Introduction
The Telecom Regulatory Authority of India (TRAI), on 22 April 2025, released its 'Recommendations on the issues Related to Critical Services in the M2M Sector, and Transfer of Ownership of M2M SIMs' (Recommendations). These Recommendations have been issued pursuant to a reference received from the Department of Telecommunications, and aim to address two key aspects concerning the machine-to-machine (M2M) and Internet of Things (IoT) ecosystem: (i) classification and regulatory oversight of critical M2M/IoT services; and (ii) transfer of M2M service provider registration and SIM ownership in scenarios involving mergers, demergers, or acquisitions. The Recommendations are particularly relevant in light of the growing integration of IoT technologies in critical sectors such as public infrastructure, transport, healthcare, and utilities.
I. Classification of Critical IoT Services: Introduction of the 'Twin Test'
TRAI has proposed a framework for identification of 'critical' IoT services, guided by a two-pronged test. Under this framework, a service may be considered critical if: (a) it requires ultra-reliable, low-latency M2M connectivity with high availability; and (b) any disruption in such connectivity could adversely impact national security, the economy, public health, or public safety. Examples of services that may fall within this category include smart grids, emergency healthcare systems, and autonomous mobility solutions. This classification aligns with the intent of the Telecommunications (Critical Telecommunication Infrastructure) Rules, 2024, which aim to ensure that critical digital infrastructure, especially services vital to national security and public welfare, are subject to stricter regulatory protections and reliability standards.
Once designated as 'critical', it is recommended that such services would need to be supported by service level agreements between organisations and the licensed telecom service providers, to ensure adherence to defined performance standards (as and when prescribed by TRAI).
II. Transfer of M2MSP Registration and SIM Ownership
Recognising the practical challenges associated with restructuring activities involving entities operating in the M2M space, TRAI has recommended the establishment of a regulatory framework to facilitate the transfer of M2MSP registration in cases of merger, demerger, acquisition, etc.
TRAI has further recommended enabling the transfer of ownership of M2M SIMs. In this regard, the proposed mechanism envisages that (i) the transferor entity will be required to furnish a no objection certificate for the transfer of such SIMs; and (ii) the transferee entity will be required to submit an undertaking assuming all obligations related to the M2M SIMs, which were originally obtained by the transferor entity, to the concerned access service providers.
The implementation of these recommendations is expected to streamline regulatory compliance, facilitate ease of doing business for M2MSPs undergoing corporate restructuring, and ensure seamless continuity of services for end-users.
III. Extension of MTCTE to Embedded M2M Modules
TRAI has further recommended that embedded M2M communication modules within devices used in critical sectors be brought within the purview of the existing Mandatory Testing and Certification of Telecommunication Equipment (MTCTE) framework administered by the Telecommunication Engineering Centre (TEC).
While the underlying objective of enhancing the security and reliability of device infrastructure seems well-intentioned, the specific recommendation to bring embedded M2M communication modules under the existing MTCTE framework raises certain technical and procedural concerns in its current form. The current MTCTE framework expressly states that it is geared towards testing "only complete-in-itself, standalone, independent equipment". Extending its applicability to embedded modules (which, by design, are not functionally complete and are often dependent on host device architecture and software integration) may be misaligned with the technical scope of the certification regime. As such, this proposal may warrant further stakeholder consultation to avoid unintended compliance besides additional administrative burden on TEC.
Comments
The Recommendations are a significant step towards building a more robust and accountable regulatory framework for India's evolving M2M/IoT ecosystem. In addition to enabling sector-specific classification of critical services, TRAI seeks to introduce measures to aid businesses.
Stakeholders, particularly those operating in regulated or infrastructure-heavy sectors should assess their existing and proposed IoT deployments in view of the twin test framework, prepare to integrate SLAs aligned with regulatory expectations, and actively monitor the developments around MTCTE applicability to M2M modules. It will have to been seen how DoT will ultimately adopt these Recommendations.
The content of this document does not necessarily reflect the views / position of Khaitan & Co but remain solely those of the author(s). For any further queries or follow up, please contact Khaitan & Co at editors@khaitanco.com.
