Private telecom operators in India have requested a two-year extension to comply with the Digital Personal Data Protection (DPDP) Act provisions once the rules are notified. According to a report by Moneycontrol, the operators have cited significant compliance challenges and overlapping regulatory requirements as key concerns.
Industry Raises Concerns with DoT
Earlier this month, telecom companies met with Department of Telecommunications (DoT) officials to address the compliance challenges posed by the DPDP rules. The discussions highlighted issues such as the roles of consent managers, duplication of processes, and coordination between the DoT and the Ministry of Electronics and Information Technology (MeitY).
A telecom executive participating in the meeting told Moneycontrol, “The industry needs sufficient time to implement the necessary changes, as several aspects require detailed consideration. Better coordination between the DoT and MeitY is essential.”
The operators also voiced concerns over the increasing regulatory requirements and potential overreach of the proposed rules.
About the DPDP Act
The Digital Personal Data Protection Act draft rules, released by MeitY on January 3, are currently open for public consultation, with feedback invited until February 18. However, the deadline is expected to be extended.
Under the Act, telecom companies are likely to be classified as significant data fiduciaries (SDFs) due to the large volume of personal data they handle. SDFs will face additional obligations, such as restrictions on transferring specific personal data. A government-formed committee will oversee these restrictions.
Telecom operators are preparing to submit their feedback on the draft rules, including the request for a 24-month compliance window. The extension would allow them to modify customer application forms (CAFs) and upgrade their technological infrastructure to manage user consent for data usage and processing.
Also read: Government Plans New PLI Scheme for Telecom Components
Stricter Data Protection Rules for Telecom Operators
The DPDP Act introduces stricter rules requiring explicit user consent for using personal data in marketing, sharing with third parties, and offering bundled services like OTT subscriptions or digital payment add-ons. Operators will also need to notify users promptly in case of a data breach and comply with data localisation norms.
Additionally, the draft rules propose restrictions on transferring certain personal or traffic data outside India if deemed sensitive by a new government committee. Union Minister Ashwini Vaishnaw recently referred to the draft rules as a “free transfer with trust” model, highlighting India’s stance on cross-border data transfers under the DPDP Rules, 2025.
Next Steps for Telecom Operators
Telecom companies must also implement new technical frameworks to meet these compliance obligations, requiring significant operational adjustments. Industry stakeholders expect intensive discussions with the DoT and MeitY on these provisions as the rules are finalised.
