Unified Payments Interface (UPI) Information Security Compliance Framework 2025

Unified Payments Interface (UPI), introduced by the National Payments Corporation of India (NPCI),allows users to link several bank accounts to a single mobile application offered by any member bank. It simplifies digital banking by combining multiple services, including money transfers, merchant transactions, and account features into one secure and easy-to-use platform. Recognising the importance of UPI security standardisation across participants, NPCI has issued UPI Information Security Compliance Framework - 2025 (hereinafter also referred to as ‘UPI InfoSec Compliance Framework 2025’).

Objective of UPI InfoSec compliance framework 2025

To outline the information security compliance requirements and standards for entities seeking to onboard or onboarded on NPCI’s Unified Payment Interface

To help build a secure and resilient UPI ecosystem

To help comply with key cybersecurity principles, including confidentiality, integrity, availability, privacy and resilience of payment applications

To proactively recognise, track, mitigate, and oversee risks associated with cybersecurity and emerging technologies

Audit and compliance obligations of UPI InfoSec compliance framework 2025

To outline the information security compliance requirements and standards for entities seeking to onboard or onboarded on NPCI’s Unified Payment Interface
To help build a secure and resilient UPI ecosystem
To help comply with key cybersecurity principles, including confidentiality, integrity, availability, privacy and resilience of payment applications
To proactively recognise, track, mitigate, and oversee risks associated with cybersecurity and emerging technologies