In March 2004, the Reserve Bank of India switched on RTGS — Real Time Gross Settlement — for the first time. A high-value transfer between two banks settled in seconds rather than days. Twenty years later, India's Unified Payments Interface processed over 14 billion transactions in a single month, making it the largest real-time retail payment system on earth. The distance between those two events is not just technological. It is regulatory — a series of statutes, notifications, and institutional decisions that built, layer by layer, the infrastructure that 300 million Indians now use to buy tea from a street vendor.
This is the story of how that system was constructed.
Also in this series:
- Digital Payments & UPI — The Complete Timeline
- Payment Systems: NEFT, RTGS & the PA/PG Framework
- Cyber Security & IT Framework for Banks
Why Did India Need a Dedicated Payment Systems Law?
Before 2007, India had no dedicated statute governing payment and settlement systems. RTGS had been running since 2004, NEFT since 2005, but the legal authority for the RBI to regulate clearing houses and settlement systems was scattered across the RBI Act and informal arrangements. The reason this became untenable was settlement risk: if a participant in a clearing system defaulted mid-cycle, there was no statutory mechanism for netting, finality of settlement, or the RBI's right to revoke authorisation.
The Payment and Settlement Systems Act, 2007 (PSS Act) resolved this. It gave the RBI explicit power to authorise, regulate, and supervise every payment system operating in India — from RTGS and NEFT down to prepaid wallets and card networks. Section 4 requires any entity operating a payment system to obtain a Certificate of Authorisation. Section 18 empowers the RBI to issue directions. The Act created the legal scaffolding on which everything that followed — IMPS, UPI, payment aggregators, BBPS — was built.
"No person other than the Reserve Bank shall commence or operate a payment system in India except under and in accordance with an authorisation issued by the Reserve Bank under the provisions of this Act." — Section 4, Payment and Settlement Systems Act, 2007
From RTGS to UPI: The Four Layers of Infrastructure
RTGS (2004) — Eliminating Settlement Risk
RTGS was designed for high-value transactions because the cost of settlement failure in large transfers is catastrophic. Each transaction settles individually and in real time — there is no batching, no netting, no overnight wait. The RBI extended RTGS to 24x7 operations in December 2020, triggered by the recognition that a modern financial system cannot shut down its core settlement infrastructure at 6 PM. By February 2024, the RBI reported that RTGS processed record volumes, handling the bulk of India's wholesale payment flows.
NEFT (2005) — Batch Settlement Goes 24x7
NEFT operated on hourly batch cycles — transactions were accumulated and settled every hour during banking hours. This was a technology constraint: the systems of the mid-2000s could not handle continuous settlement at retail scale. The limitation became increasingly absurd as India digitised. In December 2019, the RBI issued notification RBI/2019-20/111 making NEFT available round the clock, every day of the year. The reason was straightforward: because in a digital economy, payments do not follow banking hours, and a system that freezes at midnight on Friday fails the very people it was built to serve.
IMPS (2010) — Real-Time Goes Retail
The Immediate Payment Service, launched by NPCI in 2010, was the bridge. It proved that real-time, 24x7 mobile transfers between bank accounts were technically feasible and commercially viable. IMPS demonstrated the demand; UPI would satisfy it at scale.
UPI (2016) — The Breakthrough
UPI succeeded where earlier systems did not because it solved three problems simultaneously. First, interoperability: any UPI app can send money to any other UPI app, across any bank. Second, simplicity: Virtual Payment Addresses (VPAs) replaced the cumbersome combination of IFSC code plus account number. Third, cost: the government and RBI made UPI transactions free for merchants by eliminating the Merchant Discount Rate (MDR), removing the single largest barrier to adoption. This zero-MDR decision was controversial — payment service providers argued they needed transaction revenue to sustain operations — but it was the reason UPI reached mass adoption. NPCI's architecture, backed by the RBI's regulatory mandate for interoperability under the October 2019 ecosystem-deepening circular, ensured that no single private player could wall off the system.
"With a view to furthering digital payments, it has been decided that with effect from January 2020, member banks shall not charge savings bank account customers for online transactions in the NEFT system." — RBI Press Release, January 2020
How Are Payment Aggregators Now Regulated?
Payment aggregators — companies like Razorpay, PayU, and CCAvenue — sit between merchants and banks, handling the actual movement of money when a customer pays online. Because they touch settlement funds, the RBI concluded they needed direct regulation. The trigger was the rapid growth of online commerce: PAs were processing billions in transactions with no prudential oversight, no escrow requirements, and inconsistent KYC practices.
The RBI first published a discussion paper in October 2019, followed by the March 2020 PA/PG guidelines that required all PAs to apply for RBI authorisation under the PSS Act. These were amended through subsequent circulars and eventually superseded by the September 2025 Master Direction on Payment Aggregators, which consolidated the entire regulatory framework — net worth requirements, escrow account obligations, KYC norms, and merchant onboarding standards — into a single binding direction. Cross-border PA activity is separately governed by the October 2023 PA-Cross Border directions.
What Does Credit on UPI Change?
Until 2025, every UPI transaction drew from an existing bank balance. UPI was purely a payment rail — it moved money that already existed in your account. The February 2025 circular on pre-sanctioned credit lines through UPI changed that. Banks can now link a pre-approved credit line to a customer's UPI handle, allowing purchases to be funded by credit rather than deposits.
The initial rollout was limited to scheduled commercial banks. In December 2024, the RBI extended this facility to small finance banks, broadening access to underbanked segments. The reason for the extension was clear: small finance banks serve the customer base most likely to benefit from small-ticket credit delivered through a familiar interface.
This transformed UPI from a payment instrument into a credit delivery channel — a structural shift that carries forward the RBI's broader financial inclusion agenda.
The scale of what UPI has become deserves precise numbers. According to the RBI Annual Report 2024-25, UPI processed 18,586 crore transactions in 2024-25 — up from 1,252 crore in 2019-20. That is a fifteen-fold increase in five years. In value terms, UPI handled over Rs 260 lakh crore during the year. UPI now accounts for 84% of India's total retail digital payment volumes — meaning that for every hundred digital transactions in India, eighty-four flow through UPI. Merchant payments (P2M) have grown faster than peer-to-peer transfers: P2M transactions rose from 33.68 crore in calendar year 2019 to over 1,106 crore in 2024, driven by the zero-MDR policy and QR code ubiquity. The RBI's Payment Systems Report for the half-year ended December 2024 confirmed that UPI has become the world's largest real-time payment system by transaction volume — a designation the IMF formally recognised when it noted that India accounted for 49% of all global real-time payment transactions. The credit-on-UPI expansion, starting with scheduled commercial banks and then extending to small finance banks in December 2024, means these transaction volumes will increasingly include credit-funded purchases — adding a lending dimension to what was purely a payment rail.
Who Bears the Loss When a UPI Transaction Goes Wrong?
The customer liability framework for unauthorised digital transactions was first established by circular RBI/2017-18/15 in July 2017 (since withdrawn), which set zero customer liability for bank-side failures, capped liability based on reporting delay for third-party breaches, and full liability only where the customer's own negligence caused the loss. This framework was replaced by updated directions as the ecosystem evolved.
In February 2026, the RBI issued a draft amendment to the customer liability framework to account for the vastly expanded digital payments landscape. The draft proposes tighter timelines and clearer obligations for banks and payment system operators, because the original framework — designed when digital transactions were a fraction of current volumes — no longer reflects the speed and scale at which fraud occurs.
The principle remains: rapid reporting protects the customer, and the regulated entity bears the burden of proving negligence.
The Regulatory Stack Today
India's digital payments ecosystem operates under a unified statutory and regulatory architecture:
- PSS Act, 2007 — the statutory foundation for all payment system regulation
- RTGS and NEFT — core settlement infrastructure, both 24x7 since 2019-2020
- UPI — the retail payment layer, now carrying credit as well as debit transactions
- BBPS (Bharat Bill Payment System) — governed by the February 2024 Master Direction, consolidating bill payment regulation
- Payment Aggregators — brought under direct regulation through the amended and consolidated September 2025 Master Direction
- Digital Payment Security Controls — the July 2024 Master Direction on Cyber Resilience sets security standards for non-bank PSOs
- TAT and Compensation — September 2019 harmonisation of turnaround times for failed transactions across all authorised payment systems
The penalty framework for non-compliance was itself amended in January 2025, replacing the earlier 2020 framework, to include compounding of offences — a signal that the RBI treats payment system violations with increasing seriousness.
The November 2025 consolidation also issued entity-specific Digital Banking Channels directions governing the digital payment infrastructure obligations for each regulated entity type — see the Commercial Banks Directions (RBI_MD_13162), UCB Directions (RBI_MD_13034), RRB Directions (RBI_MD_13059), SFB Directions (RBI_MD_13135), Payments Bank Directions (RBI_MD_13109), LAB Directions (RBI_MD_13084), and Rural Co-operative Banks Directions (RBI_MD_13008).
What began with a single RTGS terminal in 2004 is now the world's most extensive real-time payment infrastructure. The regulatory architecture that supports it — statute, master directions, circulars, and enforcement — is why it works.
Last updated: April 2026