惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Fortinet All Blogs
宝玉的分享
宝玉的分享
酷 壳 – CoolShell
酷 壳 – CoolShell
T
The Exploit Database - CXSecurity.com
Help Net Security
Help Net Security
腾讯CDC
Project Zero
Project Zero
C
CXSECURITY Database RSS Feed - CXSecurity.com
IT之家
IT之家
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Tailwind CSS Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
D
Darknet – Hacking Tools, Hacker News & Cyber Security
L
LINUX DO - 最新话题
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
T
Threatpost
N
News | PayPal Newsroom
C
Cybersecurity and Infrastructure Security Agency CISA
Hacker News - Newest:
Hacker News - Newest: "LLM"
S
SegmentFault 最新的问题
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
P
Proofpoint News Feed
A
Arctic Wolf
B
Blog RSS Feed
Forbes - Security
Forbes - Security
P
Privacy & Cybersecurity Law Blog
Attack and Defense Labs
Attack and Defense Labs
V2EX - 技术
V2EX - 技术
P
Proofpoint News Feed
I
Intezer
Application and Cybersecurity Blog
Application and Cybersecurity Blog
阮一峰的网络日志
阮一峰的网络日志
aimingoo的专栏
aimingoo的专栏
T
Tenable Blog
MyScale Blog
MyScale Blog
U
Unit 42
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
WordPress大学
WordPress大学
W
WeLiveSecurity
D
DataBreaches.Net
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
G
GRAHAM CLULEY
有赞技术团队
有赞技术团队
Martin Fowler
Martin Fowler
罗磊的独立博客
The Last Watchdog
The Last Watchdog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
V
Vulnerabilities – Threatpost
美团技术团队
Microsoft Security Blog
Microsoft Security Blog

MEDIANAMA

India in talks with US, Anthropic for Mythos access; no Indian firms in Project Glasswing yet Eternal Q4FY26: All Users Pay Higher Platform Fee, Only Some Get Discounts Amazon, Meta to challenge PhonePe-Google Pay dominance as UPI cap delayed since 2020 Meta failed to protect the safety of under-13s: European Commission If markets and regulators are ready for network slicing, we are ready: JIO Why defining ‘news’ won’t fix the free speech problems of draft IT Rules? #NAMA Eternal Q4FY26: Goyal Dismisses AI Disruption Risk as Zomato Quietly Builds Agentic Commerce Infrastructure Karnataka files appeal challenging the bike taxi ban lift in the Supreme Court How did WhatsApp turn 17 govt. flags into 9,400 digital arrest scam bans? Google Wallet integrates Aadhaar as digital ID, expands India’s mobile identity ecosystem Kerala HC issues notice on MediaOne’s Facebook page block in India MeitY warns VPN providers against enabling access to blocked betting platforms Shreya Singhal targeted private censorship. Today’s threat is the State #NAMA Amazon scales its quick delivery service ‘Amazon Now’ in 100 cities Can MeitY issue binding rules via advisories? Experts raise alarm over draft IT Rules #NAMA How 2019 election code of ethics became India’s three-hour content takedown mandate #NAMA Australia proposes new levy on big tech to fund news, opens draft law for consultation ‘judge, jury, executioner’: experts warn of Inter-Departmental Committee (IDC) overreach under New draft IT Rules Lowdown: TRAI flags low deployment under PM-WANI in public Wi-Fi consultation paper Why the NBFC licence matters for MobiKwik China blocks Meta-Manus deal, asserts origin-country jurisdiction: what this means for India ‘No transparency’: experts warn of expanding powers to block online speech in India #NAMA X launches standalone iOS messaging app XChat with encryption in India How India’s content takedown framework was built and where It has gone wrong #NAMA Claude Mythos puts India on alert: CERT-In, telcos, banks assess unprecedented cyber risks Explained: why did the RBI cancel Paytm’s banking licence? Meta now instantly blocks content in India Govt. asks ZEE5 to halt ‘Lawrence of Punjab’ web series release Online Gaming Rules notified, to be in effect from May 1, what are the major changes? RBI mandates additional factor authentication for e-mandates No notice, no explanation, no recourse: how content creators experience censorship in India #NAMA Telangana Police invokes UAPA to demand TeluguScribe’s user data from X Lowdown: RBI releases draft PPI rules covering capital requirements, wallet limits & escrow norms MeitY tightens AI label rules, mandates continuous disclosure Watch Live: IT Rules and the Future of Online Speech in India, Delhi April 23, #NAMA Govt. defends 4 PM YouTube ban, cites foreign influence and ‘digital lobbying’ in Delhi HC Anthropic’s Mythos AI accessed without approval via third-party vendor route: Report YouTube expands AI likeness detection tool to celebrities amid deepfake surge ECI orders 3-hour takedown rule for AI and fake content in elections Final Call: IT Rules and the Future of Online Speech in India, Delhi April 23, #NAMA Announcing Speakers: Victims of Censorship | IT Rules and the Future of Online Speech in India, Delhi April 23, #NAMA Apple withholds financial data as India App Store antitrust case heads to final hearing Sony rolls out age checks in Playstation in the UK, users to prove age to access chat Vercel confirms hack via third-party AI tool, says sensitive data safe Karnataka High Court stays blocking orders against Proton Mail J&K DMs impose sweeping 60-day social media curbs; IFF calls them “illegal, overbroad” Flipkart plans ticketing entry, food delivery pilot in May ahead of IPO ANI v OpenAI: Not Everything an LLM Does is Copyright Infringement EU’s “safe by design” age-verification app cracked in minutes, raising data security fears Molitics’ Instagram suspended days after Facebook ban Speaker Announcement: IT Rules and the Future of Online Speech in India, April 23, 2026, Delhi X has only responded to 13 out of 94 takedown notices since 2024: Centre tells Gujarat HC Jio Financial Services Q4FY26 profit declines 14% to Rs 272 crore Bombay HC cracks down on fake ‘NSE’ social media handles amid rising impersonation fraud Government drops proposal to mandate Aadhaar app on smartphones Ola’s Krutrim quietly shuts down its agentic AI assistant ‘Kruti’ Anthropic taps Peter Thiel-backed Persona for Claude ID checks, raising DPDP concerns YouTube rolls out option to turn off Shorts, expands time controls Amnesty calls for ‘immediate withdrawal’ of India’s 2026 IT Amendment Rules, cites threat to free speech and privacy Lowdown: Insurers have to comply with DPDP as IRDAI updates Cyber Security Guidelines European Commission proposes Google have to share search data with rivals under the DMA AIGEG: MeitY’s new AI governance body excludes regulators recommended by its own AI guidelines Amazon acquires Globalstar for $11.57 Billion: What it means for India European Commission rolls out privacy-focused age verification app for child safety Reading List: IT Rules and the future of online speech in India, April 23, Delhi #NAMA Digital rule, colonial echo – India’s IT Rules 2021 amendments Agenda: IT Rules and the future of online speech in India, Delhi, April 23 #NAMA Motorola gets court order to block YouTube videos critical of its phones in India Apple and Google promote ‘nudify’ apps despite policy bans, report finds National security could be used to mandate registration of online games HBO Max enters India via JioHotstar partnership Andhra Pradesh police detain stand-up comedian Anudeep Katikala over YouTube video jokes Aptoide sues Google for app store monopoly, alleges ‘anticompetitive chokehold’ HBO Pushes X to Unmask User Behind Euphoria Season 3 Spoilers Delhi HC directs DoT, MeitY to take action against Tucows for failing to take down infringing URLs in Premier League case Claude users say accounts suspended after being incorrectly flagged as minors MeitY may let users, intermediaries join content-blocking hearings Sucheta Dalal challenges Delhi Court order using ‘Right to Be Forgotten’ in Sterling Biotech case Govt launches Rs 10,000 Cr Startup India Fund of Funds 2.0 to bridge early-stage funding gap in deep tech Advisories as Law? Panelists Debate Legal Sanctity Under Draft IT Rules Amendments Independent journalists in Punjab allege censorship by ruling AAP using copyright strikes, IT act Supreme Court Issues Notice on PIL Seeking Biometric Verification of Voters Fact-check: MP Nishikant Dubey’s claim on X community notes & Australian tax is false “No scientific evidence”: 438 scientists call for pause on age-based controls until benefits and risks understood Developer partially bypasses Google’s AI watermark, undermining detection India’s deepfake rules rely on Event Announcement: IT Rules and the Future of Online Speech in India, April 23, #NAMA UK plans jail risk for tech executives over failure to remove intimate images Press bodies demand ‘unconditional withdrawal’ of draft amendment to IT Rules, warns of free speech threat Zoho revenue crosses Rs 12,000 crore in FY25, but profit slips 3% YouTube’s AI avatar tool for Shorts raises questions around India’s deepfake rules, personality rights Instagram expands safety settings on teen accounts with 13+ content ratings Digi Yatra is eyeing international travel roll-out with passport-based enrolment Meta’s new AI model Muse Spark is coming to WhatsApp. Here is what that means for Indian users Andhra Pradesh explores DigiLocker age tokens for social media curbs on children aged 13-16 Kunal Kamra tells Bombay HC police sent “thousands” of takedown notices via Sahyog portal Extra safeguard for the elderly: RBI suggests trusted person approval for high-value digital payments Delhi court orders Google to remove Sterling Biotech case links, cites ‘right to be forgotten’ RBI Proposes 1-hour delay, customer controls for digital payments as frauds surge Should only MIB-authorised apps be allowed to stream free TV on Smart TVs? TRAI Seeks Inputs OpenAI releases child safety policy framework recommendations to combat AI-enabled CSAM
Lowdown: RBI wants banks to add sill Switches, human oversight for AI models - MEDIANAMA
Prabhanu Kumar Das · 2026-06-25 · via MEDIANAMA

Banks and other regulated entities (REs) may soon have to ensure every artificial intelligence (AI) system they deploy can be overridden, suspended or deactivated through “kill-switch arrangements”, under the Reserve Bank of India’s (RBI) draft Guidance on Regulatory Principles for Model Risk Management, 2026

Released for public consultation on Wednesday, the draft proposes a broad framework governing how banks, NBFCs and other financial institutions develop, deploy and oversee models, including AI systems. Stakeholders can submit comments until July 24, 2026. The guidance would apply to commercial banks, small finance banks, payments banks, local area banks, co-operative banks, regional rural banks, NBFCs, all-India financial institutions, asset reconstruction companies and credit information companies. The guidelines also clarify that “further requirements, if any, applicable to AI models may be issued later”. 

Why is the RBI issuing these guidelines? The RBI said REs are increasingly using models to improve customer service, automate business processes, strengthen risk management and defend against cyber attacks. It attributed this to the growing scale and complexity of financial activities, digitalisation of financial services, advances in analytical and computational capabilities, AI and machine learning (ML), and greater reliance on third-party providers.

The draft defines a “model” broadly. It includes any internally developed or third-party system that uses data and statistical, mathematical, financial or AI/ML techniques to generate outputs used for business operations or decision-making. It also covers algorithms, analytics, applications, decision-based rules and other computational tools that materially affect business decisions, regardless of whether an RE formally classifies them as models.

The AI-specific provisions apply to AI and ML models, including foundational AI models and frontier AI models. The RBI said REs should define their scope and implement additional controls based on their potential impact on customers, business operations and financial outcomes.

Board oversight and governance: The RBI proposes that every RE establish a Board-approved Model Risk Management Framework (MRMF) covering governance, model tiering, inventory, documentation, validation, approvals, monitoring, change management, business continuity and decommissioning.

The Board would oversee the framework, while the Risk Management Committee of the Board would review high-risk models, monitor third-party and AI models, review model tiering at least annually and oversee breaches or other material concerns. The RBI also makes clear that REs remain accountable for the outcomes of every model they use, whether developed internally, sourced from third parties or a combination of both.

AI should only be used where risks can be managed: The RBI said REs should assess whether risks arising from AI models can be adequately identified, measured, monitored and managed before deploying them. AI models should only be used in business processes and use cases where those risks can be effectively managed.

The draft also requires REs to classify every model according to risk. For AI models, this assessment should additionally consider “the extent of reliance and the level of autonomy placed on the model outputs for decision-making.” Models with greater autonomy or greater reliance on their outputs could therefore attract higher risk classifications.

For material third-party AI models, datasets and dependencies, REs should also consider risks arising from dependence on a limited number of providers, supply chain risks, limitations in independently validating models and behavioural changes resulting from provider-driven updates.

AI must remain under human control: REs would have to establish robust human oversight arrangements for AI models, including automated decision-making systems. These arrangements should include:

  • Human-in-command mechanisms, such as human-in-the-loop or human-on-the-loop oversight.
  • Override, suspension or deactivation mechanisms, including kill-switch arrangements.
  • Periodic human review of model outputs and AI-driven decisions to identify anomalies.

The oversight mechanism should also account for automation bias, over-reliance on AI outputs and decision fatigue. Additionally, personnel responsible for overseeing AI systems should possess sufficient expertise to “effectively challenge, override, or escalate issues/concerns in model outputs where required.” REs should periodically review human interventions, overrides, incidents and near misses to strengthen oversight arrangements.

How RBI wants AI models to behave: The draft requires REs to define explainability and transparency thresholds for every AI model. Models relied upon for material decision-making or having significant impact on customers or operations should meet higher explainability standards.

Where full explainability cannot be achieved, the RBI said REs should implement enhanced validation and testing mechanisms to verify and corroborate model outputs before use, more frequent validation and monitoring, usage restrictions and other compensating controls.

The draft also directs REs to establish “appropriate control boundaries” to mitigate hallucinations, particularly in generative AI models and use cases where AI outputs directly or indirectly influence customer interactions or decision-making.

Additionally, REs should identify risks of bias and discriminatory outputs, particularly where AI could unfairly treat certain customer groups. They should conduct fairness assessments and implement mitigants, including recalibration or redesign where necessary.

The RBI further said REs should ensure AI models:

  • are not overfitted to training data and can generalise to real-world conditions;
  • do not rely on spurious correlations or unintended relationships;
  • do not produce excessive or unexplained variation under similar inputs, and where such variability, stochastic behaviour or model uncertainty exists, it should be managed through measures such as confidence scores and probability outputs; and
  • continuously monitor and address data quality issues, non-representative or incomplete datasets, intellectual property risks, data drift and concept drift.

How RBI wants AI models tested:

  • Independently validate every model, including third-party models, regardless of any validation, certification or assurance provided by the service provider. Validation should assess the model’s inputs, assumptions, conceptual soundness, design, performance and alignment with its intended use.
  • Validate models throughout their lifecycle, including before deployment, after deployment, following modifications, on internal or external triggers and periodically under the MRMF.
  • Test AI models under stressed conditions to ensure vulnerabilities do not emerge through edge cases, abnormal inputs, manipulations and adversarial conditions.
  • Carry out structured challenge processes, including red-teaming or equivalent testing, particularly for models involving customer interaction or generative AI capabilities.
  • Apply additional controls to models that receive dynamic or automatic updates, including defining what can be updated automatically, justifying automatic updates, conducting enhanced data quality checks, and monitoring such models more frequently.
  • Maintain enhanced documentation for AI models to ensure traceability, reproducibility, and auditability, reflecting their complexity, self-adapting nature, and reliance on training data.

Stronger controls for third-party AI: Before acquiring or using a third-party model, REs should carry out due diligence covering the credibility of the service provider, the model’s methodology and limitations, and the suitability and quality of data used.

Where a third-party provider does not disclose sufficient information about an AI model, REs should identify risks arising from those constraints and implement mitigants, including limiting the model’s use.

The RBI also proposes that contracts with third-party providers should provide REs with access to sufficient technical documentation to understand, validate and audit models, while also covering audit rights, continuity arrangements and exit mechanisms.

Deployment controls: REs should ensure model outputs are replicated and stable in the production environment before deployment. AI models should also not introduce vulnerabilities into either the model itself or the RE’s production environment. REs should implement access controls, cybersecurity safeguards and controls covering APIs, external interfaces and third-party integrations.

For customer-facing AI systems, including generative AI models, REs should implement additional cybersecurity controls against prompt injection, adversarial inputs, persistent sessions and anomalous usage patterns.

They should also clearly disclose that users are interacting with an AI or ML-based system, explain its limitations and provide customers with the option to switch to human assistance whenever requested.

Also read: