The Department of Telecommunications (DoT) has amended the Telecommunication Cyber Security (TCS) Rules, 2024 to address emerging vulnerabilities linked to the rapid integration of telecom identifiers into digital services across banking, e-commerce, governance, and other sectors. The amendment reinforces the government’s focus on secure and responsible telecom operations.

Further, the updated rules aim to close regulatory gaps and enhance cyber resilience through clearer coordination mechanisms with entities that use telecom identifiers. They introduce key new frameworks targeting long-standing challenges:

  • Mobile number validation (MNV) platform: To curb the surge in mule accounts and identity frauds arising from unverified linkages of mobile numbers with financial and digital services, the rules institutionalise MNV platform. This mechanism enables service providers to validate, through a decentralised and privacy-compliant platform, whether a mobile number used for a service genuinely belongs to the person whose credentials are on record and thereby enhancing trust in digital transactions.
  • Resale device scrubbing: India’s expanding second-hand device market has increasingly witnessed circulation of blacklisted, stolen, or cloned phones, exposing genuine buyers to legal risks. Further, the amended rules now require entities dealing in resale or refurbished devices to scrub each device’s International mobile equipment identity (IMEI) number against a centralised database of blacklisted IMEIs before resale. This measure is intended to protect consumers and support law enforcement in tracking stolen equipment.
  • Telecom identifier user entity (TIUE) obligations: Recognising that multiple sectors now leverage telecom identifiers (such as mobile numbers, IMEIs, and IPs) for authentication and service delivery, the rules define TIUEs and mandate them to share relevant telecom-identifier data with the government in specific, regulated circumstances. This ensures greater traceability, accountability, and coordination in tackling telecom-linked cyber frauds while maintaining compliance with data protection norms.

Collectively, these amendments seek to strengthen India’s digital ecosystem against telecom-enabled frauds, improve device traceability, and promote responsible use of telecom identifiers. The TCS amendment rules, 2025 represent a step toward a more resilient and interoperable telecom cyber-security framework.

Separately, TCS amendment rules, 2025 were notified in the gazette of India via G.S.R. 771(E). Due to an inadvertent error, the rules were republished instead of a separate consultation draft through G.S.R. 796(E). This has since been corrected by DoT through notification G.S.R. 863(E), which rescinds the unintended re-publication. The correction does not affect the validity or enforceability of the original amendment. The government clarifies that TCS amendment rules, 2025, as initially notified under G.S.R. 771(E), remain fully in force.