TPAP License Registration in India

Get Regulatory Guidance for Third Party Application Provider Approval in India

Set up your UPI-based payment application with the right compliance structure, documentation, and NPCI approval support. IMC assists businesses with TPAP license requirements, application preparation, operational controls, risk framework, and post-approval compliance planning.
Speak to an Expert
TPAP License in India

TPAP License in India: Overview

A TPAP License, or Third-Party Application Provider License, is an approval granted by the National Payments Corporation of India, NPCI, that allows eligible companies to offer UPI-based payment services through mobile or digital applications. With this approval, fintech companies and payment service providers can enable users to make fund transfers, bill payments, merchant payments, and other UPI transactions through their platform.

TPAPs do not operate like banks. They work through Payment Service Provider, PSP, banks and connect their application with the UPI framework as per NPCI rules. The license helps maintain security, compliance, transaction integrity, and user trust within the UPI payment system. For companies planning to enter India’s digital payments sector, obtaining a TPAP License is an required regulatory step before offering UPI-enabled services.

Who Can Apply for a TPAP Registration in India?

Entities planning to offer UPI-based payment services through a mobile or digital application can apply for TPAP registration in India, subject to NPCI requirements and PSP bank approval. The applicant must have a valid legal structure, sound technology systems, risk controls, security policies, and the ability to comply with UPI operating guidelines.
Applicant Category Eligibility Details
Registered Companies Companies incorporated under the Companies Act, 2013, or other applicable laws can apply for TPAP registration.
Fintech Companies Businesses building UPI-enabled payment apps, merchant payment platforms, bill payment tools, or digital transaction services may apply.
Financial Institutions Banks, NBFCs, and other licensed financial institutions may apply if they meet UPI participation and compliance requirements.
Payment Aggregators Entities handling merchant payment collection may apply if their business model requires UPI app-based payment services.
Digital Payment Platforms Companies offering mobile-first payment, QR payment, fund transfer, or UPI-linked payment solutions can apply.
Established Technology Businesses Tech companies with secure infrastructure, transaction management capability, and customer support systems may apply if they meet PSP bank and NPCI conditions.
Apart from being an eligible entity, the applicant must partner with at least one certified PSP bank, prepare required documents, maintain strong IT and security systems, and show the ability to comply with NPCI circulars, UPI procedural guidelines, data protection rules, and post-registration reporting requirements.

Role of PSP Bank in TPAP Registration

A TPAP must partner with at least one certified Payment Service Provider, PSP, bank to operate within the UPI framework. The PSP bank supports UPI connectivity, transaction routing, settlement coordination, customer account linking, and compliance reporting. Before applying, the applicant should have a clear PSP bank arrangement and supporting documentation for review.

Documents Required for UPI TPAP License

Applicants must prepare a clear documentation file before applying for a UPI TPAP License. The required documents generally include company records, ownership details, financial records, business model information, and policies related to security and customer data protection.
Document Category Documents Required
Company Records Certificate of Incorporation, Memorandum of Association, Articles of Association
Promoter and Management KYC KYC documents of directors, shareholders, and key management persons
Financial Records Audited or self-certified financial statements, as applicable
Business Information Business plan, operational model, transaction flow, and proposed UPI service details
Technology and Security Security policy, privacy policy, data protection measures, and system control documents
These documents help NPCI and the PSP bank review the applicant’s legal status, ownership structure, financial standing, technology setup, and ability to operate safely within the UPI framework.

How Can a Company Become a TPAP in India?

01
Step 1

Check Eligibility

The applicant must first confirm whether it meets the eligibility criteria prescribed for TPAP registration, including entity type, business model, technology capability, and compliance readiness.

02
Step 2

Prepare the Application File

Collect the required information and documents, including company details, director and shareholder KYC, financial records, business plan, operational details, security policies, and privacy policies.

03
Step 3

Submit the Online Application

Fill the TPAP license application with accurate details such as the legal name of the entity, registered office address, contact details, management information, and proposed UPI service model.

04
Step 4

Upload Required Documents

Submit all supporting documents along with the application, including incorporation records, MoA, AoA, KYC documents, financial statements, and technology or security-related policies.

05
Step 5

Application Review and Verification

The application is reviewed to check eligibility, document accuracy, financial position, background details, regulatory compliance, and alignment with UPI security requirements.

06
Step 6

Approval and TPAP Registration

After successful review and satisfaction of all requirements, approval is granted, allowing the entity to operate as a TPAP and offer UPI-enabled payment services through its platform.

Regulatory Framework for TPAPs in India

TPAPs in India operate within a regulated digital payments environment. Since UPI handles real-time fund transfers and customer transaction data, TPAPs must follow rules issued by NPCI, RBI, and other applicable authorities. These rules cover eligibility, technology standards, operational controls, data protection, transaction security, and ongoing compliance.
Regulatory Area What It Covers
NPCI Guidelines NPCI sets the main rules for TPAP participation in the UPI system. These guidelines cover eligibility, onboarding, technical standards, transaction handling, reporting, and operating conditions for TPAPs.
RBI Directions RBI regulates payment systems in India and issues directions linked to security, risk management, settlement, customer protection, and safe operation of payment systems. TPAPs must follow these requirements through the UPI framework.
UPI Procedural Guidelines These guidelines define the technical, operational, and security standards for UPI transactions. They cover transaction processing, system integration, dispute handling, user authentication, and service-level requirements.
Data Protection and Privacy Rules TPAPs must protect customer data and follow applicable Indian data protection and privacy requirements. UPI-related data must be stored and processed in India as per RBI and NPCI requirements.
Security and Risk Controls TPAPs are expected to maintain strong fraud monitoring, cyber security controls, transaction monitoring, incident response systems, and customer grievance processes.
Ongoing Compliance After registration, TPAPs must continue to follow NPCI circulars, RBI directions, audit requirements, reporting timelines, and updates issued for UPI participants.

Key Responsibilities of a TPAP

Responsibility What It Means
User onboarding Follow proper customer onboarding and app-level controls
Transaction security Maintain secure UPI transaction flow and fraud checks
Complaint handling Support users for failed payments, disputes, and transaction issues
Data protection Protect customer and transaction data as per applicable rules
NPCI compliance Follow NPCI circulars, UPI guidelines, and PSP bank requirements
System uptime Maintain stable app performance and service continuity

Compliance After TPAP Registration

Once a TPAP registration is approved, the entity must continue to follow NPCI rules, UPI operating guidelines, security requirements, and reporting obligations. Compliance does not end with approval. It becomes an ongoing responsibility to keep the UPI service active, secure, and in line with regulatory expectations. Failure to meet post-registration requirements can lead to regulatory queries, service restrictions, penalties, or interruption of TPAP operations.
Compliance Area What It Covers
NPCI Reporting Submission of required reports and operational updates
UPI Rule Compliance Continued adherence to NPCI circulars and UPI guidelines
Security Controls Data protection, fraud monitoring, and transaction safety
Audit and Review Internal checks of systems, records, and controls
Service Continuity Uptime, incident response, and customer support readiness

Common Reasons for Delay in TPAP Registration

  • No clear PSP bank arrangement
  • Incomplete KYC documents
  • Weak or unclear business plan
  • Poorly defined transaction flow
  • Missing security policies
  • Incomplete IT infrastructure details
  • Gaps in data protection controls
  • Lack of pre-application review before filing
TPAP vs Payment Aggregator
Point TPAP Payment Aggregator
Main role Enables UPI payments through an app Collects payments for merchants
Regulator or framework NPCI UPI framework, with PSP bank involvement RBI payment aggregator framework
Customer use UPI transfers, merchant payments, bill payments Merchant payment collection
Bank connection Works through PSP banks Works with acquiring banks and payment systems
Example use case UPI app for customers Checkout payment collection for businesses
Why Choose IMC for TPAP Registration?
IMC assists fintech companies, payment service providers, and eligible businesses through each stage of TPAP registration, from eligibility review and documentation to application support, PSP bank coordination, and post-registration compliance planning.

UPI Business Model Review

IMC reviews the applicant’s proposed UPI payment model, service flow, customer journey, transaction structure, and PSP bank arrangement before the registration process begins.

TPAP Application Support

IMC assists in preparing the TPAP registration file, including company records, director and shareholder KYC, financial documents, business plan, operational details, security policies, and privacy documents.

NPCI Requirement Guidance

IMC helps applicants understand key NPCI expectations related to UPI operations, transaction security, data handling, customer protection, reporting, and system controls.

PSP Bank Coordination

TPAPs operate through PSP banks. IMC supports applicants in preparing the required information and documentation needed for PSP bank review and coordination.

Compliance Planning After Approval

IMC provides TPAP license registration for eligibility review, documentation planning, PSP bank coordination, and post-approval compliance preparation.

Practical Support for Fintech Teams

IMC helps businesses plan TPAP registration without complications by reviewing gaps early, preparing application documents properly, and setting up internal controls needed to operate within the UPI system.

FAQs
A TPAP License allows a Third Party Application Provider to offer UPI-based payment services through a mobile or digital application, subject to NPCI rules and PSP bank participation.
Fintech companies, payment apps, digital payment platforms, and entities planning to offer UPI-enabled services through an app may need TPAP registration.
TPAP approval is issued under the UPI framework governed by NPCI, with PSP banks playing an important role in the onboarding and operational process.
A company must meet eligibility conditions, partner with a PSP bank, prepare the required documents, submit the application, complete review checks, and obtain approval to operate as a TPAP.
Yes, a startup may apply for TPAP registration in India if it meets the required eligibility criteria. The applicant should generally be a registered company with strong technology systems, UPI compliance capability, PSP bank partnership, risk controls, proper security framework, financial readiness, and relevant experience in fintech or payment operations.
Yes. A TPAP works through one or more PSP banks for UPI connectivity, transaction routing, customer account linking, and settlement-related support.
Common documents include Certificate of Incorporation, MoA, AoA, director and shareholder KYC, financial statements, business plan, operational details, security policy, privacy policy, and NPCI-specific declarations.
NPCI sets the rules for TPAP participation in UPI, including onboarding conditions, technical standards, operating requirements, security rules, and compliance obligations.
The PSP bank supports the TPAP’s UPI connection, transaction processing, settlement flow, compliance checks, customer account linking, and coordination with NPCI.
A payment aggregator may apply if it meets TPAP eligibility conditions, has the required PSP bank arrangement, and can comply with UPI operating and security requirements.
Post-approval compliance may include NPCI reporting, UPI rule compliance, transaction monitoring, security checks, audit support, customer grievance handling, and system uptime management.
As a TPAP registration consultant , IMC can help review eligibility, prepare the application file, coordinate documents, support PSP bank requirements, identify compliance gaps, and guide the applicant through pre-approval and post-approval responsibilities.
Key risks include failed transaction handling, weak fraud monitoring, poor complaint resolution, data protection gaps, non-compliance with NPCI circulars, and weak system uptime controls.
Important checks include user authentication, data protection, fraud monitoring, transaction risk controls, incident response, system uptime, audit logs, and secure integration with PSP bank systems.