1. Registrations and licensing compliances for financial services

A. Consumer Protection Act and the rules/ guidelines issued thereunder

1.1 Compliances under E-commerce Rules

All e-commerce entities must comply with the E-Commerce Rules, including:

  • Nodal Officer: Appoint a nodal officer or alternate senior functionary residing in India.

  • Information Disclosure: Clearly and prominently display on its platform:

    • Legal Name

    • Principal and branch addresses

    • Name and details of the website

    • Contract information of customer care and grievance officer.

  • Grievance Redressal: Set up a grievance mechanism and appoint a grievance officer. Display their name, contact, and designation of such officer on its platform. Grievances must be acknowledged in 48 hours and resolved within 1 month.

  • Imported Goods: If offering imported goods/services, mention importer details.

  • Cancellation Charges: No cancellation charges unless the platform bears similar charges if they cancel the purchase order unilaterally.

  • Consent: Obtain a consumer’s consent for any purchase through explicit and affirmative action.

  • Refunds: Process refunds as prescribed under applicable law.

Obligations for Marketplace E-Commerce Entities
Marketplace entities must additionally:

  • Seller Undertaking: Require sellers through an undertaking to ensure that descriptions, images, and other content pertaining to goods or services on their platform is accurate and corresponds directly with features of such goods or services.

  • Differentiated Treatment: Include in terms and conditions, a description of any differentiated treatment which it gives or might give between goods or services or sellers of the same category.

  • Disclosures: Display all required information including that may be required by consumers to make informed choices: contractual terms, mandatory notices, expiry, seller/importer details, country of origin, return/exchange/refund/delivery terms, warranties, payment modes, grievance mechanism.

  • Seller Details: Show seller name, registration status, address, customer care number, and ratings, if any.

  • Complaint Tracking: Provide ticket numbers to track complaints.

  • Ranking Parameters: Explain in plain language the key parameters affecting product/seller rankings.

Obligations for Inventory E-Commerce Entities
Inventory-based entities must:

  • No False Representation: Not misrepresent themselves as consumers.

  • Return and Refunds: Must not deny return, refund, or cancellation if goods/services are defective, deficient, spurious, or delivered late.

  • Disclosures: Same disclosure obligations as marketplaces.

  • Price Transparency: Show total price as a single figure, with breakup and applicable taxes.

  • Complaint Tracking: Provide ticket numbers for consumer complaints that enables consumers to track status of their complaint.

Obligations for Sellers on Marketplaces
Sellers on marketplaces must:

  • No Fake Reviews: Not falsely pose as consumers or post fake reviews.

  • Return and Refunds: Must not deny return, refund, or cancellation for defective, deficient, spurious, or delayed goods/services.

  • Written Contract: Must have a prior written contract with the platform and share details (name, address, GSTIN, PAN, website).

  • Grievance Officer: Appoint and display grievance officer's name and contact. Acknowledge complaints in 48 hours, resolve within 1 month.

  • Disclosures: Display all legally required info (e.g., expiry date, seller/importer details, country of origin, return/exchange/delivery terms, warranties).

  • Price Transparency: Show total price and breakup with all charges and taxes.

  • Grievance Officer Info: Display name, contact number, and designation.

Annexure E details compliances required under the E-Commerce Rules.

1.2 Guidelines on Misleading Advertisements

As per the Guidelines, advertisement is valid and not misleading if it:

  • Is truthful and honest in its representation.

  • Does not exaggerate the product’s performance, accuracy, scientific basis, or usefulness.

  • Does not mislead by presenting legal consumer rights as unique benefits offered by the advertiser.

  • Does not claim universal acceptance of a claim where significant scientific or expert disagreement exists.

  • Does not exploit fear, i.e., doesn’t suggest that personal or family safety is at risk if the product is not purchased.

  • Does not mislead by citing publications or sources that haven’t been independently verified.

  • Complies with all applicable sector-specific laws and regulations.

In addition, the Guidelines also details conditions for bait advertisements, surrogate advertisements, free claims advertisements, and child targeted advertisements among others.

Please refer to Annexure F for the compliances to be followed under these guidelines by an entity advertising goods or services offered by it to consumers. The Guidelines are available here: https://consumeraffairs.nic.in/acts-and-rules/consumer-protection

1.3 Guidelines on Dark Patterns

An entity advertising goods or services offered by it to consumers must comply with the Guidelines on Dark Patterns. The Guidelines defines Dark Patterns to mean any practices or deceptive design pattern using user interface or user experience interactions on any platform that is designed to mislead or trick users to do something they originally did not intend or want to do, by subverting or impairing the consumer autonomy, decision making or choice, amounting to misleading advertisement or unfair trade practice or violation of consumer rights. The Guidelines prohibits any person, including any platform, from engaging in any dark pattern practice. The Guidelines are available here: https://consumeraffairs.nic.in/acts-and-rules/consumer-protection

1.4 Greenwashing Guidelines

Please refer to Annexure G for the compliances to be followed under these guidelines by an entity advertising goods or services offered by it to consumers.

B. Data protection laws

The IT Act read with the SPDI Rules are the primary legislations in India governing data privacy and protection on a sector-neutral basis. To the extent the NPs will collect/handle personal data falling under the category of SPDI, it is required to be compliant with the obligations specified under the SPDI Rules. A summary of the key obligations under the SPDI Rules of an entity, inter alia, for collecting, processing and transferring of SPDI, has been set out in Annexure H.

Please note that once the DPDP Act is enforced, all entities collecting, handling, or processing personal data will be required to comply with the obligations prescribed under the DPDP Act.

C. Compliance with Lending Regulations

The Digital Lending Guidelines provided here has been withdrawn by the RBI. Please refer to the Reserve Bank of India (Digital Lending) Directions, 2025.

3.1 Licensing or registration requirement

  • (i) Certificate of Registration for NBFCs - Non-banking financial companies (“NBFCs”) must obtain a registration under Section 45IA of the Reserve Bank of India Act, 1934 for commencing its business. For the purposes of obtaining a certificate of registration as an NBFC, the applicant must also meet the principal business and net-worth criteria as prescribed by the Reserve Bank of India (“RBI”) for different categories of NBFCs.

  • (ii) Licensing of Banks - All banks in India shall be required to be licensed as per the terms of the Banking Regulation Act, 1949 before commencing business. The license shall be issued by the RBI under Section 22 of the Banking Regulation Act, 1949 for carrying on the business of banking which is defined to mean the accepting, for the purpose of lending or investment, of deposits of money from the public, repayable on demand or otherwise, and withdrawable by cheque, draft, order or otherwise is defined.

3.2 Compliance in relation to credit products

  • (i) The Digital Lending Guidelines are applicable to all entities regulated by RBI such as NBFCs and banks. LSPs may include Buyer and Seller Apps who are connecting the REs to buyers through the applications. Please refer to Para 1.1 and 1.2 of Annexure K for compliances in relation to the Digital Lending Guidelines.

  • (ii) The Scale Based Regulations requires NBFCs having a customer interface to ensure compliance with the requirements set out in relation to the ‘fair practice code’ and having a board approved policy based on the guidelines set out in the Scale Based Regulations. Similarly, obligations are imposed under various notifications, circulars and guidelines issued by the RBI from time to time in relation to fair practices code for banks including the Guidelines on Fair Practices Code for Lenders dated 5 May 2003 and subsequent circulars and notifications. Please refer to Para B of Annexure K for compliances applicable to the Buyer and Seller Apps.

  • (iii) REs who are engaging the services of third party service providers must comply with the outsourcing guidelines as prescribed for NBFCs and Banks under the Scale Based Regulations and Bank Outsourcing Guidelines. REs generally impose obligations for compliance with the outsourcing guidelines in the agreements executed with such outsourced service providers. A Buyer App engaged in customer acquisition for the credit products offered by REs is an example of outsourced service provider. Please refer to Para C of Annexure K for compliances applicable in relation to outsourcing of services by REs.

  • (iv) All REs must comply with the RBI ‘Master Direction - Know Your Customer (KYC) Direction’, dated 25 February 2016 (“KYC Master Directions”) in relation to conducting KYC of customers for credit products. As each entity will have their own KYC policy as mandated under the KYC Master Directions, the requirements on Buyer Apps will be determined basis the KYC norms that are communicated to them by the relevant RE.

D. Compliance with Insurance Regulations

4.1 Licensing or registration requirement

  • (i) Certificate of Registration for Insurers - Any entity undertaking any class of insurance business in India is required to have obtained a certificate of registration for the particular class of insurance business from the IRDAI.

  • (ii) Registration of intermediaries - insurance intermediaries, including (a) Insurance Brokers, (b) Corporate Agents and (c) Insurance Web Aggregators are required to obtain registration as such respective intermediary from the IRDAI.

4.2 Compliances in relation to insurance products

  • (i) The Insurance Act governs the insurance business at large. It prescribes various compliance obligations on Insurers, who would act as Seller Apps, and prescribes stipulations in respect of their engagement with various insurance intermediaries, providing services as Buyer Apps. Please refer to Para A of Annexure L for compliances in relation to the Insurance Act, as relevant for Insurers (Seller Apps) and insurance intermediaries (Buyer Apps) engaging through ONDC.

  • (ii) The Insurance Broker Regulations prescribe the registration requirements and other compliances applicable to Insurance Brokers, which include aspects relating to name of the Insurance Broker; offering of risk management and claim consultancy services; online sales, telemarketing and distance marketing; conduct of Insurance Brokers, etc. Please refer to para B of Annexure L for relevant compliances applicable to Insurance Brokers (as Buyer Apps) under the Insurance Broker Regulations.

  • (iii) The Corporate Agent Regulations prescribe the registration requirements and other compliances applicable to Corporate Agents. Such compliances include aspects such as, registration requirements; remuneration; arrangements with Insurers; conflict of interest; servicing of policyholders; sale by telemarketing and distance marketing; conduct of corporate agents, etc. Please refer to para C of Annexure L for relevant compliances applicable to Corporate Agents (as Buyer Apps) under the Corporate Agent Regulations.

  • (iv) The Web Aggregator Regulations governs the registration requirements and compliances applicable to Insurance Web Aggregators. Such compliances relate to aspects such as, registration eligibility criteria; comparison and distribution of insurance products; arrangement with Insurers; conflict of interest; engagement of an authorised verifier and sale of insurance products by tele-marketing and other distance marketing channels; duties and functions undertaken by Insurance Web Aggregators; remuneration; conduct of Insurance Web Aggregators, etc. Please refer to para D of Annexure L for relevant compliances applicable to Insurance Web Aggregators (as Buyer Apps) under the Web Aggregator Regulations.

  • (v) Miscellaneous regulations. Apart from the specific regulations applicable to Insurers and insurance intermediaries as set out above, the IRDAI has issued various other circulars and regulations governing aspects such as (i) sale and advertisement of insurance products, (ii) issuance of e-insurance policies, (iii) provision of customer information sheet, (iv) KYC of customers, etc. Please refer to para E of Annexure L for relevant compliances relating to the above, as applicable to Insurers and insurance intermediaries (as Seller and Buyer Apps).

E. Compliance for providing Investment services

5.1 Licensing or registration requirement

Certificate of Registration – All intermediaries including Mutual Funds, IAs, EOPs and MFDs must obtain a certificate of registration before commencing their business. For the purposes of obtaining a certificate of registration as an intermediary, the applicant must inter alia ensure compliance with the fit and proper person criteria, net-worth criteria and such other eligibility criteria as prescribed by SEBI for the respective intermediary.

5.2 Compliances in relation to offering of mutual fund products

The detailed compliances for IAs, EOPs, AMCs and MFDs (as the case may be) offering mutual fund products are detailed in Annexure M.