Is DEPA a government initiative?

Many people assume the Account Aggregator India system is just another government app run by some ministry. That picture is wrong. DEPA is a public framework, but the plumbing is built and run by RBI-licensed private companies. The myth confuses policy design with daily operations.

This matters because trust shapes adoption. If you think a sarkari office is reading your bank data, you will refuse to consent. The truth is more interesting and a bit more reassuring. Once you see the layered design, the system feels safer, not weaker.

The Myth: DEPA is a Sarkari App

The common belief sounds simple. People hear that DEPA was launched by the government, so they picture a single app owned by NITI Aayog or MeitY. They expect a portal where babus pull your statements with a click. Some even fear that tax officers can peep at savings accounts using this rail.

This belief is widespread on social media. It also gets repeated by journalists who write quick explainers without checking the rulebook. Once a myth gets early ink, it sticks for years. WhatsApp forwards then add their own twist and the fear grows.

The myth: DEPA is a government-run portal that fetches your bank data on demand.

The Real Design Behind Account Aggregator India

DEPA stands for Data Empowerment and Protection Architecture. It is a policy and tech framework, not an application you download. NITI Aayog drafted the vision paper in 2020. MeitY contributes on the data side. The Reserve Bank of India sets the rules for the financial part. Other sector regulators are slowly joining for health, telecom, and tax data.

The actual data flow runs through licensed entities called Account Aggregators or AAs. These are private NBFCs that hold a special RBI licence under the NBFC-AA category, created in 2016. Names you may have seen include CAMS Finserv, Finvu, OneMoney, NESL, and a few others. Each runs its own app, brand, and customer support.

So the role split looks like this. Government bodies write the rulebook. Private AAs build the rails. Banks, mutual funds, insurers, and lenders plug in as financial information providers or users. Sahamati, a non-profit collective, runs the technical standards and certification.

Evidence That Looks Like Government Control

Some facts make the myth feel true. RBI runs the licensing and can cancel a licence overnight. Sahamati was incubated with public-policy support. The Aadhaar-based identity layer is a state-run rail. And NITI Aayog publishes the vision document on its own website.

You can verify the licensing list at rbi.org.in. The RBI page on NBFC-AA shows the regulator clearly owns oversight. So yes, the state is deeply involved. That part of the rumour is not silly. The framework only works because public bodies set hard standards on encryption, consent, and data minimisation.

Evidence Against the Myth

Look closer and the picture changes. No government office ever touches your data. The AAs are private companies that have raised venture money and serve customers commercially. They cannot store, sell, or read your data. They only ferry encrypted bundles between your bank and the lender you chose. The bundle is locked end-to-end.

Consent is yours alone. You log in to the AA app, pick the data slice, set the duration, and approve. Without your tap, nothing moves. RBI calls this a consent-led architecture. It mirrors how UPI moves payments without storing them. The AA is just a postman with a signed delivery slip.

Also, RBI regulates many sectors without owning them. Banks are private but RBI-regulated. Mutual funds run privately but follow SEBI rules. The same logic applies here. Regulation is not the same as ownership.

The Verdict on Account Aggregator India

So is DEPA a government initiative? Yes, in spirit and rules. The vision came from public policy bodies. RBI licences the operators. But it is not a sarkari app. The system runs through regulated private companies that compete for users. You stay in control of every share.

Think of it like the road network. The government builds rules and standards. Private logistics firms move parcels on those roads. DEPA is the rulebook and the lane markings. AAs are the trucks. The cargo is your bank statement, and only you can authorise the delivery.

That model has a clear benefit. Public oversight protects you from misuse. Private competition pushes for better apps and faster service. You get both safety and choice. The same dual model already runs UPI and demat services with great success.

How to Use This Knowledge as a User

When a lender asks for AA-based consent, do three quick checks. First, confirm the AA name appears on the RBI list. Second, read the consent screen carefully and shorten the time window if the default looks long. Third, revoke consent the moment your loan or KYC is done. A good rule is to keep the share window under 30 days unless you really need ongoing access.

You can also pick the AA you prefer. Most lenders show two or three options. They all follow the same RBI rules, but their apps feel different. Try the one with the cleaner consent screen and proper Hindi or regional language support. Saving a few seconds matters when you face this screen often.

Finally, do not share your bank password with anyone who claims they need it for AA. The AA flow never asks for your net banking password. If a person on the phone insists, hang up and report the number.

Frequently Asked Questions

Who created DEPA in India?

NITI Aayog drafted the DEPA framework in 2020. RBI, MeitY, and other regulators support the financial and non-financial layers. Private AAs build the actual user-facing service.

Is my bank data sent to the government through AA?

No. Your data flows in encrypted form between your bank and the lender or adviser you chose. No government server stores or reads it.

Can I use AA without consent?

No. Every data pull needs your explicit consent on the AA app. You can also revoke consent any time, which stops further sharing.

Are Account Aggregators private or public?

AAs are private NBFCs that hold a special licence from the RBI under the NBFC-AA category. They compete commercially while following common rules.