Account Aggregator vs DEPA: Understanding the frameworks
An Account Aggregator is a user-facing application, licensed by the RBI, that lets you share your financial data with your explicit consent. DEPA, on the other hand, is the underlying technical framework or 'rulebook' that governs how Account Aggregators must operate to ensure data security and user control.
What is an Account Aggregator in India?
Imagine you're applying for a personal loan. The lender needs your last six months of bank statements, proof of investments, and maybe even your mutual fund holdings. You spend the next few hours logging into different bank websites, downloading PDF statements, finding your investment portfolio details, and then emailing this bundle of sensitive documents. It's slow, clumsy, and feels a bit insecure. This is the problem the Account Aggregator India framework solves.
An Account Aggregator (AA) is a type of company licensed by the Reserve Bank of India (RBI). Think of it as a digital pipeline for your financial data. It doesn't store your data. It doesn't see your data. It certainly can't sell your data. Its only job is to move your data from one place to another, but only with your explicit permission.
You, the user, are in complete control. You decide:
- Which accounts to link.
- Who can see your data (e.g., a specific lender).
- What data they can see (e.g., only transaction history, not your balance).
- For how long they can access it (e.g., a one-time view).
The entire process is secured with end-to-end encryption. The AA is like a trusted courier who is given a locked box (your data) and can only deliver it to a specific address you've approved. They don't have the key to open the box themselves.
An Example in Action
Let's say you want a new credit card from ABC Bank. ABC Bank wants to see your income and spending habits. Instead of emailing bank statements, you use an AA app.
- You open the ABC Bank application and select the option to share data via an Account Aggregator.
- You are redirected to your chosen AA app (like PhonePe, Finvu, or OneMoney).
- The AA app shows you a consent request from ABC Bank. It clearly states they want to see your salary account's transaction history for the past 12 months.
- You review the request, select your salary account, and approve the consent with your PIN.
- The AA securely fetches the encrypted data directly from your bank and delivers it to ABC Bank.
The whole process takes less than a minute. It's fast, secure, and you didn't have to share any passwords or download any files.
What is DEPA?
If the Account Aggregator is the car, then the Data Empowerment and Protection Architecture (DEPA) is the entire road system, traffic laws, and car manufacturing standards combined. DEPA is not an app or a company. It is the underlying technical framework or 'rulebook' that makes secure data sharing possible.
Developed by the think tank NITI Aayog, DEPA is a set of principles and protocols designed to give individuals control over their own data. It’s a vision for a new way of handling information, moving from data monopolies where companies hoard your data to a system where you are the boss.
The core principles of DEPA are:
- Consent-based: Data can only be shared with your explicit permission. This consent must be granular, revocable, and audited.
- Data Minimization: A company can only ask for the specific data it needs to provide a service, nothing more.
- Purpose Limitation: The data shared can only be used for the specific purpose you agreed to. The lender in our example can't use your data for marketing other products unless you consent to it separately.
While the Account Aggregator framework is the first major implementation of DEPA in India (for the financial sector), the architecture itself is sector-agnostic. In the future, it could be used for your healthcare records, telecom data, and more, always keeping you in control.
Account Aggregator vs. DEPA: A Direct Comparison
Many people get confused, thinking Account Aggregators and DEPA are competing ideas. They are not. An Account Aggregator is a product built on top of the DEPA framework. One is the 'what', and the other is the 'how'.
Here is a simple table to break down the differences:
| Feature | Account Aggregator (AA) | DEPA |
|---|---|---|
| What It Is | A user-facing service or application. A licensed company. | A technical architecture and policy framework. A set of rules. |
| Primary Role | To act as the consent manager and data pipe between institutions. | To provide the blueprint and protocols for secure data sharing. |
| Who Interacts With It | End-users like you, and financial institutions (banks, lenders). | Developers, regulators, and Account Aggregator companies. |
| Example | Apps like PhonePe, Finvu, OneMoney, CAMS Finserv. | The technology stack that all AA apps must use to function. |
| Governing Body | Licensed and regulated by the Reserve Bank of India (RBI). | A policy framework envisioned by NITI Aayog. |
| Scope | Currently focused on financial data within the RBI's domain. | Designed to be sector-agnostic (can apply to health, telecom, etc.). |
The Verdict: Which One Matters More to You?
So, which one should you care about? The answer depends entirely on who you are.
For the Average Person
For you, the customer, the Account Aggregator is what matters. You will never directly interact with DEPA. Your experience will be through an AA application. Your main decisions will be which AA app to use and how to manage your consent requests. Understanding the AA framework helps you make informed choices about sharing your financial data seamlessly and securely.
For Developers and Businesses
If you are a fintech developer, a lender, or a wealth management company, DEPA is the critical concept. You need to understand the architecture to build products that can plug into this ecosystem. DEPA defines the APIs, security protocols, and consent standards your technology must adhere to. For you, the AA is just one type of entity operating within the larger DEPA world.
Ultimately, you cannot have one without the other. The DEPA framework provides the secure and user-centric foundation that allows the Account Aggregator India ecosystem to exist and thrive. It's the silent engine that powers the entire system, giving you unprecedented control over your financial life.
Frequently Asked Questions
- Is an Account Aggregator the same as DEPA?
- No. An Account Aggregator is a consumer-facing service licensed by the RBI, while DEPA (Data Empowerment and Protection Architecture) is the technical framework that Account Aggregators are built upon.
- Is it safe to use an Account Aggregator in India?
- Yes. They are licensed and regulated by the Reserve Bank of India. They use end-to-end encryption and are not permitted to see, store, or sell your financial data. Your data is only shared with your explicit consent.
- Do I have to use an Account Aggregator?
- No, using an Account Aggregator is completely voluntary. It is an optional service designed to make sharing financial information for things like loan applications easier, faster, and more secure than traditional methods.
- Can an Account Aggregator access my data without my permission?
- Absolutely not. The entire system is built on the principle of explicit and revocable consent. You are always in control of who sees your data, for how long, and for what specific purpose.