In response to rising security risks, the Department of Telecommunications has revised the Telecommunication Cyber Security Rules 2024. The amendments aim to tackle new weaknesses created by the widespread integration of telecom identifiers in digital platforms. With these identifiers forming the backbone of sectors like banking, online retail and government services, enhanced safeguards are increasingly necessary.

With these updates, India strengthens its emphasis on maintaining transparency and security across telecom networks. The changes also align with the government’s broader push for accountable telecom data practices amid increasing digital convergence.

These measures are designed to fill existing oversight gaps and enhance cyber resilience through closer cooperation with entities that depend on telecom identifiers. The updated frameworks specifically target persistent challenges and aim to reinforce the security of digital services supported by telecom networks.

Mobile Number Validation Platform
In response to increasing cases of identity misuse and mule accounts linked to unverified mobile numbers, the updated rules establish the Mobile Number Validation platform as an official mechanism. It provides service providers with a decentralised and privacy-compliant way to confirm that a mobile number is genuinely associated with the person whose details are on file. This initiative enhances security and trust across digital transactions by ensuring the correctness of telecom identifiers.

Resale Device Scrubbing
As India’s pre-owned device market expands, the possibility of blacklisted or stolen phones re-entering circulation has grown, creating legal vulnerabilities for unsuspecting buyers. The updated rules mandate that all refurbishment and resale entities validate each device’s IMEI (International Mobile Equipment Identity) number through a central database of blacklisted IMEIs before selling it. This requirement safeguards consumers and strengthens law enforcement capabilities in tracing stolen equipment.

Telecom Identifier User Entity (TIUE) Obligations:
As mobile numbers, IMEIs and IP addresses become central to authentication in multiple sectors, the amended rules establish Telecom Identifier User Entities to ensure better oversight. TIUEs are mandated to share defined telecom-identifier information with the government within a controlled framework. This measure boosts traceability, supports more effective responses to cyber fraud involving telecom identifiers and adheres to existing data protection norms.

Together, the amendments reinforce defences against fraud enabled through telecom systems, bolster device tracking capabilities and support responsible use of telecom identifiers in various sectors. The TCS Amendment Rules 2025 represent a substantial stride toward building a robust, interoperable and future-oriented cybersecurity framework that harmonises innovation with privacy and national security priorities.

These updates also align with recent shifts in India’s approach to data governance. The government has recently notified the Digital Personal Data Protection Rules, putting the DPDP Act 2023 into full effect. Together, they create a transparent, citizen-centric structure for responsibly managing digital personal data. This strengthened privacy framework enhances public trust in digital services and supports the goals of the Telecommunication Cyber Security Amendment Rules 2025 in boosting cyber resilience.

According to OpenGov Asia, the DPDP Act enacted in 2023 sets out clear responsibilities for Data Fiduciaries and grants defined rights to individuals, termed Data Principals. The Rules are designed to strike a balance between protecting citizens’ privacy and enabling digital innovation, offering a streamlined compliance pathway for startups while ensuring citizen interests remain central.

Under the Rules, Data Fiduciaries must deliver clear, independent consent notices that outline why personal data is required and how it will be used. If a breach occurs, they are obligated to inform impacted individuals about what happened, its consequences, the measures being undertaken to address the issue and where to seek help.

Supported by adequate transition periods and a technology-agnostic approach, the Rules strengthen privacy safeguards and contribute to a secure, resilient and internationally competitive digital economy for India.