In a sweeping regulatory move aimed at curbing cybercrime, the Indian government has expanded the scope of its telecom laws to cover nearly all digital platforms that rely on mobile numbers for user identification.
The Telecommunications (Telecom Cyber Security) Amendment Rules, 2025 — notified on October 22 and effective immediately — grant authorities unprecedented powers to order real-time suspension of user accounts across apps and services linked to a flagged number.
From WhatsApp and Paytm to Zomato and Ola, any service that authenticates users through mobile numbers will now fall under a new compliance category called Telecommunication Identifier User Entities (TIUEs). These entities must verify customers through a centralized government-run system and respond swiftly to security directives.
Officials say the move is designed to confront the alarming rise in cybercrime losses, which tripled from ₹7,465 crore in 2023 to ₹22,845 crore in 2024, according to the Indian Cyber Crime Coordination Centre (I4C).
FCRF Launches CCLP Program to Train India’s Next Generation of Cyber Law Practitioners
When One Number Goes Dark: Simultaneous Suspensions
The new rules allow the government to flag mobile numbers linked to fraudulent or suspicious activity and direct telecom operators — and now, apps — to suspend them immediately. This could mean that a single security order can render a number unusable across banking, payment, delivery, and messaging platforms simultaneously.
Authorities may act without prior notice if the action is deemed necessary for “public interest,” provided that the reasons are documented. The rule marks a significant shift from reactive enforcement to preventive disruption of digital fraud networks.
For India’s 700 million smartphone users, however, the implications are double-edged: the system promises stronger protection against impersonation and scam accounts but also raises concerns about overreach, procedural fairness, and potential data misuse.
Government Verification Gateway: The Core of Compliance
At the center of this regulatory overhaul is a Mobile Number Validation (MNV) platform — a government-run gateway that will confirm whether a number provided by a user actually belongs to a legitimate telecom subscriber.
Apps can use the system voluntarily or when instructed by authorities. Telecom operators such as Airtel, Jio, and Vi will share subscriber data to enable real-time verification. The service will operate on a fee-sharing model between the government and the operators, though the tariff structure remains undisclosed.
Officials have stressed that all verifications must adhere to India’s data protection laws, though the practical contours of consent and data retention are yet to be defined.
Closing the Loop on Stolen Phones and Cloned Devices
The reforms also extend to India’s booming secondary phone market. Before any used device can be sold or purchased, its International Mobile Equipment Identity (IMEI) number must now be verified against a government-maintained blacklist of tampered or stolen devices.
Trading in phones with blacklisted IMEIs is now prohibited. Manufacturers, too, are barred from reusing IMEI numbers already active on Indian networks.
The move targets a growing fraud ecosystem where stolen or cloned devices are used to create fake identities, run investment scams on Telegram or WhatsApp, and bypass one-time password (OTP) verification systems. According to I4C, more than 740,000 cybercrime cases were reported in the first four months of 2024 alone — 85 percent tied to online financial fraud.
By forcing accountability into both telecom and device supply chains, the government hopes to dismantle the infrastructure that fuels digital deception — one phone number and one handset at a time.
