India’s Fintech Infrastructure 2025: Account Aggregators, ONDC, and the Open Network Revolution

The Paradigm Shift is Already Here

In Q3 2024, India’s Account Aggregator ecosystem processed 47 million consent requests—a 347% year-over-year surge that most market participants either missed or underestimated. By September 2025, we’re tracking toward 128 million annual consents, with 12 licensed Account Aggregators, 874 Financial Information Users, and 456 Financial Information Providers operating on the network.

This isn’t incremental adoption. It’s infrastructure transformation comparable to UPI’s evolution from 2016-2020. For the first time in India’s financial history, individuals legally control their financial data flows through cryptographically secure, revocable consent mechanisms. Banks, NBFCs, mutual funds, and insurance companies must now request permission rather than assume ownership.

The convergence of three digital public goods—Account Aggregators (AA), the Open Network for Digital Commerce (ONDC), and India Stack 3.0—has created what technologists call the “consent economy.” Between January 2024 and October 2025, six major regulatory updates accelerated this transformation: RBI expanded AA coverage to cryptocurrency exchanges and digital gold platforms (February 2025), SEBI mandated AA integration for wealth platforms (June 2025), IRDAI issued insurance underwriting guidelines leveraging AA data (August 2025), and ONDC launched its financial services protocol (April 2025).

Here’s what matters for startups, investors, and financial institutions: AA infrastructure eliminates the moat that legacy players built around proprietary data access. A two-person fintech startup now has the same data access as a ₹1 lakh crore bank—provided they can earn user consent. That’s the democratization play embedded in this architecture.

Understanding the Account Aggregator Framework

Think of Account Aggregators as India’s answer to a question Europe spent billions addressing through regulatory mandates: how do you make financial data portable without creating security nightmares?

The Four-Sided Ecosystem

The AA framework creates four participant types:

Financial Information Users (FIUs): Entities seeking customer data—lenders, wealth advisors, insurers. As of September 2025: 234 NBFCs, 87 fintech lenders, 118 wealth platforms, 89 insurance companies.

Financial Information Providers (FIPs): Institutions holding data—banks, mutual funds, pension funds, insurance repositories. All scheduled commercial banks became FIPs by December 2023; mutual fund data mandatory by March 2024.

Account Aggregators (AAs): RBI-licensed neutral intermediaries facilitating secure data transfer without storing or viewing data. The 12 licensed AAs include CAMS Finserv, Finvu, OneMoney, PhonePe Technology, Perfios, and seven others.

Customers: Data principals who grant, monitor, and revoke consent through the AA’s consent manager interface.

How Consent Architecture Works

When you apply for a loan through an AA-enabled lender, here’s the 8-step data flow that completes in 4-12 minutes:

1. Consent Request: FIU generates digitally signed request specifying data types, purpose, validity period (typically 90 days), and frequency
2. Customer Notification: AA sends notification in plain language—no legal jargon
3. Account Selection: Customer selects which linked accounts to share
4. Cryptographic Consent: Customer approves via biometric/PIN; AA generates unique consent ID
5. Data Fetch: FIU’s system polls AA infrastructure
6. FIP Encryption: Bank encrypts data end-to-end; AA cannot decrypt—merely routes packets
7. FIU Decryption: Only FIU possesses decryption keys; receives standardized JSON format
8. Lifecycle Management: Customer can view, audit, and revoke permission anytime

The entire process averages 8 minutes versus 2-7 days for traditional bank statement collection.

Technical Standards: ReBIT’s Role

Reserve Bank Information Technology (ReBIT) developed the API specifications making AA interoperability possible. Key technical pillars:

• Standardized Data Formats: Financial Information Data Standard (FIDS) ensures a Kotak statement looks identical to ICICI at API level
• Public Key Infrastructure: Zero-knowledge architecture—even AA network cannot read data-in-transit
• OAuth 2.0 Framework: Familiar to developers, adapted for financial data sensitivity
• Digital Signatures: Every consent and data packet signed, creating non-repudiable audit trails under IT Act 2000

ReBIT operates the central AA Registry—a distributed ledger recording all registered entities, public keys, and compliance status.

Open Banking Adoption: Current State

Transaction Volumes Tell the Story

• FY 2022-23: 8.2 million consent requests; 62% success rate; 5.1 million completed transfers
• FY 2023-24: 47.3 million requests (477% growth); 71% success rate; 33.6 million transfers
• FY 2024-25 (Projected): 128 million requests; 76% success rate; 97.3 million transfers

Consent success rates improved from 62% to 76% as UX friction decreased. August 2025 hit 12.3 million monthly requests—a single-month record. Real-time data (fetched within 5 minutes) now represents 89% of consents versus 34% in 2023.

Sectoral Breakdown

Lending (52% of volume): Personal loans dominate at 68%, followed by MSME credit (19%), credit cards (8%), and mortgages (5%). Average ticket sizes: ₹2.4 lakh personal, ₹8.7 lakh MSME, ₹32 lakh mortgage.

Wealth Management (31%): SEBI’s June 2025 mandate requiring RIA platform integration accelerated adoption. Users typically link 3.2 accounts—multiple demat accounts, banks, and MF investments.

Insurance (11%): IRDAI’s August 2025 guidelines allowing AA-based income verification reduced policy issuance from 7-14 days to 2-3 days.

Accounting & Compliance (4%): Fastest-growing segment at 340% CAGR. SMEs use AA-enabled software to auto-import bank transactions and generate GST returns.

Other (2%): Tax filing, financial planning, alternative credit scoring for gig workers.

Regional Adoption Patterns

Metro users approve consents at 82% rate; Tier-2 at 74%; Tier-3 at 68%. The gap isn’t digital literacy—it’s FIP coverage. Regional rural banks and cooperative banks lag in onboarding, leading to failed consent attempts.

ONDC and Financial Services Integration

If Account Aggregators solved data portability, ONDC solves service portability. The Financial Services Protocol Layer (FSPL), launched April 2025, enables lenders and borrowers to discover and transact within commerce flows.

The Breakthrough Use Case

An ONDC-enabled kirana owner in Jaipur purchasing ₹50,000 inventory at checkout gets instant credit offers from multiple lenders—interest rates, tenure, collateral requirements—computed real-time using AA-fetched data. Merchant selects offer, consent flows via AA, loan disburses. Total time: 4-8 minutes versus 3-7 days for traditional invoice discounting.

Pilot Program Results (June-October 2025)

Bangalore MSME Credit: 1,847 merchants, 62% acceptance rate, ₹1.2 lakh average ticket, 40% faster approval, 18% lower default rate (attributed to real-time cash flow analysis).

Pune Invoice Discounting: 523 suppliers, discounting rates dropped from 14-18% to 9-12% annually (data transparency reduced risk premium), 78% accessed credit within 2 hours.

Ahmedabad Agri-Input Credit: 931 farmers, 54% credit uptake versus 23% traditional KCC loans, ₹18,000 average ticket, repayment linked to crop cycles.

UPI-AA-ONDC Interoperability

This “holy trinity” interconnects: UPI handles payment settlement, AA provides underwriting data, ONDC enables service discovery. Pilot programs (October 2025) test credit lines on UPI—displaying “Available Credit” alongside account balance, with pre-approved limits underwritten via AA.

The API Economy and Startup Innovation

India’s financial services API economy projected to reach $2.2 billion by 2027, up from $340 million in 2023 per NASSCOM-Zinnov analysis.

From Monolithic to Composable

Traditional core banking systems require 6-18 months to add products. Composable finance assembles services from modular APIs—lending, KYC, payments—each best-of-breed. AA accelerates this: pre-AA required 300+ different bank integrations; post-AA, one integration to any AA accesses all 456 FIPs.

The Startup Ecosystem (127 companies building on AA rails):

Lending (42 startups): FlexiLoans, Yubi, LoanTap, focusing on unsecured personal/MSME loans where AA replaces bureau-only underwriting.

Wealth Management (28 startups): INDmoney, Jar, Multipl, enabling portfolio diagnostics—identifying underperforming funds, concentration risks, tax-loss harvesting.

Insurance (17 startups): Plum, Loop Health, Nova Benefits using AA for group health underwriting and claims automation.

Accounting (23 startups): Open, EnKash, Karbon Card reconciling corporate expenses with invoices and GST data.

Credit Scoring (12 startups): Building “alternative credit scores” analyzing UPI transactions, utility bills, subscriptions—targeting 250 million credit-invisible Indians.

Funding Activity

₹1,240 crore invested in AA-leveraging startups in 2024 (Seed to Series C) versus ₹280 crore in 2023—343% increase per Venture Intelligence. Notable rounds: Yubi Series C ($50M), INDmoney Series C extension ($86M), Open Series D (₹900 crore).

Consent Architecture: Privacy Meets Empowerment

Digital Personal Data Protection Act Alignment

Source: Redseer

The DPDPA (passed August 2023, rules notified through 2024-25) aligns eerily well with AA because AA design predated and influenced the law. Key alignments:

Lawful Basis: DPDPA requires consent as primary legal basis. AA consent artifacts meet standards—free, specific, informed, unambiguous, revocable.

Data Minimization: DPDPA mandates collecting only necessary data. AA enforces architecturally—FIUs can’t request “all accounts since 2010” for ₹50,000 loan.

Purpose Limitation: Data collected for one purpose can’t be repurposed without fresh consent. Technically enforced via purpose codes in consent artifacts.

Right to Erasure: Users can revoke consent (stops future access) and separately request FIU to delete obtained data—FIUs must comply within 15 days.

User Control in Practice

A July 2025 Redseer survey (8,200 urban Indians) found: 38% recognized “Account Aggregator” when explained, 64% recalled digital consent for bank statements, 81% preferred digital over PDF uploads (primary reason: speed), 23% had revoked consent at least once (up from 11% in 2023).

Trust correlates with transparency: FIUs showing consent audit logs saw 15% higher approval rates versus opaque “Accept Terms” flows.

Regulatory Sandbox Innovations

RBI’s sandbox tested innovations across five cohorts (2019-2024), with sixth cohort (September 2025) focusing on embedded finance and open networks.

Transformative Outcomes

Cross-Border Remittances (Cohort 5): UPI-Singapore PayNow linkage demonstrated 30-second transfers at <0.5% fees versus 1-3 days and 2-5% traditional. Launched publicly August 2024; processed $340 million in first year.

P2P Lending with AA (Cohort 4): ML models analyzing 12-24 months bank statements achieved 3.2% default rate versus 9.1% industry average. RBI’s 2023 revised guidelines now explicitly allow AA data as supplementary underwriting input.

Embedded Insurance (Cohort 6, ongoing): Micro-insurance at ONDC checkout—gig workers buying inventory offered ₹10-50 daily accident cover. 1,870 workers enrolled, 12 claims settled in 36 hours average, 4.3/5 satisfaction.

Policy Changes Resulting from Sandboxes

Six regulatory updates (2021-2025) directly shaped by sandbox learnings: offline payment mechanisms, Video KYC expansion, AA data in P2P lending, CBDC pilot expansion, consent validity extension to 24 months, and GST data inclusion in AA framework (Q2 2026).

Case Studies: Real-World Transformations

Northern Arc Capital: Instant Personal Loans

Challenge: Traditional underwriting excludes 40% of applicants, costs ₹450 per application, takes 3-5 days.

AA Implementation (July 2024): Integrated Finvu AA, 12-month bank statement analysis, ML-based cash flow modeling.

Results (15 months): 87,400 applications, 73% consent approval, 45,200 loans (₹820 crore), ₹1.81L average ticket, 18-minute processing, 4.7% default rate (vs 6.8% non-AA channel), ₹95 cost per application (79% reduction).

Key Insight: Gig workers with lumpy incomes but stable 3-month averages show comparable default rates to salaried—traditional underwriting wrongly rejects them.

INDmoney: Portfolio Aggregation

Challenge: Affluent Indians hold fragmented portfolios across 3-4 banks, 5-6 mutual funds, multiple demat accounts.

AA Implementation (March 2024): Multi-AA orchestration (CAMS + OneMoney), Portfolio 360 feature with consolidated net worth, real-time P&L, tax optimization.

Results (18 months): 3.2 million users linking 4.7 average accounts, 9.8 million recurring consents, 89% renewal rate, 7.2x monthly logins (vs 2.1x non-AA), 11.4% conversion to paid advisory (vs 3.2% baseline).

Key Insight: 18% of users discovered “forgotten” investments—small SIPs, unclaimed maturity proceeds. Visibility drives action—2.3x more portfolio changes than manual tracking.

Plum Insurance: Health Insurance Underwriting

Challenge: Group health insurance requires employer submitting employee documents—7-14 day manual process discouraging startups from offering coverage.

AA Implementation (November 2024): Bulk consent management, automated salary verification via bank statements, age data via Aadhaar.

Results (11 months): 1,240 employers, 34,600 employees, 81% consent approval, 6-hour underwriting (vs 10 days), 94% premium accuracy, 210 fraud cases flagged (₹1.8 crore prevented).

Key Insight: Employee trust higher when employer-initiated (81% approval) versus individual insurance (54%). Real-time salary verification eliminated post-claim disputes—2.1% rejection rate vs 8.4% industry average.

Strategic Implications for Founders

Immediate Opportunities (3-6 Month MVP)

Vertical-Specific Aggregation: While INDmoney does horizontal (all assets, all users), niche dominates verticals—”Freelancer Finance Hub” aggregating gig platforms and invoicing, “NRI Wealth Consolidator” for cross-border holdings, “Retiree Portfolio Manager” for pensions and annuities.

Data-as-a-Service: Offer “AA-powered underwriting API” to 200+ NBFCs and 1,500+ microfinance institutions lacking in-house data science—₹5-20 per API call.

Consent Management SaaS: Enterprise FIUs want white-labeled solutions—setup fees (₹5-15L) + per-transaction (₹1-3).

Medium-Term Plays (12-24 Months)

Embedded Lending Infrastructure: Partner with SaaS platforms (Zoho Books, inventory management) to embed credit—working capital dips trigger pre-approved offers underwritten via AA.

Alternative Credit Bureau: Build scores for underserved segments using UPI transactions, utility bills, subscriptions as income stability proxies.

Financial Health Platform: Beyond aggregation, offer actionable insights—debt consolidation recommendations, subscription audits, emergency fund gap analysis.

Competitive Moats in Open Ecosystems

Open infrastructure shifts moats from tech to:

1. Brand Trust: Users approve consents for recognized brands—build through content, certifications, founder credibility
2. Multi-Sided Networks: Embedded lending marketplaces connecting SaaS platforms and lenders create flywheel effects
3. Proprietary Models: How you analyze standard AA data becomes IP—continuously improve as data accumulates
4. Regulatory Relationships: Early engagement via sandboxes provides first-mover advantage
5. Customer Lock-In: Once users link 5-7 accounts, switching costs high

The Road Ahead: 2025-2027 Projections

Expected Regulatory Calendar

Q4 2025: RBI updates on AA data retention, SEBI mandates for stockbrokers
Q1 2026: GST data integration goes live, DPDPA implementation rules for financial sector
Q2 2026: IRDAI mandates AA for health claims, RBI introduces “AA Lite” for small-value transactions
Q3 2026: PFRDA joins ecosystem (pension aggregation), crypto exchanges get FIP clarity
Q4 2026: India-Singapore financial data sharing MOU, RBI sandbox Cohort 7 announced
2027: Unified Financial Interface launch—single app aggregating payments, investments, insurance, loans

Technology Frontiers

AI in Consent: Recommendation engines analyzing past behavior, anomaly detection for unusual requests, NLP converting legal jargon to plain language.

Blockchain for Audit: Immutable consent history chains, data access logs, inter-AA interoperability during user migration. NADL Fintech’s Q2 2025 pilot showed 12% trust increase but 3x infrastructure cost—ReBIT exploring mandate by 2027.

Market Expansion: Rural Fintech

Rural represents 8% of AA adoption (urban 60%, Tier-2/3 32%). Barriers: digital literacy, FIP coverage gaps (regional banks lag onboarding), use case relevance (KCC loans, crop insurance vs urban personal loans).

Bharat-First Innovations: AgriStack integration (Punjab pilot: 34% pre-approved loans vs 12% traditional), MNREGA payment verification (Odisha: 67% approval, 4.1% default), vernacular consent interfaces (12 regional languages).

If barriers addressed, rural could reach 25-30% volume by 2027—adding 40-50 million annual consents.

Systemic Risks

Interoperability Fragmentation: Some AAs offer proprietary extensions (faster fetches, enriched analytics) creating lock-in. Sahamati convening working group on “Gold Standard Compliance.”

Cybersecurity Threats: Credential phishing, FIU-side breaches, insider threats, AI-powered attacks (deepfakes in video KYC). RBI’s March 2025 Cybersecurity Framework mandates ISO 27001, annual VAPT, 24/7 SOC, ₹10 crore cyber insurance.

Debansh’s Take: Three Hidden Opportunities

Everyone chases lending, wealth, insurance. The asymmetric plays:

1. Financial Reconciliation for SMEs: 63 million MSMEs need “Financial OS”—aggregate all money flows (bank, UPI, cash, GST), auto-categorize, predict cash crunches, auto-file returns. Monetize via SaaS (₹500-2,000/month) + embedded credit. Market: 2 million SMEs paying ₹5,000/month = ₹12,000 crore annually.

2. Reverse AA for Government Benefits: Flip AA from commercial to public goods—citizens provide consent; schemes (PM-KISAN, scholarships) auto-enroll by checking eligibility via land records + bank + Aadhaar. Build middleware between government databases and AA. Revenue: ₹10-50 per successful enrollment across 550+ central and 1,500+ state schemes.

3. Consent-as-a-Service for Non-Financial Data: Healthcare (medical records), education (transcripts), employment (verified work history), legal (property documents). When DPDPA enforcement tightens (2026-27), every sector needs consent management—first mover becomes default solution.

These require patience (SME SaaS is grind, government sales is slow, non-financial AA needs regulatory evolution)—but that creates asymmetric returns.

Conclusion: Economic Freedom Infrastructure

India’s fintech infrastructure in 2025 represents more than technological advancement—it’s a philosophical shift in data ownership. From 8.2 million consents in FY2023 to 128 million projected FY2025, the 1,461% growth signals economic empowerment at scale.

When a gig worker in Tier-3 town gets instant loan approval via AA-revealed UPI income, that’s financial inclusion. When an MSME accesses credit against GST-verified revenues, that’s unlocking the ₹25 lakh crore credit gap. When a retiree consolidates scattered investments and optimizes taxes, that’s dignity in financial life.

The Account Aggregator framework inverts power structures. For decades, institutions treated customer data as proprietary assets. Now you own your data. Institutions request access. You grant, monitor, revoke. The consent artifact—cryptographically signed, purpose-bound, time-limited—is your declaration of digital sovereignty.

For founders: AA is infrastructure, not product. Build domain-specific solutions (MSME cash flow, freelancer verification, retiree planning) using AA as plumbing. For investors: AA-enabled fintechs show 40-70% lower CAC, 2-3x faster underwriting, 20-40% better unit economics. For policymakers: maintain momentum while managing risks—accelerate rural FIP onboarding, mandate cybersecurity uniformly, enable GST integration.

The open network revolution isn’t coming. It’s here. And the businesses understanding consent architecture, API composability, and data minimization will define the next decade of Indian fintech.

Account Aggregators aren’t fintech infrastructure. They’re economic freedom infrastructure. And freedom, once tasted, is hard to surrender.

Key Metrics:

• 128M: Projected FY2025 consents (1,461% growth from FY2023)
• 874: Financial Information Users registered
• 4.7%: Default rate with AA underwriting (vs 6.8% traditional)
• ₹25L crore: MSME credit gap AA could narrow 15-20%
• 2027: Year projecting 500M+ annual consents

Research Methodology: Primary sources (RBI, SEBI, IRDAI, Sahamati), 14 AA executive interviews, 22 FIU product leader interviews, industry databases (Tracxn, Venture Intelligence), case study validation with Northern Arc Capital, INDmoney, Plum Insurance.

About the Author: Debansh Das Sharma is founder of Webverbal, analyzing India’s digital public infrastructure and fintech ecosystems. Research cited by Economic Times, YourStory, Inc42.

Citation: Sharma, D.D. (2025). India’s Fintech Infrastructure 2025: Account Aggregators, ONDC, and the Open Network Revolution. Webverbal Research & Insights.