Top digital payment players like Google Pay, PhonePe, and Amazon Pay, along with the National Payments Corporation of India (NPCI), have approached the Ministry of Electronics and Information Technology (MeitY) requesting a temporary relief from provisions in the Digital Personal Data Protection (DPDP) Act that demand explicit user consent for each transaction. These companies argue that enforcing such a requirement would be onerous and make routine processes like subscriptions and bill payments unnecessarily cumbersome.
Recurring Payments Threatened by Legal Complexity
Industry insiders warn that this consent mandate could disrupt seamless digital transactions, especially recurring ones. These automated payments typically operate on a one-time permission model, which the DPDP Act’s interpretation may now require to be renewed repeatedly. Smaller businesses, in particular, fear that the added compliance costs and technical challenges could undermine their competitiveness. Recurring payments, such as electricity bills or subscriptions, are typically debited automatically after initial permission is granted. Under the DPDP Act’s consent requirements, industry worries that this will necessitate fresh user consent.
FCRF Launches India’s Premier Certified Data Protection Officer Program Aligned with DPDP Act
MeitY Engaged, Startups Worry About Clarity and Cost
The DPDP Act has not been fully rolled out yet, partly because the supporting rules drafted in January remain unnotified. The fintech firms and NPCI have held talks with MeitY to press for a practical solution, pointing out that frequent consent checks could stall India’s rapid digitization. While the act intends to boost security and data transparency, industry leaders argue the move could introduce high costs and operational strain, particularly for smaller fintechs and startups. According to the Industry discussions, Smaller firms may struggle to absorb the incremental costs and technical upgrades needed, as for these companies, frequent consent collection could slow down data flows and hinder their ability to scale. While larger players are expected to adapt more easily, albeit with increased compliance costs, many startups could find themselves priced out or buried under complexity. The law, experts say, introduces friction at a time when India’s digital payment ecosystem has become a vital engine of financial inclusion. Regulatory Ambiguity Fuels Industry Anxiety. Beyond cost and scale, companies also point to confusion around the interpretation of the law. The current lack of clarity in government guidance has only deepened uncertainty, leaving firms unsure of how to proceed with implementation without risking penalties.
A Possible Grace Period in Sight?
Section 17(5) of the DPDP Act may offer some relief. The clause allows the central government to temporarily exempt certain entities from provisions of the law, potentially giving the fintech sector room to breathe. Industry players are reportedly lobbying for such a window, hoping to use the time to develop compliant alternatives that do not hamper innovation or user experience. Several proposals, sources say, are already in advanced stages of review and could be tabled for formal discussion in the coming weeks.
NPCI Steps In to Champion the Underdogs
While Digital Payment companies like Google Pay and PhonePe are seeking relief for their operations, the National Payments Corporation of India (NPCI) is voicing concern on behalf of smaller businesses. NPCI’s submission reportedly emphasizes that most companies built on the UPI framework lack the resources to re-engineer their systems in time. The cost of noncompliance is high. With steep fines outlined in the Act, many firms may end up passing these expenses on to consumers, adding a new layer of pressure in a market already sensitive to transaction costs.