Introduction
The NPCI International Payments Limited (NIPL) has entered into a strategic partnership with ACLEDA Bank Plc., that aims to implement the Unified Payments Interface (UPI) in Cambodia, making it a boon for the Indian travellers in Cambodia who can now use UPI in order to make payments to businesses and retails present in the country.
Such announcement has been made whilst keeping in consideration the G20 goals of India that aims to enhance cross-border payments. The Reserve Bank of India (RBI) has launched this strategic move in order to enable cash-less digitalized transactions in a safe and secure manner.
This marks another revolutionary event for digitalized India as it enables the Indian travellers to make UPI Payments in Cambodia and enables the Cambodian citizens to make such UPI payments in India, thereby, enabling the digital payment ecosystem as well as improving the international UPI partnerships.
Understanding the new payment linkage
At the outset, this strategic move provides for a phase one that enables the Indian travellers to make UPI payments by scanning Bakong’ KHQR codes across more than 4.5 million merchant stores, tourist attractions, restaurants, retail stores, and other establishments across Cambodia. This will not only improve the global digital payment partnership, but will also ensure that Indian travellers can now take benefit of the Indian digital UPI Payment system even outside India.
Additionally, this payment system will work on real-time and seamless exchange transactions. Thereby doing away with the existing payment system across-borders such as Bank transfers which would normally take 2-3 business days. Furthermore, this move shall reduce the dependance of Indian travellers on cash and card payments
The notification issued by the RBI on June 3,2026 also states that with respect to this new India-Cambodia UPI linkage, the phase 2 shall enable the Cambodian travellers in India to make such UPI payments across India. Subsequently, this announcement enhances the economic ties between India and Cambodia and will enable fast-paced and smoother payment transactions.
New Linkage and rising Concerns
The intention and aim behind is to strengthen the UPI connectivity between both the countries, there are prevalent concerns regarding privacy and data protection. India has implemented the Digital Personal Data Protection Act, 2023 in order to protect the data privacy of personal data, and this new linkage will test the effective implementation of the Act over cross-border UPI Payment transactions.
The DPDP Act categorizes UPI transactions, bank details, account number as ‘Sensitive Personal Data’ and it is vital to secure this data by using proper effective encryption methods. UPI transactions across India are secured via end-end-end encryption. Therefore, the data exchanged between the two concerned bank holder or their accounts shall be heavily encrypted so that the third parties cannot intercept this sensitive data and misuse the same.
However, when it comes to cross-border UPI payments, it is heavily pertinent to ensure that the UPI transactions are secured with end-to-end encryption so that the same is not subject to fraud, cyberattacks or hacking.
The success of UPI in India has reflected that apps like PhonePay, GPay, BHIM, Paytm, etc. have enabled a strict compliance with privacy and aspects by ensuring end-to-end encryption, verified UPI IDs and denying all collect payment requests unless authorized. Therefore, the new linkage needs to ensure that the Bakong’ KHQR code complies with the privacy and data protection standards as that of UPI.
Cross Border Compliance and Security Challenges
With the new linkage, there comes the duty to protect the KYC documents that are linked with the UPI apps and therefore, it is of prevalent importance that Indian-Cambodian UPI linkage is secure enough to protect the KYC documents and details of the individuals making the UPI payments across the countries.
Cambodia does not have a coded and dedicated framework for data protection and privacy. Unlike the DPDP Act that provides for a Data Protection Board as an authority to look into violations pertaining to digital personal data, the Cambodian law does not yet provide for such authority.
The legal framework includes Constitutional amendments and legal jurisprudence. Although the Cambodian government introduced a bill related to data privacy on July 23, 2025, called the Law on Personal Data Protection, however, the same has not been brought into effect. The LPDP draft has been inspired by the GDPR framework of EU, however, till this is brought into force the same stays a mere draft and implanting such a linkage in the absence of a proper law, it is a small risk at hand.
There is a persistent fear amongst the individuals regarding the QR-code and related frauds. There are several instances of fraud taking place though scanning of an innocent-appearing QR-code that leads to cyberattacks and financial hacking. It is important to ensure that the implementation of QR-code is done with proper and effective encryption, especially in the cross-border UPI payments.
AMLEGALS Remarks
As technology is rapidly growing and evolving, this new payment linkage between India-Cambodia marks a milestone for global digitalized payment mechanism. However, it is equally important to ensure that all the necessary steps have been implemented in order to protect the transactions taking place between the two countries.
As Cambodia does not have a proper code for data protection, the authorities should first wait for an effective implementation of the LPDP draft and then undertake this new linkage, such is must step for data protection for cross-border financial payments.
For any queries or feedback, feel free to connect with Dhwani.tandon@amlegals.com or Mayur.punjabi@amlegals.com