India’s government mandates telecom cybersecurity rules for digital services, allowing account suspensions and requiring phone verification to combat rising cybercrime. The government has brought all digital services that use mobile numbers — from WhatsApp and payment apps to food delivery platforms — under telecom cybersecurity regulations, empowering authorities to order immediate suspension of user accounts across multiple services simultaneously.
The Telecommunications (Telecom Cyber Security) Amendment Rules, 2025, notified on October 22 and effective immediately, also establish a government-run mobile number verification (MNV) system and mandate database checks before buying or selling used phones.
The measures are meant to target a cybercrime surge based on stolen or forged mobile connections and phone handsets that saw financial fraud losses jump from ₹7,465 crore in 2023 to ₹22,845 crore in 2024, according to data from the Indian Cyber Crime Coordination Centre (I4C).
The rules create a new category called Telecommunication Identifier User Entities (TIUEs), covering any business that uses phone numbers to identify customers or deliver services — except licensed telecom operators.This brings platforms such as Zomato, Swiggy, PhonePe, Paytm, Ola, Uber and messaging services under the same regulatory framework that governs Airtel and Jio.
TIUEs must now comply with government directives on suspending phone numbers, respond to data requests about numbers they use, and verify customer identities as prescribed by authorities, according to the new rules.When the government flags a phone number for security reasons, it can order both telecom operators and apps to suspend its use — potentially locking users out of multiple services at once.
The rules allow authorities to act immediately without prior notice if deemed necessary for “public interest”, requiring only that reasons be recorded.
The centrepiece of the amendments is a Mobile Number Validation (MNV) platform that will verify whether phone numbers provided by users correspond to legitimate telecom subscribers.Apps and services can request validation through this government platform, either voluntarily or when directed by authorities. Government agencies will have assured access.
The system will check user-provided numbers against databases maintained by telecom operators like Airtel, Jio and Vi.Fees for the service will be shared between the government or its designated agency and the telecom operators providing validation data, though specific amounts have not been announced.The rules require all parties to ensure compliance with data protection laws when conducting validations, but implementation details remain unclear.
Criminals routinely use fake, stolen or cloned mobile numbers to bypass one-time password verification, create fraudulent accounts on platforms, and impersonate legitimate users.The stolen phone market has emerged as a major enabler, with devices bearing cloned or tampered IMEIs used to conduct fraud whilst evading tracking. The mandatory IMEI checks aim to disrupt this supply chain.
https://www.hindustantimes.com/india-news/govt-enforces-regulations-for-telecom-cyber-security-101761246752343.html