The Internet and Mobile Association of India (IAMAI) has said the Telecom Regulatory Authority of India’s (TRAI) draft spam protection rules are a case of regulatory overreach, arguing that the proposed TCCCPR amendments attempt to regulate over-the-top (OTT) platforms beyond the telecommunications scope while also enabling action affecting intermediaries’ safe harbour protections.
What did IAMAI say
- IAMAI flagged that requiring OTT platforms to share data with access providers amounts to “unconstitutional expropriation of valuable proprietary data”. Moreover, it argued that such data is built through “significant intellectual and financial investment”, and compelling its disclosure undermines the fundamental right to carry on trade or business.
- It further argued that provisions empowering TRAI to strip non-compliant intermediaries of their safe harbour protections under Section 79 of the IT Act constitute “gross jurisdictional overreach”, since the amendments seek to regulate entities and protections that fall outside TRAI’s statutory remit.
- Finally, IAMAI recommended harmonising consent rules with the DPDP Act, noting that consent remains valid until the purpose is fulfilled or withdrawn, thereby avoiding conflicting compliance burdens.
What does the regulation say?
- Regulation 34A(2): “Any call management app including phone dialers and third party apps, that offers the user of the app to report any Unsolicited Commercial Communication under any name, such as ‘spam’, ‘junk’, etc., which implies UCC, shall send such report, in the manner and format as specified by the Authority from time to time, to the DND registry maintained by the access providers.”
- Regulation 34A(4)(ii): “The Authority may initiate action under the relevant provisions of the IT Act, 2000, and the IT Rules, 2021, for the violation of the regulations. If the authority concludes that the call management application or similar service is non-compliant, the IT intermediary shall be liable for losing exemption from liability of intermediary under IT Act 2000”.
Important changes in the draft amendments:
Other restrictions on call management apps: TRAI proposes to bar call management apps from blocking, filtering, tagging, restricting, or enabling blanket spam tagging of calls originating from designated commercial number series, 140 for promotional and 1600 for transactional communications. Further, the draft removes the explicit exemption for government communications under Regulation 34A. Enforcement is graded: TRAI may first warn and subsequently invoke Rule 7 of the IT Rules, stripping Section 79 safe harbour, after allowing the entity to respond.
User appeals and complaint redressal: Users can appeal to an Appellate Authority within 15 days if they are dissatisfied with complaint resolution, if the complaint remains unaddressed, or if no response is received within 15 days. The Authority must decide within 15 days of receiving the appeal. Moreover, telecom operators must appoint a senior management employee as the appellate authority and publish their contact details.
A2P call charges and definitions: The draft proposes a termination charge of up to five paisa per minute on application-to-person (A2P) calls, payable by the originating operator. Consequently, high-volume callers could face significant additional costs. It also introduces the first formal definition of A2P calls, covering automated or software-driven voice calls, including robocalls and prerecorded or artificial voice communications. However, exemptions apply to government entities and calls from registered 140 and 1600 series numbers. TRAI frames five paisa as an upper limit, allowing operators to charge lower rates.
Sender classification and enforcement flexibility: At present, violations trigger a 15-day service bar followed by a one-year disconnection and blacklisting. Under the new framework, classified entities could face lighter penalties, and TRAI may exempt them from using a designated number series. Classification criteria include economic importance, service criticality, regulatory status, operational scale, and consumer impact. Notably, the only fixed enforcement floor relates to restoration charges, requiring at least half the total fee if blacklisted entities seek restoration.
Expansion of the consent framework: TRAI proposes to expand the consent framework by recognising consent collected outside its Consent Registration Framework through any verifiable means. Businesses must subsequently register such legacy consent in the Consent Register. Meanwhile, subscribers retain the right to be notified and to withdraw consent. However, the draft does not define what constitutes verifiable means, nor does it set limits on how old such consent can be or deadlines for registration.
AI flags as enforcement trigger: For the first time, TRAI introduces AI-based spam flags as enforcement triggers, lowering the complaint threshold where systems identify suspicious senders. However, action still requires user complaints to corroborate AI inputs.
Also read