On this page · 11 sections
- What NPCI's Unified Agent Protocol is, and is not
- Why UPI is where this fight happens
- The agentic-payment protocol landscape in 2026
- The three problems every agentic-payment design must solve
- What the RBI already requires, and why it constrains UAP
- Five capabilities to build into your UPI app now
- India-specific considerations
- What to watch next
- FAQ
- How eCorpIT can help
- References
Summary. In July 2026 the National Payments Corporation of India (NPCI) confirmed it is building a Unified Agent Protocol (UAP), a framework that would let AI agents be registered, verified and authorised to make payments over the Unified Payments Interface (UPI), according to reporting by Business Standard. Any rollout needs Reserve Bank of India (RBI) approval first. The stakes are large: UPI cleared over 22 billion transactions worth more than ₹28 lakh crore (about US$296.92 billion) in June 2026 alone, up 23% in volume and 20% in value year on year, at an average of 757 million payments a day. For fintech teams the work starts now, before the protocol ships. This guide covers what UAP reportedly is, how it compares with Google's AP2 (announced 16 September 2025) and other agentic-payment standards, what the RBI's e-mandate rules already demand, and the five things you should build into a UPI app so an agent can transact safely: agent identity, per-agent spend limits, tamper-evident audit logs, DPDP-ready consent, and clean reconciliation.
What NPCI's Unified Agent Protocol is, and is not
NPCI, the private non-profit that operates UPI, is working on a Unified Agent Protocol that would sit on top of the existing UPI rails rather than replace them, as reported by Business Standard on 8 July 2026 and covered by MediaNama two days later. The idea is a trust and verification layer: an AI agent would be registered and given verifiable credentials, then checked at payment time to confirm it is a legitimate agent, that it is authorised to act for a specific user, and that the request falls inside the limits that user set.
In the reported design, NPCI's own role stops at the final step of confirming whether a payment request is genuine, and it would keep logs of agentic transactions so they can be traced later, per Business Standard's follow-up explainer. The stated use cases are ordinary recurring life admin: paying a utility bill before its due date, renewing a subscription, buying a transport ticket, booking travel, or ordering groceries.
Two cautions matter for anyone planning around this. First, the public reporting is thin on mechanics, so treat the specifics as a direction of travel, not a finished specification. Second, nothing launches without the RBI. UAP is a proposal in industry consultation, and the central bank has to approve it before a single agent debit reaches a real account. That gap between announcement and approval is the window fintech teams should use.
Why UPI is where this fight happens
Agentic commerce only works if an agent can complete a payment, and in India that payment step is overwhelmingly UPI. The scale is the reason NPCI is moving. UPI processed over 22 billion transactions in June 2026, worth more than ₹28 lakh crore, with volume up 23% and value up 20% year on year, according to NPCI data reported by IBEF; more precise figures put the month at 22.72 billion transactions worth ₹28.92 lakh crore, per Entrackr. The system now averages 757 million payments a day and runs in more than eight countries, including the UAE, Singapore, France, Mauritius, Sri Lanka and Greece.
Card-first agentic protocols from the United States assume a card is the instrument. In India, most digital payments settle over UPI, so a national agent protocol has to speak UPI. That is both the opportunity and the constraint: the addressable volume is enormous, but the rules that govern UPI, especially around authentication, were written for a human tapping a PIN, not an agent acting overnight. If you build in India, the agentic-commerce standards conversation you have read about elsewhere still routes through UPI, which is why our guide to agentic commerce standards for merchants and our note on UPI transaction growth and the NPCI market-share cap are useful companions to this piece.
The agentic-payment protocol landscape in 2026
UAP does not arrive on a blank page. Several agent-payment protocols already exist, and they disagree on rails, ownership and how much autonomy an agent gets. The table below maps the main ones as of mid-2026.
| Protocol | Backer | Approach | Status |
|---|---|---|---|
| Unified Agent Protocol (UAP) | NPCI (India) | Agent registry and verification layer on UPI rails | In development; needs RBI approval |
| Agent Payments Protocol (AP2) | Google, 60+ partners | Signed Intent, Cart and Payment mandates as verifiable credentials, across cards, bank transfers and stablecoins | Announced 16 September 2025; Universal Cart added at Google I/O 2026 |
| Agentic Commerce Protocol (ACP) | OpenAI and Stripe | Instant Checkout inside ChatGPT using a Shared Payment Token | Launched 29 September 2025 |
| x402 | Coinbase | Machine payments so agents can buy resources on their own | Used by Cloudflare for paid agent access |
| P3P | Pine Labs (India) | Agent OAuth framework for authenticating agents | Launched June 2026 |
| Agent Pay, Intelligent Commerce | Mastercard, Visa | Card tokenisation and agent APIs, with agentic tokens and spend controls | Launched late April 2025 |
The pattern is a split between open, credential-based schemes like Google's AP2, which was announced on 16 September 2025 with more than 60 partners and later gained a Universal Cart at Google I/O 2026, and network- or country-specific schemes tied to one rail. The card networks moved early: Mastercard Agent Pay and Visa Intelligent Commerce both launched in late April 2025, and OpenAI and Stripe followed with the Agentic Commerce Protocol on 29 September 2025. UAP is squarely in the second camp: it is UPI-native and India-specific. Pine Labs has already shown what an India agent-auth layer can look like, open-sourcing an agent OAuth framework alongside its P3P protocol in June 2026. If you already reason about checkout protocols, our comparison of ACP versus UCP for agentic checkout shows how quickly this space is fragmenting.
The three problems every agentic-payment design must solve
Business Standard's reporting reduced the hard part to three questions, and they are the right ones for engineers to plan against.
The first is authorisation. The system has to establish not just who the user is, but whether their agent is legitimate and is allowed to act for them. That means an agent needs its own identity and credential, distinct from the human's UPI ID, so a payment can be tied to a specific agent instance rather than a shared secret.
The second is the scope of authority. Once an agent can pay, the user has to be able to say how much, how often, and for what. A protocol that only answers "is this agent real" without answering "what is it allowed to spend" is unfinished. This is where per-agent limits and category rules live.
The third is accountability. If an agent overspends, buys the wrong thing, or is compromised, someone has to be answerable, and the transaction has to be traceable and ideally reversible. NPCI's plan to hold logs of agentic transactions is a start, but liability between the user, the app, the agent provider and the bank is still unsettled. Build as if you will have to prove, months later, exactly which agent made which payment under which mandate.
What the RBI already requires, and why it constrains UAP
Any agent flow has to fit inside rules the RBI has already tightened. The RBI's Digital Payments E-mandate Framework, issued on 21 April 2026, consolidated the earlier circulars on recurring online payments across cards, prepaid instruments and UPI, as summarised by KPMG. It permits recurring debits up to ₹15,000 without a fresh additional factor of authentication (AFA), but it still requires one human AFA to register the mandate and another for the first payment, and an OTP-style factor to register or withdraw a mandate, per MediaNama's coverage.
The direction of regulation is clear from a parallel case. When ixigo launched voice payments in July 2026, RBI rules still required two-factor authentication with a human in the loop. An AI agent making a payment is the same design problem in a different wrapper, and the regulator has not yet blessed removing the human. The table below sets out where the lines currently sit.
| Scenario | Authentication today | Basis |
|---|---|---|
| One-off UPI payment | UPI PIN entered per transaction | Existing UPI rules |
| Recurring e-mandate up to ₹15,000 | No AFA per debit; human AFA to set up and for first payment | E-mandate Framework 2026 |
| Recurring e-mandate above ₹15,000 | AFA per debit, with pre-debit notification | E-mandate Framework 2026 |
| Voice payment (ixigo) | Two-factor, human in the loop | RBI direction, July 2026 |
| Agentic payment (UAP, proposed) | To be defined; pending RBI approval | NPCI proposal |
The practical takeaway: design your agent flows to reuse mandate registration and AFA where they apply, because the OTP still gets issued for a transaction anyway. An agent feature that assumes the human disappears entirely is unlikely to clear the regulator in its first version.
Five capabilities to build into your UPI app now
You cannot ship UAP support before UAP exists. You can build the scaffolding it will need, and every item below improves your payment product even if the final spec differs.
1. Agent identity and delegation
Give each agent its own identity, separate from the user's UPI handle. Nikhil Pahwa of MediaNama has suggested the cleanest version of this: delegated handles such as agent-name@bank, plus a separate agent PIN that is on by default. In your own stack that means an agent registry, a per-agent key or credential, and a binding between an agent instance and the human who delegated to it. Never let an agent reuse the user's primary UPI PIN.
2. Per-agent spend limits
Default to deny, then let the user open up. Support a maximum amount per transaction, a cap on the number of transactions and total value per month, and per-day and per-week ceilings, with an optional category allow-list. As an illustration of how conservative defaults should be, Pahwa proposed starting values as low as ₹100 per transaction and ₹500 a month with one transaction a day. The exact numbers are yours to tune; the point is that limits are a first-class object in your data model, not an afterthought bolted on later.
3. Tamper-evident audit logs
Since NPCI intends to keep logs of agentic transactions, you have to be able to reconcile against them. Record the agent id, the mandate id, a hash of the user's intent, the amount, the counterparty and precise timestamps for every agent action, and make these exportable for a dispute. Tamper-evident storage matters because an audit trail you can quietly edit is worth little in a liability argument.
4. DPDP-ready consent and data minimisation
An agent acting for a person processes that person's data, so the Digital Personal Data Protection Act, 2023 applies. Capture purpose-specific consent, minimise what the agent can read, and give the user a clean way to withdraw. Aligning with the emerging consent-manager plumbing now will save rework: see our DPDP consent-manager readiness guide and, for pulling financial data under consent, our note on account aggregator integration for fintech builders.
5. Reconciliation and reversibility
Build recourse in from the start. Use idempotency keys so a retried agent request cannot double-pay, reconcile daily against NPCI and bank records, and define a dispute path that can trace and reverse an agent's mistaken transaction. The capability map below shows where each piece lives.
| Capability | Why it matters | Where it lives in your stack |
|---|---|---|
| Agent identity | Ties a payment to a specific agent, not a shared secret | Auth service, agent registry |
| Per-agent limits | Bounds the damage from error or compromise | Policy engine, mandate store |
| Audit logs | Lets you prove and trace every agent action | Event log, immutable storage |
| DPDP consent | Keeps agent data use lawful and revocable | Consent service, data-access layer |
| Reconciliation | Catches double-pays and enables reversal | Ledger, settlement jobs |
India-specific considerations
Beyond the RBI gate and DPDP, there is a live debate about the right instrument for agents. Nikhil Pahwa, founder and editor of MediaNama, argues that prepaid wallets contain risk better than UPI because they cap exposure to a loaded balance. As he put it: "India sacrificed containment of risk for enabling bank integration for payments." His conclusion is that India will probably need both wallet and UPI agent flows, because wallets limit blast radius while UPI carries the reach.
There is also an adoption reality. Agentic payments sit behind two layers of friction: first people have to adopt agents, then they have to trust those agents with money. That compounding is why conservative defaults and visible controls are not just safer, they are how you get anyone to switch the feature on. India has done hard payment migrations before, but the ones that stuck gave users a clear sense of control. A credit-line-style overlay is another pattern worth studying here; our piece on credit line on UPI for D2C merchants covers how added rails change the risk conversation.
What to watch next
Three signals will tell you UAP is moving from proposal to product. Watch for RBI's public position, since approval is the gating event. Watch for an NPCI specification or a named beta, which would likely surface through the usual bank and payment-service-provider partners. And watch whether UAP chooses to interoperate with open schemes like AP2 and ACP or stays a closed, UPI-only layer, because that decision shapes whether an Indian agent can pay a foreign merchant and the reverse. Until those land, the highest-value work is the scaffolding: identity, limits, logs and consent.
FAQ
How eCorpIT can help
eCorpIT is a Gurugram-based, senior-led engineering organisation that has built UPI and payments features for Indian fintech products since 2021. We design applications aligned with RBI e-mandate and DPDP requirements, and we can help your team put the UAP scaffolding in place now: agent identity, per-agent spend limits, tamper-evident audit logs and consent capture, so an agent payment feature is a configuration change later rather than a rebuild. If you are scoping an agentic payment flow, see our fintech payments app development service or contact us to talk it through.
References
- Business Standard, "India may allow agentic AI-led UPI transactions under new NPCI protocol," 8 July 2026 : https://www.business-standard.com/finance/news/india-may-allow-agentic-ai-led-upi-transactions-under-new-npci-protocol-126070801343_1.html
- Business Standard, "Unified Agent Protocol: will AI be making UPI payments for you now?" 9 July 2026 : https://www.business-standard.com/finance/news/unified-agent-protocol-will-ai-be-making-upi-payments-for-you-now-here-s-how-it-may-work-126070900865_1.html
- MediaNama, "How NPCI should approach agentic payments," 10 July 2026 : https://www.medianama.com/2026/07/223-npci-agentic-payments-upi/
- IBEF, "UPI Transactions Rise 23% to Over 22 billion in June," 2 July 2026 : https://www.ibef.org/news/upi-transactions-rise-23-to-over-22-billion-in-june
- Entrackr, "UPI clocks 22.72 Bn transactions worth Rs 28.92 lakh Cr in June," July 2026 : https://entrackr.com/news/upi-clocks-2272-bn-transactions-worth-rs-2892-lakh-cr-in-june-12122397
- NPCI, "UPI Product Statistics" : https://www.npci.org.in/product/upi/product-statistics
- KPMG, "Reserve Bank of India (RBI) Digital Payments — E-mandate Framework, 2026" : https://kpmg.com/in/en/2026/06/reserve-bank-of-india-rbi-digital-payments-e-mandate-framework-2026.html
- MediaNama, "RBI mandates additional factor authentication for e-mandates," 24 April 2026 : https://www.medianama.com/2026/04/223-rbi-additional-factor-authentication-e-mandates/
- MediaNama, "ixigo bets on voice payments, but RBI rules still require two-factor authentication," July 2026 : https://www.medianama.com/2026/07/223-ixigo-voice-payments-rbi-rules-human-authentication/
- Google Cloud, "Announcing Agent Payments Protocol (AP2)," 16 September 2025 : https://cloud.google.com/products/ai-machine-learning/announcing-agents-to-payments-ap2-protocol
- The Next Web, "Google launches Universal Cart and updates AP2 at I/O 2026" : https://thenextweb.com/news/google-universal-cart-agent-payments-shopping-io-2026
- MediaNama, "Pine Labs launched an agentic payments protocol (P3P)," June 2026 : https://www.medianama.com/2026/06/223-pine-labs-agentic-payments-protocol-upi-liability-privacy-questions/
- SiliconIndia, "NPCI Plans Protocol To Enable Agentic AI-Led UPI Transactions" : https://www.siliconindia.com/news/general/npci-plans-protocol-to-enable-agentic-ailed-upi-transactions-nid-241435-cid-1.html
- Stripe, "Stripe powers Instant Checkout in ChatGPT and releases the Agentic Commerce Protocol," 29 September 2025 : https://stripe.com/newsroom/news/stripe-openai-instant-checkout
- Digital Commerce 360, "Visa, Mastercard offer support for AI agents," May 2025 : https://www.digitalcommerce360.com/2025/05/06/visa-mastercard-ai-agentic-commerce/
Last updated: 18 July 2026.