含羞草社区

On 20 August 2024, the Telecom Regulatory Authority of India (TRAI) issued directions to all access providers to ensure that they had implemented measures to prevent the misuse of messaging services and fraud on customers.

The intention of the directions is to prevent businesses and telemarketers from misusing registered headers, templates and identities such as entity identity and content template identity. They also intend to stop such businesses from using misleading terms such as disconnections, lottery and OTP in content templates not connected to the sender’s business. The TRAI is also trying to stamp out the practice of including malicious APKs, the file format used in Android, and URLs in messages. The directions require that only pre-approved and accepted APKs, URLs and OTT links be used so that customers will be protected from financial scams and fraudulent schemes.

The directions have been issued to further the objectives of the Telecom Commercial Communications Customer Preference Regulations, 2018 (TCCCPR), which the TRAI introduced in the exercise of its powers under sections 36 and 11(1)(v)(b) and (c) of the Telecom Regulatory Authority of India Act, 1997. The TCCCPR were instrumental in setting up a distributed ledger technology (DLT), or blockchain-based ecosystem, to contain the problem of unsolicited commercial communications (UCC) and unregistered telemarketers (UTM).

In a succession of directions from May 2023, the TRAI has imposed the following measures on access providers in the current round. All access providers must update the 140 numbering series on their DLTs by 30 September 2024 for surveillance and enhanced control. According to the revised directions, from 1 October 2024 access providers must not disseminate messages that include URLs, APKs and OTT links if the sender is not on an approved list.

Access providers shall provide full traceability of messages from principal entities to receivers, as well as preventing any message with unclear or mismatched identifying data by 1 November 2024. Access providers must ban content templates that are registered in an incorrect category, for example, promotional messages that are listed as service or transactional communications. Should five of these templates be banned, the generating provider involved must suspend the sender’s services for one month or until the templates are corrected.

To avoid misuse, a content template must be linked to one header only. If anyone discovers misuse of headers or templates, for example, fraudulent conduct by another entity, all access providers must immediately bring the sender’s traffic to a halt until appropriate action is taken or a complaint or a first investigation report (FIR) is lodged with the appropriate authority.

The directions require access providers to submit reports on the progress they have made in the implementation of the amended Code of Practice (CoP) to the TRAI within 15 days from the issue of the revised directions. They also emphasise the importance of improving traceability between senders and recipients for easy identification of persons responsible for fraudulent activities. This enhancement of accountability is part of the broad strategy towards ensuring greater transparency and a more secure environment for commercial communication. By issuing specific, time-bound directions to access providers, the TRAI has shown its intention to overcome the challenges faced by the telecommunications sector and to safeguard long-term consumer interests. However, the efficacy of the measures will largely depend on their implementation and enforcement.

Implementation of these directions in full could also cause disruptions to the delivery of legitimate transactional and service-related messages, potentially leading to inconvenience and loss for consumers. These concerns have been flagged by access providers. The TRAI has, therefore, taken into consideration the practical difficulties the directions could cause. By its direction of 30 August 2024, the TRAI extended the date for full implementation of the directions to the end of September 2024. The requirement does not apply to call-back numbers, which require further deliberation. Despite such obstacles, the TRAI’s proactive actions are steps towards reducing fraudulent transactions and blocking malevolent actors.

Aman Avinav is a partner (disputes, investigations and white-collar crime) at Phoenix Legal