惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Google Online Security Blog
Google Online Security Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Stack Overflow Blog
Stack Overflow Blog
GbyAI
GbyAI
Microsoft Azure Blog
Microsoft Azure Blog
I
InfoQ
F
Fortinet All Blogs
N
Netflix TechBlog - Medium
Martin Fowler
Martin Fowler
腾讯CDC
C
CERT Recently Published Vulnerability Notes
博客园 - 聂微东
L
LINUX DO - 热门话题
Y
Y Combinator Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Microsoft Security Blog
Microsoft Security Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
WordPress大学
WordPress大学
C
Cisco Blogs
A
Arctic Wolf
Latest news
Latest news
Jina AI
Jina AI
P
Proofpoint News Feed
博客园 - 叶小钗
Vercel News
Vercel News
T
Threat Research - Cisco Blogs
博客园 - 三生石上(FineUI控件)
K
Kaspersky official blog
C
Check Point Blog
H
Heimdal Security Blog
博客园 - Franky
小众软件
小众软件
The Register - Security
The Register - Security
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Google DeepMind News
Google DeepMind News
AWS News Blog
AWS News Blog
The Hacker News
The Hacker News
T
The Exploit Database - CXSecurity.com
aimingoo的专栏
aimingoo的专栏
Project Zero
Project Zero
G
GRAHAM CLULEY
爱范儿
爱范儿
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Scott Helme
Scott Helme
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
NISL@THU
NISL@THU

MEDIANAMA

India in talks with US, Anthropic for Mythos access; no Indian firms in Project Glasswing yet Eternal Q4FY26: All Users Pay Higher Platform Fee, Only Some Get Discounts Amazon, Meta to challenge PhonePe-Google Pay dominance as UPI cap delayed since 2020 Meta failed to protect the safety of under-13s: European Commission If markets and regulators are ready for network slicing, we are ready: JIO Why defining ‘news’ won’t fix the free speech problems of draft IT Rules? #NAMA Eternal Q4FY26: Goyal Dismisses AI Disruption Risk as Zomato Quietly Builds Agentic Commerce Infrastructure Karnataka files appeal challenging the bike taxi ban lift in the Supreme Court How did WhatsApp turn 17 govt. flags into 9,400 digital arrest scam bans? Google Wallet integrates Aadhaar as digital ID, expands India’s mobile identity ecosystem Kerala HC issues notice on MediaOne’s Facebook page block in India MeitY warns VPN providers against enabling access to blocked betting platforms Shreya Singhal targeted private censorship. Today’s threat is the State #NAMA Amazon scales its quick delivery service ‘Amazon Now’ in 100 cities Can MeitY issue binding rules via advisories? Experts raise alarm over draft IT Rules #NAMA How 2019 election code of ethics became India’s three-hour content takedown mandate #NAMA Australia proposes new levy on big tech to fund news, opens draft law for consultation ‘judge, jury, executioner’: experts warn of Inter-Departmental Committee (IDC) overreach under New draft IT Rules Lowdown: TRAI flags low deployment under PM-WANI in public Wi-Fi consultation paper Why the NBFC licence matters for MobiKwik China blocks Meta-Manus deal, asserts origin-country jurisdiction: what this means for India ‘No transparency’: experts warn of expanding powers to block online speech in India #NAMA X launches standalone iOS messaging app XChat with encryption in India How India’s content takedown framework was built and where It has gone wrong #NAMA Claude Mythos puts India on alert: CERT-In, telcos, banks assess unprecedented cyber risks Explained: why did the RBI cancel Paytm’s banking licence? Meta now instantly blocks content in India Govt. asks ZEE5 to halt ‘Lawrence of Punjab’ web series release Online Gaming Rules notified, to be in effect from May 1, what are the major changes? RBI mandates additional factor authentication for e-mandates No notice, no explanation, no recourse: how content creators experience censorship in India #NAMA Telangana Police invokes UAPA to demand TeluguScribe’s user data from X Lowdown: RBI releases draft PPI rules covering capital requirements, wallet limits & escrow norms MeitY tightens AI label rules, mandates continuous disclosure Watch Live: IT Rules and the Future of Online Speech in India, Delhi April 23, #NAMA Govt. defends 4 PM YouTube ban, cites foreign influence and ‘digital lobbying’ in Delhi HC Anthropic’s Mythos AI accessed without approval via third-party vendor route: Report YouTube expands AI likeness detection tool to celebrities amid deepfake surge ECI orders 3-hour takedown rule for AI and fake content in elections Final Call: IT Rules and the Future of Online Speech in India, Delhi April 23, #NAMA Announcing Speakers: Victims of Censorship | IT Rules and the Future of Online Speech in India, Delhi April 23, #NAMA Apple withholds financial data as India App Store antitrust case heads to final hearing Sony rolls out age checks in Playstation in the UK, users to prove age to access chat Vercel confirms hack via third-party AI tool, says sensitive data safe Karnataka High Court stays blocking orders against Proton Mail J&K DMs impose sweeping 60-day social media curbs; IFF calls them “illegal, overbroad” Flipkart plans ticketing entry, food delivery pilot in May ahead of IPO ANI v OpenAI: Not Everything an LLM Does is Copyright Infringement EU’s “safe by design” age-verification app cracked in minutes, raising data security fears Molitics’ Instagram suspended days after Facebook ban Speaker Announcement: IT Rules and the Future of Online Speech in India, April 23, 2026, Delhi X has only responded to 13 out of 94 takedown notices since 2024: Centre tells Gujarat HC Jio Financial Services Q4FY26 profit declines 14% to Rs 272 crore Bombay HC cracks down on fake ‘NSE’ social media handles amid rising impersonation fraud Government drops proposal to mandate Aadhaar app on smartphones Ola’s Krutrim quietly shuts down its agentic AI assistant ‘Kruti’ Anthropic taps Peter Thiel-backed Persona for Claude ID checks, raising DPDP concerns YouTube rolls out option to turn off Shorts, expands time controls Amnesty calls for ‘immediate withdrawal’ of India’s 2026 IT Amendment Rules, cites threat to free speech and privacy Lowdown: Insurers have to comply with DPDP as IRDAI updates Cyber Security Guidelines European Commission proposes Google have to share search data with rivals under the DMA AIGEG: MeitY’s new AI governance body excludes regulators recommended by its own AI guidelines Amazon acquires Globalstar for $11.57 Billion: What it means for India European Commission rolls out privacy-focused age verification app for child safety Reading List: IT Rules and the future of online speech in India, April 23, Delhi #NAMA Digital rule, colonial echo – India’s IT Rules 2021 amendments Agenda: IT Rules and the future of online speech in India, Delhi, April 23 #NAMA Motorola gets court order to block YouTube videos critical of its phones in India Apple and Google promote ‘nudify’ apps despite policy bans, report finds National security could be used to mandate registration of online games HBO Max enters India via JioHotstar partnership Andhra Pradesh police detain stand-up comedian Anudeep Katikala over YouTube video jokes Aptoide sues Google for app store monopoly, alleges ‘anticompetitive chokehold’ HBO Pushes X to Unmask User Behind Euphoria Season 3 Spoilers Delhi HC directs DoT, MeitY to take action against Tucows for failing to take down infringing URLs in Premier League case Claude users say accounts suspended after being incorrectly flagged as minors MeitY may let users, intermediaries join content-blocking hearings Sucheta Dalal challenges Delhi Court order using ‘Right to Be Forgotten’ in Sterling Biotech case Govt launches Rs 10,000 Cr Startup India Fund of Funds 2.0 to bridge early-stage funding gap in deep tech Advisories as Law? Panelists Debate Legal Sanctity Under Draft IT Rules Amendments Independent journalists in Punjab allege censorship by ruling AAP using copyright strikes, IT act Supreme Court Issues Notice on PIL Seeking Biometric Verification of Voters Fact-check: MP Nishikant Dubey’s claim on X community notes & Australian tax is false “No scientific evidence”: 438 scientists call for pause on age-based controls until benefits and risks understood Developer partially bypasses Google’s AI watermark, undermining detection India’s deepfake rules rely on Event Announcement: IT Rules and the Future of Online Speech in India, April 23, #NAMA UK plans jail risk for tech executives over failure to remove intimate images Press bodies demand ‘unconditional withdrawal’ of draft amendment to IT Rules, warns of free speech threat Zoho revenue crosses Rs 12,000 crore in FY25, but profit slips 3% YouTube’s AI avatar tool for Shorts raises questions around India’s deepfake rules, personality rights Instagram expands safety settings on teen accounts with 13+ content ratings Digi Yatra is eyeing international travel roll-out with passport-based enrolment Meta’s new AI model Muse Spark is coming to WhatsApp. Here is what that means for Indian users Andhra Pradesh explores DigiLocker age tokens for social media curbs on children aged 13-16 Kunal Kamra tells Bombay HC police sent “thousands” of takedown notices via Sahyog portal Extra safeguard for the elderly: RBI suggests trusted person approval for high-value digital payments Delhi court orders Google to remove Sterling Biotech case links, cites ‘right to be forgotten’ RBI Proposes 1-hour delay, customer controls for digital payments as frauds surge Should only MIB-authorised apps be allowed to stream free TV on Smart TVs? TRAI Seeks Inputs OpenAI releases child safety policy framework recommendations to combat AI-enabled CSAM
Now, lenders can disable smartphone functions in case of default: Where do RBI’s new draft rules fall short?
Amit Singh · 2026-05-21 · via MEDIANAMA

Downloads:

The Reserve Bank of India (RBI) has issued revised draft amendment directions on “Conduct of Regulated Entities in Recovery of Loans and Engagement of Recovery Agents”. Among other things, the central bank has proposed allowing lenders to deploy technology-based mechanisms that restrict or disable certain functionalities of financed devices, including smartphones and tablets, to recover loans from borrowers in the event of default.

What do the draft rules say? Financial institutions, including banks and Non-Banking Financial Company (NBFCs), can impose restrictions only if the loan was taken specifically to purchase that device.

  • The loan contract must explicitly state that lenders can impose restrictions on a borrower’s mobile device in case of default, specify events that can lead to the issuance of a notice for loan recovery, the means by which such notices will be served, the timeline for repayment, and the grievance redressal mechanism.
  • A notice can only be issued after 60 days of missed payments. Borrowers will be provided another 21 days to repay the loan after issuance of the first notice.
  • Lenders are required to serve a second notice to the borrower after the expiry of the first one and grant at least another 7 days for repayment.
  • Restrictions on a borrower’s mobile phone can only be imposed after the loan has gone 90 days past due and the borrower has failed to repay the dues despite being served notices.
  • Lenders are barred from fully blocking essential functions, including incoming calls, internet access, emergency SOS features and government notifications. They are also prohibited from accessing, storing or using any personal data available on the borrower’s device under any circumstances.
  • The RBI has also proposed mandating the lifting of restrictions on device features within one hour of loan repayment. In cases involving wrongful restriction or delays in reversing restrictions, the lender must compensate the borrower at the rate of Rs 250 per hour until the issue is resolved.
  • The tech-based mechanism deployed for restricting device features must be uninstalled once the loan is repaid in full.

The RBI has sought public feedback on its recommendations by May 31, 2026. The proposed framework will come into effect from October 1.

What has been banned? Recovery agents are prohibited from engaging in the following “harsh” practices for collections:

  1. Use of minatory or abusive language
  2. Use of social media for posting video, audio recordings, or personal details of the borrower or guarantor
  3. Sending inappropriate messages either on mobile phones or through social media
  4. Excessively calling or messaging the borrower, or calling or messaging outside the prescribed hour from 8 AM to 7 PM.
  5. Making threatening and/or anonymous calls;
  6. Intimidating or harassing the borrower, guarantor, their relatives, referees, friends, or co-workers in verbal, physical, or any other manner, including acts intended to publicly humiliate them or intrude upon their privacy
  7. Using or threatening violence or similar means to harm the borrower or guarantor, their family, assets, or reputation
  8. Making false or misleading representations to the borrower or guarantor, especially about the extent of the debt or the consequences of non-repayment

Where do the rules fall short?

1. Outgoing calls not protected: While the RBI has barred lenders from blocking functions such as internet access, incoming calls, emergency SOS features, and government notifications, features including outgoing calls and UPI payments can still be restricted if a borrower defaults on their loan.

For a small vendor or a daily wage worker whose income depends on their phone, for instance, someone who receives payments via UPI or stores essential documents such as a ration card on DigiLocker, device restrictions may make repayment more difficult, not easier.

2. The shared WhatsApp group problem: “The disclosure of any borrower’s/guarantor’s information to its employees/recovery agencies is limited to the extent required to enable them to discharge their loan recovery-related duties,” the RBI’s draft amendment rules state.

A recovery agency handling accounts for multiple banks may send agents into the field for debt collection. These recovery agents often coordinate with each other through WhatsApp groups for operational convenience, where they may share information about borrowers, including names, addresses, phone numbers, loan amounts, and employer details.

When agents working for one bank can access the data of another bank’s borrower, it violates the “limited to the extent required” provision. However, there is no audit trail or liability framework for misuse of information shared through these WhatsApp groups. Moreover, the bank itself may have no visibility into how the recovery agency internally communicates borrower information.

3. Incentive-driven data leak: A recovery agent is often paid per resolution. Therefore, to maximise collections, an agent may share a defaulting borrower’s employer details and outstanding loan amount with workplace contacts, not necessarily to harass the borrower, but to “facilitate” repayment.

This remains a regulatory grey zone that the revised draft rules do not address.

Also Read: