Summary: India’s push to internationalise UPI promises faster, cheaper, and more seamless cross-border payments, while also exposing deep regulatory and legal issues. This article explains why real-time payment speed is outpacing compliance frameworks across spanning foreign exchange rules, AML/KYC obligations, data localisation, and supervisory oversight and why resolving these tensions is critical for UPI’s global scalability. For regulators and financial institutions, it highlights what must evolve for cross-border digital payments to succeed.

India, consistently the world’s largest recipient of inbound remittances (over USD 134.5 billion in 2025),[1] has long placed cross-border payments at the centre of its financial policy priorities. The Unified Payments Interface (“UPI”), India’s instant payment system developed by the National Payments Corporation of India (“NPCI”), processes over 100 billion transactions annually[2] and has fundamentally reshaped domestic payment behaviour. The internationalisation of UPI represents a natural progression; enabling real-time value transfer across jurisdictions through a system originally designed for domestic use.

In 2022, through the Payments Vision 2025,[3] the Reserve Bank of India (“RBI”) outlined a roadmap for expanding UPI beyond domestic usage. Most recently, in March 2026, in its Payments Vision 2028,[4] the RBI introduced a strategic roadmap emphasising ease of doing business and cross-border fund transfers through regulatory liberalisation and technological initiatives, including single-window applications for obtaining authorised person licenses.

As of February 2026, UPI is live in over eight countries, across Asia, Europe, and the Middle East,[5] with over 23 Memorandums of Understanding (“MoU(s)”) signed with various countries for cooperation on Digital Public Infrastructure (“DPI”).[6] With over 500 million users and approximately 80 per cent of all digital transactions in India, UPI’s domestic dominance now catapults its cross-border ambitions. An Indian UPI user can now transact with Singapore through the UPI-PayNow linkage jointly enabled by the RBI and the Monetary Authority of Singapore (“MAS”), the first operational cross-border corridor for real-time payments.[7]

The RBI also joined Project Nexus, a Bank for International Settlement (“BIS”) initiative, to interlink Fast Payment Systems (“FPS”) across multiple countries through a single platform. Potential integration talks with platforms such as China’s Alipay+ further signal UPI’s ambition to operate within multi-country payment ecosystems.

Why is this a big deal? Traditional cross-border payments take hours, but UPI-linked payments enable real-time transfers with exchange rates locked at payment time, eliminating rate fluctuation uncertainties. This ensures low-cost remittances, reduces reliance on cash conversion and forex transactions, and creates an integrated payment acceptance mechanism for stakeholders (e.g., P2P users, travellers, and merchants), bypassing card networks or currency exchange infrastructure.

This expansion brings both legal and operational challenges, requiring simultaneous navigation of multi-jurisdictional compliance under foreign exchange laws, data localisation regimes, and anti-money laundering frameworks. As volumes scale, reassessing the impact on existing licensing frameworks of regulated entities, such as Payment Aggregator – Cross Border (“PA-CB”) and Full-Fledged Money Changer (“FFMC”), will become imperative, especially regarding  the dilution of central bank oversight, cross-border dispute resolution, grievance redressal timelines, and the structural gap between transaction speed and legal enforceability.

When Speed Outruns Compliance

Any cross-border UPI transaction must satisfy strict compliance requirements across all relevant jurisdictions, including those for Know Your Customer (“KYC”), Anti-Money Laundering (“AML”)/Countering the Financing of Terrorism (“CFT”), and transaction security. Regulatory regimes often diverge from uniform mandates. While countries on the Financial Action Task Force’s (“FATF”) “grey list” (e.g., Nepal, Kuwait, Venezuela, and Vietnam) exhibit strategic AML/CFT[8] deficiencies, “compliant bracket” countries (e.g., India, Japan, Singapore, the United Kingdom, and the United States) follow harmonised standards for customer due diligence, beneficial ownership verification, and suspicious transaction reporting.[9] The FATF establishes uniform global standards, but applies differentiated expectations across jurisdictions,[10] which introduces additional considerations for cross-border UPI transactions.

The FATF obligations mandate strict KYC and customer due diligence, including rigorous tracking of originator and beneficiary information.[11] Where UPI settles transactions within 10-15 seconds,[12] compliance checks are compressed to near-zero, which creates a structural tension between transaction velocity and regulatory oversight in real-time cross-border environments. This shifts reliance to preventive, automated controls over post facto review mechanisms traditionally embedded in cross-border payment systems.

A tangible threat to UPI’s global expansion is the potential for the structuring and layering of transactions for money laundering and terrorism financing. While the FATF has issued recommendations to prevent misuse, enforcement ultimately rests with individual countries to monitor cross-border transactions and impose appropriate safeguards.[13]

The Data Localisation Conundrum

India mandates domestic storage of payment-related data, without expressly addressing cross-border financial transactions. The RBI requires foreign data be deleted within 24 hours of retrieval where business-as-usual access is not established.[14] With varying localisation requirements across jurisdictions, conflicts are likely in cross-border payments.

The RBI mandates storage of all payment-related data in India, permitting only a copy of the domestic component abroad for cross-border payments.[15] The European Union’s General Data Protection Regulation (“GDPR”) permits transfers only to countries with comparable data protection standards.[16] China imposes some of the strictest data localisation rules, subjecting cross-border personal data transfers to state scrutiny[17]: a potential conflict if Alipay+ links with UPI.

These obligations stem both from RBI’s localisation requirements and India’s data protection framework,[18] which contemplates a jurisdiction-based “blacklist” approach for transfers. Localisation becomes legally consequential wherever foreign counterparties require supervisory access, operate under restrictive privacy laws, or insist on sovereign control over financial data flows, creating structural tensions that need settling before interoperability can scale.

Collectively data localisation laws form a restrictive, complex framework at the heart of regulatory challenges in cross‑border payment integration.

The Supervision Gap in Cross-Border Payment Experiments

A significant regulatory challenge lies in integrating data security and data protection regimes across jurisdictions. Harmonising compliance with frameworks such as the GDPR, China’s Cybersecurity Law, and the Payment Card Industry Data Security Standard (“PCI DSS”) is arduous because of possible conflicting infrastructure obligations and heightened costs. By contrast, Europe’s Single Euro Payments Area (“SEPA”) framework provides interoperability through harmonised legislation and shared rulebooks, enabling consistent supervisory expectations.

Regulatory control may become contested, with each central banks seeking greater oversight over cross-border transactions to shape domestic financial policy. The RBI, through its Master Direction on Regulation of Payment Aggregator,[19] already oversees cross-border payment aggregators, imposing compliance and reporting obligations.[20] What should be cooperation risks becoming competition, with UPI’s expansion potentially diluting RBI’s supervisory control over transactions linked to India.

Further concerns arise around governing law and grievance redressal mechanisms. India’s stringent grievance redressal timelines and high penalties for data protection lapses could conflict with other regimes, highlighting a broader structural issue. UPI’s instant settlements contrast with enforcement and dispute resolution processes that take weeks or months, creating an asymmetry between transaction finality and legal accountability recalcitrant actors may exploit.

Legacy Forex Rules Meet Real-Time Money Settlements

The nuance lies in classifying cross-border UPI transactions as current account or capital account transactions under FEMA. Most P2P transactions fall within remittances for “maintenance of relatives abroad” and “gifts,” while most person to merchant (“P2M”) transactions involve payments for goods and services and qualify as “current account transactions”. Accordingly, the USD 2,50,000 per financial year limit under the Liberalised Remittance Scheme (“LRS”) applies, with daily caps of SGD 1,000 or INR 60,000 in the UPI-PayNow corridor.[21]

The challenge arises from two perspectives. First, certain current account remittances are restricted under Schedule II of the Foreign Exchange Management (Current Account Transactions) Rules, 2000, which prohibits transactions such as lottery winnings and certain dividend remittances.[22] Second, the LRS restricts remittances to countries and territories FATF identifies as “non-cooperative”. If UPI-linked country were subsequently so classified, it would trigger compliance challenges under FEMA, alongside issues of data localisation and security, and payment corridor operability. Real-time payments do not pause for regulatory reclassifications.

Lessons from Other Cross-Border Payment Experiments

In the late 1990s, the Swiss National Bank (“SNB”) opened its RTGS system to foreign banks, and in 2019 extended access to Payment Service Providers (“PSPs”), establishing detailed guidelines and strict restrictions on eligible institutions.[23] The PayNow-PromptPay linkage between Singapore and Thailand, operationalised in 2021, offers another model: full-time availability, mobile-number-based payments, and near real-time settlement with transaction limits.

Emerging multi-central bank digital currency initiatives such as Project mBridge highlight the importance of negotiated governance when integrating sovereign financial infrastructures. The growth of stablecoins (global market capitalisation approaching USD 300 billion)[24] underscores that cross-border value transfer is not waiting for regulators. Even private card networks rely on centralised rulebooks and arbitration mechanisms, reinforcing that governance must accompany connectivity. As India simultaneously promotes central bank digital currency (“CBDC”) with UPI for international payments, the coexistence, alignment, coordination, and sequence of these parallel tracks will require careful regulatory and architectural consideration.

India can draw lessons from these models: clearly defined guidelines, structured governance frameworks evolving alongside technical integration, and operational ease through legislative harmonisation, shared rulebooks, or coordinated supervisory arrangements.

The reckoning ahead

As UPI expands globally, its trajectory will depend as much on regulatory coordination as on technological capability. Aligning compliance expectations, dispute resolution frameworks, and data governance standards across jurisdictions will be critical. In the reckoning ahead, regulatory coordination will lead to synergised interoperability; regulatory competition and conflict will lead to a failed experiment. The success of cross-border UPI may ultimately hinge not on how fast payments move, but on how effectively legal systems can move with them.

---

[1]Press Information Bureau, Annual Remittances To India Reach $125 Billion Remittances Cross $100 Billion For Second Year In A Row, December 19, 2023, available here; World Bank Blogs, In 2024, remittance flows to low- and middle-income countries are expected to reach $685 billion, larger than FDI and ODA combined, December 18, 2024, available here; Press Information Bureau, India Remains as the World’s Largest Recipient of Remittances with Inflows Reaching USD 134.5 Billion in FY 2025, January 29, 2026, available here.

[2] Press Information Bureau, India’s UPI Revolution, July 20, 2025, available here.

[3] RBI, Payments Vision 2025, June 17, 2022, available here. Also read CAM Blog on the same, available here.

[4] RBI, Payments Vision 2028, March 27, 2026, available here.

[5] RBI, Payment System Report, December 2024, January 27, 2025, available here.

[6] MeitY, India has signed MoU / agreements with 23 countries for cooperation on Digital Public Infrastructure (DPI), February 06, 2026, available here.

[7] RBI, UPI-PayNow Linkage, February 21, 2023, available here.

[8] FATF, Jurisdictions Under Increased Monitoring, February 13, 2026, available here.

[9] FATF, India’s measures to combat money laundering and terrorist financing, September 19, 2024, available here.

[10] FATF, Jurisdictions Under Increased Monitoring, February 13, 2026, available here.

[11] FATF, FATF updates Standards on Recommendation 16 on Payment Transparency, October 28, 2025, available here.

[12] NPCI, Circular No. NPCI/UPI/OC/214/2025-26, April 26, 2025, available here.

[13] FATF, International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation (The FATF Recommendations),  October 2025, available here.

[14] RBI, Storage of Payment System Data, June 26, 2019, available here.

[15] Ibid.

[16] Regulation (EU) 2016/679, General Data Protection Regulation, available here.

[17] Cybersecurity Law of the People’s Republic Of China, Unofficial Translation, available here.

[18] The Digital Personal Data Protection Act, 2023 and the Digital Personal Data Protection Rules, 2025 are scheduled to come into full effect by May 14, 2027. Under the current regime, governed by the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules), there is no provision for cross-border “blacklisting” of countries.

[19] RBI, Master Direction on Regulation of Payment Aggregator (PA), September 15, 2025, available here.

[20] Cyril Amarchand Mangaldas, Payments Book, 2024, available here.

[21] RBI, Liberalised Remittance Scheme, April 06, 2023, available here; RBI, UPI-PayNow Linkage, February 21, 2023, available here.

[22] RBI, Release of Foreign Exchange for Travel outside India, Schedule II, July 01, 2002, available here.

[23] Bank for International Settlements, Improving access to payment systems for cross-border payments: best practices for self-assessments, May 2022, available here.

[24] European Systemic Risk Board, Report on stablecoins, crypto-investment products and multifunction groups, October 2025, available here.