RBI clarifies data localization norms


On 26 June 2019, the Reserve Bank of India (RBI) issued clarifications on data localization. Two significant clarifications are: (1) where processing of a payment transaction happens overseas, then the payment systems data (including end-to-end transaction details) for the transaction could also be stored abroad, but only for a limited period, i.e., for the duration of processing the transaction; and (2) where a cross-border transaction has a foreign and a domestic component, the domestic component can be stored abroad, if required.

The RBI on 6 April 2018 issued a data localization directive, mandating all authorized payment system operators and banks to store payment systems data only in India. This resulted in various ambiguities in relation to the requirements, as well as resistance from the industry to pushback on such requirements being imposed, especially by global payment companies.

The business law digest is compiled by Nishith Desai Associates, a research-based international law firm with offices in Mumbai, New Delhi, Bengaluru, Singapore, Silicon Valley, Munich and New York. The firm specializes in strategic legal, regulatory and tax advice coupled with industry expertise in an integrated manner.