RBI eases e-mandate rules: Rs 15,000 cap for digital payments without OTP

RBI issues new e-mandate framework allowing auto-debits up to ₹1 lakh without OTP, mandates alerts and strengthens customer protection across UPI, cards and PPIs.

Written by Kshipra Petkar

Updated: April 22, 2026 06:39 IST

RBI introduces new e-mandate rules easing auto-debits while mandating alerts and enhancing customer protection across digital payment systems.

The Reserve Bank of India (RBI) on Tuesday issued a consolidated framework for digital payments e-mandates, aimed at simplifying auto-debit systems while strengthening customer protection across UPI, prepaid payment instruments (PPIs), and cards, including both domestic and cross-border transactions.

Under the new guidelines, recurring payments of up to ₹15,000 will not require a one-time password (OTP). Payments such as insurance premiums, mutual fund subscriptions, and credit card bills between ₹15,000 and ₹1 lakh can be processed without additional factor authentication (AFA).

However, the RBI has made both pre-debit and post-debit alerts mandatory. Pre-debit notifications must be sent at least 24 hours before each transaction, clearly mentioning the merchant name, amount, and date, while giving customers the option to opt out. Post-transaction alerts must include key details along with information on grievance redressal mechanisms.

What do Industry observers say?

“This gives the customer an additional protection layer while making transactions, as well as gives banks an opportunity to collect data as evidence in case of digital payments,” Ashvin Parekh, Managing Partner at Ashvin Parekh Advisory Services said.

An e-mandate is a digital standing instruction that authorises automatic debits from a bank account for recurring payments, enabling seamless and automated transactions. The changes in instructions on e-mandates were based on feedback from stakeholders, the RBI said. The new framework has come into effect immediately.

Customers opting for an e-mandate must complete a one-time registration process authenticated through AFA. The first transaction under the mandate will also require AFA. If registration and the first transaction are processed together, authentication may be combined.

No charges can be levied on customers for availing the e-mandate

The RBI has clarified that no charges can be levied on customers for availing the e-mandate facility. In the case of cards, existing mandates may be mapped to reissued cards. Acquirers have been tasked with ensuring that merchants comply with the new directions.

The central bank added that its existing rules on limiting customer liability in unauthorised electronic transactions will also apply to recurring payments.

“The mandate is for cards and UPI only; it is not clear whether it applies to e-NACH. We are seeking clarity from the RBI and the National Payments Corporation of India,” said Vasanth JE, chief executive officer of CAMSPAY.

He added that while the RBI regulates multiple mandate frameworks—including credit cards and UPI—most features such as revocation and end dates are already available under NACH. However, certain operational aspects, such as AFA for the first transaction, are not part of the NACH system.

Each e-mandate must specify a validity period, and customers should have the option to modify or withdraw the mandate at any time, with any such changes requiring AFA validation.

Mandates can be set for fixed or variable amounts, subject to the RBI-prescribed limits. For variable mandates, issuers must allow customers to define a maximum transaction value. Customers must also be given the option to choose their preferred mode for receiving pre-transaction alerts.

Pre-transaction notifications, however, will not be mandatory for auto-replenishment of FASTag and National Common Mobility Card balances.

This article was first uploaded on April twenty-one, twenty twenty-six, at fifty-six minutes past ten in the night.