decision involved automated processing, this must be disclosed.",
        "section": "Section 5",
        "details": "Clearly state whether the decision was made or assisted by an automated system."
      },
      {
        "type": "show_rights_notice",
        "priority": 2,
        "reason": "S.11-14: The Data Principal must be informed of their rights.",
        "section": "Sections 11-14",
        "details": "Present a summary of data principal rights with actionable links."
      }
    ],
    "session_state": {
      "consent_valid": true,
      "notice_shown": true,
      "child_session": false,
      "pending_obligations": [],
      "fulfilled_obligations": ["notice_shown", "consent_obtained"],
      "open_timers": []
    }
  },
  "credits_consumed": 0.3
}
```

<ResponseField name="result.required_actions" type="array">
  Ordered list of actions the application must take at this workflow step. Each includes `type`, `priority` (1 = must-do, 2 = should-do), `reason`, DPDP `section`, and implementation `details`.
</ResponseField>

<ResponseField name="result.session_state" type="object">
  Current compliance state: consent validity, notice status, child flag, pending/fulfilled obligations, and open timers.
</ResponseField>