DoT strengthens cyber safeguards with key amendments to Telecommunication Cyber Security Rules, 2025

The Department of Telecommunications has introduced critical updates to the Telecommunication Cyber Security Rules, enhancing protection against telecom-enabled frauds, ensuring traceability of devices, tightening digital identity verification, and reinforcing accountability among entities using telecom identifiers across sectors.

The Department of Telecommunications (DoT) has amended the Telecommunication Cyber Security (TCS) Rules, 2024, introducing new measures to tackle emerging vulnerabilities stemming from the widespread use of telecom identifiers in banking, e-commerce, governance, and other digital services. The revised rules reaffirm India’s focus on secure and accountable telecom operations.

Stronger identity verification and device traceability

A key highlight of the amendment is the institutionalization of the Mobile Number Validation (MNV) platform. This framework allows service providers to verify, through a decentralized and privacy-compliant mechanism, whether the mobile number linked to a digital service genuinely belongs to the claimed user. The initiative is expected to significantly curb mule accounts and identity fraud.

In parallel, the Rules introduce a mandatory Resale Device Scrubbing process for all entities dealing in used or refurbished devices. By requiring IMEI numbers to be checked against a centralized blacklist before resale, the government aims to protect consumers from unknowingly purchasing stolen, cloned, or blacklisted devices and to support law enforcement in tracking illicit equipment.

New obligations for telecom identifier user entities

Recognizing the rising dependence on identifiers such as mobile numbers, IMEIs and IP addresses, the amendment defines Telecom Identifier User Entities (TIUEs) and mandates them to share relevant identifier data with the government under regulated circumstances. This measure is intended to improve traceability, coordination, and fraud prevention while ensuring adherence to data protection norms.

Clarification on Gazette notifications

The DoT also clarified inconsistencies that appeared in successive Gazette publications. While the TCS Amendment Rules, 2025 were correctly notified on 22 October 2025 via G.S.R. 771(E), they were inadvertently republished on 29 October 2025. This error has since been rectified through G.S.R. 863(E) dated 25 November 2025. The government has reiterated that the original amendment remains fully valid and in force.

Overall, the updated TCS Rules mark a major step toward a resilient cyber security framework that balances innovation, privacy, and national security across India’s expanding digital ecosystem.