New Delhi: The Department of Telecommunications (DoT) has confirmed that the Telecom Cyber Security Amendment Rules, 2025 are now fully in force, clearing up the confusion that emerged due to dual publication of notifications in the official gazette last month.
According to the ministry, the amendment put forth under G.S.R. 771(E) on October 22 has already taken effect. Its subsequent republication on October 29 was identified as a technical error, and has now been withdrawn through G.S.R. 863(E). DoT stressed that the rule’s validity and enforceability remain unaffected.
Authorities argue that the changes were necessary due to the expanding ecosystem of digital services, the rapidly increasing use of mobile identity, and evolving cyber threats targeting telecom infrastructure and users.
Enhanced Cyber Defence: Stronger Controls from Mobile Numbers to IMEIs
The primary objective of the new framework is to:
- Prevent telecom-related fraud
- Detect stolen and cloned mobile devices
- Strengthen security in services driven by mobile identity
Mobile numbers and IMEIs have become central to a wide range of services—banking, digital payments, e-governance, and social platforms. The DoT notes that this dependence has opened up gateways for cybercriminals engaging in identity theft, mobile cloning, and SIM-enabled financial fraud.
The revised regulations aim to close these loopholes through tighter compliance and automated verification mechanisms.
Key Regulatory Interventions Under the New Rules
1- Mobile Number Validation Platform Mandatory
Telecom operators will now be required to validate:
- Whether a number used in a particular digital service actually belongs to the user
- Whether documentation linked to that number matches the claimed identity
This measure directly targets fraud patterns involving:
- Benami or mule accounts
- SIM cards obtained on forged credentials
- Criminals exploiting mobile identity for phishing and payment scams
2- IMEI Scrubbing for Refurbished Device Sales
With India emerging as one of the world’s fastest-growing refurbished smartphone markets, the trade often becomes a channel for:
- Stolen devices
- Phones with tampered or cloned IMEIs
Under the new compliance requirement:
- Sellers must verify every device against the central IMEI blacklist database before sale
- Devices flagged as suspicious cannot be circulated in the market
Consumers will benefit from greater transparency, while law enforcement agencies will have improved tracking capability against phone-based crime networks.
3 – TIUE Category Introduced: Responsible Mobile Identifier Usage
A new compliance class — Telecom Identifier User Entities (TIUE) — has been introduced to regulate organisations that use:
- Mobile numbers
- IMEI identifiers
for verification or user authentication.
These entities must:
- Provide specific identifier records to the government when requested
- Support investigations into cybercrime and telecom fraud
The government has assured that compliance will strike a balanced approach, preserving privacy while protecting national security and public safety.
Reducing Fraud and Improving Accountability
DoT says the move will make India’s digital interactions more secure, trustworthy, and accountable.
Given the country’s dependence on mobile-linked identity — from opening bank accounts to UPI payments and accessing welfare benefits — any compromise in mobile security poses a financial and personal data risk to crores of citizens.
Officials expect the new model to lead to:
- Early detection of cyber-fraud attempts
- Strengthened security for digital transactions
- Better traceability of devices used in illegal operations
Industry Prepared for Full-Scale Compliance
Since the rules are already in effect, telecom operators and identity-driven sectors such as:
- Banking and NBFCs
- Fintech startups
- E-commerce platforms
- Public service delivery systems
…must overhaul their internal mechanisms to meet the updated cybersecurity mandate.
DoT has also indicated that non-compliance could trigger strict penalties going forward.
Conclusion
As cyber attackers continue to exploit SIM identity weaknesses, cloned devices and gaps in telecom verification, the amendment is being viewed as a decisive shift in the fight against mobile-centric cybercrime.
The government’s underlying mission remains clear:
To deliver a secure identity and a trusted telecom ecosystem for Digital India.
