RBI’s Updated Rules on Digital Lending Directions 2025
December 30, 2025

Digital lending has become one of the most accessed forms of credit in today’s digital India. This has given rise to digital lending platforms, digital lending apps, and modern loan origination solutions, as well as lending-related fraud and misuse of customer data. Recognizing the need for stronger oversight, the Reserve Bank of India first introduced Digital Lending Guidelines in 2022. However, for lenders and fintech providers using digital lending software or loan origination management software, compliance became complex. 

Thus, on 8th May, 2025, RBI issued (Digital Lending) Directions 2025 to consolidate all previous guidelines into a single, enforceable regulatory framework. More importantly, they shift digital lending from advisory norms to binding rules—covering regulated entities, lending service providers, and digital lending or loan management system operating across the ecosystem. 

In this blog, we break down what the RBI’s updated rules on Digital Lending Directions 2025 actually mean. 

Table of Contents

Why Did the RBI Update the Digital Lending Rules in 2025? 

The RBI Guidelines on Digital Lending, issued in 2022, aimed to curb malpractices by prohibiting automatic increases in credit limits and requiring borrower consent for data use. Over time, several supplementary circulars were issued between 2022 and 2024 to address specific concerns.  

However, this layered regulatory approach created gaps and operational challenges. The RBI released the update to digital lending rules in 2025 to address the following issues: 

  • Rising compliance complexity for banks, non-banking financial companies (NBFCs), and lending service providers (LSPs). 
  • Consolidate all prior guidelines and circulars into a single, unified framework. 
  • Address gaps (such as clearer due diligence for LSPs and caps on default loss guarantees) in the previous regime. 
  • Enhance customer protection.  
  • Promote fair competition in multi-lender platforms,  
  • Strengthen data security in line with evolving cyber threats. 
  • Ensure the sector’s sustainable growth amid India’s push towards a digital economy. 

Here Are RBI’s Updated Rules on Digital Lending Directions 2025 

Here Are RBI's Updated Rules on Digital Lending Directions 2025 

The RBI’s Digital Lending Directions, 2025, consolidate rules into seven clear chapters. Here are the key things covered in all these chapters for banks, NBFCs, and other regulated entities (REs) using digital channels or Lending Service Providers (LSPs): 

Chapter I: Preliminary  

(The Basics – Who, What, and When) 

What is digital lending?  

A remote and automated lending process offered largely via digital technologies for customer acquisition, credit assessment, loan approval, disbursement, recovery, and associated customer service.  

Who must follow Digital Lending Directions 2025?

Who must follow Digital Lending Directions 2025
  • Regulated Entities (REs): 
  1. Commercial Banks, Cooperative Banks (Urban, State, Central). 
  1. Non-Banking Financial Companies (NBFCs), including Housing Finance Companies (HFCs). 
  1. All-India Financial Institutions (AIFIs). 
  • Lending Service Providers (LSPs): Third-party agents (fintechs, apps) partnering with REs—must follow via contracts, but REs bear ultimate responsibility. 
  • Digital Lending Apps/Platforms (DLAs): Any RE or LSP app/website facilitating this. 

When Digital Lending Directions 2025 come into force? 

  • May 8, 2025: Majority of provisions became effective. 
  • June 15, 2025: Mandatory reporting of all Digital Lending Apps (DLAs) to RBI. 
  • November 1, 2025: Multi-lender arrangement rules became applicable.  

Key definitions  

  • Digital Lending App (DLA)  

DLA includes any mobile and/or web-based applications that facilitate digital lending services. This includes apps operated by the regulated entity (RE) itself or by a Lending Service Provider (LSP) acting on behalf of the RE for extending credit facilitation services. 

  • Annual Percentage Rate (APR) 

(APR) is the annual cost of credit to the borrower, including the interest rate and all other charges associated with the credit facility. 

  • Default Loss Guarantee (DLG) 

It’s a contractual arrangement between the RE and another entity, under which the latter guarantees to compensate the RE for loan default, capped at a certain percentage of the loan portfolio. DLG also includes any other implicit guarantee of a similar nature, linked to the performance of the RE’s loan portfolio and specified upfront. 

Chapter II: General Requirements for RE-LSP Arrangements  

(How REs and LSPs Must Work Together in Digital Lending) 

Focusing on safe partnerships, this chapter explains the rules governing partnerships between Regulated Entities (REs) and Lending Service Providers (LSPs). 

Key requirements for all RE-LSP partnerships 

  • Strong due diligence is mandatory: REs must do strong due diligence on LSPs (tech capability, privacy, fair practices, and ability to follow RBI rules) and keep monitoring LSP performance and fix issues. 
  • Accountability cannot be outsourced: REs remain 100% accountable, even if an LSP messes up. 
  • Accountability cannot be outsourced: LSPs must follow RBI’s existing outsourcing guidelines (these apply on top of the new Directions).  

Special rules for multi-lender arrangements (effective November 1, 2025) 

When one LSP works with multiple REs (like a platform showing loans from several banks/NBFCs): 

  • The platform must show all matching offers clearly and fairly. No hidden bias or “dark patterns” that trick users. 
  • Display lender name, loan amount, tenure, APR, monthly payment, penalties, and link to Key Facts Statement (KFS).  

Chapter III: Conduct and Customer Protection Requirements  

Conduct and Customer Protection Requirements  

(How RBI Protects Borrowers in Digital Lending) 

This is the most borrower-focused part of the Digital Lending Directions, 2025. It clearly defines how loans must be sold, disclosed, disbursed, serviced, and recovered—especially when digital lending apps and platforms are involved. 

1. Assess creditworthiness properly  

  • Assess creditworthiness properly (collect basic info like income/occupation, existing loans) before approving.  
  • No auto-increasing credit limits without your request and a fresh re-check of the repayment ability. 

2. Full and upfront disclosures 

  • Disclose everything upfront: Provide a simple and clear Key Facts Statement (KFS) before you accept any loan—showing: APR, loan amount, EMI amount, tenure, penalties, etc, in the same language as in the app.  
  • Lender must also send signed digital copies of KFS, the loan agreement, and the privacy policy via email/SMS. 

3. How loans are disbursed and repaid 

  • Loan money goes directly to your bank account (no middleman pockets). 
  • Repayments must go straight to the lender’s account. 
  • LSP fees are paid by the lender, not added to your loan or fees secretly. 

4. Cooling-off period (your regret-free window) 

  • Get at least 1 day (or more, as set by lender) to cancel the loan without penalty (pay only principal + proportionate interest for the days you used the money). 

5. Grievance redressal (how to complain) 

  • Every lender and LSP must have a clear grievance officers and show contacts clearly on the app/website. 
  • Complaint must be resolved within 30 days.  
  • If not happy, borrowers can escalate it to the RBI’s Complaint Management System. 

Importantly, grievance responsibility always rests with the RE, even if the issue involves an LSP. 

Chapter IV: Technology and Data Requirements  

(How Borrower Data Must Be Collected, Used, and Protected) 

Through these guidelines, the RBI aims to ensure that data collection is limited, consent-based, secure, and not misused—especially since many digital apps request excessive access. 

  • Lenders (REs) and LSPs can collect only necessary data (e.g., basic KYC, income proof, bank details) —with your clear consent.  
  • You can say no, restrict, or delete anytime. 

No unnecessary access to your device  

  • Apps cannot access device features such as camera, contacts, microphone, gallery, location, SMS, call logs, or installed apps unless it’s strictly required for onboarding/KYC and you’ve consented.  
  • No storing biometrics unless legally allowed. 
  • Once the process is done, access must be revoked immediately. 

Data storage and location rules 

  • Borrower’s data must stay in India (or be brought back within 24 hours if processed abroad). 
  • REs and LSPs must have strong cybersecurity measures (encryption, access controls) to protect your data. 

Privacy policy and transparency 

  • REs and LSPs must have clear privacy policies on websites/apps, explaining what data is collected, data used, sharing, kept for how long, your rights, and breach handling. 
  • The policy must be easy to find and understand. 

Chapters V–VII: Reporting, Loss Sharing, and General Rules  

(How RBI Ensures Transparency, Controls Risk, and Closes Loopholes) 

These focus on visibility, risk control, and regulatory closure. Together, they ensure that digital lending activity is traceable, risk-sharing is tightly regulated, and older, fragmented rules are officially retired. 

Chapter V: Key Reporting Rules 

  • All digital loans must be reported to Credit Information Companies (CICs) like CIBIL, Experian, etc. 
  • RBI now maintains a public list of reported DLAs on its website to help borrowers verify an app’s legitimacy.  
  • REs must keep updating the list if new apps are added or old ones discontinued. 

Chapter VI: Default Loss Guarantee (DLG) Framework 

  • Lenders can have guarantees (DLG) from LSPs/other entities for up to 5% of portfolio losses.  
  • Only allowed if: Board-approved DLG policy at the RE, cash/FD/bank guarantee only in writing,  
  • Monthly public disclosure (on website/app),  
  • Implicit/hidden guarantee linked to the portfolio is treated as DLG and must follow the same rules. 

Chapter VII: General Provisions 

These Directions do not apply to  

  • Credit card EMIs (separate RBI rules)  
  • Certain co-lending or other non-digital arrangements.  
  • Repeals old circulars.  
  • No overriding other laws (e.g., Data Protection Act, Consumer Protection Act, or existing RBI circulars on fair practices). 
  • Power to issue clarifications: RBI can issue further instructions or clarifications as needed. 

Bottom Line for 2026 and Beyond  

The Digital Lending Guideline 2025 draws a clear line to maintain transparency, fairness, and borrower-safe digital lending via digital lending solutions, lenders, digital lending apps, and REs. Financial institutions and fintech-led lenders that invest early in compliance-ready processes, technology, and governance will be better positioned to build borrower trust, reduce regulatory risk, and scale sustainably. 

One such loan origination management software and lending management solution is LendMantra. A platform that is there to not just empower you digitally but maintain compliance and responsible lending practices. Want to know how? Let’s connect.

Content Source 

Read More: https://lendmantra.com/blog/ 

Frequently Asked Questions 

With new RBI digital lending rules, origination becomes more structured and borrower-centric:  

  • Mandatory creditworthiness assessment (basic info like income/occupation); no auto credit-limit increases without request and re-check;  
  • Upfront KFS provision before acceptance;  
  • Direct fund flows (no LSP intermediaries);  
  • Cooling-off period (min. 1 day) for penalty-free exit;  
  • System changes for unbiased multi-lender comparisons. 

This adds upfront checks and transparency but reduces risks of over-lending or hidden terms. 

Yes—significantly. APR now includes interest + all charges (aligned with KFS rules); penal/late fees must follow fair practices circular and be disclosed in KFS; LSP fees paid by lender only (not passed to borrower); no hidden charges; and multi-lender platforms must show clear APR, fees, and penalties for fair comparison.

Before acceptance, lenders now provide the following to customers:  

  • Key Facts Statement (KFS) covering loan amount, tenure, APR, EMI, fees/penalties, and terms.  
  • Post-acceptance: digitally signed copies of KFS, loan agreement, privacy policy, and other docs via email/SMS.  
  • Platforms must show unbiased lender details (name, APR, etc.) in multi-lender setups.  
  • Lenders must also publish product info, LSPs, grievance contacts, and privacy policies on websites/apps. 

The Directions don't specify new penalties but operate under RBI's existing enforcement powers (e.g., under RBI Act, Banking Regulation Act). 

These Directions make digital lending safer, fairer, and more transparent. Borrowers get better info and protections; lenders and platforms face stricter accountability.  

As per the updated Digital Lending Directions 2025, digital lending apps (mobile/web apps) operated by REs or LSPs must register on RBI’s public CIMS list (no endorsement implied); follow outsourcing norms; avoid dark patterns; show fair, unbiased multi-lender offers with full details (APR, penalties, KFS links); ensure consent-based data use and no unnecessary device access; support direct disbursal/repayment; and display grievance contacts/privacy policies.  

LSP platforms lose fee-passing flexibility but gain credibility if compliant, while non-legit or predatory apps face exclusion. 

Leave a Comment

Your email address will not be published. Required fields are marked *

*
*

WhatsApp Chat