The Reserve Bank of India has overhauled digital lending regulations with comprehensive new guidelines that came into effect on May 8, 2025. It replaces three previous circulars by introducing stricter oversight on digital lending.
Background
In simple terms, digital lending is getting loans without visiting a bank branch, either through an app or a website. The app through which this loan is given is called Lending Service Provider (LSP). They are fintech companies that don’t have a banking license. So, they cannot lend money directly. They partner with actual banks that provide the money.
Basically, the process is as follows:
● Fintech company builds an attractive loan app
● Customers apply for a loan through their app
● Fintech processes their applications using its technology
● The partner bank actually provides the loan money
● Fintech may handle customer service and collections
Problems with the Current Mechanism
The digital lending landscape has its own set of problems, such as:
● Rise of fraudulent apps
● Misleading sales tactics
● Privacy violations
● Very high interest rates
● Unethical debt collection practices
● Accessing personal data without proper consent
● Minimal regulatory oversight on these apps
● Many times, borrowers don’t know the bank they are actually dealing with
RBI’s new regulations address these issues.
Game-Changing Transparency Requirements
These are transparency-related requirements that every such app must follow:
● The platforms must provide a clear digital view of all matching loan offers, including the names of lenders who cannot provide loans and why
● Apps must show each bank’s name, loan amount, tenure, annual percentage rate, monthly payments, and penalty charges in a format that enables fair comparison
● They cannot use “dark patterns” or deceptive design elements to push customers toward particular loan products
● They must treat similar customers consistently and avoid biased recommendations that favour specific lenders
● However, they can rank offers based on publicly disclosed criteria like interest rates
The Public Directory Solution
Starting July 1, 2025, the RBI will maintain a public directory of legitimate digital lending apps, accessible through the “Citizen’s Corner” section of their website.
Banks must register their apps by June 15, 2025, giving customers a reliable way to verify whether a lending platform is genuinely connected to a regulated entity.
All legal financial institutions, such as banks and NBFCs, are called regulated entities (REs).
The directory will automatically update when banks add new apps or remove existing ones.
Strengthened Data Privacy Protections
The new guidelines impose strict limitations on data collection and storage.
Lending apps can no longer freely access phone resources like contact lists, call logs, or media files. They may request one-time access to cameras, microphones, or location services only for essential functions like document verification or know-your-customer requirements, and only with explicit user consent.
Customers gain significant control over their personal information, including the right to:
● Deny consent for specific data uses
● Restrict third-party sharing
● Control data retention periods
● Request complete deletion of their information
Third-party service providers can store only minimal basic data necessary for their specific functions, while regulated entities remain fully responsible for protecting all customer data.
Data storage rules are particularly stringent, requiring all information to be stored exclusively on servers located within India. If data requires processing outside the country, it must be deleted from foreign servers and returned to India within 24 hours.
Enhanced Accountability and Oversight
Before partnering with any third-party lending service providers, regulated entities must conduct due diligence — evaluating technical capabilities, data privacy policies, fairness in customer treatment, and regulatory compliance history.
More importantly, regulated entities cannot escape responsibility by blaming third-party partners for problems.
Regulated entities must also display details about:
● Their digital lending products
● Associated apps
● Third-party partnerships
● Customer care information
● Links to RBI complaint systems
They must appoint specific people to handle customer complaints, and their contact information must be clearly displayed on websites and apps.
If customers are not satisfied with the response within 30 days, they can complain directly to the RBI.
Ensuring Creditworthiness and Fair Lending Practices
The regulations mandate that regulated entities collect minimum information about borrowers’ age, occupation, and income before extending any credit.
Automatic credit limit increases are prohibited unless customers explicitly request them and regulated entities evaluate such requests.
These measures aim to prevent irresponsible lending that could trap borrowers in debt cycles.
What Does This Mean for Borrowers?
These changes create a safer and more transparent digital lending environment where customers can make informed decisions confidently.
The public directory removes uncertainty about app legitimacy, while enhanced transparency requirements ensure borrowers understand exactly what they are signing up for.
Stronger data privacy protections give customers greater control over personal information, and clearer accountability structures provide reliable grievance redressal mechanisms.
What Does This Mean for Fintech Companies?
The new rules will significantly increase costs and compliance requirements for fintech companies, requiring investments in stronger data security systems, transparency measures, and grievance handling processes.
While this may slow rapid expansion and create operational challenges, the regulations also benefit legitimate fintech players by:
● Eliminating fraudulent competitors
● Creating a level playing field
● Building stronger customer confidence
● Supporting sustainable long-term growth
What Does This Mean for Regulated Entities?
Banks and NBFCs now carry greater responsibility. They must carefully assess fintech partners and cannot shift accountability when issues arise.
Although this increases operational responsibilities and compliance costs, the clearer regulatory framework will help banks build more structured and compliant digital lending systems.
A cleaner marketplace with fewer unethical players will also allow regulated entities to focus on genuine competition, innovation, and customer trust.
As digital lending continues to expand across India, these comprehensive guidelines establish a foundation for sustainable growth that prioritises customer protection without hampering innovation
