India's draft telecom rules propose mandatory verification of all app users' phone numbers through government databases — a move that could bring services like WhatsApp, Netflix, and Amazon under sweeping telecom-style regulation.
India’s digital regulation landscape is facing a seismic shift. A new draft of cybersecurity rules under the 2023 Telecommunications Act has triggered concern across the tech industry, privacy advocates, and digital rights groups.
The proposed rule? Any app or digital service that uses a mobile phone number for registration, login, or communication — including WhatsApp, Netflix, Amazon, Flipkart, Paytm, and many others — would be required to verify those numbers against government or telecom databases.
Released on July 24, the draft mandates that:
Apps must verify users’ phone numbers via an official government verification platform or telco registry.
This would apply to any service, platform, or OTT app that leverages a phone number — even passively — as part of its service flow.
Companies must maintain logs and proof of verification for regulatory audits.
While the rule is framed as a cybersecurity measure to prevent fraud and spam, critics say it amounts to bringing digital platforms under legacy telecom-style regulation — with enormous implications for data privacy, compliance, and innovation.
Major industry bodies, including IAMAI (Internet and Mobile Association of India), are pushing back hard. Their main concerns:
Privacy risks: Mandating number verification via centralized databases could lead to increased surveillance and potential data breaches.
Operational burden: Maintaining real-time syncs with telecom databases is technically complex and expensive.
Chilling effect: Smaller startups and international platforms may find the cost and compliance risk too high, stalling digital innovation in one of the world’s fastest-growing markets.
“This is a classic case of regulatory overreach,” said a policy analyst at a major tech firm. “It could make India’s digital economy harder to enter, scale in, or innovate within.”
Digital rights organizations also warn this may be a backdoor route to more government oversight on online speech and user identity. By forcing all services to use state-approved identity verification, critics say the bill opens doors to:
Mass surveillance
Censorship via identity-linked tracking
Suppression of anonymous expression online
This comes in a broader context of India expanding its digital controls — from data localization laws to mandatory traceability rules for messaging apps.
The Telecom Ministry says the new rule is meant to:
Curb online fraud, impersonation, and mobile spam
Ensure accountability of service providers
Align platforms with the same rules telcos already follow
Officials argue that in a mobile-first country like India, phone numbers are a key digital identity layer — and therefore need stronger safeguards.
But experts point out that no concrete evidence has been provided that this verification step would meaningfully improve cybersecurity.
The draft is currently in the public consultation phase, and lobbying is intensifying:
Tech firms are calling for exemptions or a more risk-based, platform-specific approach.
Civil society groups are demanding stronger privacy protections and impact assessments.
Startups warn that such regulation could reverse gains made under India’s recent digital innovation boom.
If passed in its current form, this regulation could reshape the operational fabric of India’s digital ecosystem, putting it closer to state-regulated telecom infrastructure than the open, decentralized model the internet was built on.
As India positions itself as a global tech hub, how it regulates its digital space will set a precedent not just for its 1.4 billion citizens, but for emerging economies worldwide.
The coming months will reveal whether this telecom bill gets diluted, amended — or becomes a watershed moment for digital rights and regulation in India.
Stay tuned with Cortex Hub for updates on this evolving story and more from the frontlines of global tech policy.
