Apple shelving UPI shows how foreign giants trip over Indian regulations

The first of the issues is the data localisation recommended by RBI; then there are Justice Srikrishna panel's draft privacy Bill, health ministry guidelines, and even the national e-commerce policy

It is an oft-repeated, well known story, only the actors keep changing. For more than a year, Facebook-owned instant messaging giant WhatsApp has been looking to foray into India’s thriving digital payments industry but has moved little beyond a beta launch. Now, it is the $1-trillion US tech giant Apple that cannot find it in itself to launch a proprietary payments product using the country’s flagship Unified Payments Interface (UPI), suggest reports.

Apple’s move to shelve its UPI plan comes at a time when Google has placed massive bets on the Indian payments ecosystem, especially with its Google Tez app, recently rebranded to Google Pay, which allows people to pay, collect and request payments using UPI. However, Google isn’t too sure of its own future, either. The company is known to be assessing its plans in India, considering strict data localisation norms.

If the UPI values are rising at a breakneck speed each month – they have eclipsed credit card spends in the country – what could possibly be the reason for the three big giants in India’s digital story remaining largely out of the race? Regulations!

The first of the lot is data localisation as recommended by the Reserve Bank of India. Then there are Justice Srikrishna panel’s draft privacy Bill, guidelines of the health ministry, and even the national e-commerce policy. Data localisation simply means storing specific data related to individuals inside the geographic boundaries of the country. However, to different departments it means different things, and it can get confusing for companies.

For instance, earlier this year, RBI issued its master directions and gave companies six months to move to the country all payments and financial data related to Indian cities. RBI also used the phrase “only in India”, implying none of this data could be taken outside of the country for processing.

India’s payment industry has traditionally depended on giants like Mastercard, Visa and American Express, which brought a plastic money boom to the country. These three companies are known to process data at their master data centres outside India, so setting up new data centres just to satisfy RBI’s conditions did not go down too well with these players.

There’s a brewing war inside the industry, with Indian firms pitching for stricter data localisation norms, claiming national security, sovereignty over data, and so on. On the other hand are international giants who refer to regulations the world over and demand relaxation to be able to store only one copy of data in India and processing it somewhere else.

A similar situation was faced by WhatsApp, which has not been able to secure a licence for a full-scale launch so far. As Business Standard reported in June, the messaging app’s privacy policy stated that it could take and process data outside the country – something that won’t sit well with Indian regulators.

Now, Apple seems to have been caught in a similar storm, as data localisation requires huge investments in servers and data processing centres, and complying with many parameters of the Indian IT Act. And there also are the upcoming privacy law that lay down data localisation requirements for all companies operating out of India.

While there are data localisation concerns to boot, there is more regulatory maze in next steps. For instance, UPI integration for a payment service provider licence – such as the one WhatsApp has – requires the backing of a bank that supports UPI and is willing to provide its pipe for the transaction. For each of these tech companies, associating with a bank comes with more regulatory hurdles and compliance requirements.

Additionally, it was reported that Apple wanted to offer its fingerprint-based authentication service as a way to pay through UPI. Biometric authentication is a delicate conversation in the payments regulatory space right now. Earlier documents for UPI showed that even the National Payments Corporation of India was looking at allowing authentication through Aadhaar for its payments interface. Those plans, however, got shelved with the launch of UPI 2.0, given the pending Supreme Court case on the identity programme’s constitutionality.

For Apple to come in and offer its device fingerprints to allow UPI payments sets a bad precedent for NPCI, which is unable to bring Aadhaar to its platform, says a payments company executive.

“There’s no reason why an Apple should follow 100 regulations when it is not storing money, or lending money. It is just giving you an option to pay on a system built inside India, backed by an Indian bank and settled by an Indian entity like NPCI. These regulations could become a way to ringfence the Indian payments industry,” according to an ex-executive of a payments firm.

For now, it seems that the war is on and it’s mostly against regulations – and then cash.