On June 24, 2025, the Central government introduced the draft Telecom Cybersecurity (Amendment) Rules, 2025.
While the government says the amendments are meant to curb cyber frauds and improve security of telecom networks, industry voices say that the approach could do more harm than good.
One of the central concerns experts are flagging about the draft is that it appears to extend regulatory powers over digital platforms in a manner that exceeds the legal scope of India’s telecom law.
With the consultation deadline set to end on July 24, here is a deeper look at what the draft rules say and what experts say are its key concerns.
What do the new rules propose?There are three main proposals:
Under the new rules, TIUEs will have to comply with several obligations typically imposed on licensed telecom players.
The fee for each validation request is Rs 3 for private companies and Rs 1.50 for requests made on government direction, the draft rules say.
While the government says the proposed changes are aimed at curbing cyber fraud, critics argue the rules risk expanding telecom regulation into the digital ecosystem without clear boundaries.
Experts say the rules bring online platforms under telecom-style regulation simply because they use phone numbers or OTPs, even though these platforms are already covered under IT laws.
“The government wants to tackle cyber fraud, but the rules now extend telecom-related obligations to digital platforms,” said Shahana Chatterji, Partner at Shardul Amarchand Mangaldas.
Chatterji, Uppal, Microsoft's director for government affairs John Khiangte, telecom expert Parag Kar and others were speaking at a stakeholder consultation on the draft hosted by CCAOI on July 21.
What could be the impact on businesses?Platforms that use mobile numbers for user login or verification will now need to verify each number through the MNV platform, adding costs and technical overhead.
Some experts believe so. They point out that the Telecommunications Act, 2023 — the parent law under which these rules are framed — does not mention or authorise the creation of a new category like TIUEs.
“The entity called a TIUE does not emanate from the Act,” said Parag Kar, a telecom veteran. “You can’t regulate something that doesn’t exist in the law. If the rules are allowed to go this far, where does it stop?”
What about user privacy?The draft rules do not clearly outline how consent, data protection, or access control will be managed in the MNV process. “All I have to do as an OTT player is pay a fee and get to use the MNV? That’s a problem,” said Uppal. “The system might be used by rogue players, exactly what it’s trying to prevent," he added.
How do these rules interact with existing laws?Experts pointed out that many of the functions, such as dealing with cyber fraud, identity misuse, and user data protection are already addressed under the IT Act, CERT-In rules, and other sectoral regulations.
“The Telecommunications Act was never supposed to deal with these issues,” said Uppal, adding, “We are now seeing an unnecessary overlap between telecom regulation and digital platform governance.”
What happens next?The Department of Telecommunications is accepting feedback on the draft till July 24, 2025. Industry stakeholders are expected to press for tighter scope, privacy safeguards, and cost relief for smaller entities.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
