TRAI pushes coordinated crackdown on spam and cyber fraud; 1600-series rollout, URL whitelisting, and blacklisting of entities on agenda

In a move to bolster consumer protection and curb rising instances of spam and cyber fraud, the Telecom Regulatory Authority of India (TRAI) convened the 9th meeting of the Joint Committee of Regulators (JCoR) at its New Delhi headquarters on October 16, 2025. The high-level meeting brought together top representatives from the Reserve Bank of India (RBI), Securities and Exchange Board of India (SEBI), Pension Fund Regulatory and Development Authority (PFRDA), Ministry of Electronics and Information Technology (MeitY), Department of Telecommunications (DoT), Ministry of Home Affairs (MHA), Ministry of Consumer Affairs (MoCA), and the National Payments Corporation of India (NPCI).

Industry representatives from Google, Meta, GSMA, and COAI also participated, underscoring the growing need for public-private collaboration in securing the digital communication ecosystem.

Read more: TRAI tightens rules against spam; introduces provision of stricter penalties

The meeting reviewed progress on key initiatives, particularly the Digital Consent Acquisition (DCA) pilot project, being implemented across 11 banks under joint supervision of TRAI and RBI. The DCA project aims to establish a secure, transparent framework for consumers to give consent digitally and is expected to be completed by February 2026.

“In a digitally connected economy, collaboration among regulators of digital services, financial services, consumer protection and law enforcement agencies is paramount,” said Anil Kumar Lahoti, Chairman, TRAI.

Read more: TRAI issues directives to access providers to curb misuse of messaging services

“The Joint Committee of Regulators (JCoR) continues to serve as a vital collaborative platform for orderly use of digital connectivity and action against spam and cyber fraud. Today's decisions reflect our shared commitment to building a secure and transparent digital communication ecosystem,” he added.

Key outcomes and new mandates

Among the major outcomes, the committee agreed to a phased rollout of the 1600-series numbering plan for the Banking, Financial Services, and Insurance (BFSI) sector, aimed at ensuring verified, traceable communication with consumers. Sectoral regulators have assured full support to meet the agreed migration timelines. TRAI also discussed differential treatment for smaller financial and business entities under this mandate, with the regulator expected to issue formal directions soon.

In a decisive move to curb misuse of communication channels, TRAI emphasized the need for mandatory whitelisting of all URLs, OTT links, APKs, and callback numbers used in commercial SMS communications. These links will now need to be tagged in pre-approved SMS templates to prevent fraudulent redirection or phishing.

Further, members agreed that TRAI and telecom service providers (TSPs) may publish lists of blacklisted entities engaged in spam or fraudulent activities on their respective websites — a measure expected to act as a deterrent to repeat offenders.

Enhanced digital security and verification

The committee also deliberated on TRAI’s draft Direction on enhanced Principal Entity (PE)-end security measures, which includes real-time credential validation, CAPTCHA enforcement for OTP systems, and other verification layers to prevent automated or spoofed transactions.

To support these efforts, TRAI called for closer coordination among regulatory bodies and industry stakeholders to ensure swift, synchronized implementation of these safeguards.

Read more: TRAI intensifies crackdown on spam calls and fraudulent messaging

The 9th JCoR meeting marked a significant step toward aligning India’s digital communication and financial regulation frameworks to counter emerging cyber threats. With the Digital Consent pilot nearing completion, mandatory URL whitelisting on the anvil, and publication of blacklisted entities in the pipeline, TRAI is signaling a firm, coordinated stance against digital fraud in the country.