IAMAI slams telecom cybersecurity rules for overreach; writes to DoT

The creation of “telecommunication identifier user entity” (TIUEs), as proposed in the Draft Telecommunications (Telecom Cyber Security) Amendment Rules, 2025, will impose high costs on digital businesses and effectively bring them under a parallel telecom-like compliance regime, said the Internet and Mobile Association of India (IAMAI) in a submission on the Draft Amendment Rules made to the Department of Telecommunications (DoT).

Read more: Mobile verification mandate under new Cybersecurity Rules could disrupt digital platforms; spark regulatory overreach fears

IAMAI is a not-for-profit industry body with more than 600 members, including Indian and multinational corporations, as well as start-ups. The association advocates free and fair competition, and progressive and enabling laws for businesses as well as for consumers.

Noting that neither the Indian Telecommunications Act, 2023 (Telecom Act) nor the Telecommunications (Telecom Cyber Security) Rules, 2024 (Telecom CS Rules) notified thereunder covered digital businesses, the IAMAI pointed out that the inclusion of digital businesses under the proposed amendments to the Telecom CS Rules was in violation of the scope of the Telecom Act and amounts to regulatory overreach.

Read more: Centre tightens Telecom Cybersecurity Rules, mandates mobile number validation for all service platforms

The association also expressed concern around the proposed creation of a Mobile Number Validation platform and imposition of a verification fee, warning that it could prove to be a significant expense and compliance burden for digital businesses. This might lead to increased service costs for end-users and reduced profit margins for businesses, particularly for start-ups and MSMEs where such costs may be disproportionately felt.

The IAMAI highlighted that directing OTT platforms to suspend the use of specific telecom identifiers for user identification or service delivery without prior notice to the user could result in arbitrary and unjustified user deactivation and service discontinuity, leading to business disruption, commercial loss and customer dissatisfaction.

It further noted that the Information Technology Act, 2000 and rules thereunder already provided a legal framework for content takedown and service restrictions based on lawful requests and procedural safeguards.

In its submission, the IAMAI urged the DoT to keep the Draft Amendments in consonance with the Telecom Act and reconsider the proposed introduction of TIUEs under the Telecom CS Rules.

Read more: TRAI excludes likes of Google, Telegram, WhatsApp from new licensing rules

Storyboard18 earlier reported how the draft Telecom Cybersecurity Amendment Rules, 2025, which propose mandatory government-run mobile number verification for platforms, have ignited debate over privacy concerns, compliance burdens, and operational challenges, with critics arguing that the new definitions are overly broad.