The Reserve Bank of India issued the Digital Lending Directions, 2025 in early July, establishing a comprehensive and unified regulatory framework governing all forms of digital lending by regulated entities and their technology partners. The Directions consolidate and supersede the patchwork of earlier guidelines issued in 2022 and 2023, creating a single regulatory code for banks, non-banking financial companies, and lending service providers operating through digital platforms.
Background
Digital lending in India has grown exponentially, with an estimated loan disbursement of over Rs 47 lakh crore through digital channels in 2024-25. The rapid expansion, driven by fintech platforms partnering with banks and NBFCs, had outpaced the regulatory framework. The RBI's 2022 Digital Lending Guidelines addressed some concerns but left gaps regarding lending service providers, default loss guarantees, and data privacy obligations.
A working group constituted by the RBI had identified over 600 unregistered digital lending applications operating in India, many of which employed aggressive recovery practices and opaque fee structures. The new Directions respond to these systemic concerns by establishing a unified code applicable to all participants in the digital lending ecosystem.
Key Provisions
Unified applicability: The Directions apply to all commercial banks, NBFCs (including housing finance companies), and their lending service providers (LSPs) and digital lending applications (DLAs). No entity may engage in digital lending without being either a regulated entity or a registered agent of one.
Borrower protection framework: All loan disbursements and repayments must pass through the borrower's bank account, without any pass-through by the LSP. Upfront fee deduction from the sanctioned amount is prohibited.
Default Loss Guarantee cap: The aggregate default loss guarantee provided by an LSP to a regulated entity shall not exceed five percent of the outstanding loan portfolio under the arrangement, with mandatory quarterly disclosure.
Data minimisation: Digital lending platforms may collect only data necessary for the specific credit assessment, with explicit borrower consent. Storage of biometric data and access to mobile phone contact lists, media files, and call logs is prohibited.
Grievance redressal timeline: Borrower complaints must be resolved within 30 days by the regulated entity. If unresolved, borrowers may escalate to the RBI's Integrated Ombudsman.
Cooling-off period: Borrowers shall have a minimum three-day cooling-off period during which the loan may be returned without penalty, applicable to loans of up to Rs 1 lakh.
Implications for Practitioners
The unified framework represents a regulatory consolidation that simplifies compliance but raises the operational burden for fintech platforms. Lending service providers that have operated under informal arrangements with banks and NBFCs will need to formalise their relationships through written agreements that comply with the prescribed minimum standards.
The five percent cap on default loss guarantees may alter the economics of several fintech-bank lending partnerships that relied on higher guarantee levels to secure banking partners. Entities currently exceeding this threshold will need to restructure their arrangements before the Directions take effect.
For borrower-side practitioners, the cooling-off provision and data minimisation requirements create new grounds for challenging lending practices that violate these safeguards. The explicit prohibition on contact list access addresses one of the most widespread complaints against digital lending platforms.