The Department of Telecom (DoT) has issued a notification dated 16 May 2018 (Notification) which prescribes know your customer (KYC) norms for issuing subscriber identity module (SIM) cards to be used in machine to machine (M2M) communications. Amongst other things, the Notification also deals with the restrictions and ownership related aspects of SIMs to be used in M2M devices.
The Notification is one of the first in a long time that provides pivotal understanding over some of the material and significant aspects of M2M communications. In a way, the DoT has provided fundamental clarifications over certain questions that were long awaited by the industry.
Before we outline the provisions of the Notification, it will be prudent to understand the meaning of M2M communications. M2M communication is also generally identified as 'internet of things' around the world. In simple words, it is a concept that allows machines to interact amongst themselves (using internet or evolving communication technology) with minimal human intervention.
M2M communications is a result of convergence of multiple technologies (such as wireless communication, sensors etc.) and few constituents of M2M ecosystem include the device manufacturer, connectivity provider or telecom service providers (TSP), M2M service provider (Service Provider) and the end user.
Key highlights of the Notification
- Restrictive feature of the SIM cards: The Notification specifies that SIMs to be used in M2M services will have certain restrictions when compared to traditional SIM cards which are used in person to person (P2P) communication. For SIMs used with M2M devices, the calls (incoming or outgoing) will be permitted from a predefined set of one number only and similarly SMS facility or data communication facility will be allowed to a maximum of two pre-configured numbers or predefined IP addresses with fixed access point name (as the case may be). However, calls to emergency numbers such as police, fire, ambulance etc. have been kept outside the purview of aforesaid restrictions.
- Ownership of M2M SIMs: The ownership of M2M SIMs will rest with the entity providing M2M services i.e. Service Provider. Such an entity will be required to maintain a list of customers who have availed services (machines fitted with SIMs) from them. Further, the Service Provider is required to maintain and make available, through an online web interface, the following information to the concerned TSP: (i) details of device such as International Mobile Equipment Identity (IMEI), Electronic Serial Number (ESN) etc.; (ii) make, model, registration number of the devices (for cars, utility meters and POS devices) and (iii) physical custodian's name and address. In turn, the TSP is obligated to maintain database/records of end users in accordance with the bulk subscription norms of the DoT.
- Sale or transfer of M2M devices: The Service Provider, who procures SIMs from TSP, will be responsible for intimating the TSP regarding the details of person to whom devices are sold or transferred and for completion of subscriber verification norms. The TSP will accordingly update the details (regarding change of ownership or custody) in its database.
- Use of Embedded SIMs permitted: Embedded SIMs (e-SIM) have been allowed to be used (for both single and multiple profile configurations) with 'over the air' (OTA) subscription/profile update facility in accordance with global standards. The TSPs are required to ensure that (i) e-SIMs are not tampered at the manufacturing stage by the device manufacturer; and (ii) it fulfils security conditions (including lawful interception and monitoring) in respect of the e-SIMs.
- Existing connections to be made compliant and consequence of non-compliance: The existing connections issued to Service Providers are required to comply with the requirements within six months from the date of issue of the Notification. The TSPs are required to submit a certificate of compliance to the DoT in the concerned service areas. After a period of six months, in the event it is found that M2M services are being provided without adhering to the provisions of the Notification, all connections issued to the breaching Service Provider will be disconnected.
- No requirement of tele-verification: The traditional SIM cards are required to undergo tele-verification prior to its activation however, no such requirements will be applicable in case of M2M SIMs.
- Undertaking: While applying for M2M SIMs on bulk connection basis, the Service Provider is required to furnish an undertaking to the TSP agreeing to comply with M2M specific guidelines issued by DoT from time to time.
- Limit on M2M SIM connections on an individual user: An individual user will be permitted to hold nine M2M SIMs in addition to the nine traditional (non‑M2M) SIMs that is permitted under the current regulatory framework. However, in respect of the individual users located in the sensitive areas such as Jammu & Kashmir, Assam and other parts of North Eastern India, the existing norms of DoT will continue to apply.
The landscape around regulatory framework for M2M communications have been largely unclear and the Notification issued by DoT is very important considering the issues related to ownership of SIM, KYC norms, e-SIM etc. had not been addressed thus far. By way of the Notification, the DoT has carved out a major exception and permitted transferability of M2M SIMs. Traditionally, the SIMs used in everyday life for voice and data communication are not permitted to be transferred. It is a welcome decision as it is in line with the demand of the present day, where automation has seeped into every industry. The Notification has also permitted use of embedded SIM in devices which is landmark for the industry, which will facilitate proliferation of M2M both in domestic and industrial spheres.
The Notification envisages Service Provider and TSPs to comply with provisions set out, but questions arise regarding the compliance requirements of other stakeholders and whether they will be covered under the regulatory framework. Further, other issues such as registration requirements for Service Provider, roaming and spectrum aspects, quality of service, data protection have been deliberated in the past but are not covered under the Notification.
Importantly, the Notification imposes a significant penalty on Service Providers in case of non-compliance of provisions of the Notification. It states that all connections issued to a breaching Service Provider will be disconnected if such Service Provider fails to comply with the instructions in the Notification (post expiry of period of six months from the date of issue of Notification). The DoT may subsequently need to provide clarity over the intent of the provision as it appears to be severe and disproportionate. It will not only impact the service offering by Service Providers but also affect the end users.
While the Notification may not be comprehensive, it does spell out answers to issues that were persisting, and much will be required to be done in near future to formulate sound legal and regulatory framework around M2M communications.
The content of this document do not necessarily reflect the views/position of Khaitan & Co but remain solely those of the author(s). For any further queries or follow up please contact Khaitan & Co at firstname.lastname@example.org