The Telecommunications Act, 2023 (“Act”) has received presidential assent and has been notified for information.[1] When rulemaking under the Act is completed, and it is notified as being in force, it will replace existing legislation governing telecommunications in India, namely the Indian Telegraph Act, 1885, the Wireless Telegraphy Act, 1933, and the Telegraph Wires (Unlawful Possession) Act, 1950 (collectively, “Telegraph Laws”).
As assented, the Act shows significant improvement over a draft 2022 version (“Bill”)[2] released by the Department of Telecommunications (“DoT”) for public comments. It has addressed several of our concerns called out in our analysis (here).
Along the lines of much recent legislation in related sectors[3], the Act is concise, principle based, and aims to simplify a complex framework, which dates back to 1885[4]. In this post, we analyze the Act and its possible impact on the telecommunications sector, which underpins and enables ‘Digital India’.
A Unified ‘Authorisation’ Framework
The telecom sector currently operates under a multi-tiered, labyrinthine and occasionally contradictory set of licences, registrations and general rules. Under the Act, this entire framework is proposed to be collapsed into a single ‘authorisation’[5] regime, which will govern diverse entities ranging from core telecommunication service providers (“TSPs”); to providers of passive infrastructure like in-building infrastructure, and towers (that are currently governed through a lighter registration regime[6]); as well as entities that possess “radio equipment”, i.e., equipment capable of transmitting or receiving messages wirelessly[7]. Further, while existing frequency and type-based exemptions are likely to be carried over to the new regime,[8] authorisations for possessing and operating a wide range of equipment, including devices that enable certain types of M2M communication, may be required. Given that entities will have the option to choose between their existing licences and the new regime at least for five years[9], authorisations required by the varied types of entities (above) may be differentiated and “right sized”, depending upon their activity.[10]
Spectrum has been kept outside the ambit of the authorisation regime, with assignment of spectrum being done through auction and administrative processes, which have been clarified further under the Act.[11] The ability of the Government to re-farm (repurpose)[12] or harmonise (rearrange)[13] any frequency range, along with provisions for technologically neutral use of spectrum,[14] surrendering[15] of assigned spectrum and secondary assignment[16], promises to enable efficient use of resources.
Telecommunications Services
The expansive definition of “telecommunication services” (“Service”) under the Bill was a source of much debate[17]. Under the Act, much of the contentious language around broadcasting services and services that operate on top of existing networks to communicate messages (“OTT Services”), that existed under the Bill, has been done away with.[18] While the core definition of “telecommunications” has remained unchanged,[19] the related definition of ‘message’ has been sharpened to data actually “sent through telecommunication”.[20]
While there remains some possibility that authorisations may either directly, or as pass-through contractual obligations, regulate OTT communication services[21], one hopes that the legislative intent here is to unbundle carriage and content, as portended by the release of a draft Broadcasting Services (Regulation) Bill, 2023 (“Broadcasting Bill”)[22] by the Ministry of Information and Broadcasting (“MIB”), and this intent is carried through to rulemaking.
Identification and User Rights
Under the Act, authorised entities providing services may be required to identify persons to whom such services are being provided, using verifiable biometric based information.[23] In line with a theme in a recent legislation,[24] the Act also introduces telecommunication identifiers for use by authorised entities,[25] which may be used to uniquely identify users of services.[26] Further clarity on the nature and purpose of the use of telecommunication identifiers is expected in the rules.
Similar to the Bill,[27] the Act retains measures for protection of users against certain kinds of messages, including advertising or promoting goods and services, opportunities, etc.[28] Under both versions, the Government is empowered to provide measures for user protection, including prior consent, preparation of DND registers, malware reporting, etc.[29] The Act also includes the following welcome introductions:
- any such measures must be in consonance with the regulations notified by the Telecom Regulatory Authority of India (“TRAI”) [30], which will include the well-established TCCCPR framework[31]; and
- authorised entities providing services must establish an online mechanism for redressal of user grievances relating to the services.[32] The Government may also establish various online dispute resolution mechanisms for this purpose.[33]
Lawful Interception and Security
The Telegraph Laws empowered Government to intercept messages under a mechanism, which has survived judicial review for decades[34], and inspired similar regimes[35]. Interception directions are required to be in writing, on specified grounds and are subject to review by a committee[36].
The Act contains provisions empowering Government to take possession of Services or networks and direct interception or disclosure of messages, in the event of a public emergency or in the interest of safety[37], with measures to be specified in rulemaking. To the extent that existing safeguards flow through to the new regime,[38] especially given that right is couched in “public safety”, it should continue to provide a robust and constitutional basis for lawful interception and monitoring.
The Act introduces ‘critical telecommunication infrastructure’,[39] along the lines of ‘critical information infrastructure’ under the Information Technology Act, 2000 (“IT Act”).[40] Regulations in relation to the protection of critical telecommunications infrastructure will be prescribed under the rules.[41]
The Government’s power to notify standards, which were introduced in the Bill,[42] have been:
- modified to notify standards and conformity assessment measures for services in consonance with relevant TRAI regulations[43]; and
- expanded to include prescription of standards for telecommunication security, including identification, analysis and prevention of intrusion in services and networks, cyber security and encryption and data processing in telecommunication.[44]
These powers may impact entities not falling within the contours of the Act through contractual flow-down obligations in their capacity as service providers.
Appointments to TRAI have been broad based to enable appointments from the private sector.[45]
A Choice of Regimes
Given the long-term nature of telecom licenses and significant investments that existing licensees have made, the Act offers them the ability to continue with benefits from a licence, registration, permission or any other grant under the old regime:
- in case of a definite validity period, for such duration;[46]
- where there is no definite validity period, for 5 years;[47]
- and, where spectrum was assigned through the administrative process prior to the Act, for 5 years or the date of expiry of assignment (whichever is earlier).[48]
This should be a source of much-needed reassurance to the industry, and act as an incentive to move to the new regime. Authorisations under the Act will have to be beneficial, in comparison to those under the previous regime.
Existing rules, rights, exemptions and permissions under the Telegraph Laws will continue to operate under the Act until superseded[49].
Adjudication and Penalties
Contraventions under the Act will be adjudicated in the first instance by designated officers of the Central Government who will be appointed as ‘adjudicating officers’[50] and appeals will lie with appellate committees, constituting one or more Central Government officers not below the rank of Additional Secretary.[51] The adjudicating officer and appeals committee will have powers of the civil courts.[52]
The Telecom Disputes Settlement and Appellate Tribunal (“TDSAT”), in line with recent legislative developments[53], has been given an appellate role, with appeals against the decisions of the appeals committee for contraventions of authorisation or assignment under the Act lying with TDSAT[54], and for other contraventions of the Act, lying with the civil courts.[55] The jurisdiction that the adjudicating officer, appeals committee, TDSAT and Central Government have under the Act are excluded from the jurisdiction of civil courts.[56]
Under the Act, all offences for which criminal penalties have been specified, like providing telecommunication services without holding appropriate authorisations, unauthorised access or interception, etc., have been made cognizable and non-bailable.[57] Further, provisions for compounding of offences have been deleted,[58] which may result in significantly higher fines for entities contravening the provisions of the Act. Similar to the recently assented Digital Personal Data Protection Act, 2023 (our analysis of which can be accessed here), the Act also includes a graded mechanism for levy of penalties based on the severity of the offence, with penalties for severe offences of up to INR 5 crore.[59]
Conclusion
The Act, with its changes and retentions from the Bill such as the regulatory sandbox mechanisms,[60] facilitation of mergers, demergers and acquisitions,[61] the introduction of the ‘Digital Bharat Nidhi’,[62] the commitment to implement the Act in a ‘digital by design’ manner,[63] etc., demonstrates legislative commitment to promoting rapid growth of the industry and innovation. While the rules will determine how effective the outcomes are here, the Act as passed by Parliament is a clear, simplified and business friendly piece of legislation. If the legislative intent of enabling a simple and clear legislation for a growth sector is reflected in the rules as well, and short, precise authorizations that are purpose specific (for example, minimal restrictions on infrastructure providers, exclusions for purely “private” infrastructure, etc.) are provided for, the new regime can prove to be the key to unlocking incredible growth for this sector.
[1] The Telecommunications Act, 2023 (“Act”).
[2] The Indian Telecommunications Bill, 2022 (“Bill”), available here.
[3] See:The Digital Personal Data Protection Act, 2023, available here.
[4] The Indian Telegraph Act, 1885, the Wireless Telegraphy Act, 1933, and the Telegraph Wires (Unlawful Possession) Act, 1950.
[5] Where authorization is defined as a “permission, by whatever name called, granted under (the) Act for-
- Providing telecommunication services;
- Establishing, operating, maintaining or expanding telecommunication networks; or
- Possessing radio equipment.”
[Act, Section 2(d)]
[6] Revised Guidelines for Registration of Infrastructure Providers Category -I (IP-1), available here (December 22, 2021).
[7] Act, Sections 2(l), 2(q).
[8] Act, Section 3(4).
[9] Act, Sections 3(6)(b), 4(8).
[10] Act, Section 3(2).
[11] Act, Section 3.
[12] Act, Section 5(b).
[13] Act, Section 5(a).
[14] Act, Section 6.
[15] Act, Section 8(2).
[16] Act, Section 7(1).
[17] See: The Hindu, A word of advice on OTT and the draft telecom Bill, November 25, 2022, available here.
[18] Bill, Clause 2(21).
[19] Bill, Clause 2(17); Act, Section 2(p).
[20] Act, Section 2(g).
[21] See: Telecom Regulatory Authority of India, Consultation Paper on Regulatory Mechanism for Over-The-Top (OTT) Communication Services, and Selective Banning of OTT Services, July 7, 2023, available here.
[22] Broadcasting Services (Regulation) Bill, 2023, available here.
[23] Act, Section 3(7).
[24] IT Rules, Rule 4(2).
[25] Act, Section 3(8).
[26] Act, Section 2(r).
[27] Bill, Clause 33.
[28] Act, Section 28.
[29] Bill, Clause 33(2); Act, Section 28(2).
[30] Act, Section 28(2).
[31] The Telecom Commercial Communications Customer Preference Regulations, 2018, available here.
[32] Act, Section 28(3).
[33] Act, Section 30.
[34] People’s Union of Civil Liberties v. Union of India,(2003) 2 SCR 1136.
[35] The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (available here), Rule 4(2).
[36] Indian Telegraph Rules, 1951, Rule 419A(2).
[37] Act, Sections 20, 21.
[38] Act, Section 61.
[39] Act, Section 2(f).
[40] Information Technology Act, 2000, Section 70.
[41] Act, Section 20(4).
[42] Bill, Clause 23.
[43] Act, Section 19(b).
[44] Act, Sections 19(c), 19(d) and 19(e).
[45] Act, Section 59(b).
[46] Act, Section 3(6)(a).
[47] Bill, Section 3(6)(b).
[48] Bill, Section 4(8).
[49] Bill, Sections 60, 61.
[50] Bill, Section 35.
[51] Bill, Section 36.
[52] Bill, Section 37(2).
[53] Digital Personal Data Protection Act, 2023, Sections 2(a), 29(1).
[54] Bill, Section 39.
[55] Bill, Section 40.
[56] Bill, Section 41.
[57] Bill, Section 42(7).
[58] Bill, Clause 49.
[59] Bill, Schedule 2.
[60] Bill, Section 27.
[61] Bill, Section 3(5).
[62] Bill, Section 24.
[63] Bill, Section 53.
