Latest news with #ParentAct
Mint
30-07-2025
- Business
- Mint
Big tech firms cry foul over India's new phone verification rules, cite privacy concern, costs
India's proposed new cybersecurity rules under the Telecom Act threaten to pull everyday apps such as WhatsApp, Netflix, and Amazon under the country's telecom regulations—just because they use phone numbers. The proposal, aimed at boosting cybersecurity, has sparked alarm among the global tech giants over user privacy, hefty compliance costs, and the overall future of India's digital economy, and they have written to the government expressing their anguish. The proposed rules also call for inclusion of other key services such as online banking, shopping, education, and even physical stores, under the law for their use of telecom identifiers like mobile numbers, to identify or interact with users. Simply put, almost every digital service today—from chatting on WhatsApp to shopping on Amazon—uses telecom identifiers such as phone numbers to log users in, send one-time passwords (OTPs), or deliver notifications. The department of telecommunications (DoT) had floated the draft rules on 24 June and had invited comments on the same till 23 July. The government is currently evaluating the feedback. Under the draft rules, these companies need to verify that the phone numbers their users give actually belong to them, and that would entail a cost burden. The verification will have to be done by checking those numbers against telecom databases upon government direction or by using a government-owned mobile number validation platform at a fee. The objective of the Telecommunication Act, 2023 (Telecom Act) and the provisions under which these rules have been promulgated is to 'protect and ensure the cyber security of telecommunication networks and telecommunication services". The Draft Amendment Rules, instead of advancing this objective of cyber security, extend the scope of the law by seeking to regulate a class of entities that lie entirely outside the Parent Act framework," said Broadband India Forum (BIF) in its submission to the department of telecommunications (DoT). A copy of the submission was seen by Mint. The Broadband India Forum, which represents big tech companies in the country, says the expansion of scope to non-telecom entities and OTTs goes against what the then communications minister Ashwini Vaishnaw had said in 2023—that these apps are not within the Telecom Act's ambit and remain governed by the Information Technology Act, 2000. Even as the government intends to curb cybercrime and identity theft through the new rules, the big tech companies see this move as a backdoor attempt to bring them under the Telecom Act, a long-running and controversial issue between telecom and tech companies. Telecom operators have been lobbying the government to bring OTT apps under a comparable regulatory framework, claiming it would level the playing field and ensure fair competition. Tech firms argue that this would stifle innovation, impose disproportionate compliance costs, and create overlapping legal frameworks. As per the latest proposed rules, the government can also ask non-telecom entities to provide information about the telecom identifiers they use—like phone numbers or device IDs. This information should be sent digitally from specific locations so that it can be saved and processed, as per the rules. 'Telecommunication identifier user entity (TIUEs) only use telecom identifiers (like mobile numbers) for user communication, registration, or service delivery, not for network-level operations and hence, introducing obligations related to data access, suspension/blocking, validation of telecom identifiers upon them does not serve the purpose of protecting or ensuring telecom cyber security," the Broadband India Forum said, adding that the draft rules overlap with existing regulatory frameworks under sectoral laws, including the IT Act, cyber security framework for banks by the Reserve Bank of India (RBI), among others. At the centre of the issue lies the compliance burden on the entities, fees associated with validation requests, and user privacy issues with data sharing. Technology firms told the government that there is no clarity on the scope and frequency of validation requests, the type of information exchanged or stored by the platform or the procedural safeguards to prevent misuse and ensure user privacy. 'In the absence of defined limits, oversight protocols, or purpose restrictions, the system raises the risk of user profiling, unlawful personal data processing and data sharing," the Broadband India Forum said, adding that the framework could undermine user trust. As per the draft rules, the companies will incur a cost of ₹1.5 per request of user mobile number validation upon government direction, or ₹3 per request if the companies want to do validation on their own through the government portal. According to a regulatory impact assessment by Consumer Unity & Trust Society (CUTS) International, with this fee being introduced, digital platforms may face annual compliance costs in the range of tens to thousands of crores. 'Overall, increased costs and exclusion risks may reduce digital adoption, hinder competition, and result in an estimated ₹2.5 trillion loss to the digital economy even at a 10% compliance, potentially excluding 4,000–5,000 potential startups from the market, and risking a loss of nearly 150,000–200,000 direct jobs," CUTS International said in its submission to the government. For example, PhonePe, having the largest user base in UPI transactions and processing nearly 282 million daily transactions, may incur a cost of over ₹1,500 crore if merely 10% of its users are subjected to mobile number validation, according to CUTS. Further, Zomato, with 30.7 million weekly active users, may face validation costs of over ₹24 crore annually, in a similar situation, the consumer body said. One of the concerns raised by the companies is over failure of verification. 'If verification fails due to mismatched subscriber details, these users may be locked out of essential services like digital payments, education and healthcare," CUTS said. The proposed rules require manufacturers of telecommunication equipment to verify International Mobile Equipment Identity (IMEI) numbers against the government-maintained database of tampered or restricted IMEIs. IMEI is a unique 15-digit number assigned to every mobile phone or device that connects to a cellular network. This could interfere with production timelines, hamper the rollout of new devices in India, and even lead to severe impacts if the government's database experiences technical issues, according to tech companies. The rules also propose that entities buying or selling used cellular devices must verify their IMEIs for a fee of ₹10 per verification. CUTS said, second-hand device markets, relied on by millions in the country, may also be affected by the ₹10 IMEI verification fee, reducing affordability and impacting access for the poor. Among other key changes proposed by the government is temporary and permanent suspension of telecom identifiers without prior notice. The companies have expressed concerns that the same will potentially impact the access of millions of users to various digital platforms and services that depend on phone number-based authentication (for instance, for two-factor-authentication, logins, password recovery, etc). Such action risks violating users' rights to access digital communication and essential services, especially in the absence of a formal judicial or independent review mechanism, they said.
Express Tribune
22-02-2025
- Politics
- Express Tribune
IHC declares Section 7 of Finance Act null and void
The Islamabad High Court (IHC) has declared Section 7 of the Finance Act 2015 void ab initio, declaring it contradictory to the Constitution, and struck it down along with all orders and actions taken under its provisions, including notifications. Justice Arbab Muhammad Tahir issued a detailed verdict on a petition challenging the amendment made to the Auditor General Ordinance 2001 through the Finance Act. The ruling stated that the Constitution is the supreme law of the land and all legislation derives its authority from it. If any law exceeds its given powers or contradicts a constitutional provision, it is deemed beyond legal authority (ultra vires) and unconstitutional. The judgment further stated that parliament enacts laws within the constitutional framework and that any legislation conflicting with the Constitution or its Parent Act is rendered ineffective. For a law to be valid, it must be logical and clear and must not contradict general legal principles or Constitution. The ¬court ruled that by-laws could be annulled if they are enacted in violation of legal procedures, contradict other laws or go against their parent legislation. By-laws that are ambiguous, unclear, unreasonable or illogical can also be declared void.
