Telecom cyber security rules updated to boost digital safety

The Department of Telecommunications (DoT) amended the Telecommunication Cyber Security (TCS) Rules, 2024 on 22 October 2025 to address critical vulnerabilities arising from the rapid integration of telecom identifiers into digital services across sectors such as banking, e-commerce, and public administration. The amendment reinforces India’s commitment to secure, transparent, and responsible telecom operations.

The updated Rules seek to close existing regulatory gaps and strengthen cyber-resilience by fostering collaboration with entities that use telecom identifiers. They introduce several key frameworks to address longstanding challenges:

Mobile Number Validation (MNV) Platform

To stem the rise of mule accounts and identity-related fraud caused by unverified linkages between mobile numbers and financial or digital services, the Rules institutionalise an MNV platform. This mechanism allows service providers to verify, via a decentralised and privacy-compliant system, whether a mobile number used for a service genuinely belongs to the individual whose credentials are on record, thereby enhancing trust in digital transactions.

Resale Device Scrubbing

India’s expanding second-hand device market has increasingly facilitated the circulation of blacklisted, stolen, or cloned phones, placing unsuspecting purchasers at risk of legal complications. Under the amended Rules, entities dealing in resale or refurbished devices must now check each device’s IMEI number against a centralised database of blacklisted IMEIs prior to resale. This measure safeguards consumers and supports law-enforcement agencies in tracking stolen equipment.

Telecom Identifier User Entity (TIUE) Obligations

Given that multiple sectors now rely on telecom identifiers,such as mobile numbers, IMEIs and IP addresses, for authentication and service delivery, the Rules define “TIUEs” and require them to share relevant telecom-identifier data with the government in specified and regulated circumstances. This strengthens traceability, accountability, and coordination in addressing telecom-linked cyber fraud, while ensuring compliance with data-protection norms.

Collectively, these amendments aim to protect India’s digital ecosystem from telecom-enabled fraud, enhance device traceability, and promote the responsible use of telecom identifiers. The TCS Amendment Rules, 2025 represent a significant step towards a resilient, interoperable, and future-ready telecom cybersecurity framework that balances innovation, privacy, and national security.

The Telecommunication Cyber Security (TCS) Amendment Rules, 2025 were first notified in the Gazette of India via notification G S R 771(E) dated 22 October 2025. Subsequently, due to an inadvertent error, the same Rules were republished instead of an intended draft for consultation through notification G S R 796(E) dated 29 October 2025. This error has now been corrected by the DoT through notification G S R 863(E) dated 25 November 2025, which rescinds the unintended republication.This rescission does not in any way affect the validity or enforceability of the original amendment.

The Government therefore clarifies and reaffirms that the Telecommunication Cyber Security (TCS) Amendment Rules, 2025, as notified under G S R 771(E) dated 22 October 2025, remain fully in force and enforceable.