The draft of the telecommunciation cybersecurity rules was released on June 24
Several major digital platforms have flagged concerns over the draft Telecom Cybersecurity Rules, 2025, warning that the proposed framework could impose steep compliance costs and introduce regulatory ambiguities that outweigh the intended benefits.
The rules impose additional obligations on any digital platform that uses telecom identifiers, such as mobile numbers or one-time passwords or OTPs, essentially bringing such platforms under the Telecommunications Act, 2023.
In a conversation on July 31, public policy representatives from PB Fintech, Info Edge India, IndiaMart and Truecaller broadly agreed that the rules could be onerous for digital businesses, particularly due to their expansive scope and unclear operational details.
The Vodafone Idea representative expressed support for the necessity of having such rules in place to combat fraud.
A key provision in the draft introduces a new regulated category, Telecommunication Identifier User Entities. This includes any platform that interacts with telecom networks for user identification or service delivery.
Such platforms would be required to validate mobile numbers through a government-run MNV or mobile number validation platform, incurring a per-query fee up to Rs 3.
PB Fintech, the parent of Policybazaar, highlighted the operational cost burden of implementing such a system at scale. The company handles upwards of 800,000 customer calls a day and uses AI-based internal systems for number authentication, its president Rajiv Kumar Gupta said.
While acknowledging that authenticating mobile numbers could help strengthen trust in the digital ecosystem, Gupta expressed concerns over the financial and privacy implications of outsourcing validation to an external system.
The company’s representatives are scheduled to meet Department of Telecommunications (DoT) officials next week to discuss its concerns.
Hoonar Janu, head, public policy, Info Edge India—which runs a host of platforms including naukri.com, jeevansathi.com and 99acres.com—questioned whether the proposed rules were strictly about telecom cybersecurity and if they overlapped with sector-specific security frameworks. Janu noted that there was little clarity on whether the rules would be mandatory and how they would actually help prevent fraud.
Similar views were echoed by Truecaller’s head of public affairs Seema Jindal, who pointed out that the OTP system already serves as a robust form of user validation. She questioned the need for a new identification mechanism, particularly in the absence of a clear definition of “identification” in the Telecommunications Act.
Vodafone Idea’s vice president of public policy Jasroop Sandhu stood apart from the rest of the panel, supporting the government’s intention, arguing that platforms interacting with telecom infrastructure must be able to identify users, especially where fraud could be involved.
These remarks came during a closed-door roundtable hosted by tech policy platform Medianama on July 31.
