‘Draft telecom cybersecurity rules may raise compliance costs for firms, impact digital adoption'
cybersecurity
amendment rules, proposed by the Department of Telecommunications (DoT), may significantly raise compliance costs for non-telecom licensed entities such as fintech applications, OTT services, ecommerce businesses, and small digital firms, among others, according to
CUTS International
.
The Draft Telecommunications (Telecom Cyber Security) Amendment Rules, 2025, propose a new category of entities,
Telecommunication Identifier User Entities
(TIUEs), which may potentially include entities in the abovementioned categories.
The telecom department, under the proposed
cybersecurity rules
, can direct telecom carriers and other entities such as banks, financial institutions, e-commerce players, etc., to verify mobile numbers or identities of users through a centralised platform to curb online fraud and spoofing.
If a TIUE is directed by the Central or state government, or an authorised agency, to seek mobile number validation, a fee of ₹1.50 per request will be levied, while for private TIUEs making voluntary requests for mobile number validation, the fee will be ₹3 per request.
'This may extend telecom-style obligations to entities not covered under the parent Act, raising concerns about constitutional validity,' the research and advocacy firm said in a statement based on a rapid Regulatory Impact Assessment (RIA).
CUTS said that the modest per-verification charges proposed in the draft amendment rules may result in 'large recurring costs', and may cause digital platforms to pay 'tens of thousands of crores of rupees' in annual compliance costs.
CUTS estimated potential impact on one key platform each from three of India's fastest-growing digital consumer sectors - digital payments, food delivery, and mobility.
PhonePe, which processes nearly 282 million daily transactions, may face over ₹1,500 crore if merely 10% of its users are subjected to mobile number validation, while Zomato, with 30.7 million weekly active users, may face validation costs of over ₹24 crore annually, in a similar situation. Likewise, ride-hailing application Uber India, with 1.12 million daily users, may incur ₹6.13 crore annually.
CUTS said that voluntary validations at ₹3 per request would 'double these figures', making compliance economically unviable, especially for smaller platforms and sensitive digital services.
At the same time, it estimated that the total costs passed onto consumers may add up to ₹540 crore per month–or over ₹6,480 crore annually.
'Overall, increased costs and exclusion risks may reduce digital adoption, hinder competition, and result in an estimated ₹2.5 lakh crore loss to the digital economy even at a 10% compliance, potentially excluding 4,000–5,000 potential startups from the market, and risking a loss of nearly 150,000–200,000 direct jobs,' it added.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Economic Times
2 hours ago
- Economic Times
TDSAT halts ₹141 cr spam penalties on telcos, next hearing on August 8
ETTelecom Representative image. India's telecom operators won't need to pay penalties to the tune of around Rs141 crore levied by regulator for not being able to control spam till August 8, the next date of hearing on the case in the Telecom Disputes Settlement & Appellate Tribunal (TDSAT). The telecom tribunal, at a hearing Thursday, adjourned the matter till August 8, and asked the Telecom Regulatory Authority of India (Trai) to submit an affidavit on the matter. During the hearing, both sides presented their arguments. As Trai has to share further information, the tribunal asked the counsel for the regulator to file an affidavit containing the requisite details. The regulator had levied penalties on all three private telcos - Reliance Jio, Bharti Airtel and Vodafone Idea as well as state-run Bharat Sanchar Nigam Ltd. (BSNL) - for failing to control spam. However, the operators had challenged the penalties, arguing that the regulator should not have levied the penalties when an anti-spam platform was still in the process of development. TDSAT had stayed the Trai's penalties in January. The fines were levied as part of the Telecom Commercial Communications Customer Preference Regulations, 2018 (TCCCPR). The telcos argue that the delays in implementation of spam control measures were caused due to Covid and they were not responsible for the delay. To support their point, the telcos submitted details to the TDSAT stating that when Trai imposed the penalties, the digital consent acquisition (DCA) platform was still being staying the penalties in its January 28 order, the TDSAT had observed that telecom firms were not responsible for the delay in implementation of the regulations, including the DCA.'Thus, it is unfair and arbitrary on the part of the respondent to impose financial disincentives on the appellants (telcos) for something which was beyond their control,' TDSAT said in the January levying of penalties on telecom firms as part of the TCCCPR has been a bone of contention between the regulators and telcos. While the regulator has been imposing penalties on telcos, it has not realised any money as operators contended that they should not be held accountable for something which they don't control or to get the amount itself, the regulator had even asked the Department of Telecommunications (DoT) to encash the bank guarantees of the companies to recover the amount. But the DoT has not agreed to the request of regulator has been strengthening the TCCCPR rules, but the telcos argue that since key stakeholders like telemarketers, over the top (OTT) have been kept out of the purview of the rules, there won't be desired results to curb spam.
Hans India
2 hours ago
- Hans India
Over 13.6 million mobile numbers disconnected to check fraud: Scindia
New Delhi: Union Minister of Communications Jyotiraditya M. Scindia informed Parliament on Wednesday that over 13.6 million mobile numbers have been disconnected based on citizens' feedback to curb telecom fraud. The minister said that in a major nationwide push to curb cyber fraud and protect citizens from digital threats, the Government of India has rolled out a series of decisive, tech-enabled measures under the Department of Telecommunications (DoT), in close coordination with the Ministry of Home Affairs. A key feature introduced is the 'Know Your Mobile Connections' service, which allows users to check all numbers issued under their name and report any unauthorised connections. This has resulted in the disconnection of 13.6 million such numbers, he explained. The minister said that DoT has also blocked 5.5 lakh handsets and deactivated 20,000 bulk SMS senders. Nearly 24 lakh WhatsApp accounts involved in suspicious activities have also been disengaged. He highlighted that a Digital Intelligence Platform has been developed, bringing together 620 institutions, including 570 banks, 36 state police forces, investigative agencies, and telecom service providers, to jointly tackle fraud in real-time. The platform enables integrated action against scammers and cybercriminals who misuse telecom infrastructure to deceive citizens. To further involve the public in this mission, the Government launched the Sanchar Saathi portal on May 16, 2023, which has since registered over 15.5 crore hits, indicating strong public awareness and participation. Building on this success, the Sanchar Saathi mobile app was launched on January 17, 2025, for both Android and iOS, and has received over 44 lakh downloads. The Government has also deployed artificial intelligence tools, notably the ASTR system, to automatically detect and eliminate fake mobile numbers, leading to the disconnection of an additional 82 lakh such connections. Addressing the serious issue of international spoof calls, where foreign numbers appear as Indian calls, the DoT introduced a centralised software solution under the International Incoming Spoof Calls Prevention. On the very first day, 1.35 crore such spoof calls were blocked, and ongoing efforts have brought down such incidents by 97 per cent. Today, only about three lakh spoof calls are being detected daily, compared to the earlier massive volumes. Telecom operators have also been mandated to display 'International Call' alerts on all such incoming numbers for greater user transparency, the minister said. He also stated that in a significant technological leap, the Fraud Risk Indicator (FRI) system was introduced to assess user risk levels—Very High, High, or Medium—based on banking and transaction behaviour. This risk data is shared with banks in real time, helping them prevent suspicious transactions. Over 3.7 lakh individuals have been flagged under these categories, leading to the prevention of more than 3.04 lakh debit/credit instructions and the freezing of 1.55 lakh bank accounts. Recognising the system's effectiveness, the Reserve Bank of India has instructed all banks to integrate FRI into their internal systems. Additionally, the DoT has taken firm steps against the misuse of Indian SIMs operating from Southeast Asian countries. Over 26 lakh such roaming mobile connections have been disconnected, and around 1.3 lakh devices used in such scams have been blocked. These ongoing efforts signal the Government's strong commitment to protecting citizens, securing telecom networks, and building a digitally secure India. Citizens are encouraged to remain vigilant and make full use of tools like the Sanchar Saathi portal and app to report suspicious activities, check their mobile connections, and help build a fraud-free digital ecosystem, the minister added. Telecom Fraud, Jyotiraditya Scindia, Sanchar Saathi, Mobile Number Disconnection, Digital Security, ASTR System
Time of India
3 hours ago
- Time of India
Internet companies say draft telecom cybersecurity rules to extend regulatory oversight, raise costs
NEW DELHI: Internet companies have cautioned that the Department of Telecommunications ' (DoT) proposed Draft Telecommunication (Telecom Cyber Security) Amendment Rules, 2025, could extend regulatory oversight to non-telecom licensed entities and raise costs, which will dent profits and impact ordinary consumers. The industry raised concerns that the proposed telecom cybersecurity amendments exceed the legislative scope of the Telecommunications Act, 2023, by creating a new category of entities – Telecommunication Identifier User Entities (TIUEs) – which cover a wide-range of non-telecom licensed digital service providers , such as e-commerce players, banks, food delivery, streaming, gaming, and others. The new draft rules, in their current form, will apply to all 'telecommunication identifier user entities' (TIUEs), or entities that use phone numbers to identify customers or their transactions. The Internet and Mobile Association of India (IAMAI), in its submission to the telecom department, said that the inclusion of digital businesses under the proposed amendments was in 'violation of the scope of the Telecom Act and amounts to regulatory overreach'. IAMAI further said that the proposed creation of a Mobile Number Validation (MNV) platform and imposition of a verification fee (₹1.5/₹3) could prove to be a 'significant expense and compliance burden for digital businesses'. 'This might lead to increased service costs for end-users and reduced profit margins for businesses, particularly for start-ups and MSMEs (micro, small and medium enterprises) where such costs may be disproportionately felt,' it added. IT industry association NASSCOM , in a letter to Devendra Kumar Rai, joint secretary (telecom), DoT, said one of the most pressing concerns of digital companies is the proposed fee of ₹1.5-3 per verification request via the MNV platform, which is nearly 30 to 60 times higher than the prevailing cost of existing one-time password (OTP)-based verification, which is basically under ₹0.1 per request. 'For platforms handling large transaction volumes or serving cost-sensitive user segments, such a pricing structure is economically unsustainable. Moreover, the lack of clarity on whether the fee applies per user or per transaction further complicates cost projections,' National Association of Software and Service Companies (NASSCOM) said in its letter, dated July 24, 2025. It warned that smaller players, startups, and high-volume platforms will be 'disproportionately impacted', creating barriers to innovation and hindering the government's goals around digital inclusion and ease of doing business. 'This may also discourage small businesses in adoption of verification technologies,' said NASSCOM. The Broadband India Forum (BIF), in its submission, said that the existing mechanisms, such as DoT's ICDR system and CEIR portal enable IMEI registration, verification, and blocking, noting that the draft telecom cybersecurity amendments add a 'duplicative step in IMEI allocation process for OEMs which would interfere with GSMA processes'. 'Do not operationalise the MNV platform, i.e., Rules 7A read with 2(cb) without a clear legal basis, defined purpose and privacy protections. If operationalised, MNV should be voluntary, especially due to the prohibitive costs of compliance impacting innovation and adoption of digital verification tools,' BIF said, adding that the provisions regarding fees should be reconsidered due to the absence of legislative sanction for the same. BIF's members include global Internet and technology giants including Google, Microsoft, Meta Platforms, Netflix, among others.
