Draft Telecommunications (User Identification) Rules, 2025

REGD. No. D. L.-33004/99 The Gazette of India CG-DL-E-22092025-266292 EXTRAORDINARY PART II-Section 3-Sub-section (i) PUBLISHED BY AUTHORITY NEW DELHI, FRIDAY, SEPTEMBER 19, 2025/BHADRA 28, 1947 MINISTRY OF COMMUNICATIONS (Department of Telecommunications) NOTIFICATION New Delhi, the 19th September, 2025 G.S.R. 691(E). — The following draft rules, which the Central Government proposes to make in exercise of the powers conferred under sub-section (7) of section 3, read with clause (e) to sub-section (2) of section 56 of the Telecommunications Act, 2023 (44 of 2023), are hereby published for the information of all persons likely to be affected thereby and notice is hereby given that the said draft rules shall be taken into consideration after the expiry of a period of thirty days from the date on which copies of this notification as published in the Official Gazette are made available to the public; Objections or suggestions, if any, may be addressed to the Joint Secretary (Telecom), Department of Telecommunications, Ministry of Communications, Government of India, Sanchar Bhawan, 20, Ashoka Road, New Delhi - 110001; The objections or suggestions which may be received from any person with respect to the said draft rules before the expiry of the aforesaid period shall be taken into consideration by the Central Government. 1. Short title and commencement. - (1) These rules may be called the Telecommunications (User Identification) Rules, 2025. (2) They shall come into force on the date of their publication in the Official Gazette. 2. Definitions. - (1) In these rules, unless the context otherwise requires: - (a) "Aadhaar number" shall have the meaning assigned to it under clause (a) of section 2 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (18 of 2016); (b) "Aadhaar number holder" shall have the meaning assigned to it under clause (b) of section 2 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (18 of 2016); (c) "Act" means the Telecommunications Act, 2023 (44 of 2023); (d) "Biometric Identity Verification System” or “BIVS” means a system for biometric based identification of a user established by an authorised entity in accordance with rule 6; (e) "business connection" shall have the same meaning assigned to it in clause (a) of sub-rule (1) of rule 46 of the Telecommunications (Authorisation For Provision of Main Telecommunication Services) Rules, 2025; (f) "business user” shall have the same meaning assigned to it in clause (b) of sub-rule (1) of rule 46 of the Telecommunications (Authorisation For Provision of Main Telecommunication Services) Rules, 2025; (g) "CAF” shall have the same meaning as assigned to it under clause (v) of sub-rule (1) of rule 2 of the Telecommunications (Authorisation For Provision of Main Telecommunication Services) Rules, 2025; (h) "core biometric information" shall have the meaning assigned to it under clause (j) of section 2 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (18 of 2016) (i) "D-KYC" or "digital KYC” means the digital process for enrolment and identification of user in accordance with rule 7 and D-KYC process shall be construed accordingly; (j) “e-KYC" means the “e-KYC authentication facility" as defined in clause (j) to sub- regulation (1) of regulation 2 of the Aadhaar (Authentication and Offline Verification) Regulations, 2021 and e-KYC process shall be construed accordingly; (k) "end user" shall have the same meaning assigned to it in clause (c) of sub-rule (1) of rule 46 of the Telecommunications (Authorisation For Provision of Main Telecommunication Services) Rules, 2025; (l) "live photograph" means a real-time photograph of the user taken during enrolment for availing telecommunication services in the form and manner as may be specified by the Central Government on the portal, using technology capable of verifying that the image is of a living person physically present at the time of enrolment, and not a photograph of a still image or video of such user; (m) "notified telecommunication services" means such telecommunication services as may be notified by Central Government under sub-section (7) of the Section 3 of the Act; (n) "Point of Sale” or “PoS” shall have the same meaning assigned to it in Part B of Chapter 6 of the Telecommunications (Authorisation For Provision of Main Telecommunication Services) Rules, 2025; (o) "portal" means the portal as notified by the Central Government under rule 15; (p) "SIM" shall have the same meaning assigned to it in clause (bbbb) of sub-rule (1) of rule 2 of the Telecommunications (Authorisation For Provision of Main Telecommunication Services) Rules, 2025; (q) "Subscriber Database Record” or “SDR” shall have the same meaning as assigned to it under clause (dddd) of sub-rule (1) of rule 2 of the Telecommunications (Authorisation For Provision of Main Telecommunication Services) Rules, 2025; (r) “UIDAI” means Unique Identification Authority of India established under sub-section (1) of section 11 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (18 of 2016); and (s) "updating of telecommunication services” shall have the same meaning as assigned to it in clause (iiii) of sub-rule (1) of rule 2 of the Telecommunications (Authorisation For Provision of Main Telecommunication Services) Rules, 2025. (2) Words and expressions used in these rules and not defined herein but defined in the Act or the rules made thereunder, shall have the meanings respectively assigned to them in the Act or such rules. 3. Applicability. - (1) These rules shall be applicable to: (a) entities providing notified telecommunication services, whether such entity holds authorisation under clause (a) of sub-section (1) of section 3 of the Act or a license in accordance with sub-section (6) of section 3 of the Act, which shall each be referred to as “authorised entity" for the purpose of these rules; and (b) users of notified telecommunication services. 4. Principles and objectives. – (1) These rules provide a framework for the biometric based identification of users of notified telecommunication services. (2) An authorised entity shall use the following process for enrolment and identification of the users: (a) e-KYC process under rule 5 in respect of a user who is a Aadhaar number holder; and (b) D-KYC process under rule 7 in respect of a user who does not possess an Aadhaar number or is unable to undergo the e-KYC process set forth in rule 5. (3) While the e-KYC process itself ensures biometric based identification of users, an authorised entity shall identify the users enrolled through D-KYC process using BIVS in accordance with the rule 6 and rule 7. (4) The D-KYC process, where ever mentioned in these rules, shall be followed by biometric based identification of the users through BIVS in accordance with the rule 6 and rule 7. (5) These rules are limited to the biometric based identification of users of notified telecommunication services, and any activation of telecommunication services shall be undertaken by an authorised entity in accordance with rule 45 of the Telecommunications (Authorisation For Provision of Main Telecommunication Services) Rules, 2025 or in compliance with any directions, procedures or instructions as may be specified by the Central Government from time to time in this regard. (6) Where the user is a business user seeking business connection, an authorised entity shall undertake biometric based identification, as applicable, of the authorised representative of such business user, as well as of each end user of such business connection. Provided that the requirement of biometric based identification of each end user of a business connection can be exempted on case-to-case basis and for this purpose, the authorised representative of business user shall make a request with necessary justification to the Central Government or its authorised agency. 5. Enrolment and identification of user through e-KYC process. - (1) To enable e-KYC authentication of a user, who is a Aadhaar number holder, an authorised entity shall: (a) comply with the applicable provisions of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (18 of 2016) and regulations thereunder; (b) obtain the consent of the user, in accordance with applicable laws in respect of data protection, for: (i) clicking his live photograph or any other biological attributes of an individual as may be specified by the Central Government; and (ii) storage of the live photograph and information including complete Aadhaar number in unmasked form, as received from UIDAI, other than core biometric information, in the CAF and SDR, in the form and manner as may be specified by the Central Government on the portal. (2) The authorised entity may also, in accordance with the directions or instructions specified by the Central Government, allow users to comply with the process of e-KYC set forth under sub-rule (1), by using the self-KYC process on the relevant website or mobile application of such authorised entity. (3) The authorised entity shall also comply with any directions or instructions as may be specified by the Central Government in relation to sub-rule (1) and sub-rule (2). 6. Establishment and functions of Biometric Identity Verification System. – (1) Each authorised entity, before providing notified telecommunication services, shall, individually or collectively with such other authorised entities, establish, operate, maintain and expand BIVS for biometric based identification of user, using live photograph or any other biological attributes of an individual as may be specified by the Central Government on the portal. (2) The BIVS established under sub-rule (1) shall comply with the directions as specified and standards, including those relating to security, as notified by the Central Government. (3) Each user, while enrolling for the notified telecommunication services or updating the already subscribed telecommunication services through either of the process as specified in sub-rule (2) of rule 4, shall be assigned a unique user-id in the BIVS which shall be used by an authorised entity solely for the purpose of identification of the user and updating the number of connections as per clause (b) of sub-rule (4): Provided that the Central Government may direct authorised entities to assign unique user-id in the BIVS, in the manner as may be specified by the Central Government on the portal, to the existing users in the SDR and the authorised entities shall comply with such directions within the timelines specified therein. (4) The authorised entity shall ensure compliance with the following provisions in respect of the BIVS: (a) storing and maintaining the user information relating to name, gender, date of birth, live photograph, unique user-id and any other information as may be specified by the Central Government on the portal from time to time; (b) storing, maintaining and updating the number of connections of each type of notified telecommunication service provided to a user by all authorised entities; (c) maintaining encryption and access controls that ensure that such information is non- repudiable and immutable; (d) ensuring that access to such information is restricted to such authorised entities only who would have established BIVS under sub-rule (1); (e) maintaining records of all the actions performed on the BIVS; (f) ensuring that such data is stored in a secure and safe manner; and (g) detecting non-compliances by any other authorised entity or discrepancies in information stored in the BIVS and taking immediate action to effectively ensure compliance with these rules or any other directions of the Central Government in this regard. (5) The authorised entity shall comply with any directions and instructions specified by the Central Government in relation to the process for biometric based identification of a user through the BIVS. (6) Each authorised entity shall, while updating the number of connections provided to a user in BIVS, inform such user through its existing telecommunication identifiers, of such updated number of connections. (7) The user information maintained by an authorised entity in BIVS shall be shared with all other authorised entities, providing notified telecommunication services, to enable real-time verifiable biometric based identification of user, while ensuring data integrity and privacy in compliance with the applicable laws along with any directions as may be specified by the Central Government for this purpose. (8) The Central Government shall, through itself or through an agency authorised on its behalf for this purpose, conduct periodic audits of the BIVS to ensure compliance by the authorised entity with its obligations under this rule. (9) The authorised entity shall provide any data or records pertaining to BIVS, as requested by the Central Government or authorised agency from time to time. (10) The data submitted by the authorised entity to the Central Government pursuant to sub-rule (9) shall be provided in an intelligible format, and not in an encrypted manner. 7. Enrolment and identification of user through D-KYC process. - (1) The authorised entity shall record in the CAF and SDR the reasons for a user using D-KYC process. (2) To enable D-KYC process of a user specified in clause (b) of sub-rule (2) of rule 4, an authorised entity shall obtain the consent of the user in accordance with applicable laws in respect of data protection, for: (a) clicking his live photograph or any other biological attributes of an individual as may be specified by the Central Government; and (b) storage of his live photograph and user details in the CAF and SDR, in the form and manner as may be specified by the Central Government on the portal. (3) The authorised entity shall obtain a copy of such documents relating to proof of identity and proof of address as may be specified by the Central Government on the portal. (4) The authorised entity shall comply with any directions and instructions specified by the Central Government in relation to the complete procedure for D-KYC process. (5) Where a user having a unique user-id in the BIVS seeks a new connection for notified telecommunication services or updating the already subscribed telecommunication services, such user shall be identified using its existing details in the BIVS. 8. Activation of telecommunication services. – The authorised entity shall activate the telecommunication service of the users enrolled under these rules in accordance with rule 45 of the Telecommunications (Authorisation For Provision of Main Telecommunication Services) Rules, 2025 and in compliance with any directions, procedures or instructions as may be specified by the Central Government from time to time in this regard. 9. Updating of telecommunication services and user information. – (1) An authorised entity shall re-verify the identity of a user through e-KYC or D-KYC process, as applicable, in the following circumstances: (a) when a user seeks to replace or upgrade an already subscribed telecommunication service including replacement or upgradation of a SIM card; (b) in case of Mobile Number Portability; and (c) on directions of the Central Government. Explanation: For the purpose of these rules, “re-verify” shall mean to compare the demographic details of the user at the time of such reverification to the details existing in the SDR or BIVS, as the case may be. (2) Change of user of a telecommunication service shall be permitted only between blood relatives and legal heirs, and for this purpose: (a) such request shall be accompanied by a submission of a no objection certificate from the original user whose identity shall be re-verified by the authorised entity, and in case of death of the original user, the death certificate of such user, and any other document as may be specified by the Central Government on the portal; and (b) telecommunication services provided to the new user shall be treated as a new telecommunication service connection, and accordingly, the authorised entity shall carry out biometric based identification of such user. (3) Change of end user in a business connection shall be permitted, and for this purpose: (a) the authorised representative of the business user shall inform the authorised entity about such change immediately; and (b) biometric based identification of new end user shall be carried out within 7 days failing which the authorised entity shall disconnect such connection after 7 days from the date of intimation of such change. (4) An authorised entity shall comply with the instructions specified by the Central Government in respect of any request by a user for migration from prepaid to postpaid telecommunication services or vice- versa. (5) All changes to user information undertaken in furtherance of sub-rule (1) to (4), shall be duly updated by the authorised entity in the CAF, SDR and BIVS. 10. Additional obligations of authorised entity with regard to user information. – (1) The authorised entity shall, in addition to the obligations set out in other provisions of these rules, comply with the provisions set forth below. (2) The authorised entity shall inform users of consequences provided in the Act for: (a) their duties and obligations to provide correct information when establishing identity for availing of telecommunication services; (b) obtaining SIMs or other telecommunication identifiers through fraud, cheating or personation; and (c) providing false particulars, suppressing any material information, or impersonating another person, while establishing his identity for availing of telecommunication services. (3) The authorised entity shall inform users of ensuring bona fide use of the subscribed telecommunication services; and caution about any kind of misuse of the subscribed telecommunication services and corresponding consequences as per the applicable laws. (4) The authorised entity shall ensure that: (a) biometric information and other information of a user shall not be stored on PoS's devices and be securely transmitted to the relevant systems of the authorised entity; and (b) the SDR and BIVS are operated and maintained in compliance with the applicable laws, rules and regulations in relation to data protection and security for the time being in force. (5) Where it comes to the notice of an authorised entity that false, incorrect, or forged information or documents were used during user enrolment and identification, the authorised entity shall: (a) initiate a police complaint or file a first information report with the relevant law enforcement agency with the requisite details, including the details of the false, incorrect, or forged information or documents; and (b) notify to the Central Government, in the form and manner as may be specified for this purpose, the steps taken pursuant to clause (a) above. (6) Where it comes to the notice of the Central Government that an authorised entity has not taken any action as specified in sub-rule (5) above, it may take action against such authorised entity under the Telecommunications (Adjudication and Appeal) Rules, 2025 and may direct the authorised entity to initiate a police complaint or first information report with the relevant law enforcement agency. 11. Disconnection of telecommunication services on request of user. - (1) A user may seek disconnection of already subscribed telecommunication services in accordance with the directions and guidelines as may be specified by the Central Government for this purpose. (2) An authorised entity shall update the relevant SDR and BIVS in real time, pursuant to any disconnection of telecommunication services. 12. Additional Obligations of user. - (1) A user shall, in addition to the obligations set out in other provisions of these rules, comply with the provisions set forth below. (2) A user shall not: (a) provide false, incorrect, or forged information or documents during the process of user identification, for availing telecommunication services or while updating of telecommunication services; and (b) resell or transfer or lease or share his telecommunication connection to any other user: Provided that, this clause shall not restrict the change of user of telecommunication services as per sub-rule (2) or sub-rule (3) of rule 9. (3) The user shall promptly notify the authorised entity of any changes to their user information to ensure the accuracy and integrity of the information in the authorised entity's CAF, SDR and BIVS. (4) Any change in address of user shall be intimated to the authorised entity within one month of such change along with proof of new address and the said details shall be duly updated in the CAF and SDR by the authorised entity. (5) A user shall re-verify its identity through e-KYC or D-KYC process, as applicable, in a periodicity as may be specified by the Central Government for this purpose. (6) In the public interest or for orderly growth of the telecommunication sector, users enrolled for telecommunication services under the Indian Telegraph Act, 1885 (13 of 1885) shall be required to re- verify their identity available with the authorised entity in a periodicity and manner as may be specified by the Central Government for this purpose. 13. Non-compliance. - (1) The provisions of these rules shall be deemed to be the part of the terms and conditions of authorisation, and any violation or non-compliance of these rules by an authorised entity, shall be subject to the provisions of the Telecommunications (Adjudication and Appeal) Rules, 2025. (2) Any violation or non-compliance of these rules by a user, shall be subject to the provisions of the Act. (3) Where it comes to the notice of the Central Government that the telecommunication services of a user has been activated by an authorised entity in contravention of these rules, the Central Government shall direct the authorised entity to suspend the telecommunication services of such user immediately, and re-verify the identity of such user in accordance with these rules within a specified period from the date of such direction from the Central Government failing which, such telecommunication services shall be disconnected. Provided that any action taken under sub-rule (3) shall be without prejudice to any proceedings under the relevant provisions of the Act. 14. Miscellaneous. - (1) The access to CAF, SDR and BIVS shall be made available by the authorised entity to the Central Government or an authorised agency in accordance with the Telecommunications (Authorisation For Provision of Main Telecommunication Services) Rules, 2025 in the form and manner as may be specified by the Central Government on the portal. (2) The Central Government may issue clarifications, orders or procedures, not inconsistent with these rules, which are necessary for the purpose of giving effect to these rules. 15. Digital implementation of these rules. - The Central Government, in furtherance of section 53 of the Act, may notify a portal for the digital implementation of these rules, including publication of relevant forms, list of proof of identity and proof of address documents, directions and guidelines specified under these rules. [F No. 24-09/2025-UBB] DEVENDRA KUMAR RAI, Jt. Secy. Uploaded by Dte. of Printing at Government of India Press, Ring Road, Mayapuri, New Delhi-110064 and Published by the Controller of Publications, Delhi-110054. GORAKHA NATH Digitally signed by GORAKHA YADAVA NATH YADAVA Date: 2025.09.22 16:13:36 +05'30'