Creget.
Fintech

RBI digital lending rules in 2026: what borrowers need to know about apps, fees, and data

The RBI's digital lending guidelines require all lending apps to work through regulated entities, disclose all-in APR, and follow strict data norms. Here is how to verify if an app is compliant.

Creget Research 20 Feb 2026 5 min read

The RBI's digital lending guidelines, originally issued in September 2022 and progressively strengthened through 2024-25, have now had two full years of enforcement. In 2026, the market looks meaningfully different: hundreds of non-compliant apps have been removed from app stores, and the remaining players have adapted. Here is what borrowers need to know.

Key rules that protect you as a borrower

1. All loan disbursals must go to the borrower's bank account directly. Loan apps cannot collect repayments themselves — all EMIs must flow through the Regulated Entity (RE, i.e., the bank or NBFC).

2. No charges not disclosed upfront. The Annual Percentage Rate (APR) must include all fees: processing fee, insurance, documentation charges. If an app quotes "0% interest" but charges a processing fee, the APR calculation must reflect the effective cost.

3. Data collection limited to device features. Lending apps cannot access your contacts, media gallery, or call logs. Camera, microphone, and location can only be accessed with purpose-specific consent for KYC (camera), fraud detection (location), and similar justified uses.

4. 72-hour cooling-off period. For loans with tenure above 7 days, you have 72 hours to cancel after disbursal, paying only the proportionate interest for days used. No penalties for early exercise of this right.

5. Grievance redressal. Every app must display the name, contact, and email of a Nodal Grievance Officer. Unresolved complaints can be escalated to RBI's SACHET portal.

How to verify if an app is compliant

1. Check if the app discloses its Regulated Entity partner (a licensed bank or NBFC) 2. Verify the RE on RBI's public list of registered NBFCs/banks 3. Confirm APR is displayed before you accept the loan — not just the interest rate 4. Check that the app does not request contacts or media permissions during onboarding

Red flags of non-compliant or predatory apps

  • Loan disbursed to a wallet rather than bank account
  • APR not disclosed — only EMI and "interest rate" shown
  • Repayment collected by the app itself rather than bank
  • Recovery agents contacting your phonebook contacts (illegal)
  • No physical address or grievance officer listed
Digital LendingRBIFintech Regulation

Related reading

Fintech · 6 min

UPI 3.0: What is coming and why it matters for your money

Credit on UPI, cross-border payments, and programmable money. The next evolution of India digital payments is bigger than you think.

Read
Fintech · 7 min

Robo-advisors in India: Do they actually work?

Scripbox, Kuvera, INDmoney, Groww all offer automated portfolio advice. We tested the claims against real data.

Read
Fintech · 6 min

Digital gold vs physical gold vs gold ETFs: Which is best?

Gold belongs in every portfolio, but the vehicle matters. We compare all three options on cost, liquidity, and tax.

Read