Loan Agreements Under RBI's 2025 Digital Lending Directions - Explainer

The RBI just issued the Reserve Bank of India (Digital Lending) Directions, 2025 (‘Digital Lending Directions’) on 8 May, 2025.

These Directions supersede and repeal the Guidelines on Digital Lending dated September 02, 2022, and other circulars as listed in Annex III of the Directions. 

Most of these directions take effect immediately except for Clause 6 ( RE-LSP arrangements involving multiple lenders) which takes effect on November 1, 2025 and Clause 17( Reporting of DLAs to RBI) which takes effect on June 15, 2025.

This post focuses exclusively on the changes to loan documentation processes introduced by the Directions—and the immediate compliance implications for Regulated Entities (REs) and Lending Service Providers (LSPs).

🚨 TL;DR What’s Changed?

If you don’t have time to read the entire post - here’s a TL;DR lowdown on the key compliance takeaways:

• KFS must be shown before borrower accepts the loan, not at disbursal
  
  
• LSPs must provide a “KFS menu” if offers from multiple REs are displayed
  
  
• Entire loan kit must be digitally signed via IT Act signature and automatically sent to customer via Email/SMS post-signing
  
  
• Borrower signature is mandatory for loan contract execution
  
  
• Clickwrap and OTP-based signs no longer compliant for digital lending

Read on if you want an in-depth analysis.

‍

#1: RBI has re-affirmed the importance of the April 2024 KFS Rules

Over the past few years, the RBI has placed a heavy emphasis on the borrower being fully informed before committing to a loan. 

Last year - in April 2024 - the RBI introduced a comprehensive set of guidelines governing the Key Fact Statement (KFS) (‘April 2024 KFS Rules’). We wrote about them in our KFS Guide.

In the Digital Lending Directions, the RBI has reiterated and clarified the importance of the KFS:

• Clause 8(i) - REs must provide a Key Fact Statement (KFS) to the borrower before the loan contract is executed in accordance with the April 2024 KFS Rules.
  
  
• Clause 8(ii) - All disclosures concerning penal charges must align with the RBI circular on 'Fair Lending Practice - Penal Charges in Loan Accounts,' and should be included in the KFS. 

‍

Key Compliance Takeaway:

For LSPs: Ensure the REs you are working with provide a KFS with each specific loan offer.

‍For REs: Strictly follow the April 2024 KFS Rules - especially when it comes to KFS content and format. 

This requirement takes effect immediately.

‍

#2: Borrowers must be given a “menu” of KFS by the DLA and/or LSP in case there are multiple lenders

Clause 6(iii) of the Digital Lending Directions states that

In case where a LSP has agreements with multiple REs for digital lending, each RE shall ensure the following... (iii) The digital view of loan offers from matching lenders shall include the name (s) of the RE (s) extending the loan offer, amount and tenor of loan, APR, monthly repayment obligation and penal charges (if applicable), in a way which enables the borrower to make a fair comparison between various offers. A link to the KFS shall also be provided in respect of each of the RE.

In the status quo, digital lenders often share the KFS with the borrower only at the point of disbursal - as a part of the loan agreement kit.

With the Digital Lending Directions, the KFS must now be shown upfront - at the offer stage - and not just at disbursal. The borrower must be shown a list of loan offers and direct KFS links - a “menu” of KFS that they can browse. 
‍
Practically speaking, this “menu” of KFS will need to be built and displayed by the LSP - since they own the customer facing experience. 

However under the Digital Lending Directions the onus of compliance is ultimately on the REs. 

This means that REs will now need to be hypervigilant and monitor LSPs they are working with to ensure compliance.

‍

Key Compliance Takeaways:

1. Your integration with LSP must ensure real-time KFS delivery via API at the offer stage.

2. Perform checks like API response validations to confirm KFS links are being served with offer display 
‍
3. Perform periodic audits and/or reviews of the LSPs live customer interface

This requirement takes effect on November 1, 2025.

‍

‍

#3: Digitally signed loan kit must automatically flow to the borrower via SMS/Email

Clause 8(iii) of the Digital Lending Directions states:

RE shall ensure that digitally signed documents (on the letter head of the RE) viz., KFS, summary of loan product, sanction letter, terms and conditions, account statements, privacy policies of the RE / LSP with respect to storage and usage of borrowers’ data, etc. shall automatically flow to the borrower on the registered and verified email/ SMS upon execution of the loan contract/ transactions.

This clause has 3 components - 2 explicit and 1 implied:

1. RE must eSign the loan kit with an IT Act digital signature(explicit)
2. Digitally signed loan kit must automatically be sent to borrower via Email/SMS (explicit)
3. Borrower must eSign the loan kit (implied)

Let’s break them down one by one.
‍

RE must eSign the loan kit with an IT Act digital signature

The entire loan agreement kit consisting of the following must be digitally signed:

• KFS
• summary of loan product
• sanction letter
• T&C
• account statements
• privacy policies
• Etc.

In Footnote 5 of the Digital Lending Directions, the RBI has specified what digitally signed means:

As per the provisions of the Information Technology Act, 2000, as amended from time to time.

This requirement is identical to the 2022 Digital Lending Guidelines which we wrote about here.‍

The Information Technology Act, 2000 specifies the following as digital/electronic signatures:

• Aadhaar eSign (via OTP, Biometric, Face, IRIS authentication)
• Aadhaar XML eSign (via one time XML file authentication)
• DSC Tokens
• PAN eSign
• DocSigner

For borrower signatures - the first 4 mentioned above would work - since they are manually applied signatures that can be performed by individuals.

For the RE signature, DocSigner is the most popular type for digital lending because it can be affixed automatically as part of the loan kit workflow. 

This requirement takes effect immediately.

Common authentication methods used by digital lenders like clickwrap and OTP based virtual signature are not digital signatures under the IT Act and are, therefore, non-compliant with the Digital Lending Directions. 

‍

Digitally signed loan kit must be automatically sent to borrower via SMS/Email

Once the loan contract is executed, the digitally signed loan kit must automatically flow to the borrower.

Why is this significant?

In the status quo, digital lending platforms often provide the loan kit to the borrower via a link on the digital lending app/website itself. 

This is no longer sufficient to comply. 

RE’s must now ensure that once a loan is executed, there is an automatic trigger of the digitally signed loan kit to the borrower on SMS/Email. 

‍

Borrower must eSign the loan kit

In the old Digital Lending Guidelines there was often an ambiguity - does the borrower also need to digitally sign the loan kit?

The Digital Lending Directions provide more clarity - clearly mentioning execution of loan contract in Clause 8(iii). 

A contract can only be executed if all parties to the contract convey their agreement to it in a clear and unambiguous manner. 

Therefore, for full compliance - in letter and spirit - borrower signature is a must.

‍

Key Compliance Takeaway:‍

For LSPs: Must connect with RE SDK and Digital Execution API for loan kit signing and sending

For REs:
1. RE signatures must be affixed on the completed loan kit - DocSigner is the only IT Act compliant way to do this automatically

2. Borrower signature must be collected on the loan kit

3. An automated logic must be built where the loan kit is automatically sent to the borrower via SMS/Email once all signatures are affixed. You cannot rely on LSP for this.

4. Borrower phone number and/or email ID must mandatorily be collected. If neither are present you cannot disburse the loan.

5. A clear audit trail must be generated with timestamp of signatures and proof that the kit was sent to borrower

6. Must have a way of merging all relevant documents into one kit digitally
‍
7. Must ensure the loan kit signing flow is displayed in-app on the LSP end - easy to do via an SDK

This requirement takes effect immediately.

‍

What This Post Has Not Told You

This post provides a focused analysis of the documentation requirements for lenders (Regulated Entities - REs) under the Digital Lending Directions.

This post does not provide an in-depth analysis of several other critical areas. 

To ensure full compliance your teams will need to separately research and understand the clauses pertaining to:

• General Requirements for RE-LSP Arrangements: This includes due diligence requirements for LSPs  and specific stipulations for arrangements where an LSP partners with multiple lenders
  ‍
  
• Recovery Agent Disclosures:
  
  • REs must communicate authorized recovery agent particulars to borrower before the recovery agent contacts the borrower
• Core Conduct and Customer Protection (beyond documentation):
  
  • Assessing the borrower's creditworthiness 
  • Specifics of loan disbursal, servicing, and repayment mechanisms, including the ban on pass-through accounts 
  • Mandatory cooling-off/look-up period for borrowers 
  • Detailed grievance redressal mechanisms 
• Website Disclosures: 
  
  • REs must maintain an up-to-date website which discloses all DLA/LSP partnerships, loan products and more
  • Interlinking between LSP/DLA app and the RE website for detailed disclosures
• Technology and Data Requirements:
  
  • Rules for collection, usage, and sharing of data with third parties, including consent architecture 
  • Data storage requirements, including data localization 
  • Comprehensive privacy policy contents beyond just disclosure 
  • Adherence to technology and cybersecurity standards
• Reporting Requirements:
  
  • Reporting of all digital lending activities to Credit Information Companies (CICs) 
  • Reporting details of Digital Lending Apps (DLAs) to the RBI via the CIMS portal
    
• Default Loss Guarantee (DLG) Arrangements: Eligibility, due diligence, restrictions, structure, forms, caps, NPA recognition, and disclosure requirements for DLG arrangements

This list is indicative of the broader scope of the Directions. We encourage you to review the complete Reserve Bank of India (Digital Lending) Directions, 2025 document to identify all applicable requirements for your specific operational context.

Compliance Summary

‍