TRAI reworks data-sharing proposal for telecom KYC, reiterates push for broader consent architecture
Responding to DoT’s objections, TRAI revises its recommendation on consent-based KYC sharing for mobile portability, while insisting on a future-ready data-empowerment framework that can integrate telecom, banking and other sectors.
ADVERTISEMENT
The Telecom Regulatory Authority of India (TRAI) has issued a detailed response to the Department of Telecommunications’ (DoT) back-reference on its 2022 recommendations for building a regulatory framework to strengthen India’s data economy. The reply, published on November 17, addresses DoT’s concerns over two recommendations related to data ethics, ownership and consent-based sharing of subscriber information.
DoT had asked TRAI to reconsider recommendations 6.39 and 6.40, which proposed a Data Empowerment and Protection Architecture (DEPA)-style framework that would allow telecom subscribers to securely share their KYC details, particularly during mobile number portability (MNP). The department argued that this contradicted the current MNP process and cited regulatory barriers around transferring customer KYC data between operators.
DoT, through a back-reference dated 29.08.2025, informed TRAI that the recommendations 6.39 and 6.40, relating to Data Ethics and Ownership' forming the part of the overall recommendations dated 18.11.2022, have been considered by the Government and need reconsideration by TRAI, in the light of DoT views expressed therein.
Reconciling portability and data privacy
In its latest response, TRAI said it has examined DoT’s concerns but noted that newer developments, including biometric KYC mandates under the Telecommunications Act, the introduction of the Mobile Number Validation (MNV) platform, and draft rules allowing consent-based data disclosure, indicate the government’s broader intent to enable secure KYC interchange in the future.
While acknowledging that MNP demographic matching is currently being implemented through the DoT’s Digital Intelligence Unit (DIU) platform to comply with licensing norms, the authority said the ecosystem is evolving towards mechanisms where operators or authorised platforms may verify or share user details with explicit consent.
In light of this, TRAI revised recommendation 6.39, clarifying that the government should create a consent-driven data-sharing and validation framework modelled on DEPA, not only for portability, but across telecom use cases.
Reiterating a wider data-empowerment vision
TRAI has stood firm on recommendation 6.40, which proposes eventually integrating telecom data-sharing systems with the Financial Stability and Development Council’s Account Aggregator (AA) network. This would allow users to manage and share not just their telecom KYC data but also credit history, tariff preferences, UCC preferences and other datasets across sectors through a unified consent layer.
The authority stressed that India currently lacks a centralised, interoperable mechanism for KYC, forcing every institution, including banks, fintechs and TSPs—to conduct separate verification. A unified consent-based approach, it said, will reduce duplication, enhance user agency, and foster a structured data economy.
Since the DoT did not cite specific reasons for rejecting this recommendation, TRAI said it is reiterating its stance.
The revised 6.39 recommendation and TRAI’s reaffirmation of 6.40 signal a push toward building a long-term, interoperable data-sharing system in telecom that aligns with broader national digital-governance initiatives. TRAI noted that once all rules under the Telecommunications Act 2023 are notified, demographic matching and consent-based data sharing could be implemented more seamlessly through authorised platforms.
