Loan Agreements Under RBI's 2025 Digital Lending Directions - Explainer

May 16, 2025

Summary

  • The RBI’s Digital Lending Directions, 2025 are now in effect, replacing the 2022 Guidelines.
  • KFS must be shown before borrower acceptance—and REs must ensure digital kits are properly signed and delivered.
  • This post explains the key documentation and agreement changes REs and LSPs must implement to stay compliant.
  • The RBI just issued the Reserve Bank of India (Digital Lending) Directions, 2025 (‘Digital Lending Directions’) on 8 May, 2025.

    These Directions supersede and repeal the Guidelines on Digital Lending dated September 02, 2022, and other circulars as listed in Annex III of the Directions. 

    Most of these directions take effect immediately except for Clause 6 ( RE-LSP arrangements involving multiple lenders) which takes effect on November 1, 2025 and Clause 17( Reporting of DLAs to RBI) which takes effect on June 15, 2025.

    This post focuses exclusively on the changes to loan documentation processes introduced by the Directions—and the immediate compliance implications for Regulated Entities (REs) and Lending Service Providers (LSPs).

    🚹 TL;DR What’s Changed?

    If you don’t have time to read the entire post - here’s a TL;DR lowdown on the key compliance takeaways:

    • KFS must be shown before borrower accepts the loan, not at disbursal

    • LSPs must provide a “KFS menu” if offers from multiple REs are displayed

    • Entire loan kit must be digitally signed via IT Act signature and automatically sent to customer via Email/SMS post-signing

    • Borrower signature is mandatory for loan contract execution

    • Clickwrap and OTP-based signs no longer compliant for digital lending


    Read on if you want an in-depth analysis.

    ‍

    #1: RBI has re-affirmed the importance of the April 2024 KFS Rules


    Over the past few years, the RBI has placed a heavy emphasis on the borrower being fully informed before committing to a loan. 

    Last year - in April 2024 - the RBI introduced a comprehensive set of guidelines governing the Key Fact Statement (KFS) (‘April 2024 KFS Rules’). We wrote about them in our KFS Guide.

    In the Digital Lending Directions, the RBI has reiterated and clarified the importance of the KFS:

    • Clause 8(i) - REs must provide a Key Fact Statement (KFS) to the borrower before the loan contract is executed in accordance with the April 2024 KFS Rules.

    • Clause 8(ii) - All disclosures concerning penal charges must align with the RBI circular on 'Fair Lending Practice - Penal Charges in Loan Accounts,' and should be included in the KFS. 

    ‍

    Key Compliance Takeaway:
    For LSPs: Ensure the REs you are working with provide a KFS with each specific loan offer.

    ‍For REs: Strictly follow the April 2024 KFS Rules - especially when it comes to KFS content and format. 

    This requirement takes effect immediately.

    ‍

    #2: Borrowers must be given a “menu” of KFS by the DLA and/or LSP in case there are multiple lenders


    Clause 6(iii) of the Digital Lending Directions
    states that

    In case where a LSP has agreements with multiple REs for digital lending, each RE shall ensure the following... (iii) The digital view of loan offers from matching lenders shall include the name (s) of the RE (s) extending the loan offer, amount and tenor of loan, APR, monthly repayment obligation and penal charges (if applicable), in a way which enables the borrower to make a fair comparison between various offers. A link to the KFS shall also be provided in respect of each of the RE.

    In the status quo, digital lenders often share the KFS with the borrower only at the point of disbursal - as a part of the loan agreement kit.

    With the Digital Lending Directions, the KFS must now be shown upfront - at the offer stage - and not just at disbursal. The borrower must be shown a list of loan offers and direct KFS links - a “menu” of KFS that they can browse. 
    ‍
    Practically speaking, this “menu” of KFS will need to be built and displayed by the LSP - since they own the customer facing experience. 

    However under the Digital Lending Directions the onus of compliance is ultimately on the REs. 

    This means that REs will now need to be hypervigilant and monitor LSPs they are working with to ensure compliance.

    ‍

    Key Compliance Takeaways:
    1. Your integration with LSP must ensure real-time KFS delivery via API at the offer stage.

    2. Perform checks like API response validations to confirm KFS links are being served with offer display 
    ‍
    3. Perform periodic audits and/or reviews of the LSPs live customer interface

    This requirement takes effect on November 1, 2025.

    ‍

    ‍

    A wireframe for a hypothetical "KFS Menu"

    #3: Digitally signed loan kit must automatically flow to the borrower via SMS/Email


    Clause 8(iii) of the Digital Lending Directions
    states:

    RE shall ensure that digitally signed documents (on the letter head of the RE) viz., KFS, summary of loan product, sanction letter, terms and conditions, account statements, privacy policies of the RE / LSP with respect to storage and usage of borrowers’ data, etc. shall automatically flow to the borrower on the registered and verified email/ SMS upon execution of the loan contract/ transactions.

    This clause has 3 components - 2 explicit and 1 implied:

    1. RE must eSign the loan kit with an IT Act digital signature(explicit)
    2. Digitally signed loan kit must automatically be sent to borrower via Email/SMS (explicit)
    3. Borrower must eSign the loan kit (implied)


    Let’s break them down one by one.
    ‍

    RE must eSign the loan kit with an IT Act digital signature

    The entire loan agreement kit consisting of the following must be digitally signed:

    • KFS
    • summary of loan product
    • sanction letter
    • T&C
    • account statements
    • privacy policies
    • Etc.

    In Footnote 5 of the Digital Lending Directions, the RBI has specified what digitally signed means:

    As per the provisions of the Information Technology Act, 2000, as amended from time to time.

    This requirement is identical to the 2022 Digital Lending Guidelines which we wrote about here.‍

    The Information Technology Act, 2000 specifies the following as digital/electronic signatures:

    • Aadhaar eSign (via OTP, Biometric, Face, IRIS authentication)
    • Aadhaar XML eSign (via one time XML file authentication)
    • DSC Tokens
    • PAN eSign
    • DocSigner
    For borrower signatures - the first 4 mentioned above would work - since they are manually applied signatures that can be performed by individuals.

    For the RE signature
    , DocSigner is the most popular type for digital lending because it can be affixed automatically as part of the loan kit workflow. 

    This requirement takes effect immediately.

    Common authentication methods used by digital lenders like clickwrap and OTP based virtual signature are not digital signatures under the IT Act and are, therefore, non-compliant with the Digital Lending Directions. 

    Signature Type Compliant? Notes
    Aadhaar eSign ✅ Most popular for borrower eSign
    PAN eSign ✅ Slightly inconvenient for borrowers
    DocSigner ✅ Preferred for RE signatures. Not suitable for borrower eSign
    Clickwrap ❌ Not a IT Act digital signature
    OTP-only virtual signature ❌ Not a IT Act digital signature

    ‍

    Digitally signed loan kit must be automatically sent to borrower via SMS/Email

    Once the loan contract is executed, the digitally signed loan kit must automatically flow to the borrower.

    Why is this significant?

    In the status quo, digital lending platforms often provide the loan kit to the borrower via a link on the digital lending app/website itself. 

    This is no longer sufficient to comply. 

    RE’s must now ensure that once a loan is executed, there is an automatic trigger of the digitally signed loan kit to the borrower on SMS/Email. 

    ‍

    Borrower must eSign the loan kit

    In the old Digital Lending Guidelines there was often an ambiguity - does the borrower also need to digitally sign the loan kit?

    The Digital Lending Directions provide more clarity - clearly mentioning execution of loan contract in Clause 8(iii). 

    A contract can only be executed if all parties to the contract convey their agreement to it in a clear and unambiguous manner. 

    Therefore, for full compliance - in letter and spirit - borrower signature is a must.

    ‍

    Key Compliance Takeaway:‍
    For LSPs: Must connect with RE SDK and Digital Execution API for loan kit signing and sending

    For REs:
    1.
    RE signatures must be affixed on the completed loan kit - DocSigner is the only IT Act compliant way to do this automatically

    2. Borrower signature must be collected on the loan kit

    3. An automated logic must be built where the loan kit is automatically sent to the borrower via SMS/Email once all signatures are affixed. You cannot rely on LSP for this.

    4. Borrower phone number and/or email ID must mandatorily be collected. If neither are present you cannot disburse the loan.

    5. A clear audit trail must be generated with timestamp of signatures and proof that the kit was sent to borrower

    6. Must have a way of merging all relevant documents into one kit digitally
    ‍
    7. Must ensure the loan kit signing flow is displayed in-app on the LSP end - easy to do via an SDK

    This requirement takes effect immediately.

    ‍

    What This Post Has Not Told You

    This post provides a focused analysis of the documentation requirements for lenders (Regulated Entities - REs) under the Digital Lending Directions.

    This post does not provide an in-depth analysis of several other critical areas. 

    To ensure full compliance your teams will need to separately research and understand the clauses pertaining to:

    • General Requirements for RE-LSP Arrangements: This includes due diligence requirements for LSPs  and specific stipulations for arrangements where an LSP partners with multiple lenders
      ‍
    • Recovery Agent Disclosures:
      • REs must communicate authorized recovery agent particulars to borrower before the recovery agent contacts the borrower
    • Core Conduct and Customer Protection (beyond documentation):
      • Assessing the borrower's creditworthiness 
      • Specifics of loan disbursal, servicing, and repayment mechanisms, including the ban on pass-through accounts 
      • Mandatory cooling-off/look-up period for borrowers 
      • Detailed grievance redressal mechanisms 
    • Website Disclosures: 
      • REs must maintain an up-to-date website which discloses all DLA/LSP partnerships, loan products and more
      • Interlinking between LSP/DLA app and the RE website for detailed disclosures
    • Technology and Data Requirements:
      • Rules for collection, usage, and sharing of data with third parties, including consent architecture 
      • Data storage requirements, including data localization 
      • Comprehensive privacy policy contents beyond just disclosure 
      • Adherence to technology and cybersecurity standards
    • Reporting Requirements:
      • Reporting of all digital lending activities to Credit Information Companies (CICs) 
      • Reporting details of Digital Lending Apps (DLAs) to the RBI via the CIMS portal
    • Default Loss Guarantee (DLG) Arrangements: Eligibility, due diligence, restrictions, structure, forms, caps, NPA recognition, and disclosure requirements for DLG arrangements

    This list is indicative of the broader scope of the Directions. We encourage you to review the complete Reserve Bank of India (Digital Lending) Directions, 2025 document to identify all applicable requirements for your specific operational context.

    Compliance Summary

    What’s Required What REs Need to Change What LSPs Need to Change
    KFS must be shared before loan contract is executed Ensure KFS is shared before loan acceptance per April 2024 KFS Rules Complete integration with RE to surface KFS at offer stage
    If multiple lenders are shown, borrower must see a “menu” of offers with KFS links Send KFS dynamically for each offer Build interface showing side-by-side lender offers with KFS links
    Loan kit must be digitally signed by RE using IT Act-compliant signature (e.g., DocSigner) Implement DocSigner (or equivalent)
    Borrower must digitally sign the loan contract Collect borrower signature using Aadhaar eSign, PAN eSign, XML, or DSC; discard clickwrap/OTP-only methods
    Loan kit must be auto-sent via SMS/Email to borrower after execution Configure automatic dispatch to borrower via SMS/Email post-signing
    Email or phone number must be collected to send loan kit Enforce check before proceeding with disbursal Mandate validated phone/email collection
    Full execution + delivery audit trail must be maintained Maintain logs of timestamps, signature hashes, and delivery proof Ensure logs are surfaced via APIs/UI

    ‍

    Want easy compliance with the KFS and Loan Agreement requirements under the Digital Lending Directions?