Several major digital platforms have flagged concerns over the draft Telecom Cybersecurity Rules, 2025, warning that the proposed framework could impose steep compliance costs and introduce regulatory ambiguities that outweigh the intended benefits.
The rules impose additional obligations on any digital platform that uses telecom identifiers, such as mobile numbers or one-time passwords or OTPs, essentially bringing such platforms under the Telecommunications Act, 2023.
In a conversation on July 31, public policy representatives from PB Fintech, Info Edge India, IndiaMart and Truecaller broadly agreed that the rules could be onerous for digital businesses, particularly due to their expansive scope and unclear operational details.
The Vodafone Idea representative expressed support for the necessity of having such rules in place to combat fraud.
A key provision in the draft introduces a new regulated category, Telecommunication Identifier User Entities. This includes any platform that interacts with telecom networks for user identification or service delivery.
Also read: MC Explainer: Why the draft telecom cybersecurity rules are raising red flags
Such platforms would be required to validate mobile numbers through a government-run MNV or mobile number validation platform, incurring a per-query fee of up to Rs 3.
PB Fintech, the parent of Policybazaar, highlighted the operational cost burden of implementing such a system at scale. The company handles upwards of 800,000 customer calls a day and uses AI-based internal systems for number authentication, its president Rajiv Kumar Gupta said.
While acknowledging that authenticating mobile numbers could help strengthen trust in the digital ecosystem, Gupta expressed concerns over the financial and privacy implications of outsourcing validation to an external system.
The company's representatives are scheduled to meet Department of Telecommunications (DoT) officials next week to discuss its concerns.
Hoonar Janu, head, public policy, Info Edge India—which runs a host of platforms including naukri.com, jeevansathi.com and 99acres.com—questioned whether the proposed rules were strictly about telecom cybersecurity and if they overlapped with sector-specific security frameworks. Janu noted that there was little clarity on whether the rules would be mandatory and how they would actually help prevent fraud.
Also read: Digital industry slams telecom cybersecurity rules for overreach, cost burden and privacy risks
Similar views were echoed by Truecaller's head of public affairs Seema Jindal, who pointed out that the OTP system already serves as a robust form of user validation. She questioned the need for a new identification mechanism, particularly in the absence of a clear definition of "identification" in the Telecommunications Act.
Vodafone Idea's vice president of public policy Jasroop Sandhu stood apart from the rest of the panel, supporting the government's intention, arguing that platforms interacting with telecom infrastructure must be able to identify users, especially where fraud could be involved.
These remarks came during a closed-door roundtable hosted by tech policy platform Medianama on July 31.
The Ministry of Communications released the draft rules on June 24, giving stakeholders 30 days to submit feedback.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
