The Reserve Bank of India (“RBI”) has issued Reserve Bank of India (Digital Lending) Directions, 2025 (“Directions”). These Directions consolidate various regulatory instructions on the subject digital lending. It also includes instructions on-

• Digital Lending Transparency in Aggregation of Loan Products from Multiple Lenders and
• Operationalization of the Public Directory of Digital Lending Apps (DLAs) as announced in the Statement on Developmental and Regulatory Policies dated August 08, 2024.

These Directions shall come into force immediately except for-

• Provisions under para 6 (i.e., RE-LSP arrangements involving multiple lenders)- which will be effective from November 1, 2025, and
• Provisions under para 17 (i.e., Reporting of DLAs to RBI)- which will be effective from June 15, 2025.

All the following regulated entities (“REs”) are required to comply with these Directions for all digital lending activities:

1.  All Commercial Banks;
2. All Primary (Urban) Co-operative Banks, State Co-operative Banks, Central Co-operative Banks;

iii. All Non-Banking Financial Companies (including Housing Finance Companies);

1. All All-India Financial Institutions.

However, the following circulars stand repealed by the above Directions:

1. Guidelines on Default Loss Guarantee (DLG) in Digital Lending
2. Guidelines on Digital Lending
3. Loans Sourced by Banks and NBFCs over Digital Lending Platforms: Adherence to Fair Practices Code and Outsourcing Guidelines

Key Highlights of the Directions:

1. RE shall conduct enhanced due diligence before they enter into an agreement with a LSP for digital lending, considering LSP’s technical capabilities, robustness of data privacy policies and storage systems, fairness in conduct with borrowers, past records of conduct and ability to comply with all applicable regulations and statutes.
2. REs are required to provide a Key Fact Statement (KFS) to the borrower before the execution of the loan agreement. The KFS should contain all the key facts of the loan in simple and easily understandable language to facilitate informed decision-making. This includes details of the Annual Percentage Rate (APR) and the terms and conditions of the recovery mechanism.
3. REs shall Fully update their website in the public domain with comprehensive details including all digital lending products and apps offered, customer care contact information, the internal grievance redressal mechanism, a link to the RBI’s Complaint Management System (CMS) and the Sachet portal, privacy policies, and details of all Lending Service Providers (LSPs) engaged. The website must also provide links to the lending apps and the websites of the LSPs.
4. The particulars of authorized recovery agents must be communicated to borrowers in advance through email and SMS in case of loan default.
5. A cooling-off period is provided during which borrowers can choose to exit the digital loan by repaying the principal amount and the proportionate interest without any penalty. Lenders may charge a reasonable one-time processing fee if the borrower exits during this period. Borrowers continuing with the loan after the cooling-off period will be allowed to prepay the digital loan as per existing RBI guidelines.
6. REs have to ensure that any collection of data by their DLAs and LSPs is need-based and with the explicit consent of the borrower, including providing options to accept, revoke, or delete previously granted consent. They must also disclose the purpose of data collection at each interface with the borrower.
7. REs are mandated to make comprehensive privacy policies publicly available on their DLAs and websites, including details about any third parties allowed to collect personal information and the purpose of such collection. Responsibility regarding data privacy and security of the customer’s personal information on an ongoing basis shall be that of the RE.
8. The details of Digital Lending Apps (DLAs) have to be furnished by the REs through the Centralised Information Management System (CIMS) portal of the RBI.
9. REs are to comply with the basic technology standards and cybersecurity requirements as stipulated by the RBI and other relevant authorities for undertaking digital lending.
10. All lending sourced through DLAs and all new digital lending products offered over merchant platforms involving short-term credit or deferred payments must be reported to Credit Information Companies (CICs)

The notification is hyperlinked below for your ease of reference.

Source: Reserve Bank of India

Share this: