Full Report
The Indian government has introduced explicit legal provisions under subsection 42(3)(c) and subsection 42(3)(f) of the Telecommunications Act, 2023, formally classifying the tampering with telecommunication identifiers and the willful possession of radio equipment using unauthorized or altered identifiers as criminal offenses. These measures are intended to address persistent challenges related to sim misuse, telecom fraud, and the exploitation of digital communication infrastructure across India. The legal clarification was outlined in a press release issued by the Press Information Bureau (PIB) on 17 December, following a written response in the Lok Sabha by Minister of State for Communications and Rural Development Dr. Pemmasani Chandra Sekhar. The response addressed the liability of mobile subscribers and broader cybersecurity concerns arising from the misuse of telecommunication resources. Legal Provisions Targeting Tampering and Unauthorized Equipment Under sub-section 42(3)(c) of the Telecommunications Act, 2023, any act involving the tampering of telecommunication identifiers is now treated as a punishable offence. Telecommunication identifiers include elements such as subscriber identity modules, equipment identity numbers, and other unique identifiers that form the basis of lawful access to communication networks. In parallel, sub-section 42(3)(f) criminalizes the willful possession of radio equipment when the individual knows that such equipment operates using unauthorized or tampered telecommunication identifiers. This provision is important in cases involving cloned devices, illegal intercept equipment, or modified communication hardware that can be used to bypass regulatory controls. The government has further reinforced these offences through Telecom Cyber Security Rules, which prohibit intentionally removing, obliterating, altering, or modifying unique telecommunication equipment identification numbers. The rules also bar individuals from producing, trafficking, using, or possessing hardware or software linked to telecommunication identifiers when they are aware that such configurations are unauthorized. Sim Misuse and Fraudulent Acquisition of Telecom Identifiers Addressing the broader issue of sim misuse, the Minister highlighted that sub-section 42(3)(e) of the Telecommunications Act, 2023, criminalizes the acquisition of subscriber identity modules or other telecommunication identifiers through fraud, cheating, or impersonation. Fraudulently obtained SIM cards have frequently been linked to cyber fraud, financial crimes, and identity theft, prompting the need for clear statutory deterrents. The government noted that responsibilities relating to “Police” and “Public Order” fall within the jurisdiction of State governments, as outlined in the Seventh Schedule of the Constitution of India. As a result, enforcement of these provisions relies on coordination between central regulatory authorities and State law enforcement agencies. To prevent misuse at the onboarding stage, the Department of Telecommunications (DoT) has mandated, through license conditions, that Telecom Service Providers (TSPs) conduct adequate verification of every customer before issuing SIM cards or activating services. Regulatory Oversight and Public Reporting Mechanisms Beyond criminal penalties, the regulatory framework stresses oversight and early detection of telecom-related abuse. The DoT has developed mechanisms that allow citizens to report suspected misuse of telecom resources, enabling authorities and service providers to identify patterns of fraud and deactivate offending numbers or connections. These measures are designed to hold offenders accountable while protecting legitimate subscribers from the consequences of sim misuse. By encouraging public reporting, authorities aim to strengthen collective vigilance against telecom-enabled cybercrime without shifting responsibility away from regulated entities. Policy Debate and Withdrawal of Mandatory App Installation The legal provisions under the Telecommunications Act gained broader public attention following controversy over a government directive that required the mandatory pre-installation of a related mobile application on all new smartphones. The directive sparked criticism from privacy advocates, opposition leaders, and technology companies, who raised concerns about user consent, surveillance risks, and excessive permissions. Amid growing public backlash and resistance from device manufacturers, the Ministry of Communications withdrew the mandatory pre-installation order in early December, clarifying that the application would remain voluntary. The government stated that its withdrawal did not affect the underlying legal framework established under the Telecommunications Act, 2023. The debate does not change the intent of the law. By criminalizing tampering with telecommunication identifiers and knowingly possessing radio equipment using unauthorized identifiers under sub-section 42(3)(c) and sub-section 42(3)(f), the framework establishes clear accountability for SIM misuse. As enforcement tightens, organizations need visibility into telecom-enabled fraud and infrastructure abuse. Cyble provides threat intelligence to help teams detect and assess these risks early. Request a personalized demo to see how Cyble supports proactive threat detection! References: https://www.pib.gov.in/PressReleasePage.aspx?PRID=2205349®=1&lang=1 The post India Criminalizes Tampering with Telecommunication Identifiers and Unauthorized Radio Equipment Under the Telecommunications Act appeared first on Cyble.
Analysis Summary
# Regulation/Compliance: Telecommunications Act 2023 - Identifier Integrity and Fraud
## Overview
This summary outlines new legal provisions introduced under the Indian Telecommunications Act, 2023, which establish criminal offenses related to the tampering of telecommunication identifiers (like SIMs and EIDs), the knowing possession of radio equipment using unauthorized identifiers, and the fraudulent acquisition of SIM cards. These measures are designed to combat SIM misuse, telecom fraud, and exploits targeting digital communication infrastructure.
## Key Details
- Issuing Authority: Government of India (Ministry of Communications, outlined via PIB press release following Lok Sabha response).
- Effective Date: Provisions are established under the Telecommunications Act, 2023 (specific enforcement commencement dates not detailed, but provisions are enacted).
- Jurisdiction: Republic of India (Central laws impacting the telecommunication sector).
- Status: Final and In Effect (Statutory provisions).
## Requirements
### Mandatory Requirements
1. **Prohibition on Tampering (Sub-section 42(3)(c)):** Any act involving the tampering, removal, obliteration, alteration, or modification of telecommunication identifiers (including Subscriber Identity Modules (SIMs) and Equipment Identity Numbers (EINs)) is a punishable offense.
2. **Prohibition on Unauthorized Possession (Sub-section 42(3)(f)):** Willful possession of radio equipment where the individual knows it operates using unauthorized or tampered telecommunication identifiers is a criminal offense (applies to cloned devices, illegal intercept equipment, etc.).
3. **Prohibition on Fraudulent Acquisition (Sub-section 42(3)(e)):** Acquisition of SIMs or other telecommunication identifiers through fraud, cheating, or impersonation is criminalized.
4. **Cyber Security Rules Adherence:** Entities must comply with the overarching Telecom Cyber Security Rules, which explicitly bar producing, trafficking, using, or possessing hardware/software linked to unauthorized telecommunication identifiers.
5. **TSP Verification Mandate:** Telecom Service Providers (TSPs) must adhere to Department of Telecommunications (DoT) license conditions, mandating adequate customer verification before issuing SIM cards or activating services.
### Recommended Practices
1. **Public Reporting Utilization:** Organizations and citizens should utilize DoT mechanisms to report suspected misuse of telecom resources to aid authorities in identifying fraud patterns and deactivating offending connections.
2. **Supply Chain Assurance:** Implement enhanced due diligence regarding hardware (especially radio equipment) and software to ensure telecommunication identifiers have not been compromised or illegally altered prior to use.
## Affected Organizations
- Industries: Telecommunications Sector (Telecom Service Providers - TSPs), Device Manufacturers, and Entities involved in the production, sale, or maintenance of communication hardware/software.
- Organization Size: Applicable to all organizations handling telecommunication resources or hardware in India.
- Geographic Scope: All activities within the jurisdiction of India.
## Compliance Timeline
- **December 17 (Reported Date):** Legal clarification regarding criminal liability and enforcement scope was publicly documented (Lok Sabha response).
- **Ongoing:** Immediate compliance required for all handling of unique identifiers, acquisition of SIMs, and possession of radio equipment under the Telecommunications Act, 2023, and associated rules.
- **Ongoing (for TSPs):** Adherence to existing DoT license conditions regarding customer verification remains mandatory.
## Implementation Guidance
### Assessment Phase
- **Identifier Inventory:** Audit internal systems and processes to identify where and how telecommunication identifiers (SIMs, EIDs) are handled, provisioned, and terminated.
- **Hardware Verification:** Review procurement and usage policies for radio equipment to ensure known-good sourcing and prevent the introduction of equipment with altered identifiers.
### Implementation Phase
- **Policy Updates:** Update internal policies to explicitly prohibit tampering, fraudulent acquisition, and possession of devices known to use unauthorized identifiers, aligning with subsections 42(3)(c), (e), and (f).
- **Employee Training:** Train staff on legal prohibitions related to identifier manipulation and the severe penalties associated with violations.
### Validation Phase
- **Audit Trails:** Establish robust audit trails for all identifier provisioning and deactivation processes.
- **Compliance Checks:** Periodically audit device inventory against regulatory mandates regarding unique equipment identification numbers.
## Technical Requirements
- **Identifier Integrity Controls:** Technical measures must be in place to prevent internal or external alteration (removing, obliterating, changing) of unique telecommunication equipment identification numbers.
- **Secure Provisioning:** TSP systems must enforce rigorous identity checks and secure workflows to prevent fraudulent activation (as per DoT license conditions).
- **Hardware Integrity:** Ability to verify cryptographic or electronic integrity of communication hardware, particularly when managing network access points.
## Penalties & Enforcement
- Fines: Not explicitly detailed in the provided text, but these actions are classified as **criminal offenses**.
- Other Consequences: Criminal prosecution, imprisonment, and accountability for mobile subscribers and associated entities.
- Enforcement: Relies on coordination between central regulatory authorities (like DoT) and State law enforcement agencies, given that "Police" and "Public Order" fall under State jurisdiction (Seventh Schedule of the Constitution).
## Related Standards
- **Indian Constitution (Seventh Schedule):** Defines the division of responsibilities between Central and State governments regarding enforcement (Police/Public Order).
- **DoT License Conditions:** Serve as regulatory mandates for TSPs regarding customer onboarding and verification.
## Resources
- Official Documentation: Telecommunications Act, 2023 (Specific sections: 42(3)(c), 42(3)(e), 42(3)(f)).
- Guidance Documents: Telecom Cyber Security Rules.
- Reference Source: PIB Press Release dated December 17 (PRID=2205349).
## Practical Recommendations
1. **For TSPs:** Review and audit current SIM card issuance protocols immediately to ensure full compliance with verification mandates to prevent prosecution under 42(3)(e).
2. **For Organizations Using Telecom Infrastructure:** Implement strict internal controls governing the acquisition and modification of any network access equipment to prevent violations under 42(3)(f) (willful possession of non-compliant equipment).
3. **For Legal/Risk Teams:** Factor the new criminal liability provisions into all operational risk assessments related to digital communications, recognizing that intent (willful possession/knowledge) plays a significant role in prosecution.