What is an ISNP?
An Insurance Self-Network Platform is the framework under which IRDAI permits insurers, brokers and corporate agents to solicit, sell and service insurance through their own digital platforms. It originates in IRDAI's 2017 insurance e-commerce guidelines.
The regulator's intent is straightforward: extend insurance reach digitally while keeping consumer protections intact. That means the same disclosure, record-keeping and grievance standards that apply offline must be demonstrable in the digital journey, with the platform's systems approved before sales begin.
It applies to any insurer, broker or corporate agent running its own digital sales platform. Verify the current guideline status and amendments before relying on any specific provision; this guide is reviewed against IRDAI circulars on every update.
Who needs ISNP approval, and who doesn't
The trigger is digital solicitation and sale, not merely having a website. Three paths cover most entities:
| If you... | Then... |
|---|---|
| Sell or service insurance on your own digital platform, with customer self-checkout | ISNP approval path |
| Run assisted-only sales (RM or branch journeys, no self-checkout) | Corporate agency or broking norms apply; ISNP may not be required |
| Display comparisons and forward leads only | Web aggregator framework |
The common misconception is that a website alone creates an ISNP obligation. It does not. What matters is whether the platform solicits and concludes the sale.
IRDAI's requirements for ISNPs
Application and approval
The application goes through the sponsoring insurer or intermediary with platform details, a board-approved policy and a description of the IT systems.
System and security
Indian data storage, encryption in transit and at rest, access controls, audit trails, periodic VAPT by CERT-In empanelled auditors, and an ISO 27001-aligned ISMS.
Record-keeping
Proposal logs, consent capture with timestamps, and policy and servicing records retained per IRDAI retention norms, retrievable for inspection.
Grievance redressal
Complaints must be registrable on the platform, with defined turnaround times and escalation to the insurer or IGMS integration.
Display and disclosure norms
Product information, premium breakup, commission disclosure where mandated, and terms and conditions accessible before purchase.
Digital distribution rules beyond ISNP
Suitability in digital journeys
The suitability assessment must be recorded in the journey, not implied by the customer clicking through.
e-KYC norms
CKYC fetch, Aadhaar-based options and video KYC where applicable.
Distance marketing
Distance-marketing and telemarketing conduct rules govern outbound digital and voice solicitation.
DPDP Act intersection
Consent, purpose limitation and data-principal rights apply to every insurance customer record. See how DeployIT handles this on the compliance page.
Advertising regulations
Approved creatives only, and no misleading comparisons.
The compliance checklist
Our working checklist runs to 30 items across five groups. Here is the structure, with sample items from each group:
| Group | Items | Sample item |
|---|---|---|
| Legal and registration | 5 | ISNP application filed through the sponsoring registrant with board-approved policy |
| Journey compliance | 8 | Premium displayed with taxes before payment initiation |
| Data and security | 8 | VAPT report less than 12 months old from a CERT-In empanelled auditor |
| Records and audit | 5 | Every issued policy traceable to a logged, timestamped consent |
| Grievance | 4 | Complaints registrable on-platform with defined TATs and escalation |
Want the full 30-item checklist as a PDF? Ask us for a copy and we will send the latest version.
How platforms make this easier
What to expect from your technology vendor: pre-built compliant journey components (suitability, disclosures, consent), India data residency by default, immutable audit logs, and ISO 27001 / SOC 2 reports you can reuse in your application. Regulation changes should ship platform-wide, not as a custom project per client.
Ask any vendor which of these they provide and what documentation they will hand you under NDA. DeployIT's answers are on the compliance page.
See compliance built into the journey
Suitability, consent and disclosure capture, live in a real digital sales flow.
Common audit findings and how to avoid them
- 1
Unattributed sales. Policies with no valid SP or POSP mapping. Fix: enforce attribution at issuance, not in reports.
- 2
Missing suitability records. Checks done verbally. Fix: capture in-flow with timestamps.
- 3
Stale disclosure versions. Old terms shown after a circular changes them. Fix: versioned content management.
- 4
Incomplete grievance logs. Complaints handled on email. Fix: a platform-native grievance module.
- 5
Commission-cap breaches. Manual payout sheets. Fix: rule-validated payouts with complete registers.
Related reading: glossary entries for ISNP, IRDAI, suitability assessment and maker-checker, plus solutions for fintechs.
Frequently asked questions
What is ISNP full form in insurance?
Insurance Self-Network Platform: IRDAI's framework for selling and servicing insurance through one's own digital platform.
Who grants ISNP approval and how long does it take?
IRDAI, via the sponsoring insurer or intermediary's application; timelines vary with the completeness of systems documentation, typically a few months.
Is ISNP required to sell insurance online in India?
If you solicit and conclude sales on your own digital platform, yes (insurer or intermediary); assisted and offline models follow their respective registration norms.
What are the penalties for non-compliance?
IRDAI can direct corrective action, suspend digital sales, or act against the sponsoring registrant, beyond the commercial damage of a halted channel.
Does using a platform like DeployIT remove the need for ISNP approval?
No. Approval attaches to the distributing entity. DeployIT accelerates meeting the system, security and record-keeping requirements that approval and audits demand.
Editorial note: every regulatory statement on this page is checked against the underlying IRDAI guideline or circular by a named reviewer, and the visible last-updated date reflects that review.