Playbook · India · Financial services (RBI)

AI in the bank is now a supervised risk:
the RBI-aligned governance roadmap

RBI's FREE-AI framework, the AI-Accelerated Cyber Threats advisory and CERT-In's directions turned AI into a supervised, board-owned risk for banks, NBFCs and PSOs. Here is the 5-phase roadmap a supervisor will inspect - and the runtime gap your existing stack cannot close.

RBI FREE-AI AI-ACT&RS Advisory CERT-In directions DPDP Act · ISO 42001 · NIST AI RMF
The mandate has landed

Three instruments, about twelve months

Together they move AI from an innovation project to a supervised, auditable, board-owned risk - with the paperwork that phrase implies.

RBI FREE-AI Framework

Aug 2025 · principles + roadmap

7 Sutras · 6 Pillars · 26 recommendations spanning AI adoption and risk mitigation.

RBI AI-ACT&RS Advisory

Apr 2026 banks · Jun 2026 PSOs

Clause 4 - defend the tech stack against AI-accelerated threats. Clause 5.1-5.13 - govern your own AI.

CERT-In - Frontier AI + OEM

Apr-Jun 2026 · directions

AI-accelerated threat defence, VAPT/BAS, accelerated patching and 6-hour incident reporting.

Anchored to: DPDP Act · ISO/IEC 42001 & NIST AI RMF crosswalks · OWASP LLM Top 10 & MITRE ATLAS for AI security · your board's own risk appetite.
The through-line

What all three converge on

Trust is the foundation
Human oversight, always
Accountability stays with the RE, not the model
Evidence, not assertions
The roadmap

Five phases a supervisor will inspect

FREE-AI's innovation and risk pillars, sequenced the way a CISO actually operates - and the questions you will be asked, in order.

PHASE 0
Govern
Own the risk before AI touches production
Board-approved AI policy (Rec 14) · risk classification · AI inventory (Rec 23) · data lifecycle + DPDP (Rec 15)
PHASE 1
Build & Test
Prove it's safe before it ships
Red-teaming across lifecycle (Rec 20) · product approval (Rec 17) · threat controls (5.5) · CERT-In VAPT/BAS/SDL
PHASE 2
Deploy & Enforce
Control what the AI can access & do
AI agents & privileged access (5.10) · access control (5.4) · human oversight (Rec 16) · shadow-AI leakage (4.6)
PHASE 3
Monitor & Respond
See it, contain it, report it
Logging & forensics (5.8) · output validation (5.6) · incident reporting (Rec 22) · BCP for AI (Rec 21)
CONTINUOUS
Assure & Disclose
Sustain trust; answer regulator, board & buyers
Risk-based AI audit (Rec 24) · disclosures (Rec 25) · sector repository (Rec 23) · compliance toolkit (Rec 26)
The readiness gap

Why this is urgent, not theoretical

From RBI's own survey of 600+ regulated entities. The gap between policy on paper and control in production is the exposure.

~33%
of REs have any board-level AI oversight
~25%
have a formal AI-incident process
18%
keep AI audit logs
14%
do real-time AI performance monitoring
Source: RBI FREE-AI Committee survey, 2025.
The blind spot

The gap your existing stack cannot close

Your IAM/PAM, WAF and API gateways, DLP/CASB, SIEM and EDR are built for deterministic software. None can catch a legitimately-authorised AI agent, driven by untrusted input, doing something inside its permissions but outside your policy - the dominant 2026 failure mode (prompt injection, the "lethal trifecta", agentic data exfiltration). It is exactly the seam RBI Clause 5.10 and the human-oversight recommendations point at.
IAM / PAM
identity authenticated, in scope
waved through
WAF / API gateway
request well-formed
waved through
DLP / CASB
sanctioned tool & channel
waved through
SIEM / EDR
no known-bad signature
waved through
Every layer says "yes." None can see the AI's intent vs your policy.
Where Trampolyne fits

Make your AI stay within intended bounds - and prove it

From pre-deployment testing, through runtime, to audit-ready evidence. Trampolyne supplies the technical controls and evidence that make each phase credible - the policies, documentation and processes stay yours. We help you align; we don't issue certifications.

Product Govern Build & Test Deploy & Enforce Monitor & Respond Assure
AI Red-Teaming
Shadow AI Detection & Runtime Control
Enterprise AI Security & Runtime Control
AI Compliance Assistant
core control & evidence Trampolyne provides  ·  supporting input. Each RBI phase also demands policies and processes the RE owns; Trampolyne supplies the technical controls and audit evidence, not the entire pillar.

AI Red-TeamingAWS Marketplace

Continuous adversarial testing on a scheduled cadence and on every material change. 27+ attack classes, working exploits + fixes, mapped to OWASP LLM Top 10 & MITRE ATLAS - the evidence Rec 20 and CERT-In expect.

Rec 20 Red-TeamingRec 17 Product ApprovalClause 5.5CERT-In VAPT/BAS

Enterprise AI Security & Runtime Control

Sits inline and evaluates every request before the model or agent acts - RBAC/ABAC/PBAC/NGAC enforcement in milliseconds. A deterministic guardrail over a non-deterministic model. Consumes your IAM, feeds your SIEM. No model rewrites.

Clause 5.10 Agents & Privileged AccessClause 5.4 Access ControlRec 16 Human OversightClause 5.8 Logging

Shadow AI Detection & Runtime Control

Sits between employees and every public AI tool. Classifies data by type, provenance and role, blocks sensitive data before it leaves, and logs every interaction - without killing productivity.

Clause 4.6 Public-tool leakageClause 5.4 Data ProtectionRec 15 Data LifecycleDPDP Act

AI Compliance Assistant

Turns enforcement, red-team and runtime evidence into review-ready answers - a continuous, per-decision audit trail for the regulator, your board and enterprise-buyer security questionnaires.

Rec 24 AuditRec 25 DisclosuresRec 22 Incident ReportingClause 5.8 Forensic Readiness
FAQ

RBI AI governance questions we hear from CISOs & DPOs

What is RBI's FREE-AI framework?
FREE-AI (Framework for Responsible and Ethical Enablement of AI), published by the RBI committee in August 2025, sets out 7 Sutras, 6 Pillars and 26 recommendations for how banks, NBFCs and other regulated entities adopt and govern AI - balancing innovation enablement with risk mitigation across governance, protection and assurance.
Does the RBI AI-ACT&RS advisory apply to NBFCs and payment system operators?
The AI-Accelerated Cyber Threats & Related Safeguards advisory was issued to commercial banks (including small finance and payments banks) on 27 April 2026 and to non-bank Payment System Operators on 1 June 2026. Clause 4 covers defending the technology stack; Clauses 5.1-5.13 cover governing the entity's own AI.
What does RBI require for AI governance in financial services?
A board-approved AI policy and risk classification, human oversight of AI decisions, accountability that stays with the regulated entity (not the model), logging and audit trails, red-teaming across the lifecycle, incident reporting, and demonstrable evidence rather than assertions - across the five phases: Govern, Build & Test, Deploy & Enforce, Monitor & Respond, and Assure & Disclose.
What is CERT-In's role in AI security for regulated entities?
CERT-In issued the "Defending Against Frontier AI Driven Cyber Risks" advisory (26 April 2026) and OEM / technology-provider guidelines (10 June 2026), pulling AI-specific testing (VAPT/BAS), accelerated patching and a 6-hour incident-reporting clock into scope for regulated entities and their technology providers.
Do existing security tools (WAF, DLP, IAM, SIEM) meet RBI's AI requirements?
No. They are built for deterministic software and cannot catch a legitimately-authorised AI agent, driven by untrusted input, doing something inside its permissions but outside policy - the seam RBI Clause 5.10 and the human-oversight recommendations point at. Meeting the requirement needs runtime, pre-execution policy enforcement plus a per-decision audit trail.
More playbooks

Governance playbooks for other markets

Same 5-phase structure, tuned to each market’s regulators and buyers.

Take the 2-page roadmap with you

Share it with your board, your supervisor-facing teams and your engineers - then see where you stand in a 20-minute call.

Positioning collateral, not legal advice. Trampolyne AI helps you align with regulatory expectations; it does not issue certifications.