Decoding India’s Regulatory Landscape

Covering Data Sharing, UAPA, Regulatory Sandbox, Data Protection, Financial Innovation. Explore crucial regulatory developments in Data Sharing, UAPA, Regulatory Sandbox, Data Protection, and Financial Innovation, including SIM binding mandates, NCII removal protocols, banking supervision evolution, SEBI data sharing guidelines, and international cooperation.

Show Notes

This episode covers the latest regulatory changes impacting Data Sharing, UAPA, Regulatory Sandbox, Data Protection, and Financial Innovation sectors in India.

Key updates include the Department of Telecommunications' mandate on continuous SIM binding for Account-Based Communication Services (ABCS) to prevent SIM-related frauds, requiring session logouts every six hours and re-linking through QR codes within 90 days. Another major highlight is the introduction of a Standard Operating Procedure for the removal of Non-Consensual Intimate Images (NCII), obligating intermediaries to act swiftly within 24 hours upon complaints and deploy crawler technology for proactive content takedown.

The Reserve Bank of India is also reshaping banking supervision with an emphasis on technology-neutral, risk-based frameworks focusing on operational resilience, cyber readiness, and AI governance. Additionally, SEBI's new guidelines formalize data sharing protocols for custodians, promoting data confidentiality and compliance.

For more information, visit the Carver Agents website.

Articles mentioned:
  1. One SIM to Rule Them All: Examining OTPs and SIM Binding for Digital Security
  2. 05.03.2026 - Shaping a stronger future for the Asia Pacific
  3. Why Women’s Leadership in Cybersecurity and Data Privacy is Key to Bridging the Digital Gender Divide
  4. Swaminathan J: Issues and challenges in banking supervision in the digital era
  5. MFSA Executes MoU with IFSCA
  6. Mar 04, 2026 - Guidelines for Custodians
  7. 02.03.2026 - Implementation of Section 51A of UAPA,1967: Updates to UNSC’s 1267/1989 ISIL (Da'esh) & Al-Qaida Sanctions List: Delisting of 01 entry

What is Decoding India’s Regulatory Landscape?

Regulatory news, updates, and insights for India presented by the Carver Agents team

Welcome to Carver's India Regulatory Updates for March 08, 2026.

The Department of Telecommunications in India has mandated continuous SIM binding for Account-Based Communication Services, or ABCS, effective March 1, 2026. This new requirement enforces session logouts every six hours with mandatory re-linking via QR code. The measure complements the Reserve Bank of India's stronger two-factor authentication directives and aims to combat SIM swap and cloning frauds. Service providers must maintain a continuous link between ABCS and the active SIM on the user’s device and implement SIM binding within 90 days of the directive. This update addresses rising cybercrime incidents and financial fraud exploiting SIM vulnerabilities, enhancing layered security to protect users and institutions from identity theft and financial losses.

In the realm of cybersecurity and digital privacy, India has introduced a Standard Operating Procedure for the removal of Non-Consensual Intimate Images, or NCII, under the Information Technology Rules, 2021. Intermediaries offering Significant Government Intermediary tools must now comply with mandatory labeling and safeguards. They are required to remove NCII content within 24 hours of receiving a complaint, deploy crawler technology to identify and take down similar content, and communicate removal status periodically to complainants.

The Reserve Bank of India’s Deputy Governor, Swaminathan J, highlighted evolving challenges in banking supervision in the digital era. The supervisory focus is shifting from traditional balance sheet reviews to continuous, technology-neutral, risk-based supervision. Key areas include operational resilience, cyber readiness, third-party dependencies, artificial intelligence governance, and the use of supervisory technology, or SupTech. Banks must implement tighter supervisory feedback loops with early triggers and clear escalation protocols, map concentration risks at the ecosystem level including third-party dependencies, and ensure clear accountability frameworks.

The Securities and Exchange Board of India, or SEBI, has introduced formalized guidelines for custodians regarding data sharing. The new policy outlines processes for data requests, approvals, data retention, expunging, and inspection by SEBI. Data seekers must submit a signed Data Seeking Request Form approved by their authority and sign an undertaking of confidentiality and non-disclosure. Data shared will primarily be historical and anonymized, at least two years old.

On the international cooperation front, the Malta Financial Services Authority and the International Financial Services Centres Authority, or IFSCA, India, have signed a Memorandum of Understanding. This MoU facilitates information sharing, promotes fitness and properness of licensed persons, upholds fair dealing and integrity, and strengthens enforcement efforts between the two authorities.

Finally, the Security Council Committee under the United Nations has removed the entity “Al-Nusrah Front for the People of the Levant” from its 1267/1989 ISIL and Al-Qaida sanctions list. This delisting lifts asset freezes, travel bans, and arms embargo measures against the entity. Regulated entities in India must update their sanctions screening policies accordingly, ensuring no accounts exist in the name of sanctioned individuals or entities. They must follow procedures under Chapter IX of the Reserve Bank of India KYC Directions, 2025, and the Unlawful Activities (Prevention) Act Order dated February 2, 2021, as amended on April 22, 2024. Any delisting requests should be forwarded to the Ministry of Home Affairs as instructed.

That wraps up today's regulatory updates. Visit carveragents.ai for more information.