Telecom Cyber Security Rules 2024

DoT Notifies New Telecom Cyber Security Rules 2024: Key Highlights

India’s telecommunications sector is the backbone of the country’s digital economy, connecting billions of users daily. However, with this vast network comes the growing challenge of crimes, cyber threats and scams, such as phishing attacks and fraud schemes like “digital arrests,” which exploit gaps in telecom security to deceive unsuspecting users.

The Department of Telecommunications, under the Ministry of Communications, notified the Telecom Cyber Security Rules, 2024 on November 21, 2024, to tackle these issues. These rules provide a detailed framework to protect telecom networks from cyberattacks, ensure the responsible use of telecom equipment, and prevent the misuse of telecommunication services for scams and fraudulent activities. The government aims to strengthen public trust and create a safer telecom environment for all by holding telecom operators accountable and mandating robust security measures.

These rules also target the loopholes that allow bad entities to manipulate telecom systems. The new rules set strict guidelines for operators, introduce rapid reporting mechanisms for security incidents, and require companies to adopt advanced cyber security practices, ensuring a proactive approach to threats.

Talk to sales - AuthBridge

Key Highlights Of The Telecom Cyber Security Rules, 2024

The Telecom Cyber Security Rules, 2024, set a detailed framework to enhance the safety and resilience of India’s telecommunications infrastructure. These rules address a variety of challenges by introducing stringent security measures, clear reporting mandates, and increased accountability for telecom entities. Below are the key highlights:

Comprehensive Cyber Security Policies

Telecom operators are required to establish a robust cyber security policy. This policy must focus on key areas, including:

  • Risk Management: Implementing measures to identify vulnerabilities and prevent potential risks.
  • Network Testing: Conducting vulnerability assessments, penetration testing, and hardening of telecom networks.
  • Incident Response: Establishing rapid action systems to mitigate the impact of breaches.
  • Forensic Analysis: Investigating incidents to strengthen defences and prevent future occurrences.

Appointment Of Chief Telecommunication Security Officers (CTSOs)

Every telecom entity is mandated to appoint a Chief Telecommunication Security Officer (CTSO). The necessary conditions needed to satisfy anyone who is to be appointed as a CTSO are:

  • Be a citizen and resident of India.
  • Oversee the implementation of the telecom cyber security framework.
  • Coordinate with the government on compliance and security-related matters.

This role ensures dedicated oversight and accountability within each telecom organisation.

Reporting Cyber Security Incidents

Timely reporting of security incidents is a cornerstone of these rules. Telecom operators must:

  • Notify the government within six hours of identifying a security breach.
  • Submit a detailed report within 24 hours, including:
    • Number of users affected.
    • Geographical scope and duration of the incident.
    • Mitigation steps were taken to address the issue.

The government may disclose incidents in the public interest or direct telecom operators to undertake remedial measures and audits.

Data Collection And Analysis Protocols

The government or authorised agencies are empowered to collect and analyse telecom data (excluding message content) for enhancing cyber security. Key requirements include:

  • Telecom Operators’ Obligations: Establish infrastructure to collect and share data with the government from designated points.
  • Data Analysis: Use the collected data to identify risks and take preventive measures.
  • Confidentiality Safeguards: Ensure strict protection against unauthorised access to sensitive information.

Provisions For Telecommunication Identifiers And Equipment

To address misuse of telecommunication equipment and identifiers:

  • Registration Requirements: Manufacturers and importers must register equipment identifiers such as IMEI numbers with the government before sale or import.
  • Tampering Prohibition: Altering or misusing identifiers is strictly prohibited.
  • Blocking Measures: Telecom entities may block devices with tampered identifiers to prevent misuse.

Establishment Of Security Operations Centres (SOCs)

Telecom operators must establish Security Operations Centres (SOCs) to monitor and address cyber security threats. The SOCs will:

  • Track security incidents, breaches, and intrusions.
  • Maintain detailed logs of operations, threats, and response measures.
  • Support government investigations by providing necessary data.

The establishment of SOCs is a significant step toward creating a proactive defence mechanism within telecom networks.

Repository Of Suspended Identifiers

The government will maintain a repository of telecom identifiers that have been suspended or disconnected due to violations of cyber security rules. Entities linked to these identifiers may face:

  • Access Restrictions: Being barred from telecom services for up to three years.
  • Wider Compliance Measures: The repository may also be shared with other service providers to prevent misuse.

Oversight And Compliance

The government holds the authority to:

  • Conduct security audits of telecom entities through certified agencies.
  • Issue directives for implementing security measures within stipulated timelines.
  • Enforce compliance mechanisms through a digital platform, ensuring telecom operators report and adhere to guidelines efficiently.

Impact Of The Telecom Cyber Security Rules, 2024

The Telecom Cyber Security rules are not just about compliance; they aim to create a safer and more resilient telecom environment for operators and users alike. Let’s look at what they mean for the industry and the people it serves.

Building Stronger Defences for Telecom Operators

Telecom companies will now have to adopt robust cyber security measures, including regular network testing, risk assessments, and detailed action plans for handling security incidents. These requirements are designed to prevent misuse and enhance the security of telecom services. As the rules state, “Every telecommunication entity shall ensure compliance with the directions and standards… for ensuring telecom cyber security.”

By implementing these measures, telecom operators will be better equipped to handle modern cyber threats, minimising the risk of service disruptions or data breaches.

Clear Accountability Through Dedicated Cyber Security Officers

One of the standout features of the new rules is the mandatory appointment of a Chief Telecommunication Security Officer (CTSO) in every telecom organisation. This officer will be responsible for implementing security policies, coordinating with the government, and ensuring compliance.

Having a dedicated person for this role ensures accountability and gives companies a clear point of contact for all security-related matters. It’s a practical step toward improving how security is managed within the sector.

Faster Responses To Threats

The new rules introduce strict timelines for reporting security breaches. Telecom operators must notify the government within six hours of identifying an incident and provide a detailed report within 24 hours.

This quick reporting framework ensures that potential threats are addressed before they escalate, helping prevent widespread disruptions. Additionally, the government’s ability to direct further audits or investigations adds an extra layer of scrutiny to make sure incidents are handled thoroughly.

Protecting Data And Preventing Misuse

Data privacy is a key concern addressed by these rules. While the government or authorised agencies can collect and analyse certain types of telecom data to enhance security, the rules clearly state, “Any data so disseminated or shared shall not be used for any purpose other than for ensuring telecom cyber security.”

This clause reassures users that their personal information won’t be misused, fostering trust in the telecom ecosystem.

Stamping Out Fraudulent Activities

With stringent regulations on telecom equipment identifiers, such as IMEI numbers, the government is cracking down on the misuse of telecom devices. Manufacturers and importers must now register these identifiers before selling or importing devices. Additionally, tampering with or altering identifiers is strictly prohibited, and such devices can be blocked from accessing networks.

These measures will go a long way in tackling issues like fraudulent device usage and unauthorised network access.

Proactive Monitoring With Security Operations Centres

Telecom companies are now required to set up Security Operations Centres (SOCs) to monitor and manage cyber threats. These centres will handle tasks like tracking security incidents, analysing threats, and maintaining detailed logs to support investigations.

This step ensures that telecom operators are not just reacting to threats but actively working to prevent them. It’s a proactive approach that strengthens the overall resilience of telecom networks.

Empowering Users And Boosting Trust

For users, these rules are a big win. By holding telecom operators accountable for their security practices, the government is ensuring a safer digital environment. Whether it’s protecting personal data or ensuring uninterrupted service, these measures are designed with user safety in mind.

The Telecom Cyber Security Rules, 2024, send a strong message: India’s telecom industry is committed to staying one step ahead of cyber threats. These regulations not only address today’s challenges but also prepare the industry for the risks of tomorrow.

Conclusion

For telecom operators, the rules signal a shift toward proactive security management. Measures like mandatory security policies, the appointment of Chief Telecommunication Security Officers, and the establishment of Security Operations Centres will not only protect their networks but also enhance their ability to respond to threats swiftly and effectively.

For users, the new framework promises greater trust and safety. By prioritising data protection and ensuring the integrity of telecom services, the government has reaffirmed its commitment to creating a secure digital environment.

Moreover, these rules are forward-looking, addressing current vulnerabilities while anticipating future challenges in an increasingly interconnected world. With the telecommunications sector forming the backbone of India’s digital economy, these measures are not just about security—they’re about enabling growth and innovation on a strong foundation of trust and resilience.

FAQs on the Telecom Cyber Security Rules, 2024

Cyber Security Group under the Ministry of Electronics and Information Technology, Government of India is the governing body of cyber security in India.

CERT stands for Computer Emergency Response Team. 

These rules establish a legal framework for enhancing and ensuring telecom cyber security in India, including policies, safeguards, and measures for secure telecommunication networks and services.

The rules came into effect on the date of their publication in the Official Gazette, November 21, 2024.

All telecommunication entities, including service providers, network operators, equipment manufacturers, and importers, are covered.

  • Report incidents to the Central Government within 6 hours of detection.
  • Submit detailed reports within 24 hours, including user impact, geographical scope, and remedial actions taken.

The CTSO is responsible for coordinating with the government on cyber security compliance and incident reporting. The officer must be a citizen and resident of India.

The government can collect traffic and other data (excluding message content) to enhance cyber security, with safeguards for confidentiality and unauthorized access prevention.

Collected data is stored securely, shared only for telecom cyber security purposes, and subject to strict confidentiality safeguards.

Identifiers include International Mobile Equipment Identity (IMEI) numbers, Electronic Serial Numbers (ESNs), or other unique signals used to identify telecom equipment.

  • Manufacturers must register IMEI numbers with the Central Government before sale.
  • Importers must register IMEI numbers prior to importing equipment into India.

Tampering, altering, or using fraudulent telecommunication identifiers is strictly prohibited.

Yes, the government can temporarily suspend or permanently disconnect identifiers if they pose a cyber security risk.

Tampering is a punishable offense, and the equipment may be blocked from telecom networks or services.

Entities must maintain logs and records for a period specified by the government, which may extend up to three years.

What is Digital Arrest?

What Is The “Digital Arrest” Scam & How To Avoid It?

With the rapid rise of digitalisation in India, cyber fraud has become increasingly common, and sophisticated, targeting individuals across all walks of life. Among the latest threats is the “Digital Arrest” scam, a scheme that manipulates fear to force victims into compliance. Typically, fraudsters impersonate law enforcement or government officials, using realistic video calls and fabricated documents to make their threats appear genuine. Under the pretext of immediate arrest, they pressure their victims into transferring money or disclosing sensitive information.

What makes this scam particularly alarming is its reach. From the average citizen to high-profile executives, anyone can become a target. With the scam’s clever use of technology, including video conferencing and digital manipulation, even the savviest individuals have found themselves ensnared by these fraudsters.

In this blog, we’ll explore how the digital arrest scam works, share real-life examples of its impact, and provide crucial guidance on safeguarding yourself and your organisation. By raising awareness and fostering vigilance, we can each take steps to stay secure in a digital world filled with evolving threats.

What Is The “Digital Arrest” Scam?

A “Digital Arrest” scam is a new-age scam that leverages technology to deceive and exploit people by simulating an official arrest scenario online. Fraudsters impersonate law enforcement or government officials, using methods like video calls, falsified documents, and other digital tactics to convince their targets that they are under legal scrutiny. Unlike a physical arrest, a digital arrest is purely virtual, created to manipulate victims into believing that immediate action—usually involving a transfer of money—will save them from severe consequences.

The scam capitalises on people’s fears of legal repercussions and relies on the victim’s trust in authority figures. By using digital platforms to deliver their threats, scammers can intimidate individuals and coerce them into compliance without ever coming into physical contact. As a result, the digital arrest scam has seen a worrying rise, with reports suggesting that it has impacted thousands, from average citizens to high-profile professionals.

This scam draws attention to the larger issue of digital fraud and the need for enhanced due diligence practices, as highlighted in recent due diligence guidelines issued by the RBI. Financial institutions and businesses now place increasing importance on digital identity verification and background checks to protect consumers from fraudulent activities.

How The “Digital Arrest” Scam Operates?

The digital arrest scam is a carefully planned act that plays on fear and urgency. By pretending to be officials from reputable organisations, scammers manipulate victims into following their demands. Here’s how it usually unfolds:

Step 1: The Fake Phone Call or Message

The scam often begins with a simple message or phone call, which might appear to be from a bank, telecom provider, or even a courier service. The message typically warns the recipient about a legal issue or suspicious activity linked to their accounts, creating a sense of urgency. The victim is then directed to press a number or reply to connect with a “representative.” Once connected, the victim finds themselves speaking to someone posing as an official from a government agency or law enforcement body.

Step 2: Pretending to Be the Police or Government

On the call, the scammer escalates the tension, using personal information like the victim’s name, ID number, or address to appear credible. They then claim the victim is involved in serious crimes, like money laundering or tax evasion, to increase anxiety. In many cases, the scammer asks the victim to switch to a video call, making the interaction seem even more realistic. During the video call, scammers may appear in uniforms or set up fake “official” backgrounds to add authenticity. Victims are sometimes shown falsified documents, like arrest warrants, further cementing the illusion of legitimacy.

Step 3: Demanding Money Right Away

With the victim sufficiently alarmed, the scammer introduces a way to “resolve” the issue. They request immediate payment as a “fine” or “security deposit” to prevent arrest or other legal actions. These payments are usually demanded via untraceable channels, such as cryptocurrency or prepaid cards, which makes it nearly impossible to retrieve the money once transferred. Scammers often keep the victim on the call throughout the process, using high-pressure tactics to prevent them from consulting others or seeking advice, pushing them to comply quickly.

Recent Cases Of “Digital Arrest” Scam

The digital arrest scam has ensnared individuals across various demographics, including senior citizens, by exploiting their trust and unfamiliarity with digital communication. Below are real-life instances illustrating the scam’s impact:

Case 1: High-Profile Businessman Defrauded

In September 2024, S.P. Oswal, chairman of Vardhman Group, was deceived by fraudsters posing as federal investigators. They orchestrated a fake online Supreme Court hearing, complete with an impersonator of former Chief Justice of India D.Y. Chandrachud, coercing Oswal into transferring approximately ₹6.9 crore ($830,000) under the threat of arrest. Authorities arrested two individuals and recovered $600,000, marking a significant recovery in such cases.

Case 2: Senior Citizen Duped by Fake Law Enforcement

A 72-year-old woman received a call from individuals claiming to be police officers, informing her of a legal case against her. Under the pretext of helping her avoid arrest, they coerced her into transferring a substantial amount of money.

Case 3: Doctor Defrauded Through Video Call

Dr Anvitha, a renowned doctor, received a late-night call from someone posing as a CBI officer, claiming a money laundering warrant was issued against her. She was told she was under digital arrest and must participate in a video call. Terrified, Dr. Anvitha transferred ₹70 lakh to the scammer’s account.

Case 4: 70-year Old Retired Engineer Tricked To Losing His Life Savings

A 70-year-old retired engineer from Delhi lost over Rs 10 crore to fraudsters who impersonated law enforcement officials. The scammers deceived him into transferring his life savings by fabricating a story about a drug parcel linked to his name and threatening him with arrest.

How To Recognise A Digital Arrest Scam?

Spotting red flags is key to avoiding the Digital Arrest scam. Here are some warning signs to look out for:

  • Unsolicited Contact: Law enforcement rarely contacts individuals out of the blue via phone or email.
  • Immediate Threats: Genuine officials do not threaten arrest or demand payment without due process.
  • Untraceable Payment Methods: Requests for cryptocurrency or gift card payments are clear indicators of fraud.
  • Poor Grammar: Emails or messages with spelling and grammatical errors are often fraudulent.

Preventive Measures Against Digital Arrest Scams

The Government of India and the Indian Computer Emergency Response Team (CERT-In) have issued specific guidelines to help citizens protect themselves from digital arrest scams. Here are actionable steps based on these official directives:

  1. Stay Calm and Do Not Panic

Scammers often create a sense of urgency to pressure victims into making hasty decisions. Remember, legitimate law enforcement agencies do not issue arrest warrants or demand payments over the phone or video calls. If you receive such a call, remain composed and do not act impulsively.

  1. Verify the Caller’s Identity

If someone claims to be a government official, do not trust the call blindly. Disconnect and contact the relevant agency directly using the official contact information available on their official websites. This step ensures you are communicating with a genuine representative.

  1. Do Not Share Personal Information

Avoid disclosing sensitive personal or financial details over the phone, especially to unknown callers. Government officials will not ask for such information through unsolicited calls or messages.

  1. Be Wary of Unsolicited Communications

Scammers may contact you via phone calls, emails, or messages claiming to be from courier companies, banks, or government agencies. Always verify the authenticity of such communications before responding or taking any action.

  1. Report Suspicious Activities

If you encounter a suspected digital arrest scam, report it immediately to the National Cyber Crime Reporting Portal at cybercrime.gov.in or call the cybercrime helpline at 1930. Prompt reporting can help authorities take swift action against scammers.

  1. Educate Yourself and Others

Stay informed about common scam tactics and share this knowledge with family and friends, especially those who may be less familiar with digital communication. Awareness is a crucial defence against falling victim to scams.

How Can Businesses Prevent Digital Arrest Scams?

As cyber scams like digital arrest fraud continue to evolve, businesses are recognising the need to fortify their defences, not just for their security but also to protect their customers and partners. Companies like AuthBridge play a crucial role in this fight, providing technology-driven solutions that enhance security, streamline verification, and ensure compliance. Here’s how AuthBridge’s offerings empower businesses to stay ahead of such threats:

1. Streamlined Digital Onboarding and Verification

The digital arrest scam highlights how scammers use fake identities to impersonate officials and deceive victims. For businesses, verifying the identity of new customers, employees, and partners is essential in building trust from the first interaction. AuthBridge’s Digital KYC solutions, powered by AI-driven biometric checks and OCR technology, offer instant, reliable identity verification. This ensures that businesses interact only with genuine individuals, minimising the risk of falling prey to imposters.

2. Comprehensive Employee and Leadership Screening

Employee integrity is foundational to safeguarding an organisation against internal threats, including fraud or misuse of authority. Through platforms like iBRIDGE for employee background checks and AuthLead for executive vetting, AuthBridge provides businesses with thorough screening tools. By verifying educational, professional, and criminal records, as well as conducting detailed reference checks, companies can onboard individuals who align with their values and security standards, reducing the risk of fraudulent activity within their ranks.

3. Vendor and Third-Party Due Diligence

Partnering with vendors or third parties can introduce risks if they’re not thoroughly vetted, especially with scammers becoming increasingly sophisticated. our OnboardX platform provides comprehensive digital onboarding and due diligence checks for vendors and third parties. With background verification, risk profiling, and financial health checks, businesses can ensure they collaborate only with trusted partners, creating an additional layer of protection against fraud.

4. Criminal Record Verification and Compliance Monitoring

As digital arrest scams involve manipulation of legal fears, having access to verified criminal records and compliance checks is invaluable. Vault leverages extensive databases to perform criminal background checks and monitor legal compliance, ensuring that individuals associated with fraudulent or criminal activities are identified and flagged. This tool enhances security by helping businesses avoid engagements that could expose them to legal risks or reputational damage.

5. Educating and Empowering Teams Against Cyber Threats

In the fight against scams, awareness is one of the most effective defences. AuthBridge works closely with businesses to promote cybersecurity awareness and build a culture of vigilance among employees. Through regular updates on emerging threats and best practices for handling suspicious activity, companies can equip their teams with the knowledge needed to recognise and report potential scams, helping to minimise organisational risk.

Conclusion

In a time when scams like digital arrest fraud are on the rise, companies must take proactive steps to protect themselves and their stakeholders. By implementing advanced verification tools and promoting awareness, businesses can stay resilient against the tactics of cybercriminals. AuthBridge’s suite of solutions offers the technology, expertise, and support needed to secure digital interactions, strengthen compliance, and build a safer, more trusted environment.

FAQs around Digital Arrest Scam

In India, a “digital arrest” is a scam where fraudsters impersonate law enforcement through video calls, using fake arrest warrants and legal proceedings to extort money or personal information. Indian law does not recognise arrests conducted digitally; legitimate arrests require in-person procedures as per legal mandates.

A digital arrest in India refers to a scam where fraudsters impersonate law enforcement officials. For example, a Hyderabad tech professional was virtually interrogated over a video call, accused of money laundering, and coerced into transferring funds to avoid a fake arrest.

To safeguard against digital arrest scams in India, consider the following precautions:

  1. Verify Caller Identity: If you receive a call from someone claiming to be a law enforcement or government official, independently confirm their identity by contacting the relevant agency through official channels. Legitimate authorities do not initiate legal proceedings via phone calls or video calls.

  2. Do Not Share Personal Information: Avoid disclosing sensitive details such as Aadhaar numbers, PAN, bank account information, or OTPs over the phone or online platforms, especially to unknown or unverified sources.

  3. Stay Calm and Do Not Succumb to Pressure: Scammers often create a sense of urgency to elicit quick responses. Remain composed, do not make hasty decisions, and take time to assess the situation.

  4. Report Suspicious Activities: If you suspect a scam, report it immediately to the National Cyber Crime Reporting Portal at cybercrime.gov.in or call the cybercrime helpline at 1930. Prompt reporting can help prevent further incidents.

  5. Educate Yourself and Others: Stay informed about common scam tactics and share this knowledge with family and friends to build a community aware of such threats.

To stay safe while using digital devices, it’s essential to follow guidelines recommended by the Government of India and the Indian Computer Emergency Response Team (CERT-In). Here are the key precautions:

  1. Secure Your Devices:

    • Use strong, unique passwords and enable multi-factor authentication (MFA) where available.
    • Regularly update your device software to patch vulnerabilities.
    • Install and update antivirus software to protect against malware.
  2. Avoid Public Wi-Fi for Sensitive Transactions:

    • Refrain from accessing banking or sensitive accounts over public Wi-Fi. Use a Virtual Private Network (VPN) for secure browsing.
  3. Be Cautious with Emails and Links:

    • Avoid clicking on unsolicited links or attachments. Phishing emails often mimic official communication to steal sensitive information.
  4. Verify Communications:

    • Government agencies or banks will not request sensitive details (e.g., Aadhaar, PAN, OTPs) over calls or messages. Verify any such communication through official channels.
  5. Enable Device Security Features:

    • Use device locking features like PINs, patterns, or biometrics.
    • Enable remote wipe capabilities to erase data if your device is lost or stolen.
  6. Report Suspicious Activities:

  7. Educate Yourself and Others:

    • Stay informed about cyber threats and share knowledge with friends and family, particularly those less familiar with technology.

If you receive such a call:

  • Stay calm and avoid panic.
  • Do not share any personal or financial details.
  • Disconnect the call immediately.
  • Verify the claims by directly contacting the official organisation through their publicly listed numbers.
  • Report the incident to the National Cybercrime Reporting Portal (cybercrime.gov.in) or call 1930.

No, video calls are not used for legal proceedings, arrest warrants, or interrogations in India. Scammers may use video calls with fake uniforms or staged backgrounds to create a false sense of authority. Always verify such communications through official channels.

  • The caller demands immediate payment to avoid arrest.
  • The use of platforms like WhatsApp or Skype for “official” communication.
  • The caller shares incomplete or incorrect personal details to gain trust.
  • Threats of severe legal consequences without providing legitimate documentation.

Recovering losses can be challenging but not impossible:

  • Report the fraud immediately to the cybercrime helpline (1930) and your bank.
  • Provide evidence such as call recordings, transaction details, and any messages to authorities.
  • Early reporting increases the chances of recovery.

Digital Arrest Scam Victims can:

Senior citizens are often targeted because:

  • They may lack familiarity with digital communication methods.
  • Scammers exploit their trust and fear of legal complications.
  • Education campaigns tailored to senior citizens can reduce their vulnerability to scams.

Hi! Let’s Schedule Your Call.

To begin, Tell us a bit about “yourself”

The most noteworthy aspects of our collaboration has been the ability to seamlessly onboard partners from all corners of India, for which our TAT has been reduced from multiple weeks to a few hours now.

- Mr. Satyasiva Sundar Ruutray
Vice President, F&A Commercial,
Greenlam

Thank You

We have sent your download in your email.

Case Study Download

Want to Verify More Tin Numbers?

Want to Verify More Pan Numbers?

Want to Verify More UAN Numbers?

Want to Verify More Pan Dob ?

Want to Verify More Aadhar Numbers?

Want to Check More Udyam Registration/Reference Numbers?

Want to Verify More GST Numbers?