RBI Guidelines for AI for Public Comments-1

Posted on June 26, 2026 by Vijayashankar Na

In continuation of our previous post,  here is an outline of the 16 page draft guidelines issued by RBI on AI usage in Regulated Entities (RE), for public comments.

The scope of the guideline  has been defined broadly as to cover “Models” and termed Artificial Intelligence as a “Technology”. The risks arising out these models usage is termed as “Model Risks” which may lead to inaccurate outcomes, flawed decisions, financial losses, operational disruptions, compliance failures and other adverse consequences for REs, consumers and the financial system.

The Guideline itself is called “Guidance on Regulatory Principles for Model Risk Management 2026”  (GRP-MRM).

Hence  the guidance lays down a broad set of regulatory principles for the management of risks arising from use of models which includes AI/ML. The guidance is applicable to all REs.

The chaptalization of the guidance note is as follows:

Chapter I: Preliminary

Chapter II:  Goverance

Chapter III Model Risk Management

Chapter IV: Model LifeCycle Management

Chapter V: Specific Models

Chapter VI: Other Provisions.

Chapter I covers the Introduction, Applicability and Scope as well as the definitions.

For the purpose of the guidance, “Model” has been defined as follows:

‘Model’ means a system, whether developed internally, sourced from third-parties, or a combination thereof, that incorporates data, applies theoretical, empirical, or judgement-based assumptions (input component), uses statistical, mathematical, economic, financial, or such other cognitive techniques (including Artificial Intelligence (AI) / Machine Learning (ML)) to analyse, interpret relationships and process inputs (processing component) and produce results that are used for business or any other operations and decision making (output component).

It includes algorithms, analytics, interfaces, applications, decision-based rules, and other computational tools which, by virtue of their use, have a material impact on decision-making in various business processes, irrespective of whether such tools are recognised as models by the RE.

Illustration – A spreadsheet-based loan pricing calculator deployed or used by an RE may be considered as only a basic mathematical tool. However, if the RE uses this tool to derive lending rates, customer margins, or credit terms, such that it takes inputs (borrower type, tenor, credit score, collateral value), applies processing logic (interest rate grids, risk-weighted spreads, margin formulas), and produces an output (final lending rate or price) which then affects business decisions, then it should be considered as a model

This approach is a huge innovation that avoids the debate on “What is the technical definition of AI” and focusses more on the intention  of the use of software to by pass human intervention. (This may impact our definition of AI in the DGPSI-AI framework).

…To Be Continued

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Privacy. Bookmark the permalink.