Skip to main content
Meet the Reserve Bank of India’s data localization and security requirements.
The Reserve Bank of India (RBI) requires payment system operators and regulated entities to store payment data within India and meet security and audit obligations. The System Audit Report (SAR) and data localization directives ensure that payment data is stored and processed domestically with appropriate safeguards.
These requirements apply to payment system operators, banks, and fintechs handling payment data of Indian customers.

Who needs RBI SAR (Data Localization)?

Payment operators

Payment system providers subject to RBI data localization directives.

Indian fintechs and banks

Regulated entities processing payment data within India.

Key components

Data localization

Payment data must be stored within India’s borders.

System Audit Report

Independent audit of compliance with RBI directives.

Access and encryption

Controls protecting payment data at rest and in transit.

Incident reporting

Timely reporting of security incidents to the RBI.

How DSALTA helps with RBI SAR (Data Localization)

1

Activate RBI SAR

Select the RBI framework from the Frameworks page. DSALTA maps localization and security controls.
2

Review mapped controls

Review data storage, access, and audit controls and assign owners.
3

Collect evidence automatically

Connect integrations to gather technical evidence.
4

Approve policies

Review and approve data localization and security policies.
5

Prepare the SAR

Organize evidence for the System Audit Report.

Frequently asked questions

Payment data of Indian customers must be stored on systems located within India, with limited exceptions for cross-border transaction processing.
An independent audit demonstrating compliance with RBI’s data storage and security directives.