A very happy new year to all our readers! Here's hoping for an interesting, fun-filled and joyous year. 

There's a new telecom law on the block and the rules under India's new privacy law are right around the corner. December also saw another deep fakes advisory and New Delhi hosting the 2023 GPAI summit. Covering all this, here's this month's TechTicker! 

The Telecommunications Act 2023 

The winter session was a busy one for the Parliament. The session saw the passage of the  Telecommunications Act, 2023 (Act). The Act was swiftly discussed in both houses of the Parliament and received Presidential assent, all within the span of about a week. Notably, this happened despite the house being majorly  disrupted by many Members of Parliament being suspended. The tabling of the Act was a surprise to many as other legislations like the Digital Personal Data Protection Act, 2023 and the Digital India Bill took center stage over the past year. 

The Act modernizes and consolidates telecom regulations with the intention to boost the sector's growth. It replaces India's existing telecom regulatory framework – the Indian Telegraph Act, 1885, the Wireless Telegraphy Act, 1933 and the Telegraph Wires (Unlawful Possession) Act, 1950.

The Act updates many definitions related to telecommunications to bring the regulation in line with technological developments. The definitional expansion, however, brings with it uncertainty about the contours of the Act's application. Whether OTTs and internet-based messaging are covered under the Act don't find an answer right away. While there is no specific call out to the same as it was in the 2022 draft of the Act, the broad definitions do lend themselves to possibly include these services.

The Act makes an interesting move from the earlier licensing regime to an authorization regime for telecom service providers. While, on the face of it, an authorization regime seems like lighter regulatory intervention from the government, there may still be a need to get permissions for operating and possessing telecom and radio equipment. So, we will have to wait and watch to see what this nomenclature change actually means in practice. For more insights on the Act and its important provisions, read our key highlights from the Act  here.

Largely, the Act has been welcomed by the telecom sector as it finally updates a more than 100-year-old regulation. It also falls in line with the larger government move to update India's technology regulation framework. After the Digital Personal Data Protection Act, 2023 and the Telecommunications Act, 2023, the next big change is probably going to be the Digital India Act which will update and replace the Information Technology Act, 2000. The trifecta showcases the government's intention to balance state interests against fostering a tech ecosystem that enables innovation. Surprisingly, with both the privacy and telecom law, the focus has been on drafting lean, principal-based laws that leave a lot to rule-making. While this can be considered a move towards making more agile laws, delays in the rule-making process leave room for much uncertainty regarding what obligations service providers need to comply with upon notification of the main acts. So, it would be interesting to see how this regulatory framework update plays out in the coming few months as we await rules under these acts. 

Mini-splainers

- The Digital Personal Data Protection Rules - On December 20th 2023, the IT Ministry  held a meeting with industry stakeholders to discuss the rules under the Digital Personal Data Protection Act, 2023. The final rules are likely to be  released in January 2024, and will be notified by the end of the month. The Ministry seems eager to  notify the rules soon and the consultation period is likely to be around four weeks. Once the rules are notified, the transition period for compliance will start. Rajeev Chandrasekhar, the Minister of State for IT had earlier  proposed a period of 6 months for large technology companies to comply with the Act and a longer timeline for start-ups. Despite the DPDP Act coming in after data protection legislations in other countries, it does create unique obligations such as the requirement of verified parental consent. These obligations will require businesses to rework their user interfaces and business models. 

- Deepfakes advisory #3 - The IT Ministry issued yet another advisory to internet intermediaries to comply with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (IT Rules) and curb the spread of misinformation powered by AI-Deepfakes. The advisory follows almost a month-long consultation with intermediaries on the issue of regulating deepfakes. It mandates intermediaries to notify users about prohibited content, particularly those specified under Rule 3(1)(b) of the IT Rules. Rule 3(1)(b)  prohibits sharing of information that is defamatory, harmful, misleading, infringes on intellectual property rights etc. The advisory requires intermediaries to ensure that users are also informed about penal provisions under the Indian Penal Code, 1860 and the Information Technology Act 2000 for Rule 3(1)(b) violations. This advisory follows two others requiring platforms to regulate deepfakes that were issued in  February 2023 and November 2023. The advisory establishes the Ministry's intent to strictly regulate the spread of misinformation through online content. The advisory follows statements from the Minister of IT, Ashwini Vaishnaw that MeitY will be notifying amendments to the IT Rules for regulation of deepfakes. However, this advisory seems to have been published instead of the rules. It is possible that MeitY may follow up this advisory with amendments to the IT Rules.   

- GPAI summit - December also saw India hosting the Global Partnership on Artificial Intelligence (GPAI) summit. The summit saw participation from 29 countries that are members of the partnership. It brought together global AI experts, international organizations, academia and industry members. During the summit, Prime Minister Narendra Modi  called for a global framework for responsible development of AI. He noted that transparency in AI development will be crucial to achieve its transformative potential. The GPAI New Delhi Declaration was unanimously adopted by the participating countries. The Declaration  emphasizes advancing safe, secure, and trustworthy AI, and commits to supporting the sustainability of GPAI projects. It also captures concerns related to misinformation, unemployment, transparency, fairness, intellectual property, personal data protection, and threats to democratic values that arise due to increased use of AI. The Declaration is yet another commitment by countries towards fostering AI safety and trust, following the  Bletchley Declaration at the UK AI Safety Summit. This places India as a frontrunner in the global race to regulate AI. 

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.