India: Implemented Guidelines on Regulation of Payment Aggregators and Payment Gateways including cybersecurity requirements

On 1 April 2020, the Guidelines on the Regulation of Payment Aggregators (PAs) and Payment Gateways (PGs) issued by the Reserve Bank of India (RBI) were implemented. The Guidelines include a series of technology-related recommendations, which are considered mandatory for PAs and recommended for PGs. The cybersecurity requirements span a variety of sectors, including information security and IT governance, data and cryptography standards, reporting, periodic auditing, risk assessment, vendor risk management, and forensic readiness. Under the Guidelines, the entities are required to implement preventive and detective measures to ensure the security of the stored data.