New Delhi: The Reserve Bank of India (RBI) wants banks and other lenders to build a “kill switch” into every artificial intelligence system they use, so that a human can shut down a faulty model at once. A draft framework it released Wednesday puts responsibility for AI-driven decisions squarely with the entity’s board of directors.
Banks now lean on software to approve loans, price them, screen transactions for fraud, score credit and answer customers on apps. The RBI’s draft lays out how lenders must govern these systems from the day they pick a model to the day they retire it.
The draft asks regulated entities to put in place “override, suspension, or deactivation mechanisms, including kill-switch arrangements” for AI models. The RBI uses the term “regulated entities”, or REs, for banks, non-banking financial companies (NBFCs) and other firms it supervises. It has invited feedback from these entities and the public by 24 July.
The framework, titled ‘Guidance on Regulatory Principles for Model Risk Management, 2026’, covers 11 categories of entities the central bank regulates, among them commercial banks, small finance banks, payments banks, co-operative banks, NBFCs and credit information companies.
It applies to all “models”. A model, the draft says, is any tool that processes inputs and produces an output that feeds a business decision. Therefore, not just machine-learning systems but also simpler tools such as a spreadsheet, if a bank uses it to set lending rates, comes under this category.
The rules apply “irrespective of whether such tools are recognised as models by the RE”, the draft says. In simpler terms, the test is what the tool does, not what the bank chooses to call it.
The framework holds lenders accountable for the outcomes of every model they use, whether they build it in-house or buy it from a vendor. “An RE is accountable for the outcomes of all models used by it, irrespective of whether the models are developed internally, sourced from third-parties, or a combination thereof,” it says.
A bank cannot pass the blame to a technology supplier. It must run its own independent checks, even after the vendor certifies it, screen the vendor’s track record before signing up, and write rights into the contract to see how the model works, to audit it, and to exit cleanly if it has to. This means that the contract must include exit and continuity terms, letting the bank drop the vendor’s model and move to an alternative without disrupting operations.
The RBI also pushes responsibility to the top of the organisation. Each RE will have to set up a board-approved model risk management framework. The Risk Management Committee of the entity’s board will have to clear any model the lender classifies as high-risk before deploying it. The board has to fix how much model risk the bank is willing to live with, and senior management has to find the people and systems to make the framework work on the ground.
‘Three lines of defence’
The draft prescribes a “three lines of defence” structure, a layered system of checks in which model owners form the first line, an independent validation team the second and internal audit the third. A lender may not use any model unless it sits in a central register, and decommissioned models must stay on that register for at least 10 years.
Lenders must classify every model by risk tier, sorting them by how much damage they could do, and review the rating at least once a year. The draft warns that a low-complexity score must not pull down the risk rating of a model that matters to the bank’s business. If a model’s risk climbs past what the bank can stomach, the bank has to act, by tightening controls, capping the model’s use, fixing it or pulling it, and report the matter to the board committee.
Some experts say the draft leaves too much of this judgement to the banks. Dhruv Garg, a lawyer and founder of the Indian Governance and Policy Project (IGAP), told ThePrint that the RBI should set a common floor for the riskiest uses rather than let each lender decide. He made a case for “uniform high-risk tiering for critical operations around lending or underwriting algorithms”, adding that the gradation “seems to be left to the financial institutions themselves”.
The draft guide also tackles “black-box” systems—AI models that generate automated decisions without disclosing the logic behind them. Lenders will have to explain why a model reached a decision, particularly in customer-facing uses such as loan approvals. When a bank cannot explain a model, it must put it under tighter controls, validate it more often and limit its use.
For AI systems, the draft lays down extra checks. Lenders must test how their models behave under unusual or adversarial conditions, run “red-teaming” exercises (deliberately trying to make a system fail or misbehave) on tools that deal with customers, and guard against “hallucinations”, where a system generates false or made-up information.
They must check that a model has not simply memorised its training data but can handle fresh, real-world cases, and that it does not lean on coincidences in the data that could throw up wrong answers. Models that update themselves automatically attract stricter and more frequent monitoring.
A human firmly in the loop
The RBI wants a human kept firmly in the loop. Lenders must arrange human oversight of automated decisions, give people the power to override, pause or switch off a model, and have humans review model decisions from time to time to catch anomalies. The staff doing this must know enough about the model to challenge or overrule it, rather than rubber-stamp its output.
The draft flags the risk of “automation bias”, where people accept AI outputs without applying their own judgement, along with over-reliance on models and plain decision fatigue. It also warns that lenders could come to depend on a small number of AI providers, which would leave the system exposed if one of them fails or changes its model.
“An RE should not use any model that harms consumer,” the draft says. Banks will have to tell customers when they are dealing with an AI system, spell out its limits, and let them switch to a human when they ask. For chatbots and other public-facing tools, lenders must add cyber defences against tricks such as “prompt injection”, where someone feeds a system crafted inputs to make it misbehave.
If a model goes down, lenders must have a fallback ready so that customers are not left stranded. They must also tell everyone who relies on a model before they retire it, so the switch does not catch teams off guard.
The draft builds on the RBI’s August 2024 paper on model risks in credit and the August 2025 report of the committee on a Framework for Responsible and Ethical Enablement of Artificial Intelligence, known as FREE-AI. It widens the scope from credit models to every model a lender uses, and would replace the chapter on credit risk models in the RBI’s 2002 guidance note on credit risk management.
Pros and cons
Garg, quoted earlier, called the draft “a necessary and commendable milestone” for taking on algorithmic bias, data privacy and ethical governance as financial institutions adopt machine learning at speed. But he cautioned that it “leaves significant implementation details to individual entities”, which could open up “compliance gaps and industry fragmentation”.
He pressed for common yardsticks, saying the RBI should lay down “standardized, uniform testing benchmarks to measure model drift and explainability”, where model drift means the slow decay in a model’s accuracy as real-world conditions move away from the data it learned on, “rather than leaving risk metrics entirely to self-regulation”.
Garg also argued that the central bank’s rules should line up with the Ministry of Electronics and Information Technology’s (MeitY’s) AI governance guidelines. “Seamless inter-agency coordination”, he said, was needed to “prevent conflicting standards and ensure absolute regulatory cohesion across interconnected, cross-sectoral digital ecosystems”.
The central bank has signalled that it may bring out further rules aimed specifically at AI models.
(Edited by Gitanjali Das)
Also Read: E-sports registration form available, but no portal to file it. MeitY says it is loading