India: Adopted Guidelines on Regulation of Payment Aggregators and Payment Gateways including data localisation requirement

On 17 March 2020, the Reserve Bank of India (RBI) adopted the Guidelines on Regulation of Payment Aggregators (PAs) and Payment Gateways (PGs). The Guidelines include a series of technology-related recommendations, which are considered mandatory for PAs and recommended for PGs. Furthermore, the Guidelines outline obligations related to data sovereignty, specifying that entities should implement preventive security measures and store the data in an infrastructure that does not "belong to external jurisdictions". The Guidelines will be implemented on 1 April 2020.