Telecom industry associations voice anxieties about potential cybersecurity regulations
The Department of Telecommunications (DoT) has proposed the Draft Telecommunication (Telecom Cyber Security) Amendment Rules, 2025, aimed at strengthening cyber security and reducing telecom-related frauds. However, leading industry associations in India have raised significant concerns about regulatory overreach, increased compliance burdens, privacy risks, and potential disruption to digital business operations.
Key concerns include regulatory overreach and legal scope, the creation of a new category of regulated entities, cost and compliance burden, and privacy and user rights risks.
Associations like the Internet and Mobile Association of India (IAMAI), NASSCOM, Broadband India Forum (BIF), and CUTS International argue that the rules extend beyond the intended scope of the Indian Telecommunications Act, 2023, which covers telecom service providers but not digital platforms or OTT services. They contend that digital businesses fall under the Information Technology Act, 2000, and not the Telecom Act, making the draft rules' application to them legally questionable.
The introduction of "Telecommunication Identifier User Entities" (TIUEs) would regulate any entity using telecom identifiers (like mobile numbers) for user identification or service delivery. This broad definition would include virtually all digital platforms, ecommerce sites, delivery apps, hospitals, schools, and even small retailers collecting phone numbers. This sweeping inclusion is seen as excessive and disruptive to diverse sectors.
The new rules would impose a parallel telecom-style compliance regime on digital businesses, leading to substantial operational costs. Measures such as the proposed Mobile Number Validation platform with associated verification fees could strain budgets, especially harming start-ups, MSMEs, and smaller businesses. This could reduce profit margins and drive up service costs for consumers.
Provisions that allow authorities to direct OTT platforms or digital services to suspend telecom identifiers without prior user notice raise concerns about arbitrary service disruption, potential commercial losses, and erosion of user rights. Existing IT laws already provide frameworks for such actions with procedural safeguards, so overlapping telecom rules may create confusion and privacy risks.
The expansive and burdensome nature of these rules threatens to disrupt core operations of digital businesses across sectors, stifle innovation, and increase costs that may ultimately be passed on to consumers. The uncertainty and potential intrusive regulation could dampen the growth momentum of India's vibrant digital economy by pushing key digital players under a telecom regulatory framework they argue is misaligned with their nature and existing legal safeguards.
Industry bodies have urged the Department of Telecommunications (DoT) to pause the implementation, widen stakeholder consultations, and align the regulatory framework with existing laws and global best practices to avoid unintended economic consequences.
- The Draft Telecommunication (Telecom Cyber Security) Amendment Rules, 2025, proposed by the Department of Telecommunications (DoT), has raised concerns among leading technology and finance industry associations in India.
- These associations argue that the draft rules' application to digital platforms and OTT services, under the proposed "Telecommunication Identifier User Entities" (TIUEs), is legally questionable, as they fall under the Information Technology Act, 2000, and not the Telecom Act.
- The new rules could lead to substantial operational costs for digital businesses due to the introduction of a parallel telecom-style compliance regime, potentially straining budgets and driving up service costs for consumers.
- Provisions allowing authorities to suspend telecom identifiers without user notice on digital platforms risk arbitrary service disruptions, potential commercial losses, and erosion of user rights, potentially stifling innovation and growth within India's digital economy.
