In a move aimed at formalising and securing India’s fast-evolving digital lending ecosystem, the Reserve Bank of India (RBI) on Thursday issued its consolidated regulatory framework titled the Reserve Bank of India (Digital Lending) Directions, 2025. These long-awaited guidelines seek to introduce transparency, accountability, and borrower-centric practices into an industry that has grown rapidly but has often faced criticism for opaque operations, unauthorised apps, and aggressive recovery methods.
The framework consolidates all existing instructions issued over recent years and introduces two key features: first, a mandate for digital loan aggregators to clearly disclose offers from multiple lenders; and second, the operationalisation of a public directory of registered digital lending apps (DLAs), which customers can use to verify legitimacy.
Why the Guidelines Matter Now
In recent years, India has witnessed a surge in digital lending activity—driven by mobile-first fintech start-ups, widespread smartphone adoption, and a growing appetite for credit among first-time borrowers. While this growth has enabled financial inclusion, it has also introduced risks such as data privacy breaches, predatory interest rates, harassment by recovery agents, and a proliferation of unregulated lending apps.
The RBI’s latest directions are designed to clean up this ecosystem, protect borrowers, and ensure that only legitimate, compliant players operate in the space.
“The RBI’s introduction of more structure and transparency into the lending space… will help nurture deeper trust from consumers and help focus on serious, compliant players to survive,” said Kunal Varma, CEO and Co-Founder, Freo.
Key Highlights of the 2025 Directions
What the new guidelines mean for borrowers, banks, fintech platforms, and lending service providers:
Stronger Due Diligence of Lending Service Providers (LSPs)
Every Regulated Entity (RE), such as a bank or NBFC, must now enter into a formal agreement with any LSP it works with. This agreement must clearly outline roles, responsibilities, and compliance obligations. REs are also required to conduct due diligence to ensure that LSPs adhere to data privacy norms, maintain robust IT systems, and have a fair track record with borrowers.
This aims to ensure that fintech partners uphold the same compliance and ethical standards as their parent lenders.
Standardised Data Collection and Loan Approval
REs must collect key economic information—such as age, income, and employment details—about the borrower before sanctioning any loan. There is now an explicit prohibition on increasing a customer’s credit limit without their consent.
This move seeks to reduce the risk of over-indebtedness, particularly among new-to-credit customers.
Direct Disbursal of Funds to Borrowers
Loans must be disbursed directly into the borrower’s bank account, and not via intermediaries—except under specific exceptions such as regulatory mandates or co-lending arrangements. This measure eliminates the risk of funds being misappropriated by unauthorised third parties.
Cooling-Off Period and Prepayment Rights
Borrowers now have the right to exit a digital loan during a minimum “cooling-off period” of at least one day—without any penalty. After this period, standard prepayment options as per RBI norms will apply.
This provision gives borrowers more control and helps reduce the risk of being trapped in unfavourable loan terms.
Public Directory of Apps and Aggregation Transparency
Two of the most transformative updates in the Directions are:
a. Public Digital Lending App Directory
A list of legitimate DLAs associated with REs will be hosted on an RBI-monitored website. This will serve as a single source of truth for consumers to verify the authenticity of lending apps and avoid fraudulent platforms.
Pramod Kathuria, Founder and CEO, Easiloan, called this a “much-needed comfort for consumers to make informed decisions,” adding that these measures would “contribute to a safe and transparent digital credit ecosystem.”
b. Loan Product Aggregation Transparency
Fintech apps that present loan offers from multiple lenders must clearly distinguish each offer, its originating lender, and the applicable terms—instead of bundling them into a single, generic product. This ensures informed borrower consent and reduces confusion over which entity is extending the credit.
Reinforcing Data Privacy and Consent Architecture
The RBI has taken a firm stance on digital consent and data privacy:
Lending apps must not access sensitive mobile data such as contact lists, call logs, or file systems. One-time access to the camera or microphone is permitted only during onboarding, and only with the borrower’s explicit consent. LSPs are also prohibited from retaining borrower data beyond what is minimally required.
“The framework addresses long-standing operational risks and sets a strong foundation for sustainable growth,” said Puja Singh, CEO, Manipal Fintech. She added, “These measures are needed for long-term stability and systemic credibility.”
Bringing Ethics and Compliance to the Fore
Ratul Paul, Chief Data Officer, Ecofy, described the guidelines as placing “a very strong emphasis on borrower protection and sustainable lending,” calling them “an opportunity to rebuild trust, transparency, and sustainable long-term lending in digital credit.”
He pointed out that the future lies in a “fusion of ethical lending practices with strong underwriting models”—especially for new-to-credit borrowers.
This aligns with the RBI’s broader mission: fostering financial inclusion without compromising consumer protection.
Towards a More Accountable Ecosystem
While the framework lays a solid foundation, its success will depend on implementation, monitoring, and continued industry alignment.
For example, new requirements on grievance redressal mechanisms state that all DLAs and RE websites must prominently display the contact details of their grievance redressal officers, with complaint submission options easily accessible on apps and portals.
“Fintech lenders who respond quickly to this new compliance-driven vision will not only establish their reputation but also emerge as central institutions in the pursuit of credit inclusion in India,” Paul added.
By defining clear rules around data privacy, app legitimacy, lending transparency, and consumer rights, the central bank has charted a roadmap for the next phase of fintech growth.
“The RBI has made the effort not only to protect consumer interests but to actively encourage practitioners to set an ethical standard in a rapidly growing industry,” said Kathuria.
