New Delhi: The Government of India has strengthened its legal and regulatory framework to secure telecom networks and curb the circulation of counterfeit and tampered mobile devices.
The measures fall under the Telecommunications Act 2023 and the Telecom Cyber Security Rules 2024 and 2025. The Department of Telecommunications (DoT) has urged all manufacturers, brand owners, importers, and sellers to follow the rules without fail.
Stricter Legal Provisions for IMEI Tampering
The Telecommunications Act 2023 places strong restrictions on tampering with telecommunication identifiers, including IMEI numbers. Section 42(3)(c) prohibits any form of tampering, while Section 42(3)(f) makes it an offense to knowingly possess radio equipment like mobile handsets, modems, modules, or SIM boxes that contain unauthorized or tampered identifiers.
Violations can lead to imprisonment for up to three years, fines up to fifty lakh rupees, or both. The offenses are cognizable and non- bailable as per Section 42(7). Section 42(6) extends the same penalties to anyone who supports or encourages the offense.
Mandatory Registration Under Cyber Security Rules
Under the Telecom Cyber Security Rules 2024, device makers must register IMEI numbers for every device bearing an IMEI before sale, testing, or research work. This includes mobile phones, dongles, modems, smartwatches with cellular capability, modules, laptops with cellular radios, and SIM boxes. Registration is done on the Device Setu portal under the Indian Counterfeited Device Restriction system.
Importers must also register IMEI numbers before bringing any equipment into India. This step is required for all imports, including those meant for research or testing.
The Telecom Cyber Security Amendment Rules 2025 give the Central Government the authority to direct manufacturers not to assign IMEIs that already exist in Indian telecom networks to new devices made or imported into the country.
National IMEI Database to Curb Counterfeit Devices
The government maintains a central database of tampered and blacklisted IMEIs. Buyers and sellers of used devices must check this database before completing a sale. A fee is charged per verification. This step is now mandatory for all equipment with IMEI numbers, from smartphones to USB modems and assembled devices like SIM boxes.
Rule 8(3) of the 2024 Cyber Security Rules prohibits any person from removing or altering a device’s unique identification number. It also bans the use or possession of hardware or software that can change these identifiers. Devices with programmable IMEIs are treated as tampered devices and attract strict legal action.
Under Rule 5, the government can also direct telecom operators to block devices with tampered IMEI numbers from accessing networks.
Purpose of the Regulations
The DoT has stated that these measures are vital for telecom cybersecurity, preventing counterfeiting, supporting law enforcement, and ensuring proper tax compliance. These rules are designed to protect India’s digital ecosystem from cloned or altered devices that pose security risks.
Registration Process on Device Setu Portal
All registrations must be completed through the Device Setu ICDR portal. The process includes company registration, brand registration linked to GSMA Type Allocation Codes, device model registration, IMEI number submission, and certificate generation for customs clearance.
Also Read
India Adds Over 4,100 New 5G Base Stations in October; BSNL Expands Swadeshi 4G, Eyes 5G Rollout