Digital Banking Channel Authorisation Directions, 2025 – What’s Changing in 2026? 

January 6, 2026

Digital banking has become the core of the banking system, through which most customers interact with their banks today. This rapid adoption of digital banking solutions has also increased dependency on backend integrations—core banking systems, third-party fintech tools, digital lending platforms, and loan origination solutions operating behind the scenes.  

Now, to reshape how banks deliver online and mobile banking services, the Reserve Bank of India (RBI) has rolled out the Digital Banking Channels Authorisation Directions, 2025, on November 28, 2025. These directions take effect from January 1, 2026, marking a significant shift to a more structured, secure, and inclusive era of online banking.  

But what’s actually changing in 2026? Let’s figure it out in detail in this blog post that discusses the Digital Banking Channels Authorisation Directions, 2025. 

Why did the RBI Introduce New Digital Banking Channel Guidelines 

Earlier guidelines on internet and mobile banking were spread across multiple circulars dating back years (some from as early as 2001). The 2025 Directions consolidate everything into one unified document, repealing older instructions while ensuring actions taken under them remain valid. The following are the goals: 

• Reduce regulatory fragmentation. 

• Set uniform standards for authorisation, technology, security, and customer protection. 

• Enable faster, safer digital expansion while addressing rising cyber risks and customer dependencies. 

Banks that already have approvals under previous guidelines can continue operations, but new launches or significant changes must align with the new rules from January 1, 2026. 

Digital Banking Channel Authorisation Directions, 2025  

Who is affected by the updated digital banking authorisation rules? 

• The Directions primarily apply to commercial banks (including public sector banks like State Bank of India, private sector banks, and foreign banks operating in India under the Banking Regulation Act, 1949).  

• They do not cover Small Finance Banks, Payments Banks, or Local Area Banks in the main framework—RBI has issued separate but similar Directions for those categories (e.g., for RRBs, SFBs, UCBs, and LABs). 

• The framework covers all digital banking channels, defined as modes provided over: 

• Websites (internet banking) 

• Mobile phones (mobile banking apps) 

• Other digital systems/electronic devices 

• These channels deliver financial, banking, and related services involving a significant level of process automation and/or cross-institutional interfacing (e.g., linking with payment systems, other banks, or third parties). 

Key Definitions  

To remove ambiguity, RBI explicitly defines two types of digital banking facilities banks may offer: 

1. View-Only Banking Facilities  

These allow customers to access non-liability-creating information, such as: 

• Balance enquiry 

• Mini-statement 

• Transaction history/view 

• Other read-only features 

Importantly, no actions like fund transfers, bill payments, loan applications, or disbursals are permitted here—anything that creates customer liability falls outside this category. 

2. Transactional Banking Facilities  

These include any service that involves financial transactions or creates liability, such as: 

• Fund transfers (IMPS, NEFT, RTGS, UPI, etc.) 

• Bill payments 

• Loan applications or disbursals 

• Investments, card management, or other liability-creating actions 

This clear distinction helps banks decide the right launch path and controls risk appropriately. 

Eligibility and Technology Requirements 

All banks wishing to offer digital banking channels (view-only or transactional) must meet baseline technology and operational standards: 

• A fully functional Core Banking Solution (CBS) integrated across branches and digital platforms. 

• Public-facing IT infrastructure must be IPv6-enabled. 

• For view-only channels launched after applicability, banks must notify the Reserve Bank of India through the PRAVAAH portal within 30 days of internal approval. 

• A Gap Assessment and Internal Controls Adequacy (GAICA) report must be submitted along with the notification. 

• The GAICA report must be prepared as per the Directions and is subject to supervisory scrutiny. 

For transactional digital banking facilities 

• For any transactional digital banking platform—where financial transactions or customer liability are involved—RBI approval is mandatory.  

• CBS and IPv6 readiness. 

• Compliance with minimum capital adequacy requirements. 

• Minimum paid-up capital or net worth as per licensing norms. 

• Financial and technical capacity to offer and maintain the proposed facility. 

• Detailed documentation, covering expected expenditure for setup, maintenance, and upgrades; cost–benefit analysis; technology architecture to be adopted; details of technology or outsourcing partners, and resource and capacity planning. 

Compliance requirements before approval 

Before approval is granted, banks must submit a GAICA report certified by a CERT-In empanelled auditor, covering technological and internal control requirements. Additionally, banks must demonstrate: 

• Absence of any major adverse observations in Information Security (IS) audit reports for the previous two financial years. 

• Satisfactory supervisory inputs, where applicable. 

Once approval is granted, banks are permitted to provide all authorised digital banking channels, subject to continued compliance. 

Technology-related compliance requirements 

Banks offering digital banking solutions must comply on a continuous basis with RBI’s mandatory frameworks, including: 

• Guidelines on Outsourcing of IT Services 

• IT Governance, Risk, Controls, and Assurance Directions 

• Digital Payment Security Controls 

• Cyber Security Framework 

• Fraud Risk Management Directions 

Ongoing legal and regulatory compliance for Banks 

The following are some continuous compliance requirements that banks must adhere to while operating digital banking channels: 

• The Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023, along with other applicable legal requirements.  

• RBI instructions as issued and updated by the Department of Payment and Settlement Systems (DPSS). 

• The Responsible Business Conduct Directions, 2025, including accessibility standards for persons with disabilities, as notified by the Ministry of Finance. 

• FEMA, 1999, and related RBI instructions governing cross-border and foreign exchange transactions. 

• Payment and Settlement Systems (PSS) Act, 2007 by DPSS. 

• KYC/AML/CFT guidelines. 

Customer Conduct and Disclosure Standards 

The Directions place strong emphasis on protecting customers in digital banking. Key requirements include: 

• Explicit consent is mandatory for registering or deregistering any digital banking service (view-only or transactional). Banks must clearly inform customers that SMS/email alerts will be sent for all financial and non-financial activities. 

• No forced bundling or mandatory digital access to avail digital banking facilities.  

• Multiple registration options (mobile app, website, branch, call centre, etc.) to minimise branch dependency. 

• Terms, conditions, and interfaces must use simple and clear language (preferably in English, Hindi, and the local language).  

• Banks must comply with customer protection and liability limitation norms for unauthorised electronic transactions, including timely alerts and dispute resolution. 

• Mobile banking services offered outside mobile apps must be network-independent and accessible across telecom operators. 

• Implement risk mitigation measures such as transaction limits, velocity controls, and fraud monitoring, in line with RBI or payment system operator requirements—whichever is stricter. 

• Post-login promotion of third-party products or services is restricted, unless explicitly permitted by RBI under applicable directions. 

Exemptions and Regulatory Flexibility 

The Directions allow the Reserve Bank of India to grant extensions or exemptions from specific provisions where necessary to avoid hardship or for other justified reasons. Any such relaxation may be time-bound and subject to conditions prescribed by RBI. 

This provides limited flexibility during transition without weakening the overall compliance framework. 

Repeal of Earlier Guidelines and Continuity of Approvals 

With the introduction of the Digital Banking Channel Authorisation Directions, 2025, all earlier circulars and guidelines on digital banking channels stand repealed from January 1, 2026. 

However: 

• Actions taken, approvals granted, or acknowledgements issued under earlier guidelines remain valid. 

• Existing approvals are deemed to be governed under the 2025 Directions. 

• Ongoing investigations, penalties, or legal proceedings under earlier guidelines remain unaffected. 

This ensures continuity while moving banks to a unified regulatory framework. 

What Banks Should Prepare for Before 2026 

The 2025 Directions mark a clear shift from fragmented guidance to a structured, approval-driven digital banking regime. Banks must now reassess their digital banking platforms, technology readiness, internal controls, and customer-facing processes to align with the new framework. 

For banks and fintech partners involved in digital banking solutions, digital lending platforms, and loan origination solutions, early alignment will be critical to meet compliance timelines and build secure, scalable, and customer-trusted digital banking ecosystems ahead of 2026.  

Way Forward 

As January 1, 2026, approaches, the question is no longer whether systems need to change, but how prepared they are to operate under tighter oversight without slowing growth. Early movers who complete these actions given in the directions in the first quarter of 2026 will not only avoid supervisory scrutiny but also build deeper customer trust, launch features faster, and scale digital services more securely. 

If your digital lending or loan origination setup needs to be compliance-ready, scalable, and regulator-aligned from day one, LendMantra helps you move forward. Want to see how your lending operations can stay compliant while scaling digitally? Let’s connect. 

Read More: https://lendmantra.com/blog/ 

Frequently Asked Questions

Content Source 

RBI-DOR-2025-26-380_3122025153629898.pdf  

RBI Issues Digital Banking Channels Authorisation Directions, 2025  

RBI’s 2025 Digital Banking Framework: Revolutionizing Online Banking for Indian Banks, ETBFSI