By Krishaank Jugiani
Recently Telecom Regulatory Authority of India announced that it had disconnected over 21 lakh fraudulent mobile numbers and blacklisted nearly one lakh entities involved in spam and scam messaging. The action was driven largely by citizen reports through the Do Not Disturb app. Yet frauds and scams continue to increase affecting billions of users, and the government’s push to strengthen verification is therefore understandable. But any new measure must be carefully calibrated while avoiding disruption for the millions and undue pressure on a thriving startup ecosystem.
The recently notified Telecommunications (Telecom Cyber Security) Amendment Rules, 2025 by the DoT, mark the latest efforts by the government to strengthen India’s telecom ecosystem. The Rules introduce two major requirements. First, a Mobile Number Validation (MNV) system requiring digital platforms to verify user ownership of mobile numbers. Second, expanded IMEI tracking to prevent device fraud. Despite extensive feedback during consultations, the final Rules include only minor changes. The DoT has also not publicly explained why it retained the original design. As a matter of sound rule-making, publishing a clear statement of reasons, particularly when alternatives were proposed, would have strengthened transparency and trust.
The Rules are meant to address real and pressing issues. India logged over 2 million cybersecurity incidents in 2024, and police reports indicate growth in SIM-swap scams, spoofing calls, fake-KYC attacks, and IMEI cloning. The need to reduce fraud is indisputable. But the Rules may also have inadvertent implications around feasibility, cost and fairness, especially in a country where digital access is uneven and mobile numbers are the primary gateway to essential services.
To begin with, India has over a billion active mobile connections, but actual ownership remains skewed. Surveys show that millions of women, children and elderly rely on phones registered in someone else’s name, especially in rural and low-income households. A strict user–SIM matching could disrupt daily life: women applying for welfare using a spouse’s number, children accessing an edtech app on a parent’s phone, or elderly users managing banking through a relative’s device. Even if 5% of these shared-device users encounter mismatches, it would affect over 20–30 million vulnerable users.
Security gaps in telecom KYC raise doubts about whether MNV can deliver on its promise. One study found that 89.11% of Aadhaar-linked alternative numbers did not belong to the Aadhaar holder. Point-of-sale agents often do not verify documents thoroughly, and in 2024, 1.77 crore fraudulent mobile connections were detected and deactivated. Since MNV depends on the accuracy of this underlying name data, it will check information with limited reliability. Any slowdown or outage could affect payments, welfare benefits, digital services, or routine app logins.
Concerns also arise from the discretionary powers built into the Rules. Because the government will decide if a digital platform can use the MNV platform voluntarily, there is a risk of arbitrary decision-making. The government can suspend or block mobile numbers without prior notice and with limited transparency. Without safeguards like show-cause notices, opportunities for hearing, and independent review, this could lead to false suspensions, posing threat to the rule of law and the principles of natural justice. For individuals who rely on a single phone number to access welfare schemes, banking, healthcare, or education, this risk is far from theoretical.
Costs add another layer of concern. The final Rules do not mention the pricing, but the draft suggested ₹1.50 per check. Multiplied across routine app use, this could create recurring expenses. For small retailers and startups that handle millions of transactions, this can escalate into crores, adding friction in a sector with already high compliance costs. Such friction also has macroeconomic implications. India’s digital economy, contributing near 12% of GDP and expanding rapidly, depends on seamless user access and low-cost participation. A 5-10% slowdown from access barriers or higher costs could cost tens of thousands of jobs and reduce startup formation. It may also slow the pace at which new users come online. Higher IMEI-related costs could similarly make refurbished devices less affordable, hurting low-income users who depend on them the most.
The risks also become sharper when viewed against India’s already dense fraud-control architecture. The country already has several fraud and cybersecurity systems such as CERT-In, I4C which has helped recover ₹5,489 crore, RBI’s strict cybersecurity framework for financial institutions, DigiKavach for AI-driven fraud detection, telecom KYC rules, upcoming CNAP for verified caller IDs, and anti-spam regulations. If MNV is layered on top, it may duplicate existing systems rather than strengthen them.
A more balanced approach is possible, which includes risk-based and graded verification so that high-risk services like financial platforms or welfare delivery use mandatory MNV while low-risk services do not. The scope of mandatory compliance could be narrowed, with transparent fee structures that protect MSMEs and startups. Strong procedural safeguards would reduce the risk of wrongful suspensions. Fixing telecom KYC at the root is essential before building new layers of verification on top. And before a nationwide rollout, pilot testing is crucial to measure latency, system stress, fraud-prevention accuracy, and real-world exclusion rates.
The challenge for India is to strengthen digital security without weakening access, equity, or economic participation. The current version of the Rules tries to solve real problems but risks creating new ones, especially for those who already face barriers to digital access. With thoughtful adjustments, India can secure its digital future while minimising the risk of shutting people out.
Krishaank Jugiani is a technology policy researcher at CUTS International.
This article can also be viewed at:
https://www.communicationstoday.co.in/