In June 2025, the Department of Telecommunications released the Draft Telecom Cybersecurity Amendment Rules, proposing a set of far-reaching changes to the Telecom Cyber Security Rules, 2024, which had been notified under the Telecommunication Act, 2023. The draft signals a marked evolution from a telecom-focused framework to a more expansive cybersecurity regime, one that may fundamentally reshape the regulation of digital platforms and telecom-linked technologies.
These proposed changes appear to respond to the growing prevalence of cyber fraud in India, including incidents involving SIM manipulation, fake OTPs, and compromised devices. To address these challenges, the government has introduced a series of systemic measures aimed at enhancing verification protocols and preventing misuse of telecom identifiers.
Among the most notable shifts are the introduction of new definitions and regulatory categories, such as Telecom Identifier Using Entities (TIUEs) and the establishment of a Mobile Number Verification (MNV) Platform. These additions extend the reach of telecom regulation well beyond traditional licensees, bringing various digital services into the fold.
What are the broader legal, operational, and privacy implications of this expanded scope? How might these rules affect non-telecom entities such as OTT platforms, e-commerce players, or fintech services?
Our response examines these questions in detail, highlighting areas that merit further clarity, potential legal tensions, and opportunities for designing a balanced cybersecurity framework that serves both national security and innovation goals.
Download the full response to explore our analysis, recommendations, and key takeaways for regulators, industry stakeholders, and civil society.