Society & PolicySubscribers only yesterday8Add to bookmarks

India moves to make a human step mandatory in AI-driven payment flows. The biggest UPI market gets first-mover on regulating agentic commerce.
India's cyber-security agency CERT-In (under MeitY) has proposed rules that would require a human intervention step in AI-driven payment flows above a "high-value" threshold. If enacted, fully autonomous agentic checkouts couldn't run untouched on Indian consumer rails past that ceiling - a first-mover position among major economies.
Agentic payments - where an AI agent completes a purchase, transfer or subscription without a per-action user confirmation - are being pushed by OpenAI (ChatGPT Agent), Anthropic (Claude with Computer Use) and payment providers (Stripe, Visa's Intelligent Commerce). India's UPI is the dominant national payment rail; the RBI has historically been strict on delegated-payment models. CERT-In's draft sits alongside the wider IndiaAI framework and follows the earlier ministry-level pause on OpenAI / Anthropic deployments. NPCI and Indian fintechs are separately developing protocols to let AI agents transact over UPI.
Per Medianama (Jul 16, 2026), CERT-In has proposed mandatory human oversight specifically for high-value agentic AI payments. The exact "high-value" threshold, consultation window and enforcement mechanism are not yet public. No RBI joint communication has been published at the time of the article. NPCI's agentic-UPI protocols are still in industry consultation.
Two forces meet. MeitY's ongoing push for domestic AI sovereignty (Bhashini, IndiaAI, ministry-level pauses on foreign APIs) intersects with the RBI's structural conservatism on payments. A mandatory human step at high value doesn't kill agentic commerce - small purchases can flow autonomously - but it kneecaps the marquee use cases Western agent providers are pricing into their roadmaps: travel booking, B2B procurement, subscription bundles. It fits a broader pattern: India narrowing autonomy scope where foreign-provided AI intersects with critical infrastructure.
Base case: rule enacted with the high-value threshold set at consumer-meaningful levels (₹5,000 - ₹25,000 range often used elsewhere for step-up authentication), turning agentic checkout above that into a two-step flow. Local upside: domestic AI stack (Sarvam, Krutrim) certified faster than foreign providers adapt. Bear: industry pressure stalls consultation, rule reappears in weaker form as a self-attested compliance box.
For readers building agentic commerce: India - one of the world's most active payment ecosystems by transaction count - may become the first big jurisdiction where "no human step" isn't a design option above a threshold. Design the two-step flow now, or lose the India user for anything but low-value purchases.
Create a free account to access all our content and the weekly review.
Article produced by artificial intelligence, reviewed under human editorial control.
Sign in to join the discussion.
Interesting move. Wonder how this will affect the speed and efficiency of AI-driven payments in other countries.
Et le coût pour nous, les consommateurs ? Avec un humain dans la boucle, les services vont forcément augmenter.
Une validation humaine, ça rassurerait pour les paiements par IA. Plus de confiance, c'est bien.
Cette mesure va-t-elle ralentir les paiements ?
Est-ce que ça va augmenter les coûts pour les entreprises ?
Une mesure de bon sens pour sécuriser les paiements par IA.
Cette obligation de contrôle humain va-t-elle créer des emplois dans les paiements par IA ?
C'est une bonne idée, ça rassurera les utilisateurs.
Souveraineté IA indienne : de Bhashini à la pause OpenAI/Anthropic