The Reserve Bank of India (RBI) has revised its ‘Digital Payments — E-mandate Framework, 2026’, introducing new rules for auto-debit transactions via credit cards, debit cards, prepaid payment instruments
(PPIs), and UPI.
The central bank said the changes, introduced in the “public interest”, are effective immediately and apply to all payment system providers handling recurring domestic and cross-border transactions.
Key Highlights of E-Mandate Framework
Under the updated rules, recurring transactions of up to ₹15,000 can be processed without requiring additional authentication such as OTP.
Customers must first register a one-time e-mandate using Additional Factor Authentication (AFA). Once approved, payments within the ₹15,000 limit will be auto-debited without OTP each time.
This covers recurring payments such as:
- Mutual fund SIPs and fixed deposits
- OTT subscriptions and DTH services
- EMIs and insurance premiums
- Utility bills (electricity, water, internet)
One-Time Registration with User Control
After registration, customers can modify, pause, or cancel e-mandates at any time using AFA authentication.
For variable payments, users can set a maximum limit to prevent unexpected debits. Banks must also clearly communicate the validity period of the mandate at the time of registration.
Transactions above ₹15,000 will continue to require OTP authentication.
However, recurring payments for insurance premiums, mutual funds, and credit card bills can go up to ₹1 lakh without AFA if registered under e-mandates.
Mandatory Alerts and No Extra Charges
The RBI has directed that banks must not charge customers for enabling e-mandates.
Customers must receive a pre-debit alert at least 24 hours before the transaction, with details such as amount, debit date, and merchant name.
Users can cancel or opt out of payments based on these alerts and can choose their preferred mode of notification (SMS, email, etc.).
Pre-debit alerts are not mandatory for auto-recharges of FASTag and National Common Mobility Card (NCMC).
Zero Liability for Fraudulent Transactions
Banks and payment providers must also send post-transaction alerts and maintain grievance redressal systems.
The RBI has extended its zero-liability policy to e-mandates, ensuring customers are not held responsible for unauthorised transactions if reported promptly.
New Rules Proposed for Digital Wallets
Separately, the RBI has proposed fresh norms for digital wallets and prepaid instruments.
- General-purpose PPI balance capped at ₹2 lakh
- Monthly cash loading limit of ₹10,000
- Gift PPI capped at ₹10,000
- Transit PPI capped at ₹3,000
The RBI also proposed allowing banks authorised to issue debit cards to offer PPIs after notifying the Department of Payment and Settlement Systems (DPSS).
These measures aim to improve transparency, enhance customer protection, and strengthen India’s digital payments ecosystem.
