The Reserve Bank of India ("RBI") recently introduced the Master Directions – Reserve Bank of India (Credit Information Reporting) Directions, 2025 ("Master Directions"), subtly restructuring the legal architecture governing India's credit information ecosystem. These directions—though building upon the framework under the Credit Information Companies (Regulation) Act, 2005 ("CICRA") and the CIC Regulations, 2006—have led to interpretational challenges for regulated entities, particularly Specified Users.
Expanded Access to Credit Information
Traditionally, access to credit information was restricted to 'Credit Institutions' and 'Specified Users'. However, under the new Master Directions, Credit Information Companies ("CICs") are now permitted to share credit data with entities beyond these defined categories. This inclusion, while expanding the scope of data access, comes with heightened compliance obligations.
Before transacting with such entities, CICs must conduct detailed due diligence, including:
- Assessing management reputation and public interest considerations
- Reviewing business structure, governance practices, grievance mechanisms, and litigation risks
- Ensuring financial capacity to honour obligations in adverse scenarios
- Evaluating technological and managerial resources for sustained service delivery
- Verifying cyber security controls, audit processes, and business continuity arrangements
Despite this broader access, a distinction remains: entities outside the 'Specified User' bracket may only access credit data for internal use. In contrast, Specified Users are authorised to leverage such data for providing services to credit institutions.
The Clause Creating Compliance Dissonance
A particular clause in the Master Directions has generated uncertainty across the credit information value chain:
"Sharing of credit information by Specified Users with any other person (including credit institutions) is in violation of Section 17(4) of CICRA and Regulation 9 of CIC Regulations, 2006."
This instruction, on a plain reading, appears to prohibit Specified Users from sharing credit information even with the credit institutions they are engaged to serve. However, this literal reading is inconsistent with the amended 2021 definition of Specified User—which explicitly permits such entities to process information for the benefit of credit institutions.
This contradiction gives rise to a fundamental concern—if both Specified Users and non-designated entities are treated similarly in terms of data access restrictions, the utility and regulatory purpose of the Specified User category become moot.
Conclusion
The current formulation of the Master Directions requires recalibration—not necessarily through legislative change but through interpretational clarity. The revised Master Directions represent a structural shift in India's credit information landscape, and with it, a degree of interpretational ambiguity that regulated entities—particularly Specified Users and credit institutions—must now navigate with care. While the regulatory objective is to strengthen data governance and prevent misuse, the overlapping definitions and prohibitions may inadvertently constrain entities that are essential to the functioning of the credit ecosystem.
For institutions operating as or engaging with Specified Users, the recent directions demand a nuanced compliance strategy—one that distinguishes between legal form and regulatory purpose. Institutions must carefully assess their contractual models, data sharing protocols, and internal compliance frameworks to ensure they do not fall afoul of provisions that are currently being interpreted in a restrictive manner by CICs.
This moment also presents a unique opportunity for dialogue. Given that the revised framework was introduced after prior stakeholder consultations, there remains scope for practical clarification—either through regulatory engagement or through structured implementation practices that align with the broader intent of the RBI. As the dust settles, institutions that approach this transition with strategic foresight, legal sensitivity, and operational clarity will be better positioned to adapt to—and shape—the next phase of India's credit information regime.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
