New Delhi: With October being Cybersecurity Awareness Month, the Department of Telecommunications (DoT) has formally notified the Telecommunications (Cyber Security) Amendment Rules, 2025, a landmark move aimed at bolstering India’s telecom security, improving traceability of devices and addressing rising identity fraud linked to telecom networks.
The amendments, which follow extensive consultations with stakeholders since the draft release in June, seek to future-proof India’s digital infrastructure amid growing cyber threats.
The amendments introduce three major frameworks to tackle vulnerabilities in the telecom ecosystem:
Mobile Number Validation (MNV) Platform
The cornerstone of the new rules is the MNV platform, enabling the verification of mobile numbers used by entities offering digital services linked to telecom networks. Telecom licensees and other authorised entities, collectively called Telecommunication Identifier User Entities (TIUEs), can validate whether a mobile number corresponds to a verified user in operators’ databases. This system targets identity fraud, spam, and misuse of telecom identifiers, particularly in services such as banking, fintech and online platforms.
The MNV platform is expected to launch in the coming months and will allow banks, financial institutions and other service providers to verify mobile numbers during account onboarding, addressing the absence of a formal mechanism to confirm ownership of numbers linked to financial accounts. While compliance is mandatory for telecom operators, other entities may participate voluntarily. E-commerce and food delivery platforms may also access the system for a fee, with charges shared between the managing agency and telecom operators.
Resale Device Scrubbing
To curb the circulation of stolen, cloned, or tampered devices, the amended rules mandate that all refurbished and resale mobile devices undergo IMEI verification against a centralised national database before being sold or reused.
This step addresses the ongoing issue of handset theft, with over 50,000 devices lost or stolen each month, translating into nearly Rs 1,200 crore in annual losses. By scrubbing devices before resale, the government aims to protect consumers, assist law enforcement in tracking stolen equipment, and enhance overall trust in the digital ecosystem.
TIUE Obligations
The amendments define the responsibilities of entities using telecom identifiers, including mobile numbers, IMEIs and other unique identifiers. TIUEs are required to ensure secure and regulated sharing of data with government agencies for fraud detection and prevention, while maintaining compliance with India’s data protection framework. The rules also empower the government to issue directions to manufacturers to assist in identifying tampered or fake devices.
Rationale and Security Imperatives
India has witnessed a surge in telecom-linked cybercrime, including identity and mule account frauds, stolen or cloned devices, and large-scale financial cyber-frauds. In 2023, losses due to cyber-frauds exceeded ₹7,465 crore, while in 2024, they skyrocketed to ₹22,845 crore. The resale of unverified second-hand phones has further eroded consumer trust and posed security risks.
The amended rules aim to strengthen citizen trust in telecom and digital services, reduce device theft and identity fraud, and make the network more resilient to cyber threats. By enabling near real-time cross-sectoral coordination, the MNV platform and resale device scrubbing mechanisms are expected to protect India’s digital economy and support secure adoption of technology in financial services, e-governance and other critical sectors.
Implementation and Compliance
Under Rule 7A, all telecom identifier validations must comply with data protection laws. The DoT has clarified that the platform will follow privacy-compliant, decentralised validation procedures to maintain individual confidentiality while enhancing security. The government also plans to charge fees for optional access to the platform by non-telecom entities, ensuring the sustainability of operations.
The telecom cyber security rules signify a transformative approach toward a cyber-resilient, citizen-first digital India, providing a structured framework for secure mobile number verification, safe device resale and regulated use of telecom identifiers.
The initiative reinforces India’s commitment to safeguarding its digital ecosystem, protecting citizens and businesses from rising cyber-fraud risks and ensuring secure, trustworthy connectivity across the nation.
Discussion about this post