The Reserve Bank of India has issued the Digital Payments – E-mandate Framework, 2026, bringing into a single set of directions the rules governing recurring transactions made through cards, prepaid payment instruments and UPI, including for domestic and cross-border payments. The framework took effect immediately on April 21, 2026, and applies to all payment system providers and participants processing such transactions.
Registration, Validity and Customer Control
Under the framework, customers opting for the e-mandate facility must complete a one-time registration process, and the mandate can be registered only after successful validation of an additional factor of authentication along with the issuer’s normal process. Each e-mandate must specify a validity period, and issuers are required to give customers the ability to modify that validity period or withdraw the mandate at any time. That facility must be clearly communicated at the time of registration.
The directions allow e-mandates for either a fixed amount or a variable amount, subject to the cap set by the RBI. In the case of variable mandates, the issuer must provide the customer with a way to specify the maximum value of any recurring transaction. Customers must also be allowed to choose or change how they receive pre-transaction alerts, including through SMS or email. Any change to, or withdrawal of, an existing e-mandate will require validation through an additional factor of authentication.
Looking For DFIR Services Or Cyber & Fraud Risk Management? Your Search Ends Here
Alerts, Opt-Out and Transaction Limits
The first transaction under an e-mandate must be validated through an additional factor of authentication. If the first transaction is processed at the time of mandate registration, that authentication may be combined. For subsequent recurring transactions, issuers must send a pre-transaction notification at least 24 hours before the actual charge or debit, informing the customer of the merchant name, transaction amount, date or time of debit, e-mandate reference number, and the reason for the debit.
Customers must be given the facility to opt out of a particular transaction or of the e-mandate itself, and any such opt-out must be validated by the issuer using an additional factor of authentication, followed by an intimation to the customer. The RBI has exempted e-mandates registered for the auto-replenishment of FASTag and National Common Mobility Card balances from the requirement of pre-transaction notification. Issuers must also send post-transaction alerts containing transaction and mandate reference numbers, the reason for debit, and grievance redressal details.
The framework permits recurring transactions without additional factor authentication up to ₹15,000 per transaction. For insurance premiums, mutual fund subscriptions and credit card bill payments, that threshold has been set at ₹1,00,000 per transaction. Transactions above those limits will require authentication.
No Charges, Merchant Compliance and Repeal of Earlier Circulars
The directions require issuers to maintain an appropriate dispute resolution and grievance redressal system, and make RBI instructions on limiting customer liability for unauthorised transactions applicable to recurring payments under e-mandates as well. The RBI has also said that no charges may be levied on customers for availing the e-mandate facility for recurring transactions.
In the case of cards, existing e-mandates may be mapped to reissued cards. The framework also places responsibility on acquiring entities to ensure that merchants onboarded by them comply with the new directions. On page 4, the RBI lists eight earlier circulars issued between August 2019 and August 2024 that now stand repealed with the issuance of the 2026 framework.
