India introduces draft rules to enhance telecommunications cybersecurity

The Indian government has introduced significant draft rules on telecommunications cybersecurity, marking a substantial advancement in the regulatory framework for telecommunications. Central to these rules is the government’s authority to request traffic data from telecom providers, aimed at enhancing cybersecurity and protecting users from online fraud, particularly concerning over-the-top (OTT) services like WhatsApp and Telegram. By monitoring this data, the government seeks to identify patterns and potential threats, thereby strengthening the security of telecom networks.

Telecom companies in India must adopt comprehensive cybersecurity policies, conduct regular audits, and establish Security Operations Centers (SOCs) for real-time incident monitoring and response. Additionally, they must appoint a Chief Telecommunication Security Officer (CTSO) to ensure compliance and report any security incidents to the government within six hours. This proactive approach facilitates swift government intervention, and bolsters network resilience against cyber threats.

The draft rules also provide a framework for lawful interception of communications and temporary suspension of services for national security or public order reasons, emphasising the balance between security and individual privacy rights. Currently open for public consultation for 30 days, these rules invite feedback from stakeholders to ensure a balanced and inclusive regulatory approach.

Furthermore, the draft rules stress the protection of critical telecom infrastructure, requiring detailed record-keeping and compliance with national security directives, including the registration of telecommunications equipment identifiers.