ARTICLE
3 October 2024

TRAI Issues Direction To Curb The Misuse Of Headers And Content Templates

AP
Argus Partners

Contributor

Argus Partners is a leading Indian law firm with offices in Mumbai, Delhi, Bengaluru and Kolkata. Innovative thought leadership and ability to build lasting relationships with all stakeholders are the key drivers of the Firm. The Firm has advised on some of the largest transactions in India across various industry sectors. The Firm also, regularly advises the boards of some of the biggest Indian corporations on governance matters. The lawyers of the Firm have been consistently regarded as the trusted advisors to its clients with a deep understanding of the relevant business domain, their business needs and regulatory nuances which enables them to clearly identify the risks involved and advise mitigation measures to protect their interests.
In furtherance of the Telecom Commercial Communications Customer Preference Regulations, 2018 ("TCCCPR"), the Telecom Regulatory Authority of India...
India Media, Telecoms, IT, Entertainment

Introduction

In furtherance of the Telecom Commercial Communications Customer Preference Regulations, 2018 ("TCCCPR"), the Telecom Regulatory Authority of India ("TRAI") had issued a series of directions in 2023, to enhance the management and regulation of commercial communications. These directions included requirements for header and content template registration, verification processes, and compliance reporting. Despite these efforts, TRAI observed significant non-compliance, including delays in implementation and continued misuse of headers and templates. This led to further issues with traceability and effectiveness in curbing unsolicited commercial communications ("UCC").

On August 20, 2024, TRAI issued a comprehensive set of directives aimed at enforcing stricter compliance with the TCCCPR and the previously released directions. These new directions are designed to address the gaps identified in the previous regulations and ensure more robust implementation and monitoring of commercial communication practices. The updated directions include stringent requirements for the end-to-end implementation of numbering series, prohibition of non-whitelisted traffic, and enhanced traceability of messages. By addressing these persistent challenges, TRAI aims to improve regulatory oversight and enhance the overall effectiveness of its measures to combat UCC.

1. Direction dated February 16, 2023:

These directions were issued by TRAI for curbing misuse of headers and content template used in commercial communications. Through these directions, TRAI aimed to lay emphasis on the below mentioned regulations of the TCCCPR:

a. Header and Content Template Registration:

  • Under Regulation 3 of the TCCCPR, access providers are required to ensure that commercial communications use registered headers assigned to the sender.
  • Regulation 5 of the TCCCPR mandates access providers to develop systems to manage commercial communications and adhere to TRAI's directions.

b. Verification and Registration Functions:

  • Regulation 8 of the TCCCPR requires access providers to develop Codes of Practice ("CoPs") for commercial communications and ensure proper registration and assignment of headers and templates.
  • Regulations 12 and 13 of the TCCCPR requires access providers to maintain secure systems for registering entities and headers, including verification and checking for look-alike headers.

However, despite the above-mentioned regulations, TRAI has observed misuse of headers and templates due to inadequate verification and authentication. Such issues include look-alike headers, misuse of variables in templates, and the registration of promotional content in transactional categories. In view of the same, TRAI issued additional guidelines under these directions, which include:

  1. All headers and content templates registered on the Distributed Ledger Technologies ("DLT") platform must be re-verified within 30 days. Unverified headers and templates will be blocked.
  2. Access providers must develop systems to temporarily deactivate unused headers and allow Principal Entities ("PEs") intending to send the communications, to classify headers as 'temporary' or 'permanent' within 60 days. The reactivation of headers should be facilitated through an online process.
  3. Ensure that the headers are distinct and unique, and reject registrations of similar headers.
  4. Content templates and headers must be re-verified quarterly. The number of variables in content templates of message shall be limited to 2, with strict rules on the placement of these variables.

All Telecom Service Providers ("TSPs") were required to comply with these directions and update their CoPs accordingly. They were also required to submit the updated status and actions taken within 30 days from the issuance of this direction.

2. Direction dated May 12, 2023:

TRAI, had issued directions on February 16, 2023, to curb the misuse of headers and content templates. However, after receiving representations from PEs and access providers, it was found that the existing limit of three variables in content templates is insufficient for certain templates (e.g., IRCTC, stock trading), and the restriction on consecutive variables hampers the completeness of information. In view of the same, TRAI recognized the need to review the limitations on the number and placement of variables in content templates, ensuring that while flexibility is provided, the original message intent is not altered by intermediaries. Under these new directions, TRAI has allowed the following:

  1. Allowance for Additional Variables: In special circumstances, more than 3 variables in content templates, have been permitted. This is contingent upon a thorough review by a designated authority, separate from the one approving content templates, with proper justification and sample message examination.
  2. Pre-tagging and Fixed Content Requirements: Each variable in the message template must be pre-tagged for its intended use, and at least 30% of the content template must consist of fixed content, ensuring consistency and preventing misuse.
  3. Contiguous Variables: In cases where the content exceeds 30 characters, more than one contiguous variable of the same type is allowed, subject to proper examination and justification supported by a sample message.
  4. Whitelisting Requirements: Access providers must ensure that only whitelisted URLs, APKs, OTT links, and callback numbers are used in content templates. For URLs containing both fixed and variable parts, the fixed part must be whitelisted.
  5. Monitoring and Compliance: TRAI has mandated access providers to monitor the use of content templates, prevent the misuse of special templates, and update their CoP within 15 days. A compliance report must be furnished within 45 days from the issue date of the direction.

3. Direction dated May 4, 2024:

TRAI had issued certain additional guidelines under these directions, which include:

  1. Commercial Communication Ecosystem: Access providers are required to develop an ecosystem for managing commercial communications, including functions such as registering sender entities, recording subscriber preferences, obtaining and managing consents, and handling complaints.
  2. Usage of DLT: Access providers must adopt DLT-based systems to ensure non-repudiable and immutable management of commercial communications, including regulatory pre-checks and post-checks.
  3. Lack of adoption of 140-Series: TRAI observed that access providers have not implemented DLT-based voice solutions for commercial communications, especially for the 140-level numbering series, which led to the misuse of 10-digit numbers by various entities, causing consumer complaints. The Department of Telecommunications ("DoT") allocated a new '160' numbering series exclusively for Service and Transactional Voice Calls. TRAI has directed access providers to implement DLT-based voice solutions for the 140-level numbering series within 60 days and for the 160-level numbering series within 90 days. An implementation plan for the 160-series must be submitted within 30 days.
  4. Updating Codes of Practice: Access providers are required to update their CoPs to reflect the new DLT-based systems and numbering series, ensuring compliance with the regulations and TRAI's directions.

4. Direction dated August 20, 2024:

Key issues under the previous directions:

Despite the issuance of the above-mentioned directions, TRAI observed several instances of non-compliance and misuse of headers and content templates:

  1. Implementation delays and Mis-use: The directives from February and May, 2023 had not been fully implemented by access providers. TRAI noted a persistent issue with the misuse of headers and templates, with access providers failing to take adequate steps to prevent such misuse or trace the origin of the traffic in cases where misuse has been reported, leading to persistent issues in controlling fraudulent activities.
  2. Reports from Indian Cyber Crime Coordination Centre (I4C): The I4C highlighted several cases of misuse involving Entity IDs, Header IDs, and Content Template IDs. Their reports underscored the necessity of enhancing traceability for telemarketers and PEs. I4C also recommended implementing a chain binding mechanism to trace messages to the telemarketer who used compromised headers.
  3. Inconsistent Content Templates: TRAI noted that in many cases, there was a lack of correlation among the Entity Name, Headers, and Content Templates. Additionally, certain words such as 'disconnection', 'lottery', and 'OTP' were found in content templates that were unrelated to the business of the senders. Malicious APKs and URLs were also detected in some messages.
  4. Multiple Headers and Templates Issue: A single content template was observed to be linked to multiple headers. Moreover, there were several instances of similar or identical content templates being registered by access providers, which complicates monitoring and enforcement efforts.
  5. Improper Registration of Templates: Promotional content templates have been incorrectly registered under the service/transactional category. This misclassification has led to confusion and potential misuse, impacting the effectiveness of regulatory measures intended to distinguish between different types of communication.
  6. Unaddressed Technical Challenges: Access providers temporarily blocked headers that remained unused for 30 days in October and November 2023. They requested a three-month relaxation citing technical challenges with the DLT platform. However, this activity has not resumed to date, exacerbating issues related to header management.
  7. Failure to Implement DLT for Voice Solutions: Access providers have not fully implemented the DLT based voice solution for 140-level numbering series, as mandated by the regulations. This lack of compliance has hindered the effectiveness of the DLT system in managing and monitoring voice communications.
  8. Inadequate Steps to Prevent Misuse: Despite awareness of the misuse patterns and the recommendations from the I4C, Access Providers have not taken effective steps to prevent misuse or to trace the origin of misuse incidents, leading to ongoing issues with message traceability and regulatory compliance.
  9. Lack of Chain Binding Implementation: The recommended chain binding for telemarketers and PEs, as suggested by I4C, has not been fully implemented. This failure has contributed to difficulties in tracing and managing messages sent using compromised headers, further complicating enforcement and monitoring efforts.

Key guidelines under direction dated August 20, 2024:

In response to the ongoing issues, on August 20, 2024, TRAI issued a comprehensive directive aimed at ensuring stricter compliance with the regulations, by mandating the following:

  1. End-to-End Implementation of 140xxx Numbering Series: Access providers are mandated to complete the end-to-end implementation of the 140xxx numbering series on the DLT platform. This includes migrating existing telemarketers and scrubbing calls according to regulations. The deadline for this implementation is September 30, 2024.
  2. Prohibition of Non-Whitelisted Traffic: Effective September 15, 2024, traffic containing URLs, APKs, OTT links, or callback numbers that are not whitelisted will be prohibited. This measure aims to prevent the transmission of unauthorized or potentially malicious content.
  3. Traceability of Messages: From November 1, 2024, all messages must be traceable. Messages where the chain of telemarketers is undefined or does not match will be rejected. This requirement is intended to enhance the traceability and accountability of messaging activities.
  4. Immediate Suspension of Misused Headers and Templates: If misuse of headers or content templates is reported, the traffic from the concerned sender will be suspended immediately. This suspension will remain in effect until the sender files a complaint or FIR with law enforcement agency regarding the misuse, reviews and corrects their headers and content templates, and takes necessary corrective measures.
  5. Complaint Filing and Traffic Suspension: Delivery-Telemarketers are required to identify and file complaints against entities responsible for misuse of headers or content templates within 2 business days. If they fail to do so, the Originating Access Provider ("OAP") will file a complaint on their behalf, and the traffic from the concerned Delivery-Telemarketer will be suspended. Additionally, the entity that pushed the traffic will be blacklisted for 1 year by both the OAP and all other access providers.
  6. Blacklisting of Incorrectly Categorized Content Templates: Content templates registered under incorrect categories will be blacklisted. If a sender accumulates 5 blacklisted templates for incorrect registration, their services will be suspended for 1 month or until all content templates are reverified, whichever is later.
  7. Single Header per Content Template: A content template cannot be linked to more than 1 header. This restriction is to ensure that each header is uniquely associated with a specific content template to prevent misuse and confusion.
  8. Compliance with Regulations: All headers and content templates must comply with the regulations and directives issued. This compliance is required to be achieved within 30 days of the issuance of this direction. Access providers must ensure that all their registered headers and content templates meet the specified regulatory requirements.
  9. Reporting and Status Updates: Access providers are directed to furnish an updated status on the actions taken to comply with these directions. This includes updating their CoPs and providing a status report to TRAI within 15 days from the issuance of this directive.

Conclusion

The implementation delays and ongoing misuse of headers and content templates, despite previous regulations, had implied significant gaps in the enforcement and compliance of the regulatory framework. The new direction dated August 20, 2024, aims to address these issues by mandating a comprehensive end-to-end implementation of the 140xxx numbering series on the DLT platform, prohibiting non-whitelisted traffic, and ensuring the traceability of messages. These measures are crucial in tacking fraudulent activities and ensuring that commercial communications are conducted in a regulated and transparent manner.

The direction's emphasis on immediate suspension and blacklisting of misused headers and content templates, coupled with strict registration and verification processes, aims to mitigate the risk of misuse and ensure that only authorized and compliant entities engage in commercial communications. By implementing these stringent requirements, TRAI intends to enhance the integrity of the communication ecosystem, protect consumers from spam and malicious content, and strengthen regulatory compliance. The directive also provides a roadmap for access providers to align their practices with regulatory expectations, fostering a more secure and accountable communication environment.

Please find the direction dated August 20, 2024, here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More