The Reserve Bank of India issued the RBI (Digital Lending) Directions, 2025 on 8 May 2025, replacing the 2022 Digital Lending Guidelines that had governed the sector for three years. Most of the coverage since then has focused on borrower protections, data localisation, and the new framework for Lending Service Providers. What has received far less attention is the volume of contractual obligations these Directions create, and what that means for the way regulated entities need to manage their agreements.
For banks, NBFCs, and other Regulated Entities (REs) engaged in digital lending, the Directions are not just a compliance exercise. They are a signal that contracts, specifically the agreements between REs and their Lending Service Providers (LSPs), need to be structured, monitored, and auditable in a way that most current contract management setups do not support.
This blog covers what the Directions require, where the contract management implications are most significant, and what legal and compliance teams at REs need to put in place.
What the RBI Digital Lending Directions Consolidate
The Directions repeal three earlier frameworks: the 2022 Guidelines on Digital Lending, the RBI circular on loans sourced over digital platforms, and the Guidelines on Default Loss Guarantee arrangements. By consolidating these into a single set of directions, the RBI has created a unified regulatory framework for digital lending that covers the full lending lifecycle, from customer acquisition through to recovery.
Most provisions came into force immediately on 8 May 2025. Two provisions have phased timelines. The requirement for REs to register all Digital Lending Apps (DLAs) on the RBI’s CIMS portal took effect on 15 June 2025. The framework governing multi-lender LSP arrangements takes effect on 1 November 2025.
The Directions apply to a wide range of REs, including commercial banks, co-operative banks, NBFCs, and Housing Finance Companies, as well as the LSPs and DLAs they engage for digital lending functions.
The Contractual Architecture the Directions Require
This is where the Directions have the most direct bearing on how REs manage their agreements.
RE-LSP contracts must define roles, rights, and obligations
Under Paragraph 5 of the Directions, every engagement between an RE and an LSP must be governed by a formal contractual arrangement. This is not new in principle, most REs already have service agreements with their technology partners. What the Directions now specify is the content that these contracts must cover.
The contract must define the LSP’s roles and functions with precision. It must include obligations around borrower conduct, recovery agent behaviour, data handling practices, and compliance with RBI guidelines. It must give the RE audit rights over the LSP’s activities. And it must make clear that the RE remains fully responsible and liable for every action the LSP takes on its behalf, with no contractual arrangement capable of transferring that regulatory liability to the LSP.
For REs that engage multiple LSPs across different functions, including customer acquisition, underwriting support, servicing, and recovery, this creates a requirement to review and in many cases redraft a significant number of agreements. Each contract needs to be assessed against the requirements of Paragraph 5, gaps need to be identified, and updated agreements need to be executed and tracked.
DLG arrangements require standalone contractual coverage
The Directions introduce a comprehensive framework for Default Loss Guarantee arrangements. A DLG is a contractual arrangement under which an LSP or another RE guarantees to compensate the RE for losses from default up to a specified percentage of the loan portfolio.
Under the Directions, every DLG arrangement must be supported by a formal contractual agreement between the RE and the DLG provider. The DLG provider must be incorporated under the Companies Act, 2013. The guarantee arrangement must not exceed 5% of the outstanding loan portfolio covered by the DLG. And there are specific restrictions on which loan categories can be covered by DLG arrangements.
For REs with existing DLG structures, the Directions require an assessment of whether current agreements comply with the new framework. Any arrangement that does not meet the requirements needs to be restructured and documented before it can continue.
Multi-lender arrangements add another layer of contractual obligation
The Directions introduce specific provisions for situations where a single LSP partners with multiple REs. These provisions, which take effect on 1 November 2025, require each RE in a multi-lender arrangement to ensure that the LSP presents loan offers neutrally, uses a consistent and documented matching mechanism, and displays all required loan parameters including APR, tenor, monthly repayment obligation, and a link to the Key Fact Statement.
For REs participating in multi-lender platforms, this means the contractual arrangement with the LSP needs to address these requirements explicitly. The RE needs contractual assurance that the LSP’s platform meets the disclosure and presentation standards the Directions require.
Contract Execution and Documentation Requirements
Beyond the structure of RE-LSP agreements, the Directions impose specific requirements on how loan contracts with borrowers are executed and delivered.
Borrower signatures are mandatory. The Directions clarify that a loan contract must be executed with the borrower’s signature. Common authentication methods used by digital lenders, such as clickwrap agreements and OTP-based virtual signatures, are not digital signatures under the Information Technology Act and do not satisfy this requirement. REs need to ensure that their loan documentation processes use IT Act-compliant digital signatures for all loan contracts.
The complete loan kit must be sent automatically to the borrower. Once a loan contract is executed, the digitally signed loan kit must be automatically transmitted to the borrower via email or SMS. Providing documents through a link on the lending app or website is not sufficient. The transmission must be automatic, immediate, and directed to the borrower’s registered contact details.
The Key Fact Statement must be provided before the contract is executed. Under Paragraph 8 of the Directions, REs must provide borrowers with a KFS before the loan contract is signed. The KFS must follow the format prescribed under the April 2024 KFS Rules and must include disclosures on penal charges in line with RBI’s Fair Lending Practice circular.
For LSPs operating across multiple REs in a multi-lender arrangement, each RE must ensure that the LSP provides a KFS for each specific loan offer. The KFS must include the names of matching REs, the loan amount, tenor, APR, monthly repayment obligation, and applicable penal charges, in a format that allows fair comparison between offers.
Data Governance Obligations Embedded in Contracts
The Directions impose data governance requirements that need to be reflected in RE-LSP contracts.
Data collection by DLAs must be need-based and supported by prior, explicit consent with a documented audit trail. Access to mobile resources such as contacts and call logs is prohibited, except for one-time KYC purposes. All borrower data must be stored within India. Where data is processed overseas, it must be repatriated to Indian servers and deleted from foreign servers within 24 hours.
These requirements need to be embedded as obligations in RE-LSP contracts. The RE must have contractual mechanisms to verify that the LSP is meeting these standards, and the audit rights in the agreement need to cover data handling practices specifically.
Grievance Redressal Requirements with Contractual Dimensions
Under Paragraph 11 of the Directions, both REs and LSPs must designate nodal grievance redressal officers. Contact details for these officers must be displayed on the RE’s website, the DLA, and any LSP platform. Borrowers who are not satisfied with the grievance response have the right to escalate to the RBI’s Complaint Management System or submit a physical complaint to the RBI.
For REs, this creates an obligation to ensure that LSP contracts include requirements for the LSP to maintain and publicise grievance redressal mechanisms in line with the Directions. The RE’s full responsibility for grievance resolution means that any gap in the LSP’s compliance in this area becomes the RE’s regulatory exposure.
The Unique CLM Challenge the Directions Create
Most regulatory compliance content treats the RBI Directions as a legal and operational exercise. The contract management dimension is less frequently discussed, but it is where many REs will face the most practical difficulty.
The Directions require REs to manage a portfolio of agreements, including RE-LSP contracts, DLG arrangements, and multi-lender platform agreements, that are significantly more detailed in their content requirements than most current service agreements. And they require ongoing monitoring, not just initial execution.
The RE must conduct periodic reviews of LSP performance against the contractual arrangement. Monitoring mechanisms for loan portfolios originated through LSPs must be maintained as part of RE policy. Where LSPs act as recovery agents, the RE must verify ongoing compliance with RBI recovery guidelines. DLG providers must be assessed for technical capability, data handling practices, and regulatory compliance history, not just at onboarding but on an ongoing basis.
This is a contract lifecycle management challenge, not just a drafting exercise. REs need a system that can:
- Store all RE-LSP and DLG agreements in a structured repository with version history
- Track the specific obligations each contract contains against the requirements of the Directions
- Alert the compliance team when periodic review milestones are due
- Maintain audit trails of all contract executions, amendments, and compliance reviews
- Connect contract data to the broader regulatory compliance picture
For REs managing a large number of LSP relationships, managing these obligations through email and spreadsheets introduces exactly the kind of oversight risk the Directions are designed to address.
What a Compliant Contract Management Setup Looks Like
For legal and compliance teams at REs preparing for full compliance with the Directions, the following steps are most important.
Audit existing RE-LSP agreements against Paragraph 5 requirements. Every current LSP contract needs to be assessed against the content requirements of the Directions. Gaps in role definition, data handling obligations, audit rights, recovery conduct, and liability allocation need to be identified and addressed before existing arrangements can be treated as compliant.
Restructure or exit DLG arrangements that do not meet the new framework. DLG structures need to be assessed against the eligibility requirements, the loan category restrictions, and the portfolio cap. Arrangements that do not comply need to be renegotiated and redocumented.
Update loan execution processes for digital signature compliance. The requirement for IT Act-compliant digital signatures and automatic loan kit delivery needs to be implemented in the digital lending workflow. This is a technology and process change, but it also requires updating the contractual terms with LSPs who manage the customer-facing interface.
Prepare for multi-lender arrangement compliance by 1 November 2025. REs participating in multi-lender platforms need to ensure that their contracts with LSPs address the neutral presentation requirements, matching mechanism documentation, and KFS display obligations the Directions require for these arrangements.
Build ongoing monitoring into contract management workflows. The compliance obligation does not end at contract execution. Periodic LSP reviews, portfolio monitoring, and audit rights need to be exercised and documented on an ongoing basis. A CLM platform that connects contract obligations to compliance review schedules, and that maintains a full audit trail, reduces the manual burden significantly.
Legistify’s contract management module supports the full lifecycle of RE-LSP agreements, from structured drafting and approval workflows through to obligation tracking, renewal alerts, and audit trail maintenance, in a way that is designed for the compliance demands of India’s regulatory environment.
Conclusion
The RBI Digital Lending Directions have been discussed primarily through the lens of borrower protection and fintech regulation. For legal and compliance teams at Regulated Entities, the more immediate challenge is the volume and specificity of contractual obligations the Directions create.
RE-LSP agreements, DLG contracts, and multi-lender arrangements all need to be structured, executed, and monitored in ways that satisfy requirements of the Directions. Ongoing review obligations mean that compliance is not a one-time exercise. The RE’s regulatory exposure is directly tied to the quality of its contracts and the rigour of its contract management processes.
Getting the contractual architecture right, and maintaining it on an ongoing basis, is the foundation on which the rest of the Directions’ compliance framework rests.
