India: Telecommunications Act, 2023: A Segue To A New Regime In The Telecom Sector

(1)

Old wine in a new bottle: The license regime under the prevailing laws is sought to be converted to an 'authorization' framework. Authorization (which can be called by whatever name) is required for providing telecommunication services, establishing, maintaining or expanding telecommunication networks, and possessing radio equipment. Pertinently, the trigger points for obtaining authorisations have been enhanced as the Telegraph Act requires a license for establishing, maintaining and working a telegraph. Notably, even expansion of a telecom network will require an authorization, which otherwise is fairly routine activity for telecom players. Authorizations can be granted by the Government in the Continental Shelf and Exclusive Economic Zone of India, subject to conditions under prevailing maritime laws. As far as existing licenses, registrations and permissions are concerned, they will have to be eventually migrated to the new regime.

(2)

Simplicity leading to complexity: In wake of considerable backlash against the inclusion of OTT communication services, machine to machine (M2M) services, broadcasting services, etc., in the definition of 'telecommunication services' in the previous iteration of the bill released in 2022, an attempt has been made to simplify the definition. By defining 'telecommunication services' as "any service for telecommunication", the Government may have just opened up the pandora's box. Any telecommunication service, which could arguably include OTT and M2M services as well, can potentially fall within this ambit and trigger a requirement to obtain an authorization. Hence, it may not be safe to assume for the time being that OTT services are beyond the clutches of the law.

(3)

Use of verifiable biometric based identification: All authorized entities are required to employ verifiable biometric based identification mechanisms (as may be prescribed) for identifying persons to whom telecom services are provided. This is not only likely to limit the way in which subscriber verification formalities can be carried out, but also raise concerns relating to privacy and cybersecurity as storage of biometric data and records bring along its set of challenges. Besides, it remains to be seen how such requirements would be fulfilled in the case of enterprise/ business customers, who are currently required to provide details of their single point of contact.

(4)

Extra-territorial application: As a departure from the present framework and previous iterations, the Act contains express provisions dealing with extra-territorial application of the law. Thus far, there has been no express legal basis for the Department of Telecommunication (DoT) to flex its muscles beyond the jurisdiction of India, but this may be set to change.

(5)

Standards and measures for public safety, national security, etc.: The Central Government can notify standards and conformity assessments for matters relating to cybersecurity for telecommunication services and networks, encryption and data processing in telecommunication, etc. This might lead to an overlap with provisions under the information technology framework, which applies horizontally to all sectors. In the recent past, the Government has released specific laws and regulations dealing with these very aspects, e.g. the directions issued by the Indian Computer Emergency Response Team, the Digital Personal Data Protection Act, 2023 (DPDP Act), etc. This may culminate in multiplicity of compliances for entities, which will ultimately impact ease of doing business.

(6)

Adjudication of contraventions and Designated Appeals Committee: The Act speaks of the appointment of adjudicating officers and a Designated Appeal Committee. An adjudicating officer can pass directions, impose civil penalties (as prescribed) as well as make recommendations for the consideration of the Government on certain stipulated matters. A person aggrieved by an order passed by the adjudicating officer can prefer an appeal before the Designated Appeals Committee (to be constituted in the manner prescribed). The next appeal would lie before the Telecom Disputes Settlement and Appellate Tribunal, and finally before the Supreme Court of India. While levying civil penalties, one of the factors to consider is the revenue loss caused to the Government by the contravention along with other factors. Hence, penalty can now be lawfully levied on this basis.

(7)

Offences: The Act has prescribed criminal penalties (including imprisonment) for offences such as providing telecom services without holding appropriate authorizations, gaining access to telecom network/ intercepting message by way of personation, contravening measures specified for national security, etc. Unlike the previous iteration of the Act, all offences are cognizable and non-bailable and in the absence of any provisions for compounding offences, it may pave the way for heavy criminal penalties.

(8)

Protection of users: In case of 'specified messages' (i.e., messages offering, advertising or promoting goods, services, etc.), the Central Government may specify rules for protection of users by taking measures such as requiring prior consent for receiving specific messages, preparation and maintenance of a 'Do not disturb' register, mechanism to enable users to report malware, etc. The authorized entity will be required to establish an online mechanism to enable users to register grievances and provide redressal in the prescribed manner. Such measures will be designed to work in consonance with regulations issued by TRAI. While this is a welcome step to curb pesky calls and messages, there are pre-existing regulations issued by TRAI to address this aspect as well as other measures taken by DoT itself in the past which need to be utilized to their full potential before a new system is introduced. Ultimately, it will lead to multiplicity of compliance for entities in the ecosystem.

(9)

Other notable features: In addition to the above, the Act has sought to streamline procedures for acquisition of spectrum and Right of Way (RoW) permissions, establish a grievance redressal mechanism, establish the Digital Bharat Nidhi (as a replacement to the Universal Service Obligation Fund), create a regulatory sandbox to aid innovation and technology development and so on.