The 2021 OSP Guidelines aimed to ease regulatory burdens for BPOs and voice-based customer support. But with cloud platforms, hybrid networks, and AI tools now common, new questions are emerging on compliance. This blog breaks down key grey areas businesses should pay close attention to.
The Department of Telecommunication's 2021 Other Service Provider (OSP) Guidelines were introduced as a much-needed reform of the regulatory framework governing customer support and other BPO services. By removing registration requirements, easing restrictions on remote working, and exempting purely IP-based systems, the guidelines were intended to enable smoother business operations in India.
But as businesses adopt more advanced technologies, such as cloud communications, hybrid networks, and decentralised support models, new questions are emerging. For instance, how do the distinctions between IP and PSTN usage in evolving network architectures impact the applicability of the guidelines? What qualifies as permissible interconnection and what is toll-bypass? Do shared service arrangements within corporate groups fall within scope? This blog breaks down emerging grey areas in this sector that businesses should pay close attention to.
1. Applicability of OSP Guidelines to IP-Based and Hybrid Communication Setups
The guidelines exempt purely IP-based systems from OSP obligations. This exemption was aimed at reducing compliance burdens for modern digital enterprises. However, it assumes a clean separation between IP-based and PSTN-based communications. In practice, many customer support systems incorporate hybrid architectures. Even where a business primarily relies on IP-based platforms, there may be fallback mechanisms or features, such as emergency call routing or local number presentation, that interface with PSTN infrastructure.
Moreover, a business using a VoIP platform may not directly manage PSTN components, but its service provider may still route certain calls via PSTN trunks. Even where the service provider manages IP-based traffic, these IP trunks may be interconnected with PSTN networks, particularly when calls are transferred between multiple entities involved in customer support delivery. For instance, the service may be layered across a cloud platform provider, other OSPs acting as intermediaries, and the underlying telecom service provider. Each of these actors may play a distinct role in enabling or managing the call, which makes it more complex to determine whether the system qualifies as purely IP-based and who should be responsible for ensuring OSP and other compliance. Enterprises should closely assess how different entities and infrastructure layers contribute to their setup before concluding that it falls within or outside the scope of the guidelines.
Image 1: Hybrid Customer Support Architecture Across IP, OSP, and PSTN Layers
2. Toll Bypass: Regulatory Risk in Modern Call Routing
The 2021 OSP Guidelines broadly define toll bypass as a scenario where a call enters or leaves the PSTN through the OSP's network and without going through an authorised licensed network, thereby circumventing applicable charges or regulatory oversight. While toll bypass was relatively easier to identify in legacy telecom systems, modern enterprise communication setups have introduced greater complexity.
A common arrangement today might involve a customer in India calling a virtual number hosted overseas or vice versa. That call could be routed over IP through a CPaaS platform, passed to one or more intermediate service providers or OSPs, and then delivered to a support agent in India, potentially re-entering the PSTN. These call paths may not be clearly visible to the enterprise or the customer, and the layered involvement of multiple entities – each playing a unique role in call handling – makes it more difficult to assess whether such a setup might amount to toll bypass under the guidelines. Given these complexities, determining whether a specific call flow constitutes toll bypass is no longer straightforward.
3. Cloud-Based Customer Support Providers: Regulatory Gaps
The 2021 OSP Guidelines expressly permit the use of foreign EPABX and EPABX shared across different OSPs, reflecting a shift towards greater flexibility. However, the guidelines do not expressly reference cloud-based contact centre service providers (CCSPs), such as CPaaS or SaaS-based communication platforms, which have become an essential part of the customer support landscape. These platforms offer businesses a scalable, cost-effective, and feature-rich alternative to traditional telephony systems. They support key functions such as dynamic routing, number masking, call recording, performance analytics, and integration with CRMs.
While the use of cloud platforms appears consistent with the broader direction of the OSP Guidelines – particularly their support for shared and virtualised infrastructure – the absence of an explicit reference to CCSPs has led to uncertainty around their formal treatment under the current regulatory framework. As their adoption becomes foundational to modern service delivery, regulatory clarity would help ensure that enterprises can adopt such technologies with confidence under the current regulatory framework.
4. In-House Support and Group Entity Arrangements
Businesses that operate in-house customer support teams staffed by employees of the same legal entity are generally viewed as being outside the scope of OSP regulation. However, more questions arise when customer support is provided by one group company to another within a larger corporate structure. For example, if a centralised services entity provides voice-based customer support to multiple subsidiaries or affiliates, it is uncertain whether such an arrangement would be considered outsourcing under the guidelines. Given that many companies structure their operations to centralise support functions within group entities, further clarification could help resolve this ambiguity.
5. Interaction with Data Protection Laws
With the upcoming implementation of the Digital Personal Data Protection Act, 2023 (DPDP Act), businesses must also consider how obligations under the OSP guidelines or business practices interact with privacy and data protection requirements. In complex value chains involving OSPs, platforms, telecom providers, customers, it becomes critical to clearly determine which party acts as the data fiduciary and which as the data processor under the DPDP Act. Where customer call data – including recordings, logs, and metadata – is routed through or stored by third-party platforms, businesses must ensure that contracts appropriately allocate responsibilities, mandate security safeguards, establish breach reporting obligations, and address the conditions for cross-border data storage and transfers. These assessments are especially important where multiple service providers and jurisdictions are involved.
Additional Questions
Remote Work: While the guidelines permit remote work without prior approval, businesses remain responsible for ensuring security and compliance. However, the guidelines do not elaborate on what constitutes adequate safeguards – for example, whether use of VPNs or data localisation is necessary in all cases.
Use of AI in Support Functions: As enterprises increasingly adopt AI-powered tools for automating customer support – including voicebots, chat summarisation, sentiment analysis, and call routing – new questions emerge around how the interplay with the OSP guidelines.
The Way Forward
The 2021 OSP reforms aimed to reduce regulatory friction and support flexible business models. While they achieved significant progress in simplifying certain processes, evolving technologies and business practices continue to raise new interpretive questions. Businesses may benefit from reviewing their communication setups and vendor arrangements in light of current guidelines. Seeking professional advice can assist in identifying potential areas of exposure and ensuring continued alignment with regulatory expectations.
Image credits: Freepik
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
