The department of telecommunications (DoT) has notified amended cybersecurity rules which include provisions to bolster telecom network security, curb identity misuse and enhance traceability of equipment.
A key feature of the amendments to the Telecommunications Act is the creation of a Mobile Number Validation (MNV) platform, empowering the government to verify telecom identifiers — such as phone numbers — used by entities offering digital services linked to telecom networks.
The MNV platform will allow authorised entities, telecom licensees and other registered service providers — classified as Telecommunication Identifier User Entities (TIUEs) — to check if the numbers used by their customers correspond to verified users in operators’ databases. This move targets identity fraud, spam, and misuse of telecom identifiers.
The notification follows public consultations on a draft released in June, with the government stating that all stakeholder suggestions were considered before finalisation.
Despite industry consultation, tech companies and privacy advocates have flagged concerns, calling the rules overreaching and potentially invasive. They argue that the framework could expand DoT’s jurisdiction over non-telecom entities and lead to mass processing of personal data.
“The creation of Telecommunication Identifier User Entity [TIUEs] and a MNV platform are likely ultra vires/beyond the scope of the Telecom Act,” Sachin Dhawan, deputy director, The Dialogue, a tech policy think tank, told Moneycontrol.
“Moreover, they will not move the needle forward on cybersecurity. Instead of ameliorating the problem of cyber fraud, the rules raise concerns about dilution of privacy rights as they greenlight the processing of personal data on a large scale without sufficient guardrails and safeguards.”
The DoT says the MNV platform — expected to launch in the coming months — will help banks and financial institutions verify mobile numbers against telecom KYC data when opening new accounts. It will address the absence of a formal mechanism to confirm that phone numbers linked to bank accounts belong to account holders.
Entities such as banks, fintechs and online service providers using mobile numbers for authentication may be required to validate user identities through the MNV platform, subject to government approval.
Sources, however, said compliance will be mandatory only for licensed telecom operators, while banks, insurers and other institutions can opt in voluntarily.
E-commerce and food delivery platforms, though outside the rule’s ambit, may also use the system for a fee. The government may charge for such validations, with revenue shared between the agency managing the platform and telecom operators providing verification.
The amended rules also empower the government to issue directions to phone manufacturers to assist in dealing with tampered devices or fake IMEIs, while mandating the maintenance of a centralised IMEI database to block reused or cloned identifiers.
Manufacturers, importers, and resellers of used devices must verify IMEIs against this national database before sale or reuse.
Under Rule 7A, all telecom identifier validations must comply with data protection laws.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
