Common FAQs on Fair Use Template Library

The Fair Use Template Library is a repository of standardised fair use templates containing reference parameters for FIUs to adapt while leveraging the Account Aggregator (AA) ecosystem. These templates set “outer bounds” for consent attributes (such as frequency of data pulls, consent validity, data range/statement period, etc.) for several known use cases in the AA ecosystem. These aim to promote responsible, reasonable, and consistent practices that enhance transparency, efficiency, and fairness in the collection and usage of financial data for specific purposes.

What it is not:

• It is not a recommendation of consent attributes for any specific regulatory license or business category.
• It does not map or attribute any use case to a specific license type (e.g., PoP from PFRDA, RA from SEBI, Lending from RBI entities, etc.).
• It is not a prescription to use the maximum values defined in the templates.
  Instead, the listed parameters serve as upper bounds, and FIUs are expected to keep their consent attributes within these limits, choosing lower or more conservative values as necessary for their use case/purpose, to ensure data minimisation and safeguard customer interests.

The templates were developed through a collaborative effort anchored by Sahamati: industry participants, mainly FIUs, via various User Councils, proposed these fair use templates, which were reviewed and approved by Sahamati’s Fair Use Committee.The approach considered: protecting customer interests, promoting alignment with the principles of applicable laws and regulations (e.g., relevant guidelines/regulations of RBI, SEBI etc.), and business use-case requirements.

• FIUs (Financial Information Users) and AAs (for customers’ self-use) participating in the AA ecosystem are encouraged to use these templates as reference points of industry alignment and  appropriately incorporate them in their own consent artefacts.
• Regulated entities designing or implementing data-sharing flows in the AA ecosystem can refer to these templates to ensure their consent and data requests are within the industry “fair use” standards.
• Ecosystem participant roles:

• FIUs – Implementors: design and issue consent artefacts aligned with the Fair Use templates.
• AAs – Checkers: validate each consent and data fetch request against the prescribed template limits before execution.
• FIPs – (Optional) Second-level checkers may use the templates to perform internal validations and/or monitor incoming requests.

The attributes covered by a Fair Use Template are the same as those defined by ReBIT in the AA technical specifications.

Each template provides upper-bound values for these attributes to limit disproportional data collection for a given use case.

These attributes typically include:

• Purpose code and purpose text – defining why the data is being requested and how it will be used.
• Consent type – profile, summary, or transactions.
• Fetch type – one-time or periodic.
• Data range – how much past data may be fetched.
• Fetch frequency – how often data can be fetched (for periodic consents).
• Consent validity – how long the consent remains active.
• Data life – how long the FIU can use the fetched data for the stated purpose.

he Fair Use templates do not introduce any new data attributes beyond ReBIT’s specifications; they simply specify the outer bounds within which these attributes should remain, to preserve user trust and promote responsible data collection.

The below image gives a comparison of the fair use template and its implementation in the consent screen show to the customer-

Yes. The Fair Use templates were adopted by the AA/FIU councils and the Fair Use Committee for ecosystem-wide implementation; AAs began validating consent and data fetch requests against these templates in real time from 1st June 2025. Ecosystem participants are expected to adhere to them in their true spirit.

No. The Fair Use templates define the upper bounds for each consent attribute; these limits must not be exceeded. However, FIUs are encouraged to select only those attributes necessary for their stated purpose, in keeping with data minimisation principles. Each organisation remains responsible for ensuring compliance with applicable laws and regulations (such as the RBI Master Directions for NBFC-AAs, the DPDP Act, etc.).

Within the Fair Use Template Library page, you’ll find a table listing the various fair use templates by ID (e.g., CT001, CT003, CT004, etc.) along with use-case category, status, and purpose text. You can click into each template to view full details of attributes and guardrails (for example, template ID CT003 – Account Monitoring).

Consent validity refers to the time period during which a consent remains active and usable by the FIU or AA client. It defines the start and end dates within which an FIU is authorized by the customer to access their financial data for the specified purpose. At the end of the consent, it expires.
For example, if a consent has a start date of 7 June 2024 and an expiry date of 7 July 2024, the FIU can access the customer’s data only within this window, subject to other limits such as the maximum FI data range.

Maximum Data Range defines the longest continuous period of financial data that an FIU can request in a single fetch under a given consent.

While creating the consent request, the statement period is calculated as the consent validity PLUS the maximum FI data range, showing the customer the full window of potential data access. When displaying the data range in a consent request, the FIU indicates the period starting from the consent start date minus the maximum data range up to the consent expiry date.

For example, if a consent is sought on 17th November 2024, with a consent validity of 1 year and 13 months FI data range, the statement period for which the customer approves the consent will be 17th October 2023 to 17th November 2025 as shown in the figure below:

When making an FI Data Request, the FIU can fetch only up to the maximum FI data range in a single pull, even if the whole consent window is longer. This means that for each request, the FIU can select any continuous period within the consented data range, but the period’s length cannot exceed the maximum data range defined in the template. For recurring consents, multiple fetches are allowed over time, each respecting the maximum data range limit.

For example, for the same consent, if a data pull is done on 1st January 2025, with 13 13-month FI data range, the statement period for which the FIU will send the request to AA / FIP will be 1st December 2023 to 1st January 2025, as shown below

AAs enforce Fair Use by checking every consent and FI Data Range against the upper bounds defined in the Fair Use Template Library. Any Consent request or FI (data fetch) request exceeding the limits is rejected by the AA(s) as per the Fair Use Implementation Guidelines (GitHub). Only requests that are within the defined Fair Use limits are processed further by the AA(s).

Your legal and compliance team should always be the point of contact to set consent parameters according to your use case. The Fair Use Template Library only suggests upper bounds and does not recommend parameters specific to your organization or use case.

Most well-known and widely used use cases are already included in the library. If your use case is not listed, please contact us by selecting the purpose field as “Fair Use”. The team will share a form for you to fill out and guide you on the next steps to propose limits before the appropriate participatory governance forum(s).

Each use case/purpose must have a separate consent artefact. A single consent cannot cover multiple purposes (e.g, consent request for both lending and PFM use cases cannot be combined in a single consent request). The principle of purpose-limitation requires a one-to-one mapping between the customer’s understanding of the purpose and the legal basis for the FIU to process the data. A consent artefact must correspond to one specific purpose—whether for a financial service or a process to avail a financial service. Using a single consent for multiple purposes would be non-compliant with applicable legal and regulatory frameworks. Kindly refer to CC026 in the Sahamati Code of Conduct for more details.

No. Even if your compliance team allows the use of the PFM template for dashboards, the consent must always correspond to the actual purpose for which the data is being sought. When offering a loan, the purpose is lending, not personal finance management. Seeking a PFM consent in an AA-journey for lending would misalign the consent purpose with the intended use, violating the principle of purpose-limitation.

Similarly, the same data cannot later be reused for a different purpose without a separate valid consent. To show dashboards under PFM, a distinct consent for PFM must be obtained from the customer. This ensures that customers are fully aware of and agree to each specific purpose for which their data is used (and consequently, customers can manage their consents at a purpose-specific level), maintaining compliance with fair use rules and Sahamati’s Code of Conduct. Kindly refer to the Fair Use Template Library and Sahamati Code of Conduct – Purpose Limitation, CC026.

In general, the loan monitoring template recommends consent validity to be co-terminous with the loan tenure or up to 5 years (whichever is lower). Similarly, the loan collection template recommends consent validity to be co-terminous with the loan tenure or 8 years (whichever is lower). 

However, as an exception for short-term loans, consent validity can extend 3 months beyond the loan tenure to accommodate default scenarios, given the short-term nature of the loan, as agreed by the Lending User Council and approved by Sahamati’s Fair Use Committee. Kindly refer to Sahamati Code of Conduct – v2.0, June 11, 2025.