The Reserve Bank of India (RBI) on Wednesday released draft guidelines proposing a comprehensive framework for the use of artificial intelligence (AI) by banks and other regulated financial entities, including a requirement for a “kill switch” mechanism.
Under the proposed rules, banks would need to be able to immediately override, suspend, or deactivate any AI system they use if it produces harmful, incorrect, or risky outputs. This includes the ability to shut down AI models instantly through a kill-switch arrangement, ensuring rapid control in case of system failure or misuse.
The RBI said financial institutions must put in place robust override and deactivation mechanisms so that no AI model can continue operating without the possibility of immediate shutdown when necessary. The proposal comes amid growing concerns globally about the safety and security of advanced AI systems used in sensitive sectors such as banking.
The draft guidelines also emphasise that human oversight must remain central to all AI-driven decision-making. Even when AI systems are used to assist or automate processes, final responsibility and supervision must remain with human operators.
The proposed framework would apply broadly to all models used by regulated entities, ranging from basic algorithmic tools to advanced artificial intelligence and machine learning systems. Banks would remain fully accountable for outcomes generated by these systems, whether the models are developed internally or sourced from external vendors, and are expected to conduct proper due diligence before deployment.
The RBI has also introduced a risk-based classification approach, requiring institutions to categorise AI models based on their risk levels. Higher-risk models would require stricter oversight, validation, and approval from the Board-level Risk Management Committee before deployment. These classifications must be reviewed at least annually.
If a model is found to exceed an institution’s acceptable risk threshold, banks would be required to take corrective action, which could include enhanced safeguards, restricted usage, remediation, or complete decommissioning, along with reporting to the board’s risk management committee.
For the first time, AI governance is being elevated to the board level under a proposed Model Risk Management Framework. Every regulated entity would need a board-approved system covering all models, including those built in-house, sourced from vendors, or developed through hybrid approaches.
The RBI noted that increased use of AI and machine learning in financial decision-making introduces risks such as financial loss, operational disruption, compliance failures, and reputational damage if not properly managed. It also warned about risks arising from overdependence on a limited number of AI providers and the potential vulnerabilities introduced through such systems.
On customer-facing applications, the draft guidelines require banks to clearly disclose when users are interacting with AI systems and ensure that customers have the option to switch to a human representative at any time. The RBI also highlighted the risk of “automation bias,” where employees may over-rely on AI outputs without adequate human judgment.
For generative AI systems, additional cybersecurity safeguards would be required, especially when they interact directly with customers or external users.
The RBI has invited public feedback on the draft framework, with the consultation period open until July 24.
