.png){kind=small}
.png)
.png)
.png)
.png)
1 hour ago
6
ARTICLE AD BOX
MUMBAI/ NEW DELHI: RBI is considering a proposal to regulate the use of device locking technology in case of continued default for some small-ticket personal loans - but with explicit safeguards.
Sources said a final decision on the issue has not been taken, but the needs of consumers and lenders have to be balanced.In some of the loans used for purchase of things like smartphones, lenders are remotely disabling devices and locking the users from using the phones to recover their dues. While several low-ticket loans are now available to segments of the population that were earlier considered 'unbankable', there need to be adequate guardrails to ensure borrowers are not harassed, said a source.
There is recognition that unbridled use of practices such as digital locking technology poses risks to borrowers, which impacts access to their personal data - including contacts, documents, work-related applications e-wallets, and educational material for children. For gig workers or small entrepreneurs, this may also mean losing access to navigation tools, client information and delivery platforms, hitting their ability to earn and repay.
"Unlike traditional collaterals, where repossession is tangible and regulated, this digital form of control can be more intrusive and difficult for borrowers to anticipate or challenge," said a banking source.Besides, there is no redressal mechanism of wrongful locking of devices, which leaves the borrower completely at the mercy of the lender. Also, given access to such techniques, it is feared that lenders may not be adequately assessing the repayment capacity of the borrowers.As a result, there is growing recognition that if allowed under regulations, device locking should be accompanied by a clear and informed consent. There is also a need to provide sufficient notice after default before a phone is locked or restrictions are imposed, which should ideally be in a graded manner. Further, it should be ensured that there is no breach of data privacy.RBI's latest guidelines on digital lending released in May 2025 says that digital lending apps (DLAs) and lending service providers (LSPs) can collect only need-based data with prior, explicit borrower consent and an audit trail. They cannot access phone resources such as files, contacts, or call logs, and can use device features like camera, mic, or location only once for KYC with consent. Borrowers must retain full control over their data, including the right to deny, revoke, or limit consent, and to demand deletion.
No biometric data can be collected unless legally permitted, and any third-party sharing requires explicit consent unless mandated by law.
English (US) ·