Your guide to UPI changes starting August 1, 2025

On 21-5-2025, the National Payments Corporation of India (NPCI) notified the ‘Guidelines on usage of Unified Payments Interface (‘UPI’) and Application Programming Interface (‘API’)’. These guidelines aim to revolutionize digital transactions by implementing a set of new technical, operational limits to improve performance and reducing server congestion. All the banks and UPI app providers were directed to implement these rules by 31-7-2025, and enforcement begins from 1-8-2025.

Key points of NPCI Notification:

1. NPCI has introduced these provisions to ensure secure, efficient, and controlled use of UPI APIs by Payment Service Provider (‘PSP’) banks and acquiring banks. The focus is on preventing misuse and system overload through:
   • Transactions per second limitation (‘TPS’)
   • Rate limits
   • Usage monitoring
   • Prioritizing customer-initiated API calls.
2. To control excessive traffic and preserve system bandwidth during peak hours, NPCI has set daily limits for certain UPI functions:
   • Balance Checks: Limited to 50 times per day per app. If someone uses more than one app, like Paytm and Google Pay, they can do 50 checks on each app.
   • Linked Account Views: Limited to 25 per day per app. Linked account views happen when you check which bank accounts or debit cards are connected to your UPI ID. Too many of these requests can clog the system, especially when done automatically or repeatedly.
   • Transaction Status Checks: Allowed the status check only 3 times, each at a gap of 90 seconds. This prevents apps from hammering the system with rapid-fire retries during network delays.
3. Under the new framework, NPCI has introduced designated time slots for executing recurring AutoPay transactions allowed only:
   • Before 10:00 AM
   • Between 1:00 PM and 5:00 PM
   • After 9:30 PM.
4. To reduce system load during peak hours, AutoPay triggers are strictly prohibited between:
   • 10:00 AM to 1:00 PM
   • 5:00 PM to 9:30 PM
5. UPI Apps are also required to control or block automated API requests that are not triggered by customers directly. This includes requests like listing accounts, validating payment addresses, and fetching encryption keys.
6. The Guideline mandates that the List Verified Merchants API can be accessed only once daily during non-peak hours, with a minimum of 1,000 entries per call to avoid frequent server hits.
7. The Penny Drop API, banks are obliged to obtain explicit customer consent and use a dedicated UPI ID with MCC 7413, complying with the provisions of Digital Personal Data Protection Act, 2023.
8. NPCI restricts ValCust API to moderate transaction speeds and limited attempts, especially for sensitive use cases like IPO PAN validation and foreign remittance onboarding.
9. NPCI has stated that all service providers to throttle these background tasks, especially during busy hours, to avoid unnecessary server strain.
10. If PSPs or UPI app providers fail to comply with these rules, NPCI can:
    • Impose penalties
    • Restrict access to UPI APIs
    • Suspend onboarding of new customers
11. The new limits are meant to improve the overall health of the UPI systems, reduce failed transactions, and keep services fast even when millions of users are active.
12. NPCI confirms that regular users need not change any settings themselves. The updates will be handled by the apps automatically, so your regular payments and transfers will continue without interruption.