The Reserve Bank of India (RBI) has issued a press release on 28 February 2024 on the revision of the Enabling Framework for Regulatory Sandbox.

The RBI Press Release emphasizes the need for regulated entities within its regulatory sandbox framework to strictly adhere to the provisions of the Digital Personal Data Protection Act, 2023.

Bank of England has some lessons for Reserve Bank of India on how to revive growth | Mint

 The RBI Press Release marks a significant stride towards reinforcing data protection and privacy measures within the financial sector. The emphasis on adherence to the provisions of the DPDP Act by entities within the Sandbox Framework highlights the importance of safeguarding personal data in the rapidly evolving landscape of financial technology (FinTech). The revised Sandbox Framework aligns with the overarching goal of fostering responsible innovation while ensuring individuals’ privacy throughout the innovation process. Further, the provision for potential relaxation of certain regulatory requirements, while ensuring that requirements related to consumer privacy and data protection remain non-negotiable reinforces the need for fostering a culture that prioritizes data protection and privacy in innovation.

Key highlights of the revised Sandbox Framework are as follows:  

  1. Eligibility for Regulatory Sandbox:  

Every applicant that wishes to partake in the regulatory sandbox must demonstrate their compliance with data protection and privacy.

  1. Data Security Measures: 

Sandbox entities are mandated to:  process all data related to regulatory sandbox testing in strict compliance with the provisions of the DPDP Act; implement appropriate technical and organizational measures to ensure robust compliance with the DPDP Act and any rules made thereunder; establish adequate safeguards to prevent any personal data breach. 

  1. Relaxation for Applicants:  

The RBI may consider relaxing certain regulatory requirements for applicants for the duration of the regulatory sandbox on a case-by-case basis. However, requirements related to consumer privacy and data protection must be mandatorily complied with.

The RBI had issued the Sandbox Framework in August 2019, to cultivate responsible innovation within the financial services sector. Eligible candidates for participation in the regulatory sandbox span a diverse range of entities across the FinTech landscape, including start-ups, established banks, financial institutions, as well as other corporate entities, limited liability partnerships, and partnership firms involved in collaborating with or supporting financial services businesses. 

Source: Lexology