Get All Access for $5/mo

Telecom Cybersecurity Rules 2024: Bold Step, Industry Seeks Clarity Designated agencies can access telecom traffic data for cybersecurity purposes, but text, audio, or video are excluded from the mandate

By Shivani Tiwari

Opinions expressed by Entrepreneur contributors are their own.

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.

Freepik

Cybersecurity is no longer a peripheral concern in India, as various government departments ramp up efforts to counter growing cyber threats. Recently, the Ministry of Communications and the Department of Telecommunications (DoT) made headlines by releasing the Telecom Cyber Security Rules, 2024, which authorize the government and designated agencies to access telecom traffic data and other information for cybersecurity purposes.

This data includes information such as type, routing, duration, and timing generated, transmitted, received, or stored within telecom networks. Notably, message content—such as text, audio, or video—is excluded from this mandate. The rules aim to enhance telecom cybersecurity and allow the dissemination of this data to any Central Government agency engaged in law enforcement or security activities.

Requirements for Telecom Operators

The new rules require telecom companies to establish infrastructure capable of collecting traffic data and providing it to the government at designated points for analysis, processing, and dissemination to authorized entities. Additionally, telecom operators must report initial cybersecurity incidents within six hours, with detailed reports submitted within 24 hours. These detailed reports must include the number of users affected, geographic impact, and remedial actions taken.

In contrast, the Cyber Incident Reporting for Critical Infrastructure Act in the U.S. and the European Union's cybersecurity regulations mandate a 72-hour timeframe for incident reporting. The shorter timeline prescribed in India has received mixed reactions from industry experts.

"While the six-hour timeline for reporting incidents is tight, it is achievable with efficient systems in place. That said, the responsibility to report crimes to the police or cyber cells should also rest with the citizen who experiences the crime, ensuring a streamlined and effective approach," noted Konark Trivedi, Founder and MD of Frog Cellsat Ltd.

Industry Voices: Praise and Concerns

The rules have been met with both praise and caution from industry leaders. Varinder Singh Jawanda, CEO of Millennium Automation Systems Limited (MASL), views the regulations as a decisive step. "Cybersecurity is the backbone of our digital economy, particularly for the telecom industry. With vast data volumes, critical infrastructure, and evolving threats at stake, such measures are imperative."

On the other hand, Ayush Jindal, Advocate at the Supreme Court, believes the rules, while promising long-term benefits, may pose short-term operational challenges. "The new set of rules will ensure that Indian operators are better prepared to withstand nuanced threats. While these measures might create immediate hurdles, they are vital for the long-term security of India's digital infrastructure," he shared.

Tony Verghese, Partner, JSA Advocates and Solicitors said, "The manufacture and import of equipment have also been restricted, with the requirement of registering the IMEI number before first sale of the equipment. This is a requirement even for equipment imported into the country. While manufacturers and importers are mandated to complete this registration, there is no clarity on what the requirements would be, should individuals purchase such equipment outside India and bring it into the country for their personal use. Currently, the Rules have no clarity in this regard, and I presume the government needs to clarify."

Coordination and Transparency

The regulations also mandate telecom companies to appoint a Chief Telecommunication Security Officer (CTSO) to oversee incident response and compliance. Furthermore, as per the guidance, the government can disclose the details of the incident to the public or ask telecom companies to disclose it.

Trivedi suggested additional proactive measures, stating, "For instance, telcos can immediately block a suspected phone number upon detecting cybercrime, preventing further misuse while investigations proceed."

While industry players and analysts acknowledge the potential long-term benefits, they also stress the need for clearer guidelines and efficient implementation to address practical challenges.


Science & Technology

Use This Framework to Successfully Integrate AI Into Your Business Operations

Here's how to ensure both innovation and compliance when using AI in your organization.

Growing a Business

Why Business Owners Should Streamline Their Operations Now for Success in 2025

As the holiday season and year-end approach, business owners face heightened operational demands, from inventory management to spend control. By streamlining these processes and partnering with flexible suppliers, businesses can maintain efficiency, meet customer needs and focus on growth while navigating this busy period.

Business News

Apple Is Adding ChatGPT to iPhones This Week. Here's How It Works.

ChatGPT will take over questions that Siri can't answer.

Growing a Business

5 Effective Strategies to Boost Your Business's Online Presence

Boosting your online presence in 2025 is the key to success for businesses looking to grow. Working on your branding and reputation management is important to drive more sales and improve conversion.

Marketing

He Pitched His First Business at 12 and Sold a Company for 8 Figures When He Was 23. Here's This Gen Z Marketing Expert's Next Big Move.

Griffin Haddrill built a marketing empire working with artists like Justin Bieber and Lil Nas X. Learn how he tapped into Gen Z's digital culture and turned viral campaigns into a business model.