Data cables feed into a server. (Photographer: Chris Ratcliffe/Bloomberg)

BQ Explains: How Data Localisation Impacts Consumers And Businesses

The Reserve Bank of India’s deadline for payment companies to store data locally passed on Oct. 15. But MasterCard and Visa, among the biggest contributors to digital payments, are yet to comply.

The central bank, which hasn’t extended the deadline yet, had in April given payment companies six months to store all data within India to ensure access for supervisory and monitoring purposes. BloombergQuint looks at the immediate impact:


There’s no threat of payment services being denied.

The Indian Banks Association, in a letter on Oct. 12, asked bank chiefs to ensure that third-party service providers like card networks and payment gateways comply with the guidelines. But services should not be stopped, the IBA said.

“It may not be proper for the banks to inconvenience the consumers by abruptly dis-continue the services of the system providers who aren’t able to provide any certificate of compliance immediately,” it wrote. Since most of the banks are working with major card networks, the IBA said they need to continue the services for ATMs and point of sale machines till the RBI comes out with a notification for non-compliant companies.

The IBA also asked banks to seek up to six months from the regulator to get compliance certificates from the existing service providers.

Costs are also unlikely to rise for consumers since the payments market is highly competitive and fees are often regulated.


For companies, storing data locally will mean increased costs as they will have to set up data centres locally.

“The data localisation policy will require these firms to invest more in their technology, build capabilities from grounds up and replicate their global infrastructure in order to store data locally,” Guru Malladi, partner, advisory at EY, said in a statement.

Also read: U.S. Senators Write To PM Modi, Seek Soft Stance On India’s Data Localisation

Local Vs Global

The RBI’s data localisation policy has split India’s digital payments industry, with multinational firms seeking easier norms and local players calling it a level-playing field.

Domestic companies like Paytm and PhonePe have backed the new rules. “We have notified the RBI that all our data is locally stored,” PhonePe Founder Sameer Nigam said over the phone. Last week, even WhatsApp claimed that it has built a system to store payments data locally. A person familiar with the matter told BloombergQuint that its new product plan is under assessment to judge compliance.

A large volume of digital transactions is contributed by card companies. India had 41 million credit and over 980 million debit cards as of August, according to RBI data. Of these, more than 560 million were Rupay cards, the domestic card payments ecosystem. Which means, foreign card companies support nearly half of the transaction volumes.

Indians made payments worth Rs 48,368 crore through credit cards and worth Rs crore 324,948 with debit cards in August.

Multinational firms like MasterCard and Visa have sought more time to become compliant, according to a Bloomberg report, citing operational difficulties and security concerns.

The U.S. companies first suggested mirroring of data but that proposal was rejected. They have now sought another year to comply with data localisation requirement, Mukesh Aghi, chief executive officer of the U.S.-India Strategic Partnership Forum, an industry body acting on behalf of U.S. businesses, told BloombergQuint. “We have requested a 12-month period from the RBI so that we can provide you world-class data... We need to have a consultative process so that we can set milestones for three months, six months and 12 months.”

Also read: Why Data Localisation Might Lead To Unchecked Surveillance