On 8 February 2022, the Department of Telecommunications (DoT) released guidelines for registration of ‘Machine to Machine' (M2M) service providers namely, ‘Registration Process of M2M Service Providers (M2MSP) & WPAN/WLAN Connectivity Provider for M2M Services' (M2MSP Guidelines).
The government has been working on a regulatory framework for the M2M ecosystem for the past few years. It has taken nearly seven years since the issuance of the M2M roadmap by DoT in 2015 to bring a degree of certainty to the regulatory framework relating to M2M communications. With the recent inclusion of the M2M service authorisation in the Unified License (UL) framework (UL (M2M)), the issuance of the M2MSP Guidelines somewhat completes the loop.
Through the M2MSP Guidelines, the government has mandated registration of M2MSPs and WPAN / WLAN Connectivity Providers with a view to recognize and regulate entities that offer M2M services in India. The M2MSP Guidelines also seek to address concerns relating to issues like M2MSPs' interface issues with telecom service providers (TSPs), requirements relating to know your customer (KYC), security and encryption, etc.
Scope of the M2MSP Guidelines
M2M Services are defined as services offered through a connected network of objects/devices, with unique identifiers, in which M2M communication is possible with predefined back-end platform(s) either directly or through some gateway. The M2MSP Guidelines apply to entities that:
- Provide M2M services through telecom resources provided by authorized TSPs (including leased lines, satellite connectivity, etc.) including entities that use M2M services provided by M2MSPs in connection with its products or as part of its offerings to its end customers; and
- Use WPAN (e.g., Bluetooth) / WLAN (e.g., WiFi) technologies for providing M2M connectivity for commercial purposes, in unlicensed spectrum.
The M2MSP Guidelines also apply to entities that use M2M services or WPAN / WLAN for M2M connectivity for captive, non-commercial use.
However, in case any authorized TSP wishes to provide M2M Services to third parties, it can do so under the telecom licensing framework without registering under the M2MSP Guidelines.
Key requirements prescribed under the M2MSP Guidelines
A host of requirements have been prescribed in respect of M2MSP or WPAN / WLAN Connectivity Provider in the M2MSP Guidelines, including the following:
- Adherence with KYC norms: Entities are required to adhere to KYC and related guidelines issued by DoT. The DoT issued a notification in 2018 providing instructions for fulfilment of KYC norms by entities providing M2M communication services and also for implementing restrictive features (calls, SMS and data communication on a limited basis) for SIMs to be used in M2M communication;
- Obtaining telecom resources: M2MSP shall obtain telecom resources (such as bandwidth, leased line, etc.) from an authorized TSP only. In addition, M2MSP is authorized to use WPAN/WLAN technologies in unlicensed spectrum to provide M2M services;
- Interconnection with licensed telecom operators: In case of use of WPAN/WLAN technologies in unlicensed spectrum/frequency exempt band, the network has to mandatorily connect to licensed TSP's network for backhaul connectivity;
- Maintenance of records: M2MSP is required to maintain updated records relating to - (a) the details of all the customers of M2M services (i.e., physical custodian of machines / devices); (b) details of M2M end device i.e., IMEI, ESN etc.; (c) make, model, registration number, etc. of the device (e.g., cars, utility meters, etc); and (d) any changes to customer and machine / device details;
- Requirements relating to devices sold with SIM inside: Such devices must include packaging/ instructions/ supporting leaflet shall include instruction that the device is having SIM inside and that the end-customer must intimate change of ownership at the time of resale/loss/transfer of the device. In case, end customer does not comply with the instructions he/she shall be liable in case of any misuse of the SIM fitted in the device;
- Privacy protection: Registrant shall ensure protection of privacy of communication and data as per applicable law in force and as notified/amended from time to time. The services provided by registrant should apply requisite security controls to protect sensitive information and data collected by various sensors and actuators;
- Identification and traceability of M2M devices: The M2M devices must be identifiable and traceable on the basis of IMEI/ ESNs in the M2MSP network; and
- Adherence with technical standards: Registrant shall induct only those devices / equipment in the network which meet Telecommunications Engineering Centre (TEC) standards and certifications (or other standards set by national and international standardization bodies such as IEEE, ETSI, etc.), entity which is inducting the devices/equipment in the network shall be individually responsible for complying with technical standards.
With the expected introduction of 5G services in India and the increase in adoption of IoT and smart devices, the M2MSP Guidelines, along with the UL (M2M) that was released recently, have been introduced by DoT at a timely juncture.
While the M2MSP Guidelines seek to delineate the obligations of M2MSPs, the applicability of the M2MSP Guidelines may create a fresh set of challenges for the industry. The M2MSP Guidelines are not only applicable to M2MSPs providing M2M services through telecom resources, but they also apply to “third parties utilising M2M services from registered M2MSPs in connection with its products or as part of its offerings to its end customers as a product or service”. This requirement will cut across sectors like household appliances, automobiles, wearable technology, healthcare, hospitality, etc. all of which use M2M communications in some form of the other.
Also, the M2MSP Guidelines have stopped short of commenting on certain long pending issues, like the use of international SIMs on permanent roaming for M2M communication / imported M2M devices. It was expected that the M2MSP Guidelines may touch upon this aspect in greater detail, but it appears that this will have to wait longer.
As the issuance of the M2MSP Guidelines is a fairly recent development, it will have to be seen how the DoT executes the guidelines. Considering that M2M and IoT are emerging technologies that have a huge potential for growth, the regulator should offer the required support to the industry, especially at such early stage.
The content of this document do not necessarily reflect the views/position of Khaitan & Co but remain solely those of the author(s). For any further queries or follow up please contact Khaitan & Co at firstname.lastname@example.org