10. Regulatory Oversight of UPI Autopay: Addressing Unintended Debits

In February 2026, the Reserve Bank of India (RBI) directed the National Payments Corporation of India (NPCI) to investigate a significant rise in user complaints regarding UPI Autopay. The central bank\'s intervention follows reports of \'involuntary\' payment mandates and systemic difficulties in canceling recurring subscriptions, raising concerns over consumer protection in India\'s digital payment ecosystem. Core Issues and Regulatory Action • Rise in Involuntary Mandates: Users have reported being unaware that routine one-time payments were triggering recurring \'autopay\' mandates, often due to misleading interface designs or \'nudges\' by merchants. • Cancellation Bottlenecks: A major friction point identified is the difficulty in terminating active mandates. Many users mistakenly believed that deleting a service application would stop bank-level debits, which is not the case. • Design Ambiguity vs. Fraud: NPCI\'s internal assessment suggests that the primary issue is \'design gaps\' rather than systemic fraud. Features like \'UPI Collect\' and \'Autopay\' have reduced payment friction to a point where explicit user consent is often obscured.• Mandate Interoperability (Dec 2025): To counter these issues, a new rule effective from December 31, 2025, mandates that all UPI apps must allow users to view and manage all their active mandates in one place, regardless of the app used to create them. • Portability and Control: Users now have the right to \'port\' or move their mandates from one UPI app to another. NPCI has strictly prohibited the use of cashbacks or pop-ups to influence these user-driven migrations. • Non-Peak Execution: To reduce system load and improve success rates, recurring debits are now restricted to non-peak hours (avoiding 10:00 AM–1:00 PM and 5:00 PM–9:30 PM), with a cap of four total execution attempts. Key Definitions • UPI Autopay: A feature launched in 2020 that allows users to automate recurring payments (subscriptions, bills, EMIs) through a one-time UPI PIN authentication. • TPAP (Third-Party Application Provider): Entities like Google Pay, PhonePe, and Amazon Pay that provide the user interface for UPI transactions but do not hold the bank accounts directly. • Mandate Portability: The ability for a consumer to transfer a recurring payment instruction from one UPI service provider to another without needing to re-register with the merchant. • Additional Factor of Authentication (AFA): A security requirement (like a PIN or OTP) for transactions; currently, UPI Autopay allows transactions up to ₹15,000 (and ₹1 lakh for specific categories like insurance) without AFA for subsequent debits. Constitutional & Legal Provisions • Payment and Settlement Systems Act, 2007: The primary legislation under which the RBI regulates and supervises payment systems in India. Section 18 empowers the RBI to issue guidelines to system providers. • Consumer Protection Act, 2019: Relevant in cases of \'unfair trade practices,\' where digital interfaces are designed to trick consumers into recurring financial commitments (often termed \'dark patterns\'). • Reserve Bank - Integrated Ombudsman Scheme, 2021: Provides a \'One Nation One Ombudsman\' mechanism for cost-free redressal of complaints related to digital payment deficiencies. • Digital Personal Data Protection (DPDP) Act, 2023: Governs how payment apps must obtain \'explicit and informed consent\' before processing user data for mandate creation. Conclusion The rapid growth of UPI Autopay—now processing nearly 1 billion transactions monthly—has outpaced user awareness and interface transparency. The RBI\'s \'nudge\' to the NPCI signifies a transition from a phase of \'adoption at all costs\' to one of \'responsible innovation.\' While the new interoperability rules provide the necessary tools for user control, the ultimate success of these reforms will depend on how strictly \'dark patterns\' in merchant apps are penalized to ensure that digital convenience does not come at the cost of financial autonomy.UPSC Relevance • GS Paper III: Indian Economy; Mobilization of resources; E-technology in the aid of farmers (for KCC/Insurance autopay); Internal security (cyber-financial frauds). • GS Paper II: Statutory, regulatory and various quasi-judicial bodies; Government policies and interventions for development. • Prelims Focus: Role of NPCI (a section 8 company), UPI 2.0 features, e-mandate limits set by RBI, and the difference between TPAPs and PSP Banks.