What happened
On 24 June 2026, the Reserve Bank of India released its draft 'Guidance on Regulatory Principles for Model Risk Management, 2026', open for public comment until 24 July 2026. This is India's first comprehensive regulatory framework governing AI/ML model risk across the entire Indian financial sector. Key requirements: Board-approved Model Risk Management Framework (MRMF) mandatory for all regulated entities; three-lines-of-defence architecture (model owners / independent validation unit / internal audit); risk-based tiering of all models including AI/ML, vendor, and spreadsheet-based tools; comprehensive model inventory mandatory (covering credit scorecards, fraud detection, AML engines, GenAI/LLM tools, vendor AI); independent validation mandatory for all models including third-party/vendor AI regardless of vendor certification; AI-specific requirements including explainability thresholds, bias and data-drift monitoring, hallucination safeguards, and human oversight; mandatory 'kill-switch' capability allowing immediate suspension/override/rollback of any AI/ML model; customer-facing AI must disclose AI use and offer human escalation; 10-year archival of decommissioned model documentation.
Why it matters
This draft makes India the latest major economy to require board-level governance and hard operational controls (kill-switch, independent validation, human oversight) over AI/ML systems in finance — joining the EU AI Act, DORA, and US SR 11-7 in the global convergence on AI model governance. The kill-switch requirement is the most operationally specific AI safety mandate seen from a major central bank. The scope is exceptionally broad: banks, NBFCs, payment banks, co-operative banks, all-India financial institutions, ARCs, and credit information companies — encompassing the entirety of India's regulated financial sector.
Action needed
Submit comments to RBI by 24 July 2026; establish or audit Board-level MRMF governance; build comprehensive model inventory including all AI/ML and vendor models; implement or audit kill-switch capability for all AI-driven decision models; review third-party AI vendor contracts for validation rights, audit access, and performance SLAs; develop explainability and bias monitoring controls for AI models.