RBI e-Mandate 2026: Card Auto-Debits Up to ₹1 Lakh

What RBI changed and why it matters

The Reserve Bank of India (RBI) has issued consolidated directions governing the e-mandate framework for recurring digital payments. The updated instructions are aimed at simplifying recurring payments, resolving operational issues flagged by stakeholders, and strengthening consumer protection. A key change is that issuers can now map existing e-mandates to reissued debit or credit cards, reducing disruptions when cards are replaced. RBI has retained the general Additional Factor of Authentication (AFA) threshold of ₹15,000 per recurring transaction, while continuing higher AFA-free limits for specific categories. The directions also emphasise transparency through mandatory notifications and require issuers to strengthen dispute resolution systems. The framework is positioned as an effort to balance convenience with safeguards as recurring online payments expand across services.

Consolidated directions: a single framework for recurring debits

RBI’s consolidated directions bring recurring payment rules under a single master framework. The RBI described the changes as based on feedback received from stakeholders. The directions apply to payment system providers and participants handling recurring transactions under e-mandates. The scope includes recurring domestic and cross-border transactions processed through cards, prepaid payment instruments (PPIs), and the Unified Payments Interface (UPI). By consolidating earlier instructions, the RBI seeks to reduce fragmentation in compliance requirements and provide clearer operational expectations. The central bank also noted that multiple earlier circulars issued between 2019 and 2024 relating to recurring payment processing through cards, UPI, and other digital channels have been repealed following the issuance of this consolidated framework.

Mapping e-mandates to reissued cards to avoid payment failures

RBI has allowed card issuers to map existing e-mandates to reissued debit or credit cards. This is meant to ensure continuity of recurring transactions when a card is replaced due to expiry, damage, or security reasons. Earlier, customers often had to re-register mandates after card reissuance, which could lead to failed payments for subscriptions and standing instructions. The updated approach is expected to reduce friction for users and merchants where recurring payments depend on card credentials. It also lowers the operational burden of repeatedly recreating mandates after routine card lifecycle events. The RBI’s directions explicitly enable continuity for existing mandates rather than requiring customers to start over.

Revised AFA rules: ₹15,000 general threshold and ₹1 lakh exceptions

Under the updated framework, recurring transactions may be authorised without AFA up to ₹15,000 per transaction. Recurring payments above ₹15,000 must be subject to AFA at the time of debit. RBI has also continued higher-value AFA-free treatment for certain categories to reduce operational inconvenience for common financial payments. Specifically, insurance premium payments, mutual fund subscriptions, and credit card bill payments may be executed without AFA up to ₹1 lakh per transaction. These limits are described as applicable to recurring transactions under e-mandates. The rules focus on how authentication should apply at the time of debit, distinguishing standard recurring debits from identified categories allowed a higher ceiling.

One-time registration, first transaction authentication, and customer control

Customers opting for recurring payment facilities must complete a one-time registration process that requires validation through AFA. The framework states that the first transaction under any e-mandate must be authenticated. Where registration and the first payment occur together, the authentication step can be combined. Issuers must clearly specify the validity period of each e-mandate and provide customers with the ability to modify or withdraw the mandate at any time, subject to authentication. RBI has also provided for customer choice in how mandates are set up, including fixed or variable amounts subject to caps. In the case of variable e-mandates, issuers must allow customers to specify the maximum value of any recurring transaction.

Notifications: 24-hour pre-debit alerts and post-transaction disclosures

To improve transparency and customer control, issuers must send pre-transaction notifications at least 24 hours before the debit for most recurring transactions. These alerts must include key details such as the merchant name, transaction amount, date and time of debit, reference number of the e-mandate, and the reason for the debit. Customers must also be provided with an option to opt out of a specific transaction or cancel the e-mandate, and such requests must be validated through authentication. The RBI has specified that pre-transaction notifications will not be required for auto-replenishment of FASTag balances and National Common Mobility Card (NCMC) balances. Post-transaction notifications must also be issued, and RBI has directed issuers to include grievance redressal details in the post-transaction communication.

No customer charges and acquirers’ responsibility for merchant compliance

RBI has clarified that customers cannot be charged for availing the e-mandate facility for recurring transactions. The directions state that no charges shall be levied on customers for using the e-mandate facility for recurring debits. RBI has also placed responsibility on acquiring entities to ensure that merchants onboarded by them comply with the central bank’s e-mandate instructions. This obligation is meant to support consistent execution of the framework across merchant ecosystems rather than leaving compliance solely to issuers or customers. The consolidated directions explicitly tie merchant adherence to the acquiring payment service providers. This is intended to strengthen operational discipline across participants involved in recurring digital payments.

Dispute redressal, grievance reporting, and liability protections

Issuers are required to put in place an appropriate dispute redressal system to enable customers to lodge grievances related to recurring transactions under e-mandates. RBI also directed issuers to provide details of grievance redressal in post-transaction notifications to customers. The RBI clarified that its instructions on limiting customer liability for unauthorised electronic transactions will apply to recurring transactions executed through e-mandates as well. As referenced in the context provided, RBI rules currently limit liability for unauthorised electronic transactions based on reporting speed. Liability is stated to be zero for bank negligence or when a third-party breach is reported within 3 working days. For delays of four to seven days, liability caps are referenced as ranging from ₹5,000 for basic savings accounts to ₹25,000 on credit card payments, while policies determine liability after seven days.

Coverage expands to cross-border recurring payments across major rails

The directions apply to recurring domestic and cross-border transactions processed through cards, PPIs, and UPI. The RBI has brought cross-border recurring electronic payments using cards, prepaid instruments, and UPI under its e-mandate rules. The framework also reinforces customer protections such as the ability to opt out of any particular transaction or withdraw an e-mandate, with validation through AFA. This approach aims to create uniform operational guardrails for recurring debits irrespective of whether the payment is domestic or cross-border, as long as it falls under the covered instruments and rails. RBI’s stated focus remains on improving reliability of recurring payments while maintaining security controls through authentication and notifications.

Key rules at a glance

What to watch next

RBI has stated that the consolidated directions are effective immediately. For customers, the practical impact is expected to be most visible in smoother continuity of mandates when cards are reissued, clearer notifications, and higher AFA-free limits for specified financial payments up to ₹1 lakh per transaction. For issuers and acquiring entities, the directions tighten expectations around disclosures, dispute resolution, and ensuring merchants follow the framework. The RBI’s move to consolidate and repeal multiple circulars issued between 2019 and 2024 signals a push for clearer compliance across the recurring payments ecosystem. Going forward, the operational focus will be on implementing notification flows, opt-out handling, and dispute redressal in a way that matches the consolidated framework.