On April 25, 2025, the Telecom Regulatory Authority of India (TRAI) convened the Joint Committee of Regulators (JCoR) to deliberate on a critical issue confronting India’s digital economy — the rising tide of Unsolicited Commercial Communications (UCC) and spam. The meeting was attended by representatives from the Reserve Bank of India (RBI), Insurance Regulatory and Development Authority of India (IRDAI), Pension Fund Regulatory and Development Authority (PFRDA), Securities and Exchange Board of India (SEBI), Ministry of Consumer Affairs (MoCA), Ministry of Electronics and Information Technology (MeitY), along with the Department of Telecommunications (DoT) and the Ministry of Home Affairs (MHA). This signals a shared recognition that UCC and spam increasingly threaten consumer trust, financial security, and the integrity of India’s digital communication ecosystem, demanding a whole-of-government approach.
India’s Spam Epidemic: A Public Trust Challenge
India, home to over a billion cellphone users, is now among the most spam-plagued countries globally. In 2023 alone, a staggering 12.2 million complaints were registered against unregistered telemarketers (UTMs), up from 8.5 million in 2021. Despite measures like the Do-Not-Disturb (DND) list, over 90% of mobile subscribers still report receiving unsolicited calls. As reported, more than 60% of Indians receive three or more spam calls daily, many of which originate from the financial services and real estate sectors. On average, a user in India receives around 8-10 spam calls per day, which negatively impacts the user experience and trust in digital services.
Spam is no longer a minor inconvenience; it is a public trust and security challenge for the communication ecosystem in India.
TCCCPR: Laying the Groundwork
TRAI first addressed spam and UCC systemically through the Telecom Commercial Communications Customer Preference Regulations (TCCCPR), 2018, issued under the Telecom Regulatory Authority of India Act, 1997. The regulation introduced a co-regulatory model, where Telecom Service Providers (TSPs) were tasked with onboarding Principal Entities (PEs) and Telemarketers (TMs) onto a Distributed Ledger Technology (DLT) platform.
Key features include:
-
- Mandatory header/ template registration for all business communications
-
- Explicit consent management for promotional messages.
-
- Preference scrubbing mechanisms to ensure messages align with user choices.
-
- Traceability to promote accountability.
By leveraging DLT, the framework enhanced transparency and security in commercial communications. However, as spamming techniques evolved, so did the need for dynamic reform.
Strengthening the Framework: Directives and Amendments
Responding to new challenges, TRAI issued a series of reforms:
-
- Digital Consent Acquisition (DCA): Operational since November 2023, the DCA system enables individuals to digitally grant, manage, and revoke consent for commercial communications across telecom networks.
-
- Simplified Complaint Mechanism: Users can now file complaints with minimal information, and TSPs are mandated to respond within five days.
-
- Clear Numbering Series:
-
- The 140 series is now strictly reserved for promotional calls.
-
- The new 1600 series is dedicated to transactional and service calls, enhancing consumer awareness and trust.
-
- Clear Numbering Series:
-
- Stringent Enforcement: TSPs face financial disincentives for lapses, persistent offenders risk suspension and blacklisting.
These measures aim to restore user control and rebuild a trustworthy digital communication ecosystem.
Efforts by Telecom Service Providers and OTT Platforms
TSPs have taken proactive steps to curb spam:
-
- Deployment of AI and Machine Learning (ML) models to identify and block spam patterns in real-time.
-
- Honeypots are set up across telecom circles to detect fraudulent communication proactively.
-
- URL whitelisting for SMS campaigns to prevent phishing attempts.
-
- Launch of spam detection solutions, such as Airtel’s spam solution, which flagged 8 billion spam calls and 800 million spam SMSs within 75 days of launch.
-
- Vi has deployed AI-powered systems trained on millions of SMS patterns to detect fraudulent links, identity theft attempts, and unauthorized promotions in real time.
-
- Disconnection of over 275,000 connections linked to spam activities in 2024.
-
- Blocking of 13 million fraudulent international calls daily by the DoT.
OTT (Over-The-Top) communication platforms have also started reinforcing their systems:
-
- Enhanced User Controls: Platforms like WhatsApp have improved spam reporting, user blocking, and IP blocking for suspicious activity.
-
- AI-Based Detection: OTT players are deploying AI filters to flag unusual or high-risk messaging behavior.
-
- Verified Channels Only: All commercial messages are restricted to verified Business Accounts or APIs.
-
- Consent-Driven Mechanisms: Platforms are adopting consent-based workflows tailored to their architecture.
-
- Regulatory Collaboration: Initiatives are underway to align with regulators and run joint user awareness campaigns. DoT and WhatsApp have partnered to launch a safety campaign against online scams and spam, educating citizens on how to identify and report fraudulent communications. WhatsApp is also collaborating with the Digital Intelligence Unit of the Department of Telecommunications (DoT), utilising information from the Digital Intelligence Platform (DIP) to proactively address the misuse of telecom resources for cybercrime and financial fraud.
While challenges remain, these efforts signal a growing recognition across the industry of the need for a comprehensive anti-spam ecosystem.
Navigating the Consent Landscape: TCCCPR and DPDP Act
An emerging complexity is the interaction between the TCCCPR and the Digital Personal Data Protection Act, 2023 (DPDP Act). Both frameworks center around user consent, but their scopes differ. TCCCPR governs telecom-based commercial communication consent (calls, SMS), while the DPDP Act governs broader personal data processing, including through digital platforms beyond telecom. Although they complement each other, overlapping obligations can lead to confusion, duplication, and higher compliance costs. There is now a growing consensus that harmonizing these frameworks will be critical to ensuring seamless consumer protection and business compliance clarity. India’s data governance regime must not silo consent management. A single, interoperable consent layer that works across use cases, including telecom, fintech, and OTT, will be key to restoring user control.
The Need for Platform-Informed and Collaborative Regulation
One of the critical discussions at the JCoR meeting was the shift of spam to Over-The-Top (OTT) and Rich Communication Services (RCS) platforms. Traditional spam control methods, which focus on SMS and calls, may not fully address spam that evolves on messaging apps.
The JCoR noted that:
-
- MeitY will engage OTT players to explore regulatory measures analogous to those for telecom.
-
- Prioritizing the deletion of unused headers and templates is being implemented to prevent misuse.
-
- Fast-tracking the blocking of mobile numbers and IMEI devices involved in fraudulent activities.
This demands more technology-informed solutions rather than a one-size-fits-all model. The communication mechanism over a WhatsApp message is significantly different from that of an SMS. Accordingly, the solutions to tackle spam will also be unique to the platform. India must now transition from platform-agnostic to platform-informed regulation — one that is nuanced, agile, and technology-aware.
A Shared Responsibility for a Trusted Digital India
The Joint Committee of Regulators (JCoR) meeting is a pivotal moment. It highlights the need for a shift towards cross-sectoral, technology-informed, and stakeholder-inclusive regulation.
Tackling spam in India needs:
-
- Stronger cross-sector coordination (telecom, finance, IT, consumer protection).
-
- Technology-driven enforcement (AI, blockchain, honeypots).
-
- Balanced, platform-informed rules for TSPs, OTTs, and emerging digital channels.
-
- Harmonization of the TCCCPR and DPDP Act for consent and data protection.
Ultimately, safeguarding India’s digital trust demands collective vigilance. Regulators, TSPs, OTT platforms, Principal Entities, and consumers all have a role to play. With coordinated action, India can lead the way in building a secure, spam-free digital communications ecosystem that truly empowers every user.
What’s Next? Join the Conversation
To carry this conversation forward, The Dialogue is hosting a virtual discussion on “Tackling Spam in India: Balancing Consent, Compliance & Consumer Trust”
🗓 May 8, 2025 | 💻 Online
This timely webinar will bring together regulators, telecom operators, platform providers, and civil society leaders to unpack the practical challenges and opportunities emerging from India’s latest spam regulation reforms — including the TCCCPR amendments, intersections with the DPDP Act, and the need for nuanced platform-specific approaches.
If you’re working at the intersection of digital trust, policy, or consumer protection — or simply want to understand how India is shaping its anti-spam ecosystem — this is a conversation you don’t want to miss.
🔗𝗥𝗲𝗴𝗶𝘀𝘁𝗲𝗿 𝘆𝗼𝘂𝗿 𝗶𝗻𝘁𝗲𝗿𝗲𝘀𝘁 𝗵𝗲𝗿𝗲: https://shorturl.at/bELgH
Let’s reimagine digital trust — together.
