The Legal Architecture Around the RBI's 2026 Model Risk Draft: DPDPA, CPA, Competition Act, and the IMAI Question

Is "Guidance" really only guidance?

The Supreme Court has already answered this question. Practitioners who treat the Guidance as discretionary because of its label do so at their peril.

Section 35A of the Banking Regulation Act, 1949 gives the Reserve Bank the power to issue binding "Directions" to banking companies in the public interest. Section 45L of the RBI Act, 1934 supplies parallel powers to direct the credit system more broadly. The Guidance under discussion is issued without naming either section as the operative basis, and the Reserve Bank has chosen to label it "Guidance" rather than "Direction". The implication appears to be that compliance is recommended rather than mandatory.

That impression does not survive contact with the Supreme Court's reading of how the regulator's instruments operate. In Internet and Mobile Association of India v Reserve Bank of India (2020) 2 SCR 297, the Court considered the RBI's 2018 circular banning regulated entity dealings in virtual currencies and the question of whether such instruments, when issued under the RBI's general policy-making powers, have binding force.

For the Model Risk Guidance, the implication is straightforward. A regulated entity that fails to implement the Guidance is exposed to:

• Supervisory action under the RBI's general inspection and enforcement powers
• Financial penalty exposure under Sections 58B and 58G of the RBI Act, 1934 (one lakh per offence, five thousand per day for continuing offences) where the conduct is brought within those provisions
• Caution and prohibition orders under Section 36 of the Banking Regulation Act, 1949 where the supervisor considers the practice prejudicial to depositor interests
• Restrictions on business activities, fitness-and-propriety consequences for senior personnel, and adverse public action

Boards approving any deviation from the Guidance should treat the deviation as a documented policy choice with recorded reasons, not as a matter of compliance discretion. The IMAI lens means the deviation must be defensible against a supervisor who can hold the entity to the standard articulated in the Guidance.

The data protection law the Guidance does not mention

The Digital Personal Data Protection Act, 2023 governs every AI model trained on personal data. The Guidance does not reference the DPDPA at all. This silence is the most significant statutory gap in the draft.

Section 3(c) and the breadth of personal data

The DPDPA's definition of personal data is wide enough to include any data "about an individual who is identifiable by or in relation to such data". Almost every AI model deployed by a regulated entity processes data that falls within this definition: credit application data, transaction patterns, KYC documents, communication records, biometric authentication signals, behavioural data from app usage. The DPDPA's full architecture (consent, purpose limitation, storage limitation, processor obligations, erasure rights, cross-border transfer rules) applies to all of it.

The erasure problem

Section 12 of the DPDPA gives data principals the right to erasure of personal data. The Guidance at paragraph 23 requires ten years of inventory retention for decommissioned models. The interaction creates a problem the draft does not address: how does a regulated entity honour an erasure request relating to data that was used to train a model that is now decommissioned but retained?

Technical erasure of an individual's contribution from a trained model is difficult without retraining the entire model. Retraining is expensive and may not be feasible for models trained on terabyte-scale data. The DPDPA does not provide an explicit exemption for AI training data from erasure rights. Practitioners are left to argue that the model itself is not "personal data" once trained, that the original training data has been deleted, and that the model output does not identify the data principal: arguments that may or may not succeed under regulatory scrutiny.

Cross-border transfer under Section 16

Section 16 of the DPDPA restricts cross-border transfers of personal data. Cloud-hosted AI training that sends Indian data abroad requires the Central Government to have notified the destination country, or explicit data principal consent on a transfer-by-transfer basis. For models deployed on the OpenAI, Google, Anthropic or Meta API stacks, where the model itself is hosted abroad, the data flow is continuous and ongoing rather than discrete. The legal architecture for that flow is currently unclear.

The 2018 data localisation circular still binds

The RBI's 2018 circular on storage of payment system data is stricter than the DPDPA's cross-border transfer regime. It requires all payment system data to be stored in India. Where a model processes payment data, the 2018 circular trumps DPDPA's more permissive transfer rules.

For more on how the RBI exercises its powers under the foreign exchange and broader financial-regulation architecture, see Powers of RBI under the Foreign Exchange Management Act.

Unfair trade practice, product liability, and the AI question

The Consumer Protection Act, 2019 was drafted before generative AI became a deployment reality, but its drafting is broad enough to capture AI-driven service failures. Two provisions matter.

Section 2(47): unfair trade practices

The Section 2(47) definition of "unfair trade practice" includes the publication of false or misleading information about service quality, deceptive representations to consumers, and the imposition of unfair conditions in service. Two AI-related conducts fit this definition without straining the statute:

• Non-disclosure that a customer-facing service is AI-driven. A consumer interacting with what they reasonably believe is a human agent is entitled to know they are not. The Guidance at paragraph 59(ii) addresses this; the Consumer Protection Act gives a parallel statutory remedy.
• Algorithmic bias resulting in differential treatment. Where an AI credit scoring model systematically produces worse outcomes for a protected group, the resulting service can be characterised as discriminatory and so as an unfair trade practice. This argument has not been tested in Indian courts but the statutory text supports it.

Strict liability under the product liability provisions

Sections 82 through 87 of the Consumer Protection Act introduce a product liability regime that is, in important respects, strict. A "product manufacturer" or "product service provider" can be held liable for harm caused by a defective product or deficient service without proof of negligence. The applicability of these provisions to AI-driven services has not been definitively settled. The conservative reading is that they apply: an AI credit scoring system that produces a defective decision causing financial harm to a consumer can be a defective "product service" under the statute.

The commenter on the Guidance asserts strict liability applies, including for unintentional algorithmic bias. That position is, on a careful reading, more aggressive than the current case law supports. But the risk of that interpretation prevailing in a future consumer commission decision is real, and material AI deployments should be designed and contracted accordingly.

The Integrated Ombudsman Scheme

The RBI's Integrated Ombudsman Scheme 2021 consolidates the consumer complaints architecture for banking, payment systems and NBFC services. AI-driven grievances fall squarely within its jurisdiction. The Guidance should cross-reference the Scheme and require regulated entities to instrument complaints so AI-attributable grievances can be reported separately. Without that instrumentation, neither the regulator nor the ombudsman can develop a picture of where AI is producing systematic harm.

Concentration risk in the AI value chain

The Competition Commission of India's October 2025 Market Study on Artificial Intelligence and Competition is the under-cited document in this conversation. It identifies the structural risks the Guidance only glances at.

The Commission's study found seven distinct concentration risks in the AI value chain:

1. Foundational model concentration. A handful of providers (OpenAI, Google, Anthropic, Meta) dominate the high-capability foundation model market.
2. Cloud infrastructure concentration. AWS, Azure and GCP dominate the compute infrastructure that runs and serves these models.
3. Training data concentration. A small number of curated datasets underpin most commercially viable training pipelines.
4. GPU compute concentration. NVIDIA's dominance of the AI accelerator market is well-documented.
5. Vertical lock-in. Exclusive dealing and tying arrangements between cloud providers and foundation model providers limit switching options.
6. Ecosystem lock-in. API conventions, embedding spaces and tooling create high switching costs even where formal exclusivity is absent.
7. Algorithmic collusion risk. Independently developed pricing models can converge in ways that, while not amounting to formal agreements, can produce anti-competitive outcomes.

Section 3 and Section 4 exposure

For regulated entities deploying AI, the immediate Competition Act exposures are two-fold. Section 3 covers anti-competitive agreements, including vertical agreements such as exclusive dealing and tying. A regulated entity that contractually binds itself to a single AI provider for an extended period through indemnification or other lock-in mechanisms may face scrutiny if the arrangement has the effect of foreclosing market access for competing providers. Section 4 covers abuse of dominance and applies to the AI providers themselves, with penalties up to ten per cent of turnover.

The Competition Amendment Act, 2023

The Competition Amendment Act, 2023 added deal-value thresholds to the merger control regime under Sections 5 and 6. AI acquisitions that previously escaped merger scrutiny because of low Indian turnover may now require Commission approval. The Amendment Act also provided for memoranda of understanding between the Commission and sectoral regulators including the RBI and SEBI. This gives the Commission a formal route to coordinate enforcement against AI providers whose conduct touches financial services.

Why contractual indemnification will not shield the RE

One of the most common defensive strategies in third-party AI procurement is contractual indemnification: the provider indemnifies the regulated entity for losses caused by defects in the model. The Model Risk Guidance, in its accountability framing at paragraph 45, makes clear that contractual indemnification will not work as a defence against the supervisor.

The reasoning is structural. Regulatory responsibility is non-delegable. An RE that uses a model, whoever built it, is the supervisor's counterparty for any failure of that model. Indemnification can shift the financial cost of a failure between commercial parties; it cannot shift the regulatory consequence. A bank cannot tell the RBI that the OpenAI API made the mistake.

The CPA may go further

There is a second concern that the commenter on the Guidance raises and that is worth taking seriously. The Consumer Protection Act's strict-liability framework may render contractual indemnification clauses unenforceable as against the consumer. The argument runs: the consumer's right to redress against the regulated entity cannot be limited by an arrangement between the RE and a third-party provider to which the consumer is not a party. Whether courts will accept this argument is unsettled. The commercial defence strategy should not rely on it failing.

The insurance gap

AI liability insurance is an emerging market. Available products have caps that are often well below the potential exposure from a material AI failure, and exclusions that frequently exclude the kinds of risks (algorithmic bias, hallucination-induced errors, automated discriminatory conduct) most likely to materialise. Regulated entities should not treat AI insurance as a substitute for design-stage risk control.

Authorship, training data, and the IP gap

The Guidance does not address intellectual property. The IP questions that AI models surface are nevertheless central to a full legal architecture.

Authorship of AI-generated output

Under the Copyright Act, 1957, authorship is typically attributed to a human author. The status of works generated by an AI model is unsettled. The "practical approach" most regulated entities take is to claim copyright in AI-generated outputs as works of the entity, on the theory that the human direction and curation involved is sufficient to establish authorship. This is a practical approach, not a settled legal position. A future Indian decision could deny copyright protection to AI-generated works, with retroactive effect on works already produced.

For trademark and patent purposes, Indian law currently requires a human inventor. An AI cannot be named as inventor on a patent application. This is settled.

Training data IP infringement

The most consequential IP exposure for regulated entities using third-party foundation models is upstream: did the model provider train on copyrighted data without authorisation? US litigation in New York Times v OpenAI and parallel proceedings against other providers raises the prospect of damages running into the billions. An Indian regulated entity that integrates an infected model into customer-facing services may face derivative liability for distributing the infringing output. Contractual IP indemnification from the provider is the first defence, but, as discussed, indemnification only addresses financial exposure and not regulatory or reputational consequences.

Trade secrets and model confidentiality

Regulated entities that fine-tune third-party models on proprietary data face the inverse question. The fine-tuned model itself, the data used for fine-tuning, and the resulting outputs all carry trade secret implications. Common law trade secret protection in India is anchored in the Indian Contract Act, 1872 (Section 27 on restraints) and confidential information doctrine. Contractual protection through robust NDAs and use restrictions in the provider agreement is the practical defence.

From the Fair Practices Code to the Integrated Ombudsman

The Model Risk Guidance's single-sentence consumer protection chapter at paragraph 25 needs to be read against a layered Indian grievance architecture the Guidance does not mention.

The interaction is most acute in lending. Where an AI credit scoring model denies a loan, three statutory and regulatory regimes are in play at once: the Fair Practices Code (right to reasoned explanation), the Digital Lending Guidelines (transparency and cooling-off), and the CPA 2019 (unfair trade practices and product liability). The Model Risk Guidance overlays all three without aligning to them. The commenter's ask for explicit cross-references and a right-to-explanation requirement is, in this light, less a wish-list item than a coherence requirement.

Five regulatory-interaction clauses the Guidance should add

Pulling the threads of the legal architecture together, the comment letter to the RBI should ask for five explicit cross-reference clauses in the final Guidance.

1. DPDPA cross-reference. An express statement that the Guidance is to be read alongside the DPDPA, with specific guidance on the storage limitation, cross-border transfer, and erasure interactions identified above.
2. Sectoral precedence clarification. A note that where the Guidance, the DPDPA, and the 2018 payment data localisation circular conflict, the stricter requirement prevails. This eliminates the practitioner ambiguity that currently exists.
3. Consumer Protection Act alignment. A cross-reference to the CPA 2019 unfair trade practice and product liability framework, with a clear statement that the Guidance's consumer protection provisions are additional to, not in substitution for, the CPA's regime.
4. Competition Act alignment. A cross-reference to the CCI's October 2025 Market Study and the six-component self-audit framework, with a requirement that regulated entities apply the framework to their AI procurement.
5. Grievance architecture cross-reference. Explicit cross-references to the Fair Practices Code, the Digital Lending Guidelines and the Integrated Ombudsman Scheme, with a coherence requirement that AI-driven decisions trigger the same disclosure and explanation obligations as their human-decided equivalents.

These five clauses do not enlarge the Guidance's substantive obligations. They make the obligations the Guidance already imposes coherent with the law that surrounds them.

The Guidance will not be the only instrument that matters

The Model Risk Guidance is the most visible piece of an emerging Indian AI-in-finance regulatory architecture. It will not be the only piece. The pattern over the next eighteen months is reasonably predictable:

• The DPDPA Rules, when finalised, will speak directly to AI training data and may include the explicit exemptions or guidance the DPDPA itself omits.
• The Competition Commission is likely to act on its Market Study findings through enforcement decisions, possibly with the RBI as a coordinating sectoral regulator under the 2023 Amendment Act's MoU regime.
• Consumer Protection adjudications will begin to test AI strict liability in the consumer commission system. The first reported decision will be widely cited.
• The Securities and Exchange Board of India will likely issue parallel guidance on AI use in capital markets, drawing on the RBI's framework. As we have seen with the Master Direction on Secondary Market G-Sec trading, the pattern of consolidating scattered regulatory positions into single principle-based instruments is now the dominant style of regulator drafting in India.