Several sections of Telecom Act to come into effect from June 26

Multiple sections of the Telecommunications Act, 2023, including the ones concerning the government’s powers to suspend telecom services and intercept communications in the interest of national security, those regarding offences related to unlawful interception, those allowing the creation of regulatory sandboxes and the ones listing duties of users, will come into effect from June 26, the ministry of communications notified in the gazette on Friday evening.

The Telecom Act was passed by both the Houses during the Winter Session in December last year, and it received presidential assent the same month. It replaced the Indian Telegraph Act (1885) and the Wireless Telegraphy Act (1933). Industry bodies had welcomed the Bill, but some MPs and privacy and technology activists had expressed concerns.

“The Telecommunications Act, 2023 (44 of 2023), the Central Government hereby appoints the 26th Day of June 2024 as the date on which the provisions of sections 1, 2, 10 to 30, 42 to 44, 46, 47, 50 to 58, 61 and 62 of the said Act shall come into force,” the notification said.

Significantly, the sections related to the auction and allocation of spectrum, adjudication of certain contraventions, and amendments to the Telecom Regulatory Authority of India Act, 1997, do not come into force on Tuesday.

To be sure, enforcement of some of the sections, such as those related to implementing the Right of Way for telecom network and infrastructure (sections 11, 12, 15, 17) and those related to the procedures and safeguards related to interception and suspension of services (section 20) amongst others are reliant on the notification of rules and regulations. These will be notified later. Until then, extant rules and regulations will continue to ply until and unless they are contrary to the new Act as given under Section 61, a senior government official clarified on the condition of anonymity. Section 61 will also come into force on Tuesday.

From Tuesday, the Universal Service Obligation Fund – which was created to develop telecom infrastructure in rural and remote areas of the country using funds gathered through the universal service levy imposed on telecom service operators – will be known as Digital Bharat Nidhi under sections 24 to 26.

Some of the provisions – such as suspension and interception of messages – that will come into force on Tuesday were already in force through extant laws such as the Indian Telegraph Act. Others related to duties of users, criminalisation of certain acts such as tampering of telecom identifiers, and creation of regulatory sandboxes are new.

The government will be able to create regulatory sandboxes where new products, services, processes and business models can be tested on a limited set of users without having to comply with all the obligations of the Act.

Section 21, which empowers the central government to order suspension, removal or prohibition of specified telecom equipment and services from notified countries or persons for national security reasons, will also come into effect.

Similarly, section 28, which protects users from spam and allows them to report malware, will also come into effect. These measures are already in force through different regulations and portals administered by the Telecom Regulatory Authority of India (TRAI) and the Department of Telecommunication (DoT).

Section 29, which comes into force on Tuesday, forbids users from furnishing false particulars while availing a telecom service. The Digital Personal Data Protection Act, 2023, had similarly imposed duties on principals that, among other things, forbade impersonation and suppression of material information while getting any document issued by the state.

Since the definition of telecommunication services is so wide, it is unclear if this means that users cannot create anonymous or dummy accounts on online services such as Gmail, Instagram, WhatsApp, etc., or what happens to anonymity at large on the internet.

After the Bill was passed by both Houses in December 2023, the then communications minister Ashwini Vaishnaw had told the Economic Times that OTT communication services such as WhatsApp would not be covered by the Bill. However, this was never clarified on the floor of either house even though multiple parliamentarians had questioned Vaishnaw about it during the discussion on the bill.

As a result, while the government will now be empowered to notify standards, including for encryption and data processing in telecommunications, from Tuesday, the concerns around whether the central government can notify encryption standards for end-to-end encrypted services such as WhatsApp, Signal and iMessage still persist.

Under section 20, the government is empowered to take temporary possession of any telecom service or network during a public emergency (including disaster management) or in the interest of public safety and to order interception and suspension of services. This section, which comes into force on Tuesday, is almost identical to section 5 of the Indian Telegraph Act, which has been in effect since 1885. It also allows the government to stop the transmission of any message or class of messages “relating to any particular subject”. The one change is that it requires the disclosure of messages “in intelligible format”.

Since the “class of messages” is not defined, it could be defined by the nature of the message (texts, images, videos), or nature of the service (email, messages on WhatsApp), or any other classification category. Since it allows such interception and disclosure to be done for “any particular subject”, this can be used to monitor all communications as well.

For instance, if the officer wants all messages related to “Parliament” or “ice cream” to be intercepted, that is possible only if all messages are being monitored. This provision also threatens end-to-end encryption because it requires the disclosure of the message “in intelligible format”.

This is similar to a provision – at different times called Chat Control, upload moderation, and client-side scanning – that was withdrawn by the European Council on Thursday because of the threat it poses to privacy and encryption. Hindustan Times