THE RBI’S DIGITAL LENDING DIRECTIONS, 2025: A UNIFIED CODE FOR A FRAGMENTED SECTOR?

• Introduction

The Reserve Bank of India (“RBI”) has issued the Reserve Bank of India (Digital Lending) Directions, 2025 (“Directions”). These Directions came into effect on 8^th May 2025, with the exception of provisions relating to multi-lender arrangements, which will be effective from 1^st November 2025, and the reporting requirements concerning Digital Lending Apps (“DLAs”), which came into effect on 15^th June 2025.

These Directions aim to consolidate the regulatory framework governing digital lending, which is a remote and automated process that leverages seamless digital technologies for customer acquisition, credit assessment, loan approval, disbursement, recovery, and related customer services (“Digital Lending”). In addition to integrating various earlier circulars and guidelines that formed the Existing DL Framework (defined below), these Directions also repeal the Repealed Framework (defined below).

• Applicability 

These Directions shall apply to: (i) all commercial banks; (ii) all primary (urban) co-operative banks, state-co-operative banks, and central co-operative banks; (iii) all non-banking financial companies (including housing finance companies); and (iv) all-India financial institutions (“AIFIs”) (collectively “REs”).

• Existing DL Framework and Repealed Framework

Before the issuance of these Directions, the regulatory framework governing digital lending comprised the following key guidelines and circulars (collectively “Existing DL Framework”):

• Outsourcing of Financial Services – Responsibilities of Regulated Entities Employing Recovery Agents dated 12^th August 2022;
• Key Facts Statement (KFS) for Loans and Advances dated 15^th April 2024 (“KFS Circular”);
• Loans Sourced by Banks and NBFCs over Digital Lending Platforms: Adherence
  to Fair Practices Code and Outsourcing Guidelines dated 24^th June 2020 (“Fair Practices Code and Outsourcing Guidelines”);
• Guidelines on Digital Lending dated 2^nd September 2022, along with the FAQs issued on 14^th February 2023 (collectively “Guidelines on Digital Lending Framework”); and
• Guidelines on Default Loss Guarantee in Digital Lending dated 8^th June
  2023, read with the FAQs dated 26^th April 2024, and the updated version issued on 5^th November 2024 (collectively, the “Guidelines on Default Loss Guarantee Framework”).

Further, these Directions repeal the Fair Practices Code and Outsourcing Guidelines, Guidelines on Digital Lending Framework, and the Guidelines on Default Loss Guarantee Framework (collectively “Repealed Framework”).

• Newly added provisions by the RBI

The RBI has incorporated the following provisions under the Directions in addition to the earlier instruction:

• Due diligence requirements with respect to Lending Service Providers (“LSP(s)”): LSPs act as agents of REs and perform digital lending functions such as customer acquisition, underwriting support, and servicing on behalf of the REs. These activities are carried out in accordance with the ‘Outsourcing of Financial Services – Responsibilities of Regulated Entities Employing Recovery Agents’ dated 12^th August 2022, and other relevant instructions issued from time to time (collectively “Extant Outsourcing Guidelines”). The Directions further clarify that an RE may also act as an LSP for another RE. In addition to the Extant Outsourcing Guidelines, Paragraph 5 of the Directions outlines specific due diligence requirements applicable to engagements involving LSPs, which are as follows:
• There must be a contractual arrangement between REs and LSPs with definitive roles, rights, and obligations of the REs and the LSPs. Further, REs shall undertake due diligence before they enter into such contractual arrangement with LSPs, taking into account, inter alia such LSPs’ technical and statutory capabilities, robustness of data privacy policies and storage systems, and fairness in conduct with borrowers;
• REs shall review the conduct of LSPs as per the contractual arrangements and shall be fully responsible for guiding LSPs acting as recovery agents. REs must monitor their actions and omissions and take appropriate measures in case of any deviations; and
• REs must maintain, as part of their policy, monitoring mechanisms for loan portfolios originated with the support of LSPs.
• RE-LSP arrangements involving multiple lenders: The Directions introduce a dedicated framework for arrangements where an LSP partners with multiple REs. Paragraph 6 of the Directions outlines that in such cases, each RE shall be individually responsible for ensuring compliance with the following stipulations:
• The LSP must display a digital view on the DLA showing all loan offers that match the borrower’s request and requirements. The names of REs whose offers do not match must also be included in this view.
• The LSP may use any consistent method to match loan offers with borrower requests, provided that such method applies uniformly to similar borrowers and products. The methodology used and any update(s) in that regard must be properly documented.
• The matched loan offers must clearly show the RE’s name, the sanctioned amount, loan tenor, annual percentage rate, monthly repayment, applicable penal charges, and a link to the key facts statements (“KFS”).
• The LSP must remain impartial and objective, and must not directly or indirectly endorse or promote the product of any specific RE. This includes avoiding the use of dark patterns or deceptive design practices[1] intended to mislead borrowers into selecting a particular loan offer. However, displaying loan offers ranked according to a publicly disclosed metric shall not be considered as promoting any specific product.
• Reporting of DLAs to the RBI via Centralised Information Management System (“CIMS”) Portal:
• DLAs are mobile / web-based applications, either standalone or part of a larger platform, used by REs or their LSPs to provide Digital Lending services, as per the Extant Outsourcing Guidelines; and
• To strengthen transparency, REs must report their DLAs, whether owner or operated via LSPs, on the RBI’s CIMS portal in the format prescribed in Annexure I therein. Board-approved chief compliance officers of the REs must certify compliance with RBI norms, covering disclosures, grievance redressal, data practices, and website publication. REs are solely responsible for the accuracy of submissions, and misuse suggesting RBI endorsement is strictly prohibited.

• Key provisions
• Borrower’s creditworthiness: As per Paragraph 7 of the Directions, REs shall obtain necessary information of a borrower for assessing its creditworthiness before extending any loans. Credit limits shall only be increased upon the explicit request of the borrower. Records of the borrower information, and any credit increase shall be recorded for audit purposes.
• Disclosure to borrowers: REs shall provide KFS to borrowers in line with the KFS Circular[2]. They shall ensure that digitally signed documents on their letterhead are automatically sent to the borrower’s verified email / SMS upon loan execution.

Additionally, REs must maintain an up-to-date public website with a single, easily accessible section detailing their Digital Lending products, DLAs, engaged LSPs and their roles, customer care and grievance redressal mechanisms, links to RBI’s complaint management system and Sachet Portal, and applicable privacy policies. DLAs and LSPs must be linked to the RE’s website. In case of loan default, details of the assigned or changed recovery agent must be communicated to the borrower via email / SMS before any contact is made.

• Loan disbursement, repayment, and servicing:
• Loan disbursement: REs must disburse loans directly into the borrower’s bank account, except in cases mandated by regulation, co-lending between REs, or disbursals for specific end-use where funds go directly to the end-beneficiary’s account. Disbursals to third-party accounts, including LSPs, are not permitted unless explicitly allowed.
• Loan repayment: Borrowers must make all repayments directly into the RE’s bank account. No third-party or LSP pass-through / pool accounts are allowed.
• Flow of Funds: Third-parties and LSPs must not control or influence the flow of funds between REs and borrowers.
• No direct payments to LSPs: All fees, charges, and reimbursements payable to LSPs must be paid directly to the REs.
• Delinquent loans: For delinquent loans, REs may use physical recovery and accept cash if necessary. These cash recoveries must be recorded in full in the borrower’s account the same day. Any fees to LSPs for such recovery must be paid by REs and not deducted from the recovered amount or charged to the borrower.
• Other changes introduced in the Directions
• Definition of LSP: The Directions explicitly recognise that an RE may serve as an LSP for another RE, while also clarifying that the functional scope of such LSP is restricted solely to the Digital Lending functions of the RE.
• Expanded scope of REs: These Directions introduce a consolidated and comprehensive regulatory framework applicable to all Digital Lending activities undertaken by REs, the scope of which has now been expanded to include AIFIs.
• Cooling-off period: These Directions permit borrowers to exit a digital loan during a cooling-off period without penalty, though REs may retain a disclosed one-time processing fee. The minimum cooling-off period is now at least 1 (one) day, regardless of loan tenor.
• Storage of data: The Directions now allow data to be processed outside India, provided it is deleted from foreign servers and transferred back to India within 24 (twenty-four) hours.
• Conclusion

The Directions mark a notable evolution in the regulatory architecture for Digital Lending, aiming to unify a previously fragmented framework. While they introduce greater standardisation and borrower-centric safeguards, they also significantly expand the compliance burden on REs, particularly in relation to oversight of LSPs and DLAs. From a legal and operational standpoint, these Directions raise important considerations around contractual structuring, data governance, and liability allocation, especially in multi-lender and outsourced arrangements. Going forward, REs shall need to reassess existing partnerships, update internal policies, and ensure robust documentation and audit trails to remain compliant. These Directions, while progressive in intent, shall likely require careful implementation and ongoing legal review to mitigate regulatory oversight.

Authors:

Ankit Sinha
Partner, Juris Corp

Email: [email protected]

Sangha Nath

Associate, Juris Corp

Email:
[email protected]

The authors have been assisted by Ms. Vaishnavi Panyam, a Trainee with the Firm, in the preparation of this article.

Disclaimer: 

This article is intended for informational purposes only and does not constitute a legal opinion or advice. Readers are requested to seek formal legal advice prior to acting upon any of the information provided herein. This article is not intended to address the circumstances of any particular individual or corporate body. There can be no assurance that the judicial / quasi-judicial authorities may not take a position contrary to the views mentioned herein.

[1] As defined under section 2(e) of the ‘Guidelines for Prevention and Regulation of Dark Patterns, 2023’ dated November 30, 2023, issued by Central Consumer Protection Authority, as amended from time to time.

[2] Key Facts Statement (KFS) for Loans & Advances [Notifications – Reserve Bank of India]