The Telecommunications (Telecom Cyber Security) Amendment Rules, 2025

Syllabus: GS3/Cybersecurity

Context

• The Telecommunications (Telecom Cyber Security) Amendment Rules, 2025, were notified by the Department of Telecommunications.

Key Amendments

• TIUEs: The rules create a new category called Telecommunication Identifier User Entities (TIUEs), covering any business that uses phone numbers to identify customers or deliver services — except licensed telecom operators.
  • TIUEs must now comply with government directives on suspending phone numbers, respond to data requests and verify customer identities as prescribed by authorities.
• Broad Scope: The government has brought all digital services that use mobile numbers — from WhatsApp and payment apps to food delivery platforms — under telecom cybersecurity regulations.
  • This brings platforms such as Zomato, Swiggy, PhonePe, Paytm, Ola, Uber and messaging services under the same regulatory framework that governs Airtel and Jio.
• Mobile number verification (MNV) system: It established a government-run MNV system and mandated database checks before buying or selling used phones.
  • It will verify whether phone numbers provided by users correspond to legitimate telecom subscribers.
• Immediate Action: The rules allow authorities to act immediately without prior notice if deemed necessary for “public interest”.
• Suspension of Accounts: The rules empower authorities to order immediate suspension of user accounts across multiple services simultaneously.
  • It can order both telecom operators and apps to suspend its use.
• Used Phone Sales Require Checks: Anyone buying or selling a used mobile phone must now verify its International Mobile Equipment Identity (IMEI) number against a government database before completing the transaction.
  • The database will list IMEI numbers of devices that have been tampered with, reported stolen, or restricted for fraud or security reasons.
  • Selling or purchasing devices with blacklisted IMEIs will be prohibited.
• Government verification gateway: Apps and services can request validation through this government platform, either voluntarily or when directed by authorities. Government agencies will have assured access.
  • The system will check user-provided numbers against databases maintained by telecom operators like Airtel, Jio and Vi.

Need for the Amendments

• The measures are meant to target a cybercrime surge based on stolen or forged mobile connections and phone handsets.
• Financial Frauds: As per the Indian Cyber Crime Coordination Centre (I4C), over 740,000 cyber crime cases were reported in just the first four months of 2024 85% related to online financial fraud.
  • Investment and trading scams often conducted through WhatsApp groups or Telegram channels using fake identities accounted for over 83,000 cases during that period.
• Use of Mobile Phones: Criminals routinely use fake, stolen or cloned mobile numbers to bypass one-time password verification, create fraudulent accounts on platforms, and impersonate legitimate users.
  • The stolen phone market has emerged as a major enabler  to conduct fraud whilst evading tracking. 
  • The mandatory IMEI checks aim to disrupt this supply chain.

Source: HT