Digital Trust as Public Infrastructure: Reconciling India’s Financial Inclusion and Tax Formalization Goals

Keshav Maheshwari

Introduction: A Crisis of Confidence in a Cashless Revolution

India’s Unified Payments Interface (UPI) stands as a monumental achievement in public digital infrastructure, a system that has dramatically lowered transaction costs and brought millions into the formal financial fold. However, a recent and unforeseen development threatens the very trust upon which this revolution was built. In 2025, tax authorities, notably in states like Karnataka, began systematically using UPI transaction data to issue Goods and Services Tax (GST) notices to thousands of small, often unregistered, vendors, a move confirmed in a press release by the Commercial Tax Department. This has triggered a “regulatory chilling effect,” causing a panicked reversion to cash among small traders and posing a significant setback to India’s financial inclusion agenda.

This situation reveals a critical legal lacuna at the intersection of financial technology, tax law, and data privacy. The core conflict is between two valid but competing state objectives: promoting a cashless economy and ensuring tax compliance. This article addresses a central research question: How can India’s legal framework resolve the tension between leveraging digital payment data for tax enforcement and preserving the trust necessary for mass financial inclusion?

This article posits that the current approach, characterized by a lack of statutory clarity on data usage for tax purposes, creates a legal and economic instability that undermines both objectives. The solution lies not in abandoning one goal for the other, but in establishing a new, legal framework grounded in the principles of proportionality, purpose limitation, and procedural fairness. Such a framework is essential to re-conceptualize digital trust as an indispensable element of public infrastructure.

The Economic Logic of UPI and the Peril of Regulatory Uncertainty

From a law and economics perspective, the success of UPI is a textbook case of overcoming market friction. By creating an interoperable, zero-cost platform, the National Payments Corporation of India (NPCI) effectively engineered a public good. This infrastructure drastically reduced the transaction costs, the frictions of commerce first identified by Ronald Coase that had historically excluded a large segment of the population from the formal economy. The result was a powerful surge in network effects, leading to over 18 billion transactions per month and a significant expansion of the formal economy.

However, the 2025 GST notices introduced a new, unforeseen transaction cost: regulatory risk. For a small vendor, the perceived cost of potential tax liability, scrutiny, and legal complexity now outweighs the benefit of digital convenience. This is a rational economic response to an environment of legal uncertainty. The lack of clear rules has transformed UPI in the eyes of many from a neutral utility into a potential surveillance tool. This represents a classic case of a policy action inducing negative externalities that damage a fragile ecosystem. This chilling effect, reported widely across vendor communities, demonstrates that trust is not merely a social construct but a critical economic asset; once eroded, it is incredibly difficult to rebuild.

The European Union’s GDPR prohibits repurposing personal data such as payments without explicit authorization, while the U.S. Internal Revenue Service operates under clear statutory summons powers subject to court oversight. In the United Kingdom, the Finance Act 2008 similarly defines specific notice powers. By contrast, India relies on statutory silence, which magnifies uncertainty and undermines trust.

The Legal Lacuna: Statutory Ambiguity at the Nexus of Tax and Data Law

The heart of the problem lies in statutory silence. While tax authorities possess broad powers under Section 151 of the Central Goods and Services Tax Act, 2017 to demand information for enforcement, no specific provision explicitly governs the mass acquisition and use of transactional data from a public payment utility like UPI. This creates several points of legal friction:

• Contravention of Purpose Limitation: The Digital Personal Data Protection Act, 2023 is built on the principle of purpose limitation that data collected for one legitimate purpose cannot be repurposed for another without consent or clear legal sanction. UPI data is collected for the express purpose of facilitating payments. Its subsequent use for mass tax scrutiny, without an explicit legislative mandate, appears to be in direct contravention of this core data privacy principle.

• Implication of Due Process: The automated issuance of notices based on gross UPI transaction volumes operates on a presumption of taxability, failing to account for small business realities such as co-mingled funds or exempt goods. This raises serious due process concerns. The Supreme Court in Justice K.S. Puttaswamy v. Union of India (2017) held that privacy is a fundamental right and any state action intruding on it must meet the test of legality, necessity, and proportionality. Similarly, in RBI v. Jayantilal N. Mistry (2015), the Court reinforced transparency and accountability in the financial sector while recognizing privacy concerns. Applied here, UPI data usage without explicit legislative sanction risks failing the constitutional standard of proportionality.

• Limits of Statutory Interpretation: Extending general information-gathering powers to continuous, systemic monitoring of a national payments system stretches statutory interpretation beyond its natural limits. Without explicit parliamentary approval, such practices operate in a constitutional grey zone.

A Proposed Framework for Resolution

To resolve this conflict and restore trust, a new legal framework is required. This is not a call for weaker tax enforcement, but for smarter, more predictable, and legally sound enforcement. The framework must be institutionalized through three pillars:

• The Principle of Proportionality: Any use of mass transactional data for tax purposes must be proportionate to the objective. Instead of a wide dragnet, the law must mandate a risk-based approach. This could involve significantly higher turnover thresholds for automated scrutiny, the use of additional evidence to corroborate suspected evasion, or a focus on specific high-risk sectors rather than all small vendors. The legal standard should be that the intrusion into financial privacy is justified by, and proportional to, the likelihood of significant tax evasion.

• Legislative Clarity and Purpose Specification: The ambiguity must be resolved through explicit legislation. Parliament should amend either the GST Act or the Payment and Settlement Systems Act to clearly define the circumstances under which UPI data can be accessed by tax authorities. This law must specify the purpose, the agencies authorized to access the data, the procedural safeguards to be followed, and the limits on its use. This would replace the current legal grey area with a clear, predictable rule of law.

• Enhanced Procedural Safeguards: The process of issuing and resolving notices must be reformed. A new system must include a preliminary clarification stage that is simple, digital, and designed for users with low financial literacy. It should provide a clear, low-cost mechanism for individuals to explain discrepancies and separate personal transactions from business income before a formal demand or penalty is issued. This would uphold the principles of natural justice and reduce the burden on both taxpayers and the tax administration.

In addition to these three pillars, any framework must rest on constitutional foundations. Such authorization must come from Parliament, not delegated circulars, with judicial review explicitly preserved under the proportionality doctrine in Puttaswamy. Harmonization with the DPDP Act, 2023 through either explicit consent or narrowly tailored statutory exemptions would further ensure legal defensibility.

Conclusion: Building a Resilient Digital Future

The tension between digital inclusion and tax formalization in India illustrates a broader global challenge: while technology has made financial data abundant, the legal frameworks to govern its use remain underdeveloped. Without statutory clarity, the use of UPI data for tax enforcement risks undermining the very trust that made India’s digital payments revolution possible.

The path forward requires deliberate legal engineering. By enacting explicit legislation that balances proportionality, purpose limitation, and procedural fairness, India can design a framework that both enforces tax law and preserves financial inclusion. If these safeguards are implemented, India would align with international best practices, ensuring that governance does not erode public trust. Embedding these constitutional principles into the digital legal architecture will allow India not only to protect its gains from UPI but also to lead the global south in building inclusive, rights-compatible digital economies.

Keshav Maheshwari is a third-year (B.A. LL.B.) student at National Law Institute University, Bhopal