The Telecom Regulatory Authority of India (TRAI) has imposed a string of new obligations on telcos through amendments to its Telecom Commercial Communications Customer Preference Regulations (TCCCPR). The new rules aim to strengthen protections against unsolicited commercial communications (UCC), more commonly known as spam. They came into effect on February 12 following public consultations that occurred last year. The new requirements demonstrate TRAI’s willingness to race ahead of other national regulators by pursuing a distinctive consumer protection strategy that includes innovations not found elsewhere.
Most industry commentators will focus on the financial penalties for non-compliance but people who really know about fraud (and who really want to know about fraud) will be struck by TRAI’s desire to mitigate bad traffic by forcing telcos to implement honeypots for monitoring. The previous version of the TCCCPR rules already mandated the use of honeypots but these amendments demand a major upgrade to the number of honeypots that will be deployed all around India. There are 22 Licensed Service Areas (LEAs) in India, and an LEA covers a population of 65 million on average. Now each telco is obliged to have a minimum of 10 phone honeypots in each LEA. That minimum rises in line with complaints about spam from phone users within the LEA, with one honeypot being required for every 500 complaints received during the previous calendar year. Each honeypot automatically logs the calls and messages it receives, and this data is then analyzed at least monthly to identify emerging spam trends and facilitate proactive measures against suspected spammers. TRAI emphasizes that these honeypots are a crucial measure for proactive UCC detection, prevention, and monitoring. They are right to do so, and it would be good to see more countries follow their lead.
Other amendments to the regulations are designed to make them more consumer-friendly. Firstly, the process for reporting spam has been simplified. Consumers can now lodge complaints about UCC from unregistered senders even if they have not previously registered their preferences for who can call or message them. To streamline the complaint process, a complaint is considered valid if it contains essential information such as the complainant’s number, the sender’s number, the date of the UCC, and a brief description of the UCC voice call or message. Access providers are also now required to prominently display options for UCC complaint registration on their mobile apps and web portals. Users can also give the apps permission to automatically capture call logs, SMS details and screenshots for use when registering complaints. The deadline for lodging complaints has risen from three days to seven days after the receipt of the spam. Furthermore, the time limit for access providers to act against UCC from unregistered senders has been reduced from 30 days to just 5 days. The criterion for triggering enforcement action about senders of spam has been revised from the old threshold of 10 complaints against the sender during the previous 7 days to a new threshold of five complaints against the sender during the previous 10 days. The goal is to better respond to consumer complaints by taking more rapid action against spammers.
In terms of empowering consumers, the amendments mandate that telecom operators must include a mandatory opt-out option within any promotional message to simplify the way consumers express their preferences. Message headers must now include standardized identifiers (-P, -S, -T, -G suffixes) to help consumers differentiate between promotional, service, transactional, and government messages. A separate category has also been created for government messages to ensure citizens do not miss important public service announcements. Customers who opt out of receiving A2P communications cannot be asked for new consent until 90 days have passed, though the consumer is free to opt back in whenever they like. Consent for ongoing transactions will now only remain valid for 7 days, preventing spammers from prolonging their messaging under the guise of prior consent. Implicit consent for transactional and service communications is now valid for only the duration of the contract, and explicit consent is required for subsequent service calls. Transparency has been enhanced by making it mandatory to disclose if a robocall/autodial machine has been used to place a call.
The new regulations also restrict telemarketing to designated headers and number series, reserving the 140 range for telemarketing calls whilst creating the newly allocated 1600 range for transactional and service calls. Other protections include the mandatory analysis of call and SMS patterns for spam detection, limits on the use of intermediaries between principal entities and telemarketers to simplify traceability, and mandatory physical and biometric verification for senders and telemarketers.
Access providers are mandated to suspend all telecom resources of senders found to repeatedly violate UCC regulations. First-time violations will result in a 15-day bar on outgoing services, while subsequent violations will lead to a one-year disconnection of all telecom resources and blacklisting across all access providers. Any deceptive or fraudulent communication is now classified as UCC, enabling swift action, including disconnection and blacklisting. This is being facilitated by the use of blockchain technology.
To ensure compliance, TRAI has introduced graded financial penalties, starting at INR200,000 (USD2,400) for a first violation, escalating to INR500,000 (USD6,000) for the second, and INR1mn (USD12,000) for subsequent violations, including the misreporting of UCC counts. These penalties are separate for registered and unregistered senders and are additional to penalties for invalid complaint closures and non-compliance with header and content template registration. Access providers are also empowered to mandate security deposits from senders and telemarketers, which can be forfeited for regulatory breaches. Binding agreements are required between access providers and registered senders/telemarketers. These must outline roles, responsibilities, and actions to be taken in the case of non-compliance.
However, Indian telcos have voiced concerns that the regulations ignore the growing problem of spam and scams conducted using OTT comms channels. They have highlighted the unfairness of tightening rules on voice and SMS when most Indians may find themselves targeted on Whatsapp or other apps. The Economic Times quoted one telecoms executive as saying:
The new rules put additional responsibilities on telecom firms, but the main perpetrators of spam remain untouched.
You can read TRAI’s press release about the new regulations here and the full wording of the amended regulations can be found here.



