The Bar Council of India does not permit advertisement or solicitation by advocates in any form or manner. By accessing this website, www.khaitanco.com, you acknowledge and confirm that you are seeking information relating to Khaitan & Co of your own accord and that there has been no form of solicitation, advertisement or inducement by Khaitan & Co or its members. The content of this website is for informational purposes only and should not be interpreted as soliciting or advertisement. No material/information provided on this website should be construed as legal advice. Khaitan & Co shall not be liable for consequences of any action taken by relying on the material/information provided on this website. The contents of this website are the intellectual property of Khaitan & Co.

Please accept the above


See all results for ""

New guidelines for capturing customer location on UPI apps: a boon or bane for the UPI ecosystem?


The National Payment Corporation of India (NPCI) has issued an operating circular (NPCI/UPI/OC No 153/2022-23) on 5 July 2022 (OC) stipulating guidelines for capturing customer location on Unified Payments Interface (UPI).


UPI runs a set of standard application programming interfaces (API’s) to facilitate online immediate payments for both person to person (P2P) and person to merchant (P2M) transactions. The core features of UPI, both financial and non-financial, are delivered using these specific API’s. From time to time, NPCI has issued guidelines defining the message specifications and the intended purpose of these API’s and the usage of the information retrieved from the API’s, which are required to be strictly complied with by all the members participating in the UPI infrastructure. Geo-tagging (location / geo-code) information being part of the said API framework is also captured for the payments made via UPI.

In extension of NPCI’s guidelines which permit capturing location details along with other personal details in an encrypted form by the UPI application providers, NPCI has issued guidelines via OC to capture locations / geographical details on UPI applications only with customer / individual consent as the procedure of geo-tagging involves customer centric information.


Timeline for compliance with the OC

All the UPI members are required to comply with the guidelines prescribed in the OC by 1 December 2022.

Capturing of location / geographic details with customer consent

UPI applications are permitted to capture location / geographical details of the customer / individuals only with their prior consent. Further, such collection of location / geographical details cannot be mandated by the UPI applications and the option to enable / revoke consent shall be mandatorily provided to the customer.

Revocation of consent by the customer

In cases where a customer has already provided consent to share the location to the UPI applications initially while availing the services, and subsequently wishes to revoke the consent, the same should be permitted without denying UPI services to such customer. Further, the UPI applications should continue providing services to such customer even after the consent for sharing the location / geographical details has been revoked.  

Obligation to transfer correct location / geographic details to UPI

In cases wherein customer has provided consent to capture location / geographical details to the UPI application, such details should be accurately passed to UPI. Sending of inaccurate coordinates in such cases will attract strict action from NPCI.

No denial of UPI services in case customer denies sharing location / geographic details

UPI applications shall not deny / disable the UPI services to such customers who do not give consent to share location / geographical details. 

Applicability of the guidelines only in case of individual customers and domestic UPI transactions

The guidelines provided under the OC shall be applicable only in case of individual customers and domestic UPI transactions.


While it seems like the guidelines stipulated under the OC have been issued by NPCI to ensure the UPI customers can manage their data (pertaining to location / geographical details) and privacy with more control, it can be seen as a setback for UPI application providers who have been mandating collection of such data from customers to use their UPI services for the purpose of detecting suspicious and fraudulent activities and conducting risk based analysis of the transactions made via such applications.

-     Harsh Walia (Partner); Shobhit Chandra (Counsel) & Rupendra Gautam (Associate)

For any queries please contact: editors@khaitanco.com

Harsh Walia (partners) , Shobhit Chandra (partners)

We have updated our Privacy Policy, which provides details of how we process your personal data and apply security measures. We will continue to communicate with you based on the information available with us. You may choose to unsubscribe from our communications at any time by clicking here.

For private circulation only

The contents of this email are for informational purposes only and for the reader’s personal non-commercial use. The views expressed are not the professional views of Khaitan & Co and do not constitute legal advice. The contents are intended, but not guaranteed, to be correct, complete, or up to date. Khaitan & Co disclaims all liability to any person for any loss or damage caused by errors or omissions, whether arising from negligence, accident or any other cause.

© 2021 Khaitan & Co. All rights reserved.


One Forbes
3rd & 4th Floors, No. 1
Dr. V. B. Gandhi Marg
Fort, Mumbai 400 001


119/65, First Floor
Dr Radhakrishnan Salai
Chennai 600 004,


Max Towers
7th & 8th Floors
Sector 16B, Noida
Gautam Buddh Nagar
201 301 India


Ocean Financial Centre
#37-02 10 Collyer
37th Floor Quay
Raffles Place 049315,