From easy access to instant loans to embedded credit options when shopping on your favourite e-commerce application, digital lending has come a long way and has increasingly become an integral part of India's financial landscape. The rapid growth, however, necessitated the need for a robust regulatory framework to address emerging concerns around unfair business practices, data privacy issues, exorbitant interest rates, and unethical loan recovery practices. Sensing this need, the Reserve Bank of India (RBI) in September 2022 issued the guidelines on digital lending.
Now, with a view to consolidate these guidelines with the guidelines on default loss guarantees and other instructions issued on digital lending in India, and with the intent of bolstering an even more transparent, secure, and customer-centric digital lending ecosystem, the central bank, on May 8, issued the RBI Digital Lending Directions, 2025.
These directions are addressed to regulated entities (REs) like banks and non-banking finance companies. The directions prescribe key obligations such as the requirement for REs to conduct enhanced due diligence of their lending service providers (LSPs), ensuring all loan disbursals and repayments happen directly between the lender and the borrower without any pass-through accounts, ensure that the LSPs don’t charge the borrower directly, assess borrowers creditworthiness and make adequate disclosures to borrowers by providing key fact statements (which discloses all the key terms of the loan) in line with the guidelines.
These directions also introduce several key new measures that are aimed at ensuring further transparency to the borrower. We have outlined below some of these key new measures introduced in the directions below.
Reporting of digital lending apps
The directions bring significant changes to the way digital lending applications (DLAs) are managed. By June 15, 2025, REs will be required to report all DLAs, whether operated by the RE or through LSPs, on the RBI’s Centralised Information Management System (CIMS) portal. Such reporting includes details such as the DLA’s name, ownership, grievance officer contact information, and a link to the DLA.
The Chief Compliance Officer or an official designed by the RE must certify the accuracy of the submitted DLA information and confirm that the DLA complies with all regulatory requirements. This includes ensuring that the DLA has designated grievance officers, provides relevant links to the RE’s website, and adheres to data collection and storage guidelines.
Multiple lender arrangement requirements
From November 1, 2025, certain additional requirements apply in connection with LSPs engaged with multiple REs. The LSPs must ensure that the DLA displays a comprehensive digital view of all loan offers that match the borrower’s request, along with the names of REs whose offers did not match.
For each matched loan offer, the digital view must clearly disclose the RE’s name, loan amount and tenor, annual percentage rate, monthly repayment obligation, and any applicable penal charges, along with a link to the RE’s key fact statements.
While the loan matching mechanisms may vary, it must be applied consistently across similarly placed borrowers and products. These mechanisms, including any subsequent changes, must be properly documented.
Further, the content displayed by the LSPs must remain neutral and unbiased and must not promote or highlight any particular REs or products, whether directly or indirectly, including through dark patterns or deceptive design techniques. However, ranking of offers based on a publicly pre-disclosed metric will not qualify as a ‘promotion’ of a product.
Data localisation
While the guidelines are silent on offshore processing of data, the directions now clarify that if data is processed outside India, all such data must be deleted from foreign servers and returned to India within 24 hours.
Exemption on pass-through restriction
REs can now use a 'physical interface' for cash recovery in delinquent loan cases, if necessary. These cash repayments are exempt from the requirement of being routed directly to the RE’s bank account. However, such recoveries must be fully reflected in the borrower’s account on the same day.
Additionally, any fees or charges payable to LSPs for facilitating recovery must be borne by the RE and cannot be deducted (directly or indirectly) by the LSPs from the borrower or the recovery amount.
Cooling-off conditions
The minimum cooling-off period permitted appears to have now been reduced from a minimum of three days for loans of seven days or more, and one day for shorter loans, to a minimum period of one day. The directions also clarify that REs can charge a reasonable one-time processing fee (which was earlier indicated in the FAQs) if the loan is exited during this period, so long as it is disclosed upfront in key fact statements.
In conclusion, the directions represent a significant stride towards a more regulated and responsible digital lending ecosystem in India with increased emphasis on transparency and accountability, but while also providing some operational flexibility for lenders.
Raghav Muthanna is Partner and Aditya Subarno is Associate at IndusLaw. Views are personal.
