Amended Cybersecurity Rules by the Department of Telecommunications (DoT)
The Department of Telecommunications (DoT) has introduced new cybersecurity rules aimed at addressing the increase in cyber frauds, such as phishing. Despite resistance from the tech industry over potential privacy concerns, the rules are deemed essential by DoT officials.
Key Points of the Amended Rules
- Scope of Application:
- The rules are mandatory for telecom operators who are licensees of the DoT.
- Other entities, including banks and financial institutions, can voluntarily adopt these rules.
- Businesses such as e-commerce and food delivery platforms are not regulated under these rules but can participate voluntarily.
- Mobile Number Validation (MNV) Platform:
- The DoT plans to set up an MNV platform to verify if a mobile number belongs to the correct person by checking KYC details.
- The platform will allow banks and financial institutions to verify customer details when opening new accounts, thus reducing cyber fraud.
- Telcos must onboard this platform, while other businesses can opt-in if beneficial.
- Privacy Concerns:
- Some stakeholders, including privacy activists, argue that the rules might compromise consumer privacy by allowing government access to personal data.
- Support from Parliamentary Committee:
- The parliamentary standing committee on home affairs supports the MNV platform for nationwide implementation to curb fraudulent use of mobile numbers.
- Directions to Phone Makers:
- The government can direct phone manufacturers to assist in dealing with tampered devices with international mobile equipment identity (IMEI) numbers.
- Manufacturers may be asked not to assign already used IMEIs to new telecom equipment.
These amended rules aim to enhance cybersecurity by ensuring accurate identity verification while also attempting to balance privacy concerns and regulatory requirements.