DoT unveils framework to regulate critical IoT, M2M services; issues clarity on 'critical services'

Department of Telecommunications (DoT) has urged ministries to identify mission-critical M2M/IoT services and notified for telecom modules to undergo mandatory testing under phased certification plan.

By  Akanksha NagarJul 31, 2025 8:32 AM
DoT unveils framework to regulate critical IoT, M2M services; issues clarity on 'critical services'
Critical M2M services to be classified and monitored under a cross-ministry mechanism; TEC to oversee performance and compliance, said DoT.

The Department of Telecommunications (DoT) has issued a comprehensive regulatory framework to identify, classify, and secure critical Machine-to-Machine (M2M) and Internet of Things (IoT) services.

Released on July 29, 2025, the framework guidelines draw from the Telecom Regulatory Authority of India’s (TRAI) April recommendations and introduce far-reaching implications for national security, healthcare, public safety, and the economy.

The directive is aimed at ensuring ultra-reliable, low-latency, and high-availability connectivity for critical M2M/IoT applications- technologies increasingly embedded in everything from medical devices and smart grids to defense systems and disaster warning platforms. The failure of such networks, the memorandum warns, could have “debilitating impacts” on vital sectors.

What Qualifies as ‘Critical’

Rather than tagging entire industries as critical, the framework identifies individual services within sectors based on two criteria:

- Whether the service demands ultra-reliable, low-latency, high-availability telecom connectivity.

- Whether its disruption could threaten national interests, such as security, economic stability, or public health and safety.

- By default, M2M/IoT services will be considered non-critical unless explicitly notified otherwise.

In September 2017, TRAI had recommended that the DoT should identify critical services in the M2M sector adding that these services should be mandated to be provided only by connectivity providers using licensed spectrum. The government accepted this recommendation and an inter-ministerial working group was constituted to understand the sectoral requirements of critical M2M applications in November 2019.

DoT in January 2024 sought revised guidelines on M2M communication policies, particularly concerning spectrum, roaming, and service quality requirements. TRAI subsequently released a consultation paper in June 2024 on 'the Issues Related to Critical Services in the M2M Sector, and Transfer of Ownership of M2M SIMs', inviting stakeholder feedback. The final recommendations incorporate inputs from various industry players and aim to bolster the regulatory framework governing India's M2M and IoT sectors.

In response, TRAI received 16 comments and one counter-comment from stakeholders. An open house discussion on the consultation paper was held on October 24, 2024. Based on the comments received from stakeholders and on its own analysis, TRAI has finalized its recommendations on 'the issues related to critical services in the M2M sector, and transfer of ownership of M2M SIMs', on April 22 (2025).

The released comprehensive recommendations addressed the classification of critical services within the M2M sector and the procedures for transferring ownership of M2M SIMs.

Ministries to Take the Lead

A major shift in the regulatory approach is the devolution of responsibility to individual ministries and regulatory bodies. Each has been directed to set up a Standing Committee, as per DoT latest framework, comprising domain experts and representatives from the Telecommunication Engineering Centre (TEC), DoT’s technical wing to identify which M2M/IoT applications in their purview qualify as critical.

These committees will also recommend measurable service benchmarks for latency, reliability, and availability, paving the way for robust service-level agreements (SLAs) between user agencies and telecom service providers.

Mandatory Testing of Communication Modules

In a related move, DoT has invoked the newly notified Telecommunications (Framework to Notify Standards, Conformity Assessment and Certification) Rules, 2025, which tighten the regulation of telecom equipment sold, imported, or used in India.

Under the MTCTE (Mandatory Testing and Certification of Telecom Equipment) framework, only the communication modules of devices, those components responsible for connecting devices to telecom networks, used in critical M2M/IoT services will be brought under phased mandatory certification. However, if a large volume of non-critical IoT devices is seen to pose systemic risks, they too may be brought into the certification fold.

"a. Only the communication modules of those devices used in critical M2M/loT services, may be brought under the framework of MTCTE in a phased manner.

b. Similarly, the communication modules of those devices used in non-critical M2M/loT services which may pose threat due to their sheer volume (to be determined by the Standing Committee of the concerned Ministry/Dept.) may also be brought under the framework of MTCTE in a phased manner," DoT said.

This move comes amid growing cybersecurity concerns and aligns with India’s broader push for digital sovereignty and infrastructure resilience.

Once services are classified and performance benchmarks notified, the Telecommunication Engineering Centre will maintain a central online repository of sector-wise critical M2M/IoT services and their associated technical requirements. This database will act as a single source of truth for industry stakeholders, regulators, and service providers.

"Ministries/Regulatory bodies are advised to constitute the Standing Committee at the earliest to initiate the process of identifying and recommending critical M2M/loT services within their respective domains," DoT suggested.

First Published on Jul 31, 2025 8:38 AM

More from Storyboard18