The state of the art in enterprise data agents: #1 on DABstep · SOTA on KramaBench & DataAgentBench
← Back to Resources
RBI AI Guidelines

Can Indian Financial Institutions Use Overseas AI Providers? Reading RBI's FREE-AI Framework

Actioneer standard tile for the RBI FREE-AI overseas AI providers article

No publicly issued RBI regulation or circular prohibits regulated entities from using overseas AI providers. The FREE-AI report, released in August 2025, is the work of an RBI-appointed committee rather than a binding Master Direction, and it treats third-party AI through the existing outsourcing lens: the regulated entity's regulatory and customer obligations are not diminished by outsourcing, those obligations flow down to the vendor through contract, and the report recommends auditability and traceability proportionate to the use case and its risk. The principal RBI localization rule relevant to this question, the 2018 payment data circular, requires payment system data to be stored in India while permitting processing abroad. This article works through the primary sources and sets out what a board should require from an AI vendor under the current framework.

Key Takeaways

  • No publicly issued RBI regulation or circular prohibits regulated entities from using overseas AI providers.
  • FREE-AI is an advisory RBI-appointed committee report, not a binding AI-specific Master Direction.
  • Material cross-border IT outsourcing carries additional country-risk, governing-law, audit, contingency, exit, and records-access obligations.
  • RBI's 2018 payment-data rule requires storage in India while permitting overseas processing subject to deletion and repatriation timelines.
  • Boards should evaluate data classification, outsourcing materiality, contractual controls, traceability, customer safeguards, and cross-border risk.

In this article

Why This Question Keeps Stalling AI Programs

We build and operate AI agents inside NBFCs, banks, and fintech lenders, and across India deal cycles one objection surfaces more than any other: that RBI does not permit customer data to be processed by an AI provider based outside India. The claim circulates without a citation because no publicly issued RBI regulation or circular says it. It survives on proximity to three real things, the 2018 payment data circular, the DPDP Act's cross-border provisions, and RBI's long-standing conservatism on outsourcing. All three are real requirements, and none of them prohibits the use of an overseas provider.

An institution that treats the question as closed removes most frontier AI capability from its evaluation set, based on an interpretation the source documents do not support. RBI's own survey, published in the FREE-AI report, found 20.8% of regulated entities already running AI in production, concentrated in customer support, credit underwriting, sales, and cybersecurity, with another 67% actively exploring use cases.

Supervisory attention has sharpened in 2026. In April, the Finance Minister convened bank chiefs, RBI, and MeitY over systemic risks from frontier AI models, and Business Standard reported that RBI asked regulated entities to complete board-approved AI risk gap assessments and time-bound action plans by end-June 2026; no public circular has been released. The emphasis across all of it has been on governance and risk controls rather than any prohibition based on vendor location.

What FREE-AI Says About Overseas AI

On 13 August 2025, RBI released the report of its committee on the Framework for Responsible and Ethical Enablement of Artificial Intelligence, chaired by Dr. Pushpak Bhattacharyya of IIT Bombay. It addresses RBI-regulated institutions, including scheduled commercial banks, NBFCs, and payment system operators, along with the broader ecosystem of fintech and technology providers that serve them, and it is the regulator's most direct statement on AI to date.

The framework is enabling by design. Among its seven guiding sutras is “Innovation over Restraint,” and the committee identifies non-adoption of AI as a risk in its own right, citing lost competitiveness, slower financial inclusion, and exposure to AI-driven fraud without equivalent defenses. The committee also takes the view that the existing legal framework, including the IT Act, is sufficient to address current risks.

On the overseas question specifically, the report does not recommend any prohibition based on provider location. Offshore AI providers sit outside RBI's direct regulatory reach, so the framework works through contractual flow-down: regulated entities carry their RBI obligations into vendor agreements, covering data use, accountability, bias, explainability, and audit rights. A foreign supplier can be engaged, subject to the regulated entity satisfying the applicable outsourcing, contractual, and data governance requirements, including the additional ones that attach to cross-border arrangements.

The report is advisory. It proposes AI-specific enhancements to existing Master Directions in its annexures, and RBI has not announced a timetable for converting the recommendations into binding instruments. As of July 2026 no binding AI-specific instrument has been issued, which means any claim that RBI's AI guidelines prohibit overseas providers cites an instrument that has not been issued.

Where the Real Obligations Sit

The operative regulation is RBI's outsourcing framework, including the Master Direction on Outsourcing of Information Technology Services, 2023, applicable to commercial banks and to NBFCs in the Middle, Upper, and Top Layers, and governing material IT outsourcing arrangements. Its core principle is that outsourcing a function never diminishes the regulated entity's obligations to its customers or to RBI. The institution must conduct due diligence on the vendor, retain audit and inspection rights, ensure continuity, and demonstrate compliance to RBI on demand.

Cross-border outsourcing carries additional obligations under the same direction. Where a service provider is based abroad, the institution must monitor the government policies and the legal, political, economic, and social conditions of that jurisdiction on an ongoing basis, maintain contingency and exit plans with continued availability of records, ensure the governing law of the arrangement upholds confidentiality obligations, and retain audit rights over the offshore provider for both itself and RBI. These are additional governance conditions that institutions are expected to address. FREE-AI adds AI-specific recommendations on top: outsourcing contracts should explicitly address algorithmic bias, accountability, and AI usage disclosure, with the obligations extending to subcontractors.

On internal governance the report goes further. Its recommendations include a board-approved AI policy covering governance structure, risk appetite, model lifecycle, auditability, and consumer protection; an AI inventory maintained for supervisory inspection; an AI incident reporting mechanism; and AI-related disclosures in annual reports.

For a board evaluating an AI vendor, four questions follow from the framework:

  1. Can we audit what the system does with our data, at any time?
  2. Does the contract give us the control RBI expects us to hold?
  3. Can every output be traced to its inputs, retrieved evidence, workflow steps, and approvals when a supervisor asks?
  4. Does the arrangement preserve our obligations to customers, including disclosure and grievance redressal?

A vendor that answers all four is well placed to meet the framework's expectations, wherever it is based. A vendor that cannot may create material governance and supervisory risk, even if its servers sit in Mumbai.

What Is Actually Localized

RBI's circular of 6 April 2018 on Storage of Payment System Data requires payment system data to be stored only in India. In its clarifying FAQs, RBI confirmed there is no bar on processing payment transactions outside India, provided the data is deleted from overseas systems and brought back to India within one business day or 24 hours from payment processing, whichever is earlier.

The circular is directed at payment system data, which RBI defines broadly to include end-to-end transaction details and information carried in payment messages; other datasets require their own classification under applicable law. Datasets outside the payment system, such as portfolio data, collections records, and CRM data, remain subject to RBI's outsourcing and confidentiality requirements and, to the extent they contain personal data, to the Digital Personal Data Protection Act, 2023. Section 16 of the Act permits cross-border transfer except to countries restricted by the Central Government, and the DPDP Rules notified in November 2025 phase in the Act's substantive obligations over 18 months from notification, running to May 2027, with additional transfer conditions contemplated for significant data fiduciaries. The two regimes answer different legal questions but can apply concurrently to the same arrangement: DPDP to the personal data being processed, RBI's instruments to the outsourcing relationship and the institution's accountability within it.

Taken together, the current framework does not impose a general prohibition on overseas AI processing; it conditions it. The regulated entity owns the governance, and payment data carries a storage obligation that vendor architecture can be designed to satisfy.

Recommendations for Customer-Facing AI

For institutions deploying conversational or voice AI toward customers, the committee's recommendations are specific. It recommends that customers be informed when they are interacting with an AI system, that they have a channel to challenge AI-driven decisions, and that final authority on critical decisions such as credit approvals rest with qualified personnel. It further recommends corresponding updates to the Master Circular on Customer Service and to the digital lending guidelines, including transparency in AI-driven credit assessment and fairness audits for bias.

For a voice or agent deployment the practical reading is that disclosure, human override, and grievance routing belong in the system design before launch. These responsibilities sit with the institution, and they are easier to operationalize when the platform supports them natively rather than leaving the institution to retrofit them.

What a Board Should Require From an AI Vendor

The framework's expectations map directly onto architecture. This is how Actioneer's platform is built against each one.

FREE-AI expectationWhat it means for the institutionHow Actioneer addresses it
Board-approved AI policy, defined accountabilityAI governance elevated to the level of credit or cyber riskGovernance module: role-based access, scoped permissions, audit logs that feed board reporting
Auditability and explainabilityEvery output traceable when a supervisor asksObservability module: full agent tracing, with execution and workflow traces recorded for each action
Outsourcing safeguards and data controlInstitution retains control of data and vendorRead-only by default; data is read in place, never copied or relocated
Sovereignty where risk appetite requires itProcessing inside the institution's own perimeterOn-premise deployment, including configurations running entirely on open-source models within the institution's infrastructure
Consumer protection for customer-facing AIDisclosure, human override, grievance routingHuman approval steps and escalation paths configured into agent workflows
Independent assuranceAttested and certified evidence rather than vendor claimsSOC 2 attested; ISO/IEC 27001 and ISO/IEC 27701 certified

Actioneer's platform is designed to align with each of the framework's recommendations. For institutions whose risk posture calls for it, the entire stack runs inside their own environment, which can take cross-border data processing out of the deployment when the architecture and operating model are configured for full isolation. Under the current framework that remains the institution's choice to make.

One more observation from the deployments we have run: the institutions best positioned for FREE-AI's codification are the ones already operating AI with governance built in. Board policies, AI inventories, audit trails, and incident reporting take quarters to establish. If and when the recommendations are codified into Master Directions, early adopters are likely to be substantially prepared, even where the binding text differs in detail from the committee's recommendations. Institutions that deferred adoption pending regulatory certainty will find themselves building compliance infrastructure and operating capability simultaneously, in a supervisory environment that has already begun asking questions.

RBI's most explicit statement on AI to date asks the industry for adoption governed well. The overseas provider question resolves into due diligence across data classification, outsourcing materiality, contractual controls, and cross-border risk management, and that diligence can be done. Actioneer builds AI agents for NBFCs, banks, and fintech lenders with that governance in the platform from day one. If your institution is working through what a compliant deployment looks like on your own data, we should talk.

This article is for general information and does not constitute legal advice. Institutions should consult their own counsel on specific compliance questions.

Sources

Primary sources

  1. Reserve Bank of India, FREE-AI Committee Report, 13 August 2025.
  2. Reserve Bank of India, Master Direction on Outsourcing of Information Technology Services, 10 April 2023.
  3. Reserve Bank of India, Storage of Payment System Data, DPSS.CO.OD No.2785/06.08.005/2017-2018, 6 April 2018.
  4. Reserve Bank of India, FAQs on Storage of Payment System Data, 26 June 2019.
  5. Government of India, Digital Personal Data Protection Act, 2023, 11 August 2023.
  6. Press Information Bureau, Digital Personal Data Protection Rules, 2025, November 2025.

Secondary reporting

  1. Business Standard, RBI asks banks to assess AI risk gaps, draw action plan by June-end, June 2026.
  2. Business Today, FM Sitharaman holds meet with RBI, MeitY, banks on systemic risks from AI, 23 April 2026.

Frequently Asked Questions

Does RBI prohibit financial institutions from using AI providers based outside India?

No publicly issued RBI regulation or circular prohibits it. The FREE-AI report applies the existing outsourcing framework: the regulated entity remains accountable and must flow its obligations down through the vendor contract, including provisions on data use, bias, and audit rights.

Does RBI require AI models to be hosted in India?

The RBI localization mandate directly relevant here is the 2018 requirement that payment system data be stored in India. RBI has issued no requirement that AI models be hosted domestically. Where a model is hosted is a question of outsourcing governance and the institution's own risk appetite, and institutions that prefer in-country or in-perimeter hosting can require it from their vendor as a matter of policy.

Does calling a global AI provider's API count as outsourcing under RBI rules?

It may, particularly where the arrangement is material. FREE-AI applies the outsourcing lens to third-party AI, and the IT Outsourcing Master Direction governs material arrangements, which RBI defines by their potential to significantly impact operations or materially affect customers if disrupted or compromised. The institution should classify each arrangement under its outsourcing policy, carry its obligations into the contract, and apply the additional cross-border conditions where the provider operates from abroad.

Is the FREE-AI framework legally binding today?

RBI's AI framework remains advisory as of July 2026. The report proposes enhancements to existing Master Directions, and RBI has not announced a timetable for codification. Institutions building governance now are building infrastructure the report recommends, on timelines that governance of this kind realistically requires.

Who is liable if a third-party AI system causes consumer harm?

Primary accountability sits with the regulated entity under RBI's outsourcing principle. The framework recommends a graded liability approach and AI-specific contractual allocation between institution and vendor, but the supervisory relationship runs through the institution. This is why audit rights and traceability belong in the vendor contract from the start.

What does the data localization rule actually cover?

Payment system data, which must be stored in India; RBI's FAQs confirm processing abroad is permitted with the data returned within one business day or 24 hours from payment processing, whichever is earlier. Datasets outside that definition require their own classification, under RBI's outsourcing and confidentiality requirements and, where they contain personal data, under the DPDP Act and its Rules.

What does the framework expect for customer-facing AI, including voice agents?

The committee recommends disclosure that the customer is interacting with AI, a channel to challenge AI-driven decisions, human authority over critical outcomes such as credit decisions, and grievance redressal. These responsibilities rest with the institution and should be built into the deployment architecture.

Can we deploy AI with zero data crossing the border?

Actioneer offers deployment configurations designed for full isolation: on-premise or private cloud, running entirely on open-source models inside the institution's own infrastructure, with data read in place. Institutions evaluating this should validate the isolation boundary, including support, update, and monitoring paths, against their own architecture and operating requirements.

Where should institutions expect supervisory interest in an AI deployment?

The areas the framework's recommendations point to: the board-approved policy, the AI inventory entry, the audit trail behind a specific output, the contractual rights over the vendor, and the incident reporting path. Cross-border arrangements add country-risk, governing-law, and audit-access requirements rather than any prohibition. A system without adequate records of its inputs, evidence, workflow steps, and approvals is harder to defend in any of these conversations.