What is the RBI FREE-AI framework?

FREE-AI stands for Framework for Responsible and Ethical Enablement of Artificial Intelligence. It is the Reserve Bank of India's policy framework for AI in the Indian financial sector, set out in the FREE-AI Committee report. The Committee was constituted in December 2024 and released its report on 13 August 2025. The framework is built on 7 Sutras (guiding principles), 6 strategic Pillars, and 26 recommendations.

Who does the FREE-AI framework apply to?

The framework targets RBI-regulated entities (REs) — commercial banks, cooperative banks, NBFCs, payment system operators, and other financial institutions under RBI supervision. While the recommendations are not yet binding regulation, RBI has signalled that operationalisation will follow. Forward-leaning REs are aligning now.

What are the 7 Sutras?

The 7 Sutras are: (1) public trust as the foundation of AI systems; (2) disclosure of AI usage and individuals' final authority to override AI decisions; (3) responsible, socially useful innovation over cautionary restraint; (4) fairness, equity, and inclusion by design; (5) understandability — AI systems should be explainable to deploying entities; (6) safety, sustainability, and resilience to physical and cyber risk; (7) accountability of deploying entities for AI decisions, regardless of autonomy.

What are the 6 Pillars?

Infrastructure (sector-wide AI data infrastructure and innovation sandboxes), Policy (institutional and national AI policies), Capacity (AI skills, knowledge sharing, expertise in fairness and explainability), Governance (board-level accountability, reporting, oversight), Protection (consumer disclosures, grievance mechanisms, fairness), and Assurance (independent audits, impact assessments, evaluations).

What are the headline recommendations?

Among the 26 recommendations: REs to publish AI-related disclosures in annual reports (governance frameworks, AI adoption areas, consumer protection); building financial-sector data infrastructure as a Digital Public Infrastructure; an AI sandbox for testing and validation; board-approved AI policies covering governance, lifecycle management, risk controls, and third-party vendor liabilities; and grievance and redressal mechanisms for AI-driven decisions.

Is FREE-AI mandatory regulation?

Not yet. The report is a policy framework; specific recommendations may be operationalised through RBI circulars and master directions over time. Mature REs are treating the framework as forward guidance — building governance and disclosure capabilities now to avoid scramble when binding rules arrive.

How does FREE-AI interact with the DPDP Act?

DPDP governs personal data; FREE-AI governs AI systems used by REs. They overlap on consumer disclosure, automated-decision review, and audit obligations. An RE building AI must satisfy both — the DPDP Act for data handling and the FREE-AI framework for AI governance, transparency, and accountability inside the financial sector.

What should an RE do now?

Six concrete steps: (1) inventory existing AI deployments; (2) commission a board-approved AI policy aligned to the 7 Sutras and 6 Pillars; (3) appoint an AI governance owner with board reporting; (4) prepare AI disclosures for the next annual report; (5) stand up an internal AI sandbox; (6) build the audit, impact-assessment, and grievance-redressal capabilities the framework expects.

RBI FREE-AI Framework: 7 Sutras, 6 Pillars, 26 Recommendations

Q: What is the AI adoption baseline in Indian BFSI?

RBI's baseline survey (cited in the FREE-AI report) found around 20.8% of surveyed REs already deploying AI for customer support, sales, credit underwriting, and cybersecurity — with 67% expressing interest in exploring further AI use cases. India's BFSI sector is moving from pilot to scaled deployment.

On 13 August 2025, the Reserve Bank of India released the report of the FREE-AI Committee — the Framework for Responsible and Ethical Enablement of Artificial Intelligence. The committee, constituted in December 2024, set out a coherent policy architecture for how AI should be designed, deployed, and governed by entities the RBI regulates: commercial banks, cooperative banks, NBFCs, payment system operators, and other financial institutions under RBI supervision.

This guide unpacks the framework: the survey baseline that motivated it, the 7 Sutras at its foundation, the 6 strategic Pillars that organise the work, the headline recommendations, how it sits next to the DPDP Act and broader Indian AI regulation, and the operational steps RBI-regulated entities (REs) should take now even though the recommendations are not yet binding regulation.

The Baseline — Where Indian BFSI Actually Is

The committee's report draws on an RBI survey of regulated entities. The headline numbers: roughly 20.8% of surveyed REs are already deploying AI in production — predominantly for customer support, sales, credit underwriting, and cybersecurity. 67% expressed interest in exploring AI use cases. India's BFSI sector is no longer experimenting at the margins; it is operationalising AI at the centre of how credit is assessed, fraud is detected, and customers are served.

The Sitharaman-led 23 April 2026 review with RBI, MeitY, and bank chiefs on systemic AI risk in the financial sector underscored the urgency. FREE-AI is the RBI's structured response to a sector that is past the question of whether to adopt and into the harder question of how to govern.

The 7 Sutras — Foundational Principles

The Sutras are the seven overarching principles that underpin every recommendation in the report. They are not technology-specific; they are the values the RBI expects AI deployments in the regulated sector to express:

Public trust as the foundation. Trust is the asset; AI systems must be designed to build and sustain it.
Disclosure and the right to override. Customers must know when AI is involved in decisions, and individuals retain the final authority to override AI determinations.
Responsible innovation, not cautionary restraint. The framework explicitly favours socially useful innovation over excessive caution — a pragmatic stance that avoids over-regulation while demanding accountability.
Fairness, equity, and inclusion by design. AI systems are tested for bias across protected and relevant attributes before they enter production.
Understandability. Deploying entities must understand how the AI systems they operate work — outsourcing comprehension to vendors is not acceptable.
Safety, sustainability, and resilience. AI systems must be safe under physical and cyber risk, including model-specific attack surfaces like prompt injection and data poisoning.
Accountability regardless of autonomy. The deploying entity is accountable for AI decisions, no matter how autonomous the system. There is no shifting blame to the model.

The 6 Pillars — Where the Work Sits

The Pillars organise the 26 recommendations into the dimensions of responsibility a regulated entity must build:

1. Infrastructure

Sector-wide AI data infrastructure and innovation sandboxes. The recommendation includes treating financial-sector data infrastructure as a Digital Public Infrastructure (DPI) — a shared backbone the sector can rely on rather than each RE building from scratch.

2. Policy

Clear institutional and national AI policies that guide adoption and risk management. At the RE level, this translates to board-approved AI policies that are reviewed and updated as the technology and risk landscape evolves.

3. Capacity

Building AI skills, knowledge sharing, and expertise in fairness and explainability across the sector. This is a workforce and education recommendation as much as a technology one.

4. Governance

Board-level accountability, reporting, and oversight of AI initiatives. Quarterly board reviews of AI risk are now expected practice for serious deployments. AI disclosures move from optional to part of the annual report.

5. Protection

Consumer-facing controls — disclosures of AI involvement, grievance and redressal mechanisms for AI-driven decisions, and fairness in outcomes that affect customers.

6. Assurance

Independent audits, impact assessments, and ongoing evaluations to prove that AI systems remain reliable, fair, and trustworthy after deployment. The audit profession is being asked to develop AI-specific assurance practices.

The Headline Recommendations

Among the 26 recommendations in the report, several stand out for their immediate operational implications for REs:

AI disclosures in annual reports — REs to include AI-related disclosures covering governance frameworks, areas of AI adoption, consumer protection measures, and grievance redressal mechanisms.
Board-approved AI policies — covering governance, AI lifecycle management, risk controls, and third-party vendor liabilities.
AI sandbox — an environment to test, validate, and develop AI solutions in a controlled setting before production deployment.
Financial-sector data infrastructure as DPI — to enable AI use cases at scale without each RE building isolated data foundations.
Grievance and redressal — clear consumer paths to dispute AI-driven decisions and trigger human review.
Independent audits and impact assessments — recurring third-party evaluation of AI systems for reliability, fairness, and risk.

Most of these are achievable with existing governance and engineering disciplines applied to AI specifically. The work is not invention; it is bringing AI inside the same operational rigour banks already apply to credit, fraud, and operational risk.

How FREE-AI Sits Next to DPDP and the Broader Stack

An RE building AI in India operates under multiple regimes simultaneously:

DPDP Act 2023 and DPDP Rules 2025 govern personal-data processing. Phase 1 enforcement is live since 14 November 2025; consent rules arrive in November 2026. See our DPDP Act AI compliance guide.
FREE-AI governs AI deployment specifically inside RBI-regulated entities.
Existing RBI master directions on outsourcing, IT governance, cyber security, and data localisation continue to apply.
SEBI guidance applies to securities-market participants; IRDAI guidance applies to insurers.
NITI Aayog's Principles for Responsible AI provide the broader directional framework.

The good news: these regimes are largely compatible. An AI governance programme built to satisfy FREE-AI naturally generates much of what DPDP and the cyber-security directions require — board approval, risk classification, audit trails, consumer disclosures, grievance paths. The trick is designing once, deliberately.

What an RE Should Do in the Next Six Months

Six concrete steps that get an RE from "aware of FREE-AI" to "operationally aligned":

Inventory. List every AI deployment in production and pilot, classified by function, data sensitivity, customer-facing impact, and degree of automation.
Board-approved AI policy. Drafted against the 7 Sutras, structured along the 6 Pillars, reviewed by the board and reissued annually.
Governance owner. A named executive (often a Chief AI Officer or designated CRO/CDO) accountable for AI risk, with quarterly board reporting.
Annual report disclosures. Drafted ahead of the next reporting cycle so the disclosures match operational reality.
Internal AI sandbox. A non-production environment where new models, prompts, and agents are evaluated against ground truth before any customer touchpoint.
Audit and impact-assessment programme. A repeatable framework for periodic independent review, using internal audit or third-party assurance.

For broader Responsible AI design that integrates RBI, DPDP, NITI Aayog, and the engineering controls underneath, see our Responsible AI in India guide and humaineeti's Responsible AI service.

The Direction of Travel

Specific recommendations from the FREE-AI report will likely be operationalised through RBI master directions and circulars over the next 12–24 months. The detail will differ in places; the direction is set. Mature REs are not waiting for binding rules — they are building the governance, disclosure, and assurance capabilities now, on the assumption that what is "expected practice" today is "regulated requirement" tomorrow. That is the safer bet.

Align your AI programme with FREE-AI — talk to humaineeti

RBI FREE-AI Framework.