DPI Brief — June 19, 2026

L2: UPI Smashes 23 Billion Transactions in May, PhonePe–Google Pay Duopoly Cracks

UPI processed a record 23.2 billion transactions worth ₹29.9 lakh crore in May 2026 — the highest-ever monthly volume for any real-time payment system globally. April 2026 was the first time any system crossed the 20-billion mark, and May pushed the frontier further. 1

But the more significant structural shift is in market share. According to NPCI data, the combined share of PhonePe and Google Pay fell below 80% for the first time since NPCI began publishing app-level statistics. PhonePe held ~46% and Google Pay ~33%, with Paytm, Navi, super.money, BHIM, and WhatsApp Pay collectively chipping away at the duopoly. This matters because NPCI’s 30% market cap rule for a single UPI app takes effect within six months, and the data suggests the ecosystem is already diversifying ahead of the deadline. 2

NPCI continues to project 1 billion daily UPI transactions by FY 2026–27, a target that appeared ambitious two years ago but now looks achievable at the current trajectory.

L4: ONDC’s DigiDukaan Expands to Jaipur, Targets 1.4 Crore Kirana Stores

The DPIIT–ONDC CPG Roundtable (Bharat Commerce Chintan Shivir) convened on 12 June 2026, bringing together FMCG leaders from HUL, ITC, Coca-Cola, Nestlé, CavinKare, Marico, and L’Oréal to discuss scaling DigiDukaan — ONDC’s e-B2B procurement layer for kirana stores. 3

DigiDukaan is positioned as a neutral digital procurement platform that lets retailers order from multiple CPG brands through existing distributors. India’s general trade ecosystem — 1.4 crore kirana stores accounting for 75–80% of FMCG sales — continues to operate through fragmented ordering systems and manual processes. The next public launch is scheduled for 19 June 2026 in Jaipur, with planned expansion to Mumbai, Bengaluru, and Delhi-NCR in the coming months. 4

L3: DigiLocker Integrates 68 Electricity Distribution Utilities; Mahasarathi Family ID Goes Live

DigiLocker has onboarded 68 electricity distribution companies (DISCOMs) and power departments, enabling consumers across 35 states and UTs to access electricity bills digitally. Major utilities integrated include BSES Rajdhani, BSES Yamuna, BESCOM, Dakshin Haryana Bijli Vitran Nigam, Jharkhand Bijli Vitran Nigam, and Noida Power Company. 5

Separately, the Mahasarathi (Family ID) — Maharashtra’s unified family identifier covering 14 crore residents — is now available on DigiLocker, giving instant digital access to family-level identity documents. The PIB confirmed the integration on 17 June 2026. 6

These additions continue DigiLocker’s expansion beyond traditional government documents into utility services and state-level identity systems, reinforcing its position as one of the world’s largest digital document wallets — now hosting over 2,000 standard document types.

L5: NITI Aayog Consults on Standardized Electronic Health Records via ABHA

An expert consultation on standardized Electronic Health Records (EHR) was held on 15 June 2026 under the chairmanship of Prof. M. Srinivas, Member, NITI Aayog. Senior officers from NITI Aayog, the Ministry of Health & Family Welfare, and the National Health Authority, along with public and private healthcare stakeholders, deliberated on leveraging ABHA as the digital health identifier to enable a standardized, interoperable, patient-centric EHR ecosystem. 7

Stakeholders agreed to advance the initiative in a time-bound manner. ABHA has now crossed 90 crore accounts, with the ABDM ecosystem recently marking 100 crore health records linked to ABHA IDs — a significant milestone in building the digital backbone for India’s healthcare infrastructure.

L7: MeitY Explores ‘Law-to-Code’ DPDP Compliance; CERT-In Issues AI Threat Blueprint

Two significant regulatory developments in the trust layer this fortnight:

MeitY’s ’law-to-code’ approach: The Ministry of Electronics and IT is exploring converting DPDP Act legal provisions into machine-executable code that enforces data protection obligations without human intervention. However, as the Esya Centre notes, obligations like consent being “free, specific, informed, unconditional, and unambiguous” (Section 6) inherently require human judgment and may not translate neatly into software rules. With full DPDP enforcement not due until May 2027, building compliance systems around fixed code interpretations carries the risk of lock-in to potentially incorrect readings of the law. 8

CERT-In’s AI threat blueprint: On 25 May 2026, CERT-In released a Blueprint for Reducing Exposure and Defending against AI-Assisted Vulnerability Exploitation. The advisory document provides guidance for organisations on defending against AI-powered phishing, malware, and deepfake fraud. While non-binding, it signals CERT-In’s increasing focus on AI-augmented cyber threats as a national security concern. Critics argue the blueprint takes a uniform approach to risks that are inherently context-dependent. 8

Covering L2 (Payments), L4 (Commerce), L3 (Documents), L5 (Sectoral — Health), and L7 (Trust & Regulation).

  1. https://www.instagram.com/p/DZrwf5UmgJ7 ↩︎

  2. https://www.cnbctv18.com/business/finance/phonepe-google-pay-combined-upi-share-falls-below-80-pc-may-npci-19927558.htm ↩︎

  3. https://www.pib.gov.in/PressReleasePage.aspx?PRID=2272311 ↩︎

  4. https://www.multibagg.ai/market-pulse/articles/digidukaan-expansion-jaipur-launch-2026-cmqbuerg401rms60je6w6wod7 ↩︎

  5. https://egov.eletsonline.com/2026/06/digilocker-expands-reach-with-integration-of-68-power-distribution-utilities ↩︎

  6. https://www.pib.gov.in/PressReleasePage.aspx?PRID=2273984 ↩︎

  7. https://www.instagram.com/p/DZpO1pKlJ1k ↩︎

  8. https://www.esyacentre.org/esyadispatch/2026/06/15/esya-dispatch-01-15-june-meity-explores-law-to-code-approach-to-dpdpa-compliance-and-cert-in-releases-blueprint-on-ai-assisted-cyber-threats ↩︎ ↩︎