India has rules such as RBI guidelines and data protection legislation, but none of them have been designed for AI-specific challenges such as autonomous decision-making. Without a dedicated AI law, institutions can ultimately collect more data than necessary.
Banks in India will soon have to find out how they can follow the thin line between effective use of artificial intelligence (AI) and customer privacy according to the reserve Bank of India’s group for an extensive AI framework for the financial sector.
Responding to a report from an RBI committee that asked supervisors to work on an “AI liability framework”, which encourage responsible innovation, experts said that data collection and continuous permission will be the biggest challenge for companies. This is important, since companies in Finance already use AI for critical operations such as credit scoring and compliance controls, where large players have AI models access to a lot of data.
“AI can behave like a data vacuum, collect more information than necessary, sometimes from unusual or even derived sources,” said Vaibhav Koul, director of the Protiviti member company for India, which suggests that AI -Governance reflects local realities instead of just copying worldwide standards.
This places Indian banks in a unique position compared to their global counterparts. For example, India has rules such as RBI guidelines and data protection legislation, but none of them have been designed for AI-specific challenges such as autonomous decision-making. Without a dedicated AI law, institutions can ultimately collect more data than necessary.
Similarly, Pawan Pabhat, co-founder of Shorthills AI, said that the line between “useful” and “intrusively” can fade quickly and put the Onus on companies to regulate itself. According to India’s data protection legislation, users must fully understand why and how their data is used. This is difficult with AI, because models can evolve and use data in new ways.
“Companies will have to make permission, easy to understand, easy to update and just as easy to withdraw. This means building permission as a housing process, not a one-off form,” said Pabhat, who advises players to set up systems that regularly change permission when AI options change.
Apart from regulatory worries, said Mishi Choudhary, founder of the Digital Rights Advocacy Group SFLC.in, that the RBI report has specific cyber security requirements and makes generic recommendations because it depends on limited research and entities.
Affected players
An AI framework can also reform the competitive dynamics in the sector. Kishan Sundar, Senior Vice President, Chief Technology Officer at Maveric Systems, said that the policy can encourage Tier 2 and 3 players to use AI.
Until now, AI has largely been used by large benches and NBFCs. Nakul Kundra, co-founder of AI-driven Devnagri translation platform,, however, indicated that, although generative AI to 46 percent can yield efficiency gain in banking processes, only 20.8 percent of banks and NBFCs use it. The focus of the RBI framework on indigenous models will give smaller players legitimacy to lead this change, he said.
AI in Finance, however, can force suppliers such as Fintech companies, software and service providers to follow AI Governance clauses and AI audits of third parties. This can influence the growth of smaller players and stretch their means.
“Tier 2 and 3 institutions must be more aware of removing prejudices, cyber security defenses must be stronger, investments in infrastructure, talent and administration, but openly tackling these problems is the first step in the right direction,” said Sundar.
Published on August 15, 2025
#Balancing #Act #Banks #Walk #Walking #Privacy #Cord #RBIs #call #Braerkwerk