India is implementing significant changes to its GST authentication requirements and UPI payment systems starting April 2025, building upon its existing digital identity infrastructure and security measures. The new requirements mark a major expansion of the country’s authentication protocols, which have already proven successful in reducing financial fraud and improving tax compliance.
Multi-Factor Authentication (MFA) will become mandatory for all GST portal users beginning April 1, 2025. The requirement applies to all taxpayers, who must ensure their authorized personnel are properly equipped to comply with the new authentication protocols. The measure continues the GSTN’s earlier initiatives to strengthen security across India’s tax infrastructure.
The E-Way Bill system is undergoing modifications, with new restrictions limiting bill generation to invoices issued within the previous 180 days, with maximum extensions of 360 days. The National Informatics Centre (NIC) is implementing updated versions of both the E-Way Bill and E-Invoice systems to enhance security measures.
In a move to improve tax collection efficiency, authorities have implemented mandatory sequential filing of GSTR-7 returns. The change prevents taxpayers from skipping filing numbers, facilitating more accurate reconciliation of Input Tax Credit (ITC) and TDS collection processes.
The new requirements also introduce biometric authentication for company promoters and directors, who must now complete verification at GST Suvidha Kendras as part of enhanced security protocols. The measure extends India’s previous implementation of Aadhaar-based verification for GST registration.
In the UPI payment sector, the Payments Council of India (PCI) has proposed reintroducing the Merchant Discount Rate (MDR) for UPI and RuPay transactions. The proposal comes as UPI transaction volumes reached 16 billion in February 2025, with values approaching ₹22 lakh crore. Government subsidies for operational costs have decreased from ₹3,500 crore in FY24 to ₹1,500 crore in FY25.
The National Payments Corporation of India (NPCI) is implementing new security measures for UPI accounts, including the removal of inactive phone numbers. Banks and third-party UPI providers must conduct regular database updates using the Mobile Number Revocation List/Digital Intelligence Platform (MNRL/DIP) at least weekly. The requirement follows recent incidents of UPI-related fraud involving stolen phones and compromised accounts.
Sources: Treelife, Upstox, India Briefing, ClearTax, NDTV
Follow Us