Fortifying Digital Trust: Ministry of Communications Releases Telecom (Cyber Security) Amendment Rules, 2025

In a major stride towards enhancing India's digital security and combating cyber fraud, the Ministry of Communications, through the Department of Telecommunications (DoT), released the draft Telecommunications (Telecom Cyber Security) Amendment Rules, 2025, on June 25, 2025. These proposed amendments signal a significant expansion of compliance requirements, extending far beyond traditional telecom service providers to encompass virtually all digital platforms that utilize mobile numbers for user authentication.

The impetus behind these amendments is the escalating threat of cyber-enabled financial frauds and the misuse of telecom identifiers for impersonation. The draft rules aim to build a robust framework for mobile number validation and stricter control over device identities.

The draft rules introduce several critical provisions that will reshape the cybersecurity obligations of a vast array of entities:

1. Mandatory Mobile Number Validation (MNV) Platform: The most impactful proposal is the establishment of a centralized Mobile Number Validation (MNV) platform by the Central Government or an authorized agency. This platform will serve as a definitive tool for verifying mobile numbers against verified telecom databases.

2. Expanded Scope for 'TIUEs': Critically, the rules introduce a new category: Telecommunication Identifier User Entities (TIUEs). This broad definition includes virtually any digital service that uses mobile numbers for user authentication or communication, such as e-commerce sites, fintech applications, OTT services, ride-hailing companies, and social media platforms. TIUEs will now be required to integrate with and utilize this MNV platform to validate user-provided mobile numbers.

3. Enhanced IMEI Controls: The amendments also tighten controls over International Mobile Equipment Identity (IMEI) numbers. Manufacturers of telecom equipment will be directed to prevent the reuse of tampered IMEI numbers, and the government plans to maintain a central database of compromised or blacklisted devices. Provisions will also regulate the sale and purchase of used mobile devices.

4. Stricter Compliance for TIUEs: Under the proposed rules, TIUEs will be expected to adhere to similar cybersecurity standards and obligations as licensed telecom operators, including stringent data security and incident reporting protocols.

5. Temporary Suspension Powers: Significantly, the draft rules empower the government or authorized agencies to temporarily suspend or even permanently disconnect telecom identifiers linked to suspicious activities without prior notice, if deemed necessary in the public interest.

The draft rules are currently open for public feedback, with suggestions invited until July 24, 2025. Their finalization will undoubtedly reshape the landscape of digital security and identity verification for every entity operating within India's interconnected digital economy.