On 24-6-2025, the Ministry of Communications notified draft of ‘Telecommunications (Telecom Cyber Security) Amendment Rules, 2025’ to update India’s cyber security in telecom sector and strengthen security of telecom networks. These draft rules were released for public input on 24-6-2025, are open to public feedback and suggestions, which can be sent to the Department by 24-7-2025.
Key updates of Telecom Cyber Security Rules, 2025:
- These Amendments will introduce significant modifications to Telecommunications (Telecom Cyber Security) Rules, 2024, expanding its scope to include new entities like Telecommunication identifier user entity (‘TIUEs’), strengthening compliance measures, and establishing a mobile number validation mechanism to bolster telecom cyber security.
- New rules will define the scope and interpretation of several terms to support telecom cyber security enforcement:
- ‘Licensee’ – means someone who holds a telecom license under the Indian Telegraph Act, 1885.
- ‘MNV platform’ (Mobile Number Validation platform) — to help verify mobile numbers.
- ‘TIUE’ – means any organization, other than telecom operators, that uses mobile numbers to identify customers or deliver services.
- The government intends to set up an MNV platform to check if a mobile number matches the correct user in official records. This step will play a crucial role in reducing impersonation and supporting secure digital transactions under telecom cyber security goals.
- TIUEs and other approved services will use the MNV platform to check mobile numbers. In some cases, the government may direct them to do so. A small fee will be charged for each request.
- The Central Government will seek support from manufacturers of telecommunication equipment that carry an International Mobile Equipment Identity (IMEI) number to enforce stricter telecom cyber security safeguards.
- The changes will improve tracking of mobile devices by making manufacturers avoid assigning fake or duplicate IMEI numbers and help in cases of tampered devices.
- A national IMEI database will be created to list tampered or blocked identifiers; second-hand mobile resellers will need to check this list before sale, paying ₹10 per IMEI.
- The compliance framework will include TIUEs alongside traditional telecom operators, ensuring consistent standards across all entities handling telecom identifiers, further supporting telecom cyber security.
- Under the proposed rules the TIUEs will have to follow the same cyber security standards and obligations as licensed telecom operators,including data security and incident reporting protocols.
-
Companies involved in the sale or purchase of used mobile devices will be applying for access to the IMEI database in a prescribed format and manner, adding a layer of procedural control to prevent unauthorized access or misuse of the database.
