DPI Brief — March 20, 2026

Today’s DPI Updates (7 Layers)

L1: Identity & Authentication

[Aadhaar, eKYC]

No significant updates reported in the last 24 hours from UIDAI or eKYC services.

L2: Payments & Financial Rails

[UPI, NPCI, RuPay]

PhonePe Shelves IPO Amid Global Market Volatility

Walmart-backed PhonePe, India’s largest digital payments platform, has postponed its Initial Public Offering (IPO) citing ongoing geopolitical tensions and volatile market conditions. The company, which leads the UPI ecosystem in transaction volumes, was aiming for a $15 billion market capitalization with plans to raise up to $1.5 billion. Investment bankers had reportedly suggested lowering valuation expectations to about $9 billion.

According to NPCI data for February 2026, PhonePe processed approximately 9.3 billion transactions worth roughly ₹13.1 trillion (about $141.9 billion), maintaining its leadership position ahead of Google Pay’s 6.8 billion transactions worth around ₹9 trillion. UPI as a whole processed approximately 20.39 billion transactions in February 2026, with a total value of around ₹26,84,229 crore, supported by 694 banks. ¹

L3: Documents & Data Exchange

[DigiLocker, API Setu, eSign]

No significant updates reported in the last 24 hours.

L4: Commerce & Logistics

[ONDC, GeM]

ONDC Expands to 616+ Cities with 7.64 Lakh Sellers

The Open Network for Digital Commerce (ONDC) continues its rapid expansion, now covering over 616 cities with more than 7.64 lakh (764,000) sellers onboarded. The platform now processes approximately 16 million orders monthly across diverse domains including food, grocery, fashion, electronics, healthcare, and logistics. ONDC aims to democratize e-commerce by enabling diverse players to participate and collaborate effectively, promoting digital inclusion for businesses of all sizes. ²

L5: Sectoral Infrastructure

[ABHA, AgriStack, eCourts]

WHO Warns Against AI Use for Self-Diagnosis

The World Health Organization (WHO) has issued a caution against the rising trend of using AI tools for diagnosis and self-prescription. The organization warned that data used to train AI may be biased and could generate misleading or inaccurate information posing risks to health, equity, and inclusiveness. Large language models generate responses that can appear authoritative and plausible to end users, creating potential safety concerns. While committed to harnessing digital health technologies, WHO recommends policymakers ensure patient safety and protection. ³

L6: Governance & Grievance

[DARPG, CPGRAMS]

No significant updates reported in the last 24 hours.

L7: Security, Privacy & Trust

[CERT-In, DPDP, TRAI]

Google Patches Two Actively Exploited Chrome Zero-Days

Google released security updates for Chrome addressing two high-severity vulnerabilities (CVE impacts) that have been exploited in the wild. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added both vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog on March 13, 2026, requiring federal agencies to apply fixes by March 27, 2026. This follows another high-severity use-after-free bug in Chrome’s CSS component patched in March 2025. Organizations are advised to update Chrome immediately. ⁴

Critical Telnetd Vulnerability Disclosed

A critical security flaw (CVE-2026-32746) impacting the GNU InetUtils telnet daemon (telnetd) enables unauthenticated remote attackers to execute arbitrary code with root privileges. In the absence of a patch, organizations are advised to disable the service if not necessary, run telnetd without root privileges, and block port 23 at network perimeter levels. This follows another critical flaw (CVE-2026-24061, CVSS 9.8) disclosed nearly two months ago that remains under active exploitation. ⁵

Sources