The Digital Payments: E-mandate Framework, 2026: A Consolidated Regulatory Architecture for Recurring Transactions

In exercise of the powers conferred by Sections 10(2) read with Section 18 of the Payment and Settlement Systems Act, 2007, the Reserve Bank of India, being satisfied that such regulatory intervention is necessary and expedient in the public interest, issued the Digital Payments  E-mandate Framework, 2026, vide Circular No. RBI/DPSS/2026-27/396 dated April 21, 2026. This framework represents a landmark consolidation of the regulatory architecture governing electronic mandates for recurring payment transactions in India. Prior to the issuance of these directions, the regulatory landscape was fragmented across multiple circulars issued between 2019 and 2024, creating a patchwork of compliance obligations for payment system providers and participants. The 2026 framework systematically repeals eight erstwhile circulars and establishes a unified, comprehensive code applicable to all recurring transactions, whether domestic or cross-border, processed through cards, prepaid payment instruments, and other designated payment mechanisms.

The directions are formally titled the Digital Payments E-mandate Framework, 2026, and became effective immediately. Insofar as applicability is concerned, the framework casts its net widely, encompassing all payment system providers and payment system participants engaged in the processing of recurring transactions. The definitional clause clarifies that terms such as authentication, factor of authentication, issuer, and merchant shall bear the same meaning ascribed to them under the Reserve Bank of India (Authentication mechanisms for digital payment transactions) Directions, 2025, dated September 25, 2025, and the Master Direction on Regulation of Payment Aggregator. This ensures terminological consistency and regulatory harmony across the broader digital payments ecosystem.

The framework imposes rigorous obligations concerning the registration and revocation of e-mandates. A customer desirous of availing the e-mandate facility is required to undergo a one-time registration process. Critically, the mandate shall be registered only upon successful validation of an additional factor of authentication, over and above the normal authentication process mandated by the issuer. Every e-mandate so registered must specify a definite validity period, and the issuer is statutorily obligated to provide the customer with a facility to modify such validity period or withdraw the e-mandate entirely at any point in time. This facility must be communicated clearly to the customer at the time of registration itself. The framework further accommodates both fixed-amount and variable-amount mandates, subject however to an overall cap fixed by the Reserve Bank. In cases where the mandate is for a variable amount, the issuer must provide the customer with a facility to specify the maximum permissible value of any individual recurring transaction. Additionally, the customer is empowered to choose or change the mode of receiving pre-transaction notifications from among available options such as SMS and email. Any modification or withdrawal of an existing e-mandate shall require validation through additional factor of authentication, thereby ensuring that alterations to the mandate are initiated and authorized by the customer alone.

With respect to the processing of transactions, the framework draws a clear distinction between the first transaction and subsequent recurring transactions. The first transaction under an e-mandate shall mandatorily require additional factor of authentication validation. Where the first transaction is processed contemporaneously with the registration of the e-mandate, the additional factor of authentication validation may be combined with the registration process. Payments executed under e-mandates are expressly insulated from any other limits or controls that may otherwise be imposed by the issuer or payment system, thereby according e-mandate transactions a distinct regulatory status.

Transparency and customer empowerment form the bedrock of the notification regime prescribed under the framework. The issuer is required to send a pre-transaction notification to the customer at least twenty-four hours prior to the actual charge or debit. Such notification must, at a minimum, disclose the merchant’s name, the transaction amount, the date and time of debit, the reference number of the e-mandate, and the reason for debit, specifically indicating that the debit is pursuant to an e-mandate registered by the customer. The issuer must further provide the customer with a facility to opt out of any particular transaction or the e-mandate itself. Any such opt-out must be validated by the issuer using additional factor of authentication, and an intimation thereof must be sent to the customer. However, the framework carves out a pragmatic exemption to the pre-transaction notification requirement for e-mandates registered to auto-replenish balances of FASTag and the National Common Mobility Card, recognizing the low-risk, high-frequency nature of such transactions.

Complementing the pre-transaction notification is the obligation to send a post-transaction notification. This notification must inform the customer of the merchant’s name, the transaction amount, the date and time of debit, the reference numbers of both the transaction and the e-mandate, the reason for debit, and critically, details regarding grievance redressal. The inclusion of grievance redressal particulars in the post-transaction notification represents a significant enhancement in customer protection, ensuring that recipients of the notification are immediately apprised of the avenues available for redressal should a dispute arise.

The framework also establishes clear transaction limits and velocity checks. All recurring transactions may be authorized without additional factor of authentication up to a ceiling of fifteen thousand rupees per transaction. Transactions exceeding this threshold are subject to additional authentication requirements. Recognizing the essential nature of certain financial commitments, the framework accords enhanced limits to specific categories of payments. Insurance premium payments, subscriptions to mutual funds, and credit card bill payments may be processed without additional factor of authentication up to one lakh rupees per transaction. This calibrated approach balances the imperatives of customer convenience with the need for robust fraud prevention.

Dispute resolution and grievance redressal receive focused attention under the framework. Issuers are mandated to put in place an appropriate dispute redressal system to facilitate customers in lodging complaints. Furthermore, the Reserve Bank’s extant instructions on limiting the liability of customers for unauthorized transactions are expressly made applicable to recurring transactions processed under e-mandates. This ensures that the protective umbrella against unauthorized debits, which governs conventional digital transactions, extends seamlessly to the e-mandate ecosystem.

The framework further contains several ancillary yet significant provisions. No charges shall be levied upon the customer for availing the e-mandate facility for recurring transactions, thereby removing any financial barrier to customer adoption. In a customer-friendly provision, existing e-mandates may be mapped to reissued cards, ensuring continuity of recurring payment arrangements without necessitating fresh registration. Acquirers are placed under a positive obligation to ensure compliance with these directions by all merchants onboarded by them, thereby distributing regulatory responsibility across the payment chain.

The repeal clause is both comprehensive and decisive. With the issuance of the 2026 framework, the instructions and guidelines contained in eight prior circulars stand repealed in their entirety. These include Circular No. DPSS.CO.PD.No.447/02.14.003/2019-20 dated August 21, 2019, concerning processing of e-mandate on cards for recurring transactions. Circular No. DPSS.CO.PD No.1324/02.23.001/2019-20 dated January 10, 2020, pertaining to processing of e-mandate in Unified Payments Interface for recurring transactions. Circular No. DPSS.CO.PD No.754/02.14.003/2020-21 dated December 4, 2020, on processing of e-mandates for recurring transactions. Circular No. CO.DPSS.POLC.No.S34/02-14-003/2020 dated March 31, 2021, regarding the framework for processing of e-mandates for recurring online transactions. The clarification issued to the Indian Banks’ Association on October 8, 2021, concerning the Reserve Bank’s framework for e-mandate based recurring transactions. Circular No. CO.DPSS.POLC.No.S-518/02.14.003/2022-23 dated June 16, 2022, on processing of e-mandates for recurring transactions. Circular No. CO.DPSS.POLC.No.S-882/02.14.003/2023-24 dated December 12, 2023, on processing of e-mandates for recurring transactions. And Circular No. CO.DPSS.POLC.No.S528/02-14-003/2024-25 dated August 22, 2024, on processing of e-mandates for recurring transactions.

In conclusion, the Digital Payments E-mandate Framework, 2026, marks a seminal evolution in India’s digital payments jurisprudence. By consolidating nearly seven years of fragmented regulatory guidance into a single, coherent direction, the Reserve Bank has significantly enhanced legal certainty for payment system providers, participants, and customers alike. The framework strikes a delicate equilibrium between operational efficiency and consumer protection, mandating robust authentication protocols, ensuring granular transparency through pre- and post-transaction notifications, empowering customers with unfettered revocation and opt-out rights, and capping transaction limits commensurate with risk profiles. The explicit applicability of unauthorized transaction liability limits to e-mandates, coupled with the prohibition on customer charges and the facilitation of card reissuance mapping, underscores a regulatory philosophy cantered on customer-centricity. For legal practitioners, compliance officers, and stakeholders in the fintech and banking sectors, the framework necessitates a comprehensive review of existing operational protocols to ensure alignment with these consolidated directions. As India’s digital economy continues its exponential trajectory, the 2026 E-mandate Framework stands as a critical pillar in the edifice of secure, transparent, and consumer-protective recurring payment systems.

For further details write to contact@indialaw.in