Print Friendly, PDF & Email

RBI Data Localisation Norms

Topics Covered: Cybersecurity related issues.

RBI Data Localisation Norms:


The National Payments Corporation of India (NPCI) has allowed Facebook-owned messaging platform WhatsApp to start its payments service in the country in a ‘graded’ manner.

Key Points:

  • NPCI has given its nod to WhatsApp to offer payments services via the Unified Payments Interface.
  • WhatsApp users can link their UPI-enabled bank accounts and transfer money through the messaging app.

What is UPI?

Unified Payments Interface or UPI is an immediate real-time payment system developed by the National Payments Corporation of India (NCPI).

It was introduced in April 2016 as a pilot project and is regulated by the Reserve Bank of India (RBI).

As per the data- localisation norms set by RBI:

  1. While there is no bar on the processing of payment transactions outside India, the Payment System Operators (PSOs) will have to ensure the data is stored only in India after the processing.
  2. In case the processing is done abroad, the data should be deleted from the systems abroad and brought back to India not later than the one business day or 24 hours from payment processing, whichever is earlier. The same should be stored only in India.
  3. The data stored in India can be accessed for handling customer disputes, whenever required.
  4. The payment system data may be shared with an overseas regulator if required, but with the approval of RBI.
  5. Some banks, especially foreign, that had been permitted to store the banking data abroad may continue to do so. However, in respect of domestic payment transactions, the data shall be stored only in India.

The data stored domestically must include:

  • End-to-end transaction details and information related to payment or settlement transaction collected or processed as part of a payment.
  • Information such as customer name, mobile number, email, Aadhaar number, PAN number.
  • Payment sensitive data such as customer and beneficiary account details; payment credentials such as OTP, PIN, Passwords.

Need for guidelines in this regard:

The payment systems in India have witnessed rapid advancements in innovation, eCommerce, and fintech, to name a few. It is only natural to ensure that the guidelines, prescriptions and regulations also advance in order to safeguard the interests of the customers, users, and the government.


Prelims Link:

  1. About NPCI.
  2. About UPI.
  3. What’s new in UPI 2.0?
  4. Overview of data- localisation norms set by RBI.

Mains Link:

What is data localisation? Discuss the issues associated.

Sources: the Hindu.