India's Account Aggregator in 2026: past the tipping point, not past the gotchas

India's Account Aggregator framework went live commercially in September 2021. For the first two years, it was infrastructure with ambition but thin numbers: most banks were only partly connected, developers integrating with it spent as much time debugging FIP data inconsistencies as building product, and most founders still had to explain what it was at investor meetings.

That picture has shifted materially. As of December 2025, 2.61 billion financial accounts are enabled on the network, 253 million users have linked their accounts, and more than 999 financial entities are live as Financial Information Providers, Financial Information Users, or both. The framework that was a bet in 2022 is infrastructure that credit lenders, insurance platforms, and CA firms depend on in production today.

This article is a 2026 status report: what the Account Aggregator actually does, how the consent flow works in practice, where the ecosystem has matured, and the three constraints that still determine whether your specific product can build on it.

What the Account Aggregator actually does

The Account Aggregator is India's consent-based financial data sharing system, regulated by the Reserve Bank of India under the Account Aggregator Master Direction (2016, amended 2021). It lets an individual authorise one regulated institution to pull their financial data from another: bank statements, insurance policy details, investment portfolio, pension records. No passwords, no document uploads, no relationship manager required.

Before AA, a lender who needed six months of bank statements received a PDF from the applicant. The applicant either uploaded it manually or emailed it. The lender's credit team then parsed it by hand. This introduced delay, error risk, and an obvious fraud surface. PDFs can be altered. Screen scraping, where the applicant shares banking credentials with a third party that logs in and pulls data, is faster but creates privacy exposure and violates most banks' terms of service.

AA replaces this with a single, audited, encrypted data pipe. The institution that holds the data delivers it to the institution that needs it, via the AA which routes but never decrypts. The user approves a specific consent (what data, for how long, for what purpose) and can revoke it at any point.

The three-entity model: FIP, FIU, and the AA in the middle

The AA is a pure infrastructure layer. It cannot read the data it routes. The payload is encrypted with the FIU's public key before it leaves the FIP, so the AA handles only opaque packets. This is a deliberate design: an AA that can read data is a data aggregation company, not a consent manager. The distinction matters for trust and for regulatory classification.

What happens when a user consents

When a user applies for a loan on a lending platform, the flow looks roughly like this. The platform, acting as FIU, creates a consent request specifying the data categories needed (bank account statements), the time period (last 12 months), the frequency (one-time fetch or recurring), and the stated purpose (credit assessment). The AA sends the user a notification, typically via its app or an SMS link.

The user opens the consent screen, reads a plain-language summary of what will be shared, selects which accounts to include, and approves. The FIP receives a signed data fetch request from the AA, packages the data, encrypts it for the FIU using the FIU's public key, and returns it. The FIU decrypts the payload with its private key and processes it.

For major commercial banks, this round trip — from user approval to data available at the FIU — typically completes in under 15 seconds. Smaller banks and cooperative banks are less consistent.

Where the ecosystem stands in 2026

The headline numbers from December 2025 mark a threshold the framework's designers were aiming for:

• 2.61 billion financial accounts enabled on the AA network
• 253 million users with at least one linked account
• 179 live Financial Information Providers, 955 Financial Information Users
• 126 institutions operating in both FIP and FIU roles
• 17 operational Account Aggregators in India

The Department of Financial Services projects 90%+ AA coverage across all financial products by 2027. That figure refers to FIP coverage (the proportion of financial accounts enabled for sharing), not to borrower adoption rates. A separate number is more telling: approximately 38% of borrowers have accounts enabled on the AA framework as of late 2025. The gap between enabled accounts and active use is where most of the near-term growth sits.

The bigger structural shift since 2022 is on the FIU side. Early use was dominated by lenders pulling bank statements for credit assessment. In 2026, the FIU base has widened: wealth management apps pull investment portfolio data, insurance platforms pull health and motor insurance history, CA firms pull client financials for tax preparation. The consent infrastructure built for lending has become a general-purpose financial data layer.

The four use cases with real production depth

MSME lending. The framework's most mature use case. A working capital lender can now pull current-account data, GSTN invoice data, and bureau data for an MSME borrower under a single consent. What was a two-week file-based underwriting process is, at several NBFCs today, a same-day digital one. Lenders can underwrite businesses that never had a packaged credit profile: a sole-proprietor manufacturer, a logistics contractor, a kiranas network member. This is the use case AA was built for, and it works in production.

Consumer lending and credit scoring. Salary account data, savings history, and repayment patterns from live AA feeds give lenders a more current picture than a static bureau report pulled monthly. For thin-file borrowers with limited credit history, a bank statement with consistent salary credits and no bounced EMIs is genuinely more predictive than a bureau score with two lines. Several consumer lenders have made AA-sourced data a primary input to underwriting, not a supplementary one.

CA and tax workflows. A chartered accountant firm registered as an FIU can pull client income, investment, and bank data under a single time-limited consent rather than waiting for clients to assemble and forward documents over weeks. Several tax and compliance platforms have built AA-based document collection into their onboarding flows. Adoption here is earlier-stage than lending but the use case is clear: the AA solves an assembly problem that has nothing to do with credit.

Wealth management and portfolio consolidation. Pulling equity holdings, mutual fund folios, and insurance policy data into a single view is a natural fit for the framework. The user's problem is always assembly — the data exists, but it lives in seven different places. AA solves this without requiring the user to share login credentials with any third party. FIP coverage for demat accounts and mutual fund folios is now broad enough to make this useful for most retail investors.

Use cases that have not yet matured: real-time spend analytics (recurring consent is technically possible but user drop-off at re-consent is high), health data (the ABDM integration exists but is not widely used), and EPFO pension data (live but rarely integrated).

Three constraints that still bite

The second constraint is data coverage gaps. Most large commercial banks are live FIPs with good uptime. But joint accounts are not supported by any bank on the AA network. NRE and NRO accounts are not discoverable. Current accounts for entities other than sole proprietors (private limited companies, partnership firms, trusts) are excluded from most FIPs. For a B2B lender whose target borrower is an incorporated company rather than an individual, these gaps are material.

The third constraint is consent scope. The RBI explicitly prohibits omnibus consent — you cannot ask for indefinite access to all financial data. Each consent must specify purpose, duration, and frequency upfront. For products that need recurring access to fresh data, you either design a recurring consent at onboarding (with clear terms the user can understand) or accept that re-consent requests carry a drop-off rate. Products that treated this as an implementation detail in 2022 are redesigning their consent flows in 2026.

What to do with this if you're building in India

The question in 2022 was 'should we build on AA?' The question in 2026 is different: which part of our product does this make better, and what is our integration path given our regulatory posture?

For lending and credit products, AA integration is no longer a differentiator — it is table stakes. Competitors either have it or are adding it. For CA and tax platforms, the window to build it as a competitive feature is still open but narrowing. For wealth management, FIP coverage is now good enough for most retail use cases, and the consolidation problem it solves has no other clean answer.

The TSP route removes the licence barrier for most early-stage companies. The data gap for incorporated entities is real but it is also the next obvious thing the RBI will address — India's MSME credit gap is too large to leave on the table. What remains for builders is a routing decision: which TSP, which AA, and which part of the product benefits most from a consent-based data feed rather than a manual upload flow.

The infrastructure is past the point where waiting is a reasonable position. The only meaningful question now is what to do with it.