The Reserve Bank of India has introduced key changes to its ‘Digital Payments — E-mandate Framework, 2026’, aiming to make recurring payments smoother and more user-friendly. The revised rules apply to auto-debit transactions made through UPI, credit cards, debit cards, and prepaid payment instruments, covering both domestic and cross-border payments.
The move is designed to reduce friction in everyday transactions while maintaining customer safety through enhanced alerts and control mechanisms.
Higher Limit for OTP-Free Auto-Debits
One of the most significant changes is the increase in the threshold for automatic payments without additional authentication. Under the new rules, recurring transactions of up to ₹15,000 can now be processed without requiring OTP verification each time.
However, customers must first complete a one-time registration of the e-mandate using Additional Factor Authentication (AFA). Once approved, payments within this limit—such as subscriptions, utility bills, EMIs, and SIPs—will be debited automatically without repeated authentication.
Flexibility and User Control Over Mandates
The updated framework gives users greater control over their auto-debit instructions. Customers can modify, pause, or cancel their e-mandates at any time using secure authentication.
For payments where the amount may vary, users can set a maximum cap to avoid unexpected deductions. Banks are also required to clearly inform customers about the validity period of each mandate at the time of registration, improving transparency.
Special Provisions for High-Value Transactions
While the ₹15,000 limit applies broadly, certain categories such as insurance premiums, mutual fund investments, and credit card bill payments can go up to ₹1 lakh without requiring OTP for each transaction—provided they are registered under the e-mandate system.
Transactions beyond the standard threshold outside these categories will continue to need additional authentication for security purposes.
Mandatory Alerts and No Extra Charges
To ensure customer awareness, banks must send a pre-debit notification at least 24 hours before the transaction is processed. This alert will include key details such as the amount, date, and merchant name, allowing users to cancel or opt out if needed.
Customers can choose how they receive these alerts, whether via SMS or email. Importantly, the RBI has clarified that banks cannot charge any fees for enabling or maintaining e-mandates.
However, pre-debit alerts are not mandatory for certain automated transactions like FASTag recharges and National Common Mobility Card (NCMC) top-ups.
Stronger Customer Protection and Zero Liability
The revised rules also strengthen consumer protection. Banks and payment providers must send post-transaction alerts and maintain proper grievance redressal systems.
The RBI has extended its zero-liability policy to e-mandate transactions, meaning customers will not be held responsible for unauthorised debits if they report them promptly. This adds an extra layer of confidence for users adopting automated payment systems.
New Proposed Limits for Digital Wallets
Alongside the e-mandate changes, the RBI has proposed updated norms for prepaid payment instruments (PPIs), including digital wallets.
Under these proposals, general-purpose wallet balances may be capped at ₹2 lakh, with a monthly cash loading limit of ₹10,000. Gift wallets could be limited to ₹10,000, while transit-related wallets may have a cap of ₹3,000.
These measures aim to standardise usage and reduce risks associated with digital wallet transactions.