The Digital Personal Data Protection Act, 2023 (DPDPA) in India defines a 'child' as anyone under 18 years, necessitating verifiable parental consent for processing their personal data. This requirement, coupled with the absence of age-based graded treatment, poses operational challenges for organizations, especially in sectors like education technology (edtech). For example, a 17-year-old accessing educational content must be treated the same as a 9-year-old using a gaming platform, disregarding their differing cognitive abilities and digital literacy. The DPDPA also requires data fiduciaries to authenticate parental identity, which may lead to the paradox of collecting sensitive information to comply with data minimization principles. Additionally, the high cost of compliance could hinder early-stage companies that rely on processing children's data. The DPDPA's framework significantly diverges from global standards, raising concerns about reputational risks and the need for organizations to navigate complex legal ambiguities while implementing necessary verification workflows and audit trails.