New Digital Lending Rules: Loan Apps Under RBI Radar

By /

Digital lending apps have grown rapidly as borrowing seem quick and easy loans with minimal paperwork.

However, many borrowers face issues like harassment, hidden fees and personal data misuse by lending agents after taking loans from such apps.

To address this, the Reserve Bank of India has introduced strict rules to clean up the digital lending space.

This new rules aim to balance innovation with consumer protection, tighten oversight of Lending Service Providers (LSPs) and ensure secure and ethical lending practices.

Applicable To

These rules are applicable to:

  • All Commercial Banks
  • Co-operative Banks
  • NBFCs (non-banking financial companies)
  • All India Financial Institutions (AIFIs) like NABARD, SIDBI
  • Lending Service Provider (LPAs) and Digital Lending Apps (DLA’s) such as InstaRupee, RapiRupee etc. partnering with Regulated Entities.

Major Rules in Digital Lending Direction

Transparency & Borrower Rights

  • Lenders must now show a comprehensive list of all available digital loan option like loan amount, interest rates, tenures, repayment schedules, late fees, penalties upfront to borrowers and Identity of lending institution.
  • Digital lending apps must clearly mention partnership details with Regulated Entities (like Axis Bank, SBI, etc.) — ensuring borrowers know who’s actually giving the loan.
  • This prevents mis selling and coercive upselling by Lending Service Providers.

Loan Disbursement and Repayment

  • All the funds must directly flow between the borrower’s and the Regulated Entity’s bank accounts.
  • No third-party wallets or intermediaries are allowed to handle the money.
  • Auto-debit of EMIs from borrower accounts is not allowed without prior consent, protecting borrowers from unauthorized debits.

Data Privacy Measures

  • Borrowers must be informed clearly what data is being collected.
  • Lending Apps cannot access such as Phone contacts, Media Files, Call Logs, SMS Inbox without explicit, need based consent.
  • Consent must be revocable and data usage must be minimized.
  • All collected data must be stored on servers located in India.
  • If processed abroad , it must be erased from foreign servers and re-imported with 24 hours.

Digital Lending App Verification

  • All the Regulated Entities must submit details of DLAs they work with on CIMS portal by 15th June 2025.
  • By 1st July 2025, RBI will publish a public directory of DLAs i.e., list of valid Digital Lending App.
  • Unlisted DLAs will be considered unauthorized.

How useful was this post?

Click on a star to rate it!

Related Posts

Scroll to Top