The Pension Fund Regulatory and Development Authority (PFRDA), through Circular No. PFRDA/2026/31/REG-CRA/02 dated 2 June 2026, introduced a comprehensive Regulatory Sandbox Framework to promote responsible innovation in India’s pension sector while safeguarding subscriber interests. The framework enables PFRDA-registered intermediaries, FinTech firms, and eligible non-registered entities to test innovative pension products, services, business models, and technology-driven solutions in a controlled, live, and time-bound environment. Applicants must demonstrate genuine innovation, measurable benefits, testing readiness, robust risk management, subscriber protection mechanisms, and a clear exit strategy.
Testing is generally limited to nine months, with strict reporting requirements, including monthly performance reports and mandatory reporting of cybersecurity incidents, fraud, or financial losses within 24 hours. While PFRDA may grant temporary regulatory relaxations for testing purposes, no exemptions are permitted from statutory requirements such as KYC, AML, FATF standards, data protection laws, or the PFRDA Act itself. Participants remain fully liable for compliance failures, subscriber losses, and operational risks. The framework also empowers PFRDA to monitor, inspect, revoke approvals, and terminate testing where subscriber interests or system integrity are threatened. Importantly, sandbox participation does not constitute regulatory approval or endorsement of the tested solution.
Pension Fund Regulatory and Development Authority
Circular No. PFRDA/2026/31/REG-CRA/02 | Dated: 02 June 2026
To
All PFRDA Registered Intermediaries and other stakeholders
Madam / Sir,
Subject: Framework for Regulatory Sandbox for Facilitating Responsible Innovation in the Pension Sector
In exercise of the powers conferred under Section 14 of the Pension Fund Regulatory and Development Authority Act, 2013, and with a view to fostering responsible innovation in the pension sector while ensuring protection of subscribers’ interests and orderly development of the pension system, the Authority hereby specifies a framework for operationalization of Regulatory Sandbox.
2. The Regulatory Sandbox is intended to provide a controlled and time-bound environment to entities for testing innovation both in terms of new products and services as well as new ways of delivering existing products and services in the pension sector.
3. The detailed framework for the Regulatory Sandbox is specified in Annexure I.
4. This circular shall come into force with immediate effect. In case of any inconsistency between this circular and any earlier instructions issued by the Authority on the subject, the provisions of this circular shall prevail to the extent of such inconsistency.
5. This circular is issued under Section 14 of the PFRDA Act, 2013, and is available on the PFRDA website (pfrda.org.in).
Yours Sincerely,
General Manager
Annexure I
FRAMEWORK FOR REGULATORY SANDBOX
1. DEFINITIONS
1.1 For the purposes of this framework, the expression “Regulatory Sandbox” means a live testing environment where new products, processes, services, business models, and like activities may be deployed on the individual pension account of a limited set of eligible subscribers or any prospective subscribers or otherwise for a definite period of time, for furthering innovation in the pension sector, subject to such conditions as may be laid down by the Authority.
1.2 The term “Applicant” shall mean
a. a registered intermediary applying for participation in the Regulatory Sandbox, either independently or in association with any FinTech entity or any other entity incorporated or registered under applicable laws in India; or
b. a non-registered entity, including a FinTech entity, incorporated or registered under the Companies Act, 2013 or Limited Liability Partnership (LLP) under the Limited Liability Partnership Act, 2008, applying independently in accordance with the eligibility and other terms and conditions specified under this framework.
1.3 The term “Test Solution” shall mean the proposed product, service, business model or delivery mechanism intended to be tested under the Regulatory Sandbox.
1.4 The term “User” shall mean a subscriber whose pension account is included in the Regulatory Sandbox testing environment and who has voluntarily consented to participate in the testing of the proposed solution after being informed of its objectives, risks, limitations, and testing conditions.
1.5 Words and expressions used and not defined herein shall have the same meaning as assigned to them under the PFRDA Act, 2013 and the regulations thereof.
2. OBJECTIVE AND SCOPE
2.1 The pension ecosystem in India is undergoing rapid transformation driven by advancements in financial technology, increasing digital adoption and emergence of innovative business models, products and service delivery mechanisms. Such innovations have the potential to enhance efficiency, subscriber protection, long-term sustainability, technology-enabled outreach, cost reduction, ease of onboarding, accessibility, transparency, pension adequacy, financial awareness and inclusiveness within the pension sector.
2.2 At the same time, such innovations may give rise to risks relating to subscriber protection, data privacy, cybersecurity, operational resilience and regulatory compliance. Accordingly, in order to facilitate responsible innovation while ensuring adequate safeguards for protection of subscribers’ interests and orderly development of the pension ecosystem, the Authority considers it necessary to provide a structured framework for controlled testing of innovative solutions.
2.3 The Regulatory Sandbox framework seeks to provide an enabling environment for regulated entities as well as non-regulated entities to test innovative products, services, business models and technology-driven solutions in a controlled regulatory environment with a limited set of subscribers and for a specified duration, subject to such terms, conditions and restrictions as may be laid down by the Authority.
2.4 The framework also aims to foster collaboration among regulated entities, FinTech entities, and other ecosystem participants for development of innovative and subscriber-centric solutions relevant to the pension sector. However, it may be noted that the Authority or its Regulatory Sandbox shall not be construed as a system to provide any legal waivers to the Applicant from the applicable laws.
3. APPLICABILITY
3.1 All entities registered with PFRDA under Section 27 of the PFRDA Act, 2013 or empaneled with PFRDA under the extant Regulations, shall be eligible for testing in the Regulatory Sandbox.
3.2 A registered intermediary may undertake testing either independently or in association with a FinTech entity or any other entity incorporated or registered under applicable laws in India, including companies under the Companies Act, 2013 or LLPs under the LLP Act, 2008. In all such cases, the registered intermediary shall be the principal applicant and shall remain solely responsible for the conduct of testing and compliance with all applicable requirements.
Provided that a non-registered entity, including a FinTech entity, incorporated or registered under the Companies Act, 2013 or Limited Liability Partnership (LLP) under the Limited Liability Partnership Act, 2008, shall be eligible to apply for the Regulatory Sandbox as an independent Applicant, subject to:-
a. it shall have a minimum audited net worth of ₹10 lakh, as on the last day of preceding financial year; and
b. such independent participation is permitted only for innovations that do not handle subscriber contributions, funds, or sensitive Personal Identifiable Information (PII) and transactional data.
3.3 The accountability for all acts, omissions and outcomes arising from the testing shall vest with the applicant.
4. ELIGIBILITY CRITERIA
4.1 An applicant seeking participation in the Regulatory Sandbox shall demonstrate that the proposed Test Solution involves a genuine element of innovation and is capable of providing meaningful value addition to the pension ecosystem.
4.2 The applicant shall establish a bona fide requirement for conducting live testing and shall demonstrate that the objectives of the Test Solution cannot be effectively achieved without such testing in a controlled environment. Where any regulatory relaxation is sought, the applicant shall demonstrate that the proposed solution cannot be effectively tested without such relaxation.
4.3 The applicant shall conduct testing only on a limited and identified set of users, subject to the maximum number of users approved by the Authority. Participation of users shall be voluntary and based on their explicit informed consent. Such consent shall be obtained after providing adequate disclosure regarding the nature of the testing, the associated risks, limitations, and any potential impact arising from the use of the solution.
4.4 The proposed Test Solution shall offer identifiable and measurable benefits, whether direct or indirect, to subscribers, registered intermediaries or the pension system at large.
4.5 The applicant shall have in place an adequate and robust risk management framework, including appropriate safeguards to identify, assess and mitigate potential risks to subscribers and to the system arising from the testing of the solution.
4.6 The applicant shall demonstrate readiness to undertake testing, including the availability of necessary infrastructure, resources and a well-defined testing plan with clearly specified parameters, success criteria and monitoring mechanisms.
4.7 The applicant shall also specify a clear exit and transition strategy, including the proposed course of action upon completion or termination of testing and the manner in which subscribers shall be treated in such circumstances.
5. APPLICATION AND EVALUATION PROCESS
5.1 Applications for participation in the Regulatory Sandbox shall be submitted in the prescribed format i.e., Annexure A. The applicant shall ensure that the eligibility criteria laid down by Authority is satisfied while submitting the application. The application, duly signed by the Chief Executive Officer of the applicant or an officer authorised by the Competent Authority of the applicant, shall be submitted to PFRDA.
5.2 Upon receipt of an application, the Authority may seek such additional information, clarifications or documents as it may deem necessary for the purpose of evaluation. The Authority may also require modifications to the proposed Test Solution or testing plan and may impose such conditions as it considers appropriate.
5.3 The Authority shall evaluate the application having regard to the eligibility criteria of applicant and, inter alia, to the degree of innovation involved, the potential benefits to subscribers and the pension system, the readiness of the applicant to undertake testing, and the adequacy of the proposed risk mitigation measures.
5.4 Assessment of applications: The indicative criteria for assessment of applications are as follows:
a. Genuineness of Innovation, evidencing significant improvement upon existing pension delivery mechanisms.
b. Testing Readiness, including demonstration of prior “Proof of Concept” (PoC) or offline testing.
c. Financial & Technical Capability of the applicant
d. Subscriber Protection & Redressal
e. Potential to promote innovation beneficial to pension sector in India, in the interest of the subscribers;
f. Potential to bring efficiency and promote ease of doing business in the pension sector
g. any other criteria that may be deemed appropriate for the orderly growth of pension schemes regulated by the Authority.
5.5 Where a proposed Test Solution involves products or services falling under the jurisdiction of multiple financial sector regulators, the applicant may apply through the Inter-Regulatory Sandbox (IoRS) framework. PFRDA shall act as either the Primary Regulator (PR) or Associate Regulator (AR) in accordance with the Standard Operating Procedure issued by the Inter-Regulatory Technical Group (IRTG) on FinTech.
5.6 The Authority may, having regard to the criteria, reject any application and inform the applicant, recording the reasons for such rejection.
5.7 In case of rejection of application, the applicant may re-apply for the sandbox when it is ready to meet the objective and eligibility criteria of the sandbox, subject to an appropriate cooling off period as decided by the Authority.
5.8 The decision of the Authority with regard to the acceptance or rejection of an application, and the conditions subject to which such application may be approved, shall be final and binding.
5.9 The applicant shall submit periodic reports as mentioned in the Section: “6.2 Monitoring and Reporting Requirements”. These monthly reports would be reviewed by the Authority. If the progress of the applicant is not satisfactory then, the Authority may revoke the approval granted to the Applicant.
5.10 The Authority shall review the progress from time to time and may offer suggestions for improvement.
5.11 The Authority shall have the powers to inspect or audit or investigate any documents/records or systems or any person connected thereto, at any point of time, including after termination of the application.
6. TESTING FRAMEWORK
6.1 The testing of the approved Test Solution shall be conducted in a controlled and time-bound environment for such duration and subject to such scope, scale and conditions as may be specified by the Authority at the time of granting approval.
6.2 Monitoring and Reporting Requirements:
a) Periodic Reporting: The applicant shall submit monthly reports covering key performance indicators (KPIs), transaction success rates, and subscriber feedback.
b) Immediate Incident Reporting: Any cyber-security breach, financial loss, or fraud must be reported to the Authority within 24 hours of occurrence.
c) Authority Oversight: The Authority may, at any time, monitor progress and issue directions deemed necessary in the interest of subscribers.
6.3 Testing Duration and Success Determination:
a. Timeline: The approved testing period shall ordinarily not exceed nine (9) months. Any request for extension shall be submitted at least thirty (30) days prior to the expiry of the approved testing period and shall be subject to a formal performance review and the applicable regulations. The Authority may, based on the nature, complexity, and progress of the proposed solution, grant an extension for a suitable period upon a reasoned request from the applicant.
b. Success Metrics: Success or failure shall be determined by the Competent Authority based on:
-
- Attainment of pre-agreed innovation objectives.
- System stability and risk mitigation effectiveness.
- Subscriber feedback and benefit analysis.
6.4 Without prejudice to the generality of the foregoing, the Authority may specify limits on the number of subscribers, the extent of exposure, reporting requirements, performance parameters and success criteria for the purpose of testing.
7. SAFEGUARDS FOR SUBSCRIBERS
7.1 Participation of subscribers in the Regulatory Sandbox shall be voluntary and shall be based on prior informed consent, supported by clear, adequate and timely disclosures by the Applicant regarding the nature of the Test Solution, the associated risks, and the limited regulatory relaxations, if any, applicable thereto.
7.2 The applicant shall ensure that appropriate safeguards are in place for protection of subscriber interests, including but not limited to confidentiality, integrity and security of data, privacy protection, cybersecurity measures, and an effective grievance redressal mechanism.
7.3 The applicant shall take all reasonable steps to ensure that subscribers are not exposed to undue financial or operational risks and that any such risks are adequately mitigated and managed.
7.4 The applicant shall ensure that adequate mechanisms are in place for prompt reporting and handling of any adverse events or incidents affecting subscribers.
8. REGULATORY RELAXATIONS
8.1 The Authority may, on a case-by-case basis and subject to such conditions as it may deem fit, grant limited and temporary relaxations from specific regulatory requirements for the purpose of facilitating testing under the Regulatory Sandbox. Any relaxation granted under this Clause shall be limited to provisions contained in the Regulations issued by the PFRDA, having regard to interest of subscribers and subject to conditions, if any, that may be imposed. Further no applicant shall have any vested right that such relaxation be granted including any past precedents.
8.2 Entities desirous of participating in sandbox shall make an application, including exemption / relaxation being sought from relevant provisions of the applicable regulatory framework. Any such relaxation shall be clearly specified, which shall be valid only for the duration and scope of the Regulatory Sandbox, and shall not be construed as a waiver of compliance with the applicable regulatory framework beyond the Regulatory Sandbox.
8.3 The grant of any relaxation shall not be treated as a precedent for future cases.
8.4 Notwithstanding anything contained in Clause 8.1, no relaxation shall be granted from the provisions of the Pension Fund Regulatory and Development Authority Act, 2013 or any other law for the time being in force, including but not limited to Know Your Customer (KYC), Anti-Money Laundering (AML), Financial Action Task Force (FATF), Digital Personal Data Protection (DPDP) Act, fraud prevention and mitigation etc.
8.5 The Applicant shall remain solely responsible for every action taken in respect of its proposal and be liable to discharge all the obligations thereunder including any legal obligations, owed to Authority or any other person affected by the action or inaction of the Applicant.
9. OBLIGATIONS AND LIABILITY
9.1 The applicant shall remain solely responsible and liable for compliance with all applicable laws and regulations, protection of subscribers’ interests while testing the solution. The applicant shall be liable to indemnify the subscribers for any loss, damage, or adverse consequence arising from the testing of the Test Solution beyond the scope of the approval granted by the Authority or for which no express consent was given by the user(s).
9.2 The Applicant shall maintain integrity of the systems at all times.
9.3 Users shall have the right to withdraw or revoke their consent to participate in the Regulatory Sandbox testing at any stage during the testing period, without any adverse consequences. In the event of withdrawal by any user, the applicant may, subject to compliance with the applicable eligibility criteria and informed consent requirements, onboard replacement users within the maximum user limit approved by the Authority. The applicant shall ensure that such replacement is duly documented and reported to the Authority in the manner specified.
9.4 The applicant shall publish clearly defined grievance redressal mechanism to address any of the grievances of the users participating in the sandbox.
9.5 Participation in the Regulatory Sandbox shall not be construed as an approval, endorsement or certification of the Test Solution by the Authority, and the Authority shall bear no liability for any acts, omissions or consequences arising from the testing of the solution either to the applicant, the subscribers or to any other third person.
9.6 The applicant shall indemnify and keep indemnified the Authority against any claims, liabilities, losses or damages arising out of or in connection with the testing of the Test Solution.
9.7 It may be noted that entering the Regulatory Sandbox does not limit the Applicant’s liability towards the users.
10. EXIT AND POST-TESTING
10.1 Upon completion or termination of the testing, the applicant shall submit a detailed final report to the Authority within 30 calendar days from the date of completion/termination outlining the:
a. outcomes of the testing, key findings, risks observed
b. full account of all incident reports and resolution of user complaints, if any
c. proposed next steps
The final report must be confirmed and sent under the signature of the Chief Executive Officer (CEO) of the applicant or officer duly authorized by the Competent Authority.
The sandbox applicant must ensure that proper records of the conducted tests are maintained for review by the Authority. Further, the applicant shall also maintain such records for a period of three years from the date of completion of testing/ exit from the sandbox.
10.2 The applicant shall ensure appropriate treatment of subscribers upon exit from the Regulatory Sandbox, including continuation, migration or discontinuation of the service, as may be applicable, in accordance with such directions as may be issued by the Authority.
10.3 Any deployment of the Test Solution beyond the Regulatory Sandbox shall be subject to compliance with the applicable regulatory framework and such approvals as may be required under the PFRDA Act and Regulations framed thereunder.
10.4 The Testing shall be terminated in following cases:
a. in the event the tests are not successful;
b. the applicant proposes to discontinue the sandbox testing, by giving a 30-day prior notice to the Authority and test users. The entity shall ensure that any existing obligation to its users under experimentation is fully addressed before exiting/discontinuing the Regulatory Sandbox.
c. Authority revokes the approval granted to the applicant under this framework.
10.5 In case of termination, the applicant shall provide the manner and process of exit in compliance of directions being issued by the Authority in this regard.
10.6 Participation in the Regulatory Sandbox shall not, by itself, confer any right upon the applicant to deploy the Test Solution beyond the Regulatory Sandbox environment.
11. REVOCATION OF APPROVAL
11.1 PFRDA may revoke an approval, to participate in the sandbox, at any time before the end of the testing period, if the applicant inter alia:
a. Fails to comply with the conditions of grant of approval under this framework.
b. Failure to maintain integrity of the system
c. Submits false, misleading or inaccurate information, or has concealed or failed to disclose material facts in the application
d. Contravenes any applicable law administered by PFRDA or any relevant law
e. Fails to submit periodic reports in timely manner
f. Compromises the digital data of users, digital security and integrity of the service or product or elevates the risk of a cyber-security attack
g. Fails to implement any directions given by Authority,
h. fails to comply with the provisions of the PFRDA Act, 2013, rules, regulations, circulars, guidelines, directions issued thereunder, or any other applicable law for the time being in force, including but not limited to requirements relating to KYC/AML/CFT, Financial Action Task Force (FATF) standards, Digital Personal Data Protection (DPDP) Act, cyber security, fraud prevention and mitigation, consumer protection, or where such action is considered necessary in the interest of subscribers / users.
11.2 Upon revocation, the Applicant shall take immediate measures for winding up the Test plan and all related activities and also make a public disclosure to that effect. The Applicant shall abide by any specific directions that may be issued by the Authority.
12. POWERS OF THE AUTHORITY
12.1 Without prejudice to the foregoing, the Authority reserves the right to impose additional conditions, modify or withdraw any relaxation granted, suspend or terminate the testing, or take such other action as it may deem appropriate, if it is satisfied that the interests of subscribers or the integrity of the pension system are, or are likely to be, adversely affected.
12.2 The Authority may issue additional directions to the Applicant, which the applicant shall comply during the tenure of testing.
12.3 Any clarification or interpretation of the provisions of this framework shall be issued by the Authority, and the decision of the Authority in this regard shall be final.
12.4 Nothing contained in this framework shall affect the powers of the Authority to take any action under the PFRDA Act, 2013 or regulations made thereunder. All actions, remedies shall be subject to the framework laid down under the PFRDA Act, 2013 and the regulations framed thereunder.
Annexure A
REGULATORY SANDBOX APPLICATION FORM
(Digitally signed application form shall be submitted to PFRDA at: fintech-data@pfrda.org.in)
| 1. Applicant Information | ||
| Sl. | Description | Response |
| 1.1 | Name of the Organization | |
| 1.2 | Category of Applicant (Please tick as applicable) | |
| Mode A – PFRDA Registered Intermediary applying independently | ||
| Mode B – PFRDA Registered Intermediary applying in association with non-registered entity | ||
| Mode C – Non-registered entity applying independently | ||
| 1.3 | PFRDA Registration no. (for Mode A and B) | |
| 1.4 | Constitution of the Applicant (Company / LLP / Partnership / Other) (for Mode C) | |
| 1.5 | Corporate Identification Number (CIN) / LLP Identification Number (LLPIN) (for Mode C) | |
| 1.6 | Name of the Authorized Representative | |
| 1.7 | Designation | |
| 1.8 | Contact No | |
| 1.9 | Email ID | |
| 1.10 | Net Worth of the Applicant (for Mode C) | |
| 1.11 | Whether any regulatory, enforcement or legal proceedings are pending against such entity in India or abroad. If yes, provide details (for Mode C) | |
| 2. Details of Non-Registered entity (Mandatory for Mode B) | ||
| 2.1 | Name of the entity | |
| 2.2 | Status of registration with other regulators | |
| 2.3 | Constitution of the entity (Company / LLP / Partnership / Other) | |
| 2.4 | Corporate Identification Number (CIN) / LLP Identification Number (LLPIN) | |
| 2.5 | Nature of engagement (outsourcing/partnership/vendor) | |
| 2.6 | Roles and responsibilities | |
| 2.7 | Name of the Authorized Representative | |
| 2.8 | Designation | |
| 2.9 | Contact No | |
| 2.10 | Email ID | |
| 2.11 | Whether any regulatory, enforcement or legal proceedings are pending against the entity in India or abroad. If yes, provide details | |
| 3. About Test Solution | ||
| 3.1 | Description of your Test Solution including but not limited to problem statement, objective, direct benefits, risk assessment, business model, testing plan, target users, time period of testing etc. | |
| 3.2 | Gap in ecosystem addressed | |
| 3.3 | Genuineness of innovation | |
| 3.4 | Risk management framework | |
| 3.5 | Testing readiness of the solution | |
| 3.6 | Exit and transition strategy | |
| 3.7 | Differentiation from existing offerings | |
| 3.8 | Similar solutions domestically or globally (if any) | |
| 3.9 | Data privacy, cybersecurity and operational safeguards proposed | |
| 4. Proposed Testing Parameters | ||
| 4.1 | Proposed duration of testing | |
| 4.2 | Proposed number of subscribers | |
| 4.3 | Target subscriber profile | |
| 4.4 | Scope and boundaries of testing | |
| 4.5 | Key milestones and timelines | |
| 4.6 | Measurable success criteria | |
| 5. Relaxation of PFRDA regulations and guidelines | ||
| 5.1 | Outline the list of regulations, guidelines, circulars etc. of PFRDA that, as per the applicant, may act as an impediment to the proposed Test solution, along with detailed rationale | |
| 5.2 | Specific regulatory relaxation(s), if any, sought from PFRDA for the duration of sandbox testing, along with detailed justification | |
Declaration:
I/We declare that the information, documents, and representations submitted are true and complete. I/We confirm that the proposed Test Solution is original or that all necessary rights, licences, permissions, and authorisations required for its use have been duly obtained and does not violate the intellectual property rights of others. I/We confirm that it shall comply with all applicable laws and shall be solely responsible for any loss or damage sustained by any person. I/We agree to indemnify the Authority against any claims arising from the Test Solution.
Authorised Signatory
Name:
Place:
Date:
Company Seal
