(1) These regulations may be called the Telecom Commercial Communications Customer Preference Regulations, 2018.

(2)(a) Except as otherwise provided in clause (b), (c), (d) and (e) these regulations shall come into force from the date of their publication in the Official Gazette;

(b) Regulations 4,5,11,15,28,34, 35 and 36 of these regulations shall come into force after 30 days from the date of publication of these regulations in the Official Gazette;

(c) Regulations 6, 13 and 14 of these regulations shall come into force after 90 days from the date of publication of these regulations in the Official Gazette;

(d) Regulations 3, 7, 8, 9, 10, 12, 18 and 32 of these regulations shall come into force after 120 days from the date of publication of these regulations in the Official Gazette;

2[(e) Regulations 23, 29 and sub-regulations (5) and (6) of Regulation 25 of these regulations shall come into force after 150 days from the date of publication of these regulations in the Official Gazette.]

3[(f) Regulation 24 of these regulations shall come into force from the 31st day of January, 2019;

(g) Regulations 26, 27 and sub-regulations (1), (2), (3) and (4) of Regulation 25 of these regulations shall come into force from the 28th day of February, 2019.]

In these regulations, unless the context otherwise requires

(a) Abandoned Call means an outgoing call in which the sender does not connect the call to a live agent after the call is established and is answered by the recipient.

(b) Access Providers includes the Basic Telephone Service Provider, Cellular Mobile Telephone Service Provider, Unified Access Service Provider, Universal Access Service Provider and Virtual Network Operator (VNO) as defined in the respective licenses issued by Department of Telecommunications (DoT);

(c) Act means the Telecom Regulatory Authority of India Act, 1997 (24 of 1997)

(d) Authority means the Telecom Regulatory Authority of India established under sub-section (1) of Section 3 of the Act;

(e) Auto Dialer Call means a call which is initiated automatically by an equipment, in accordance to a stored and/ or programmable instruction(s), to a telephone number(s), already stored or a list auto generated by the software, and once the call has been answered, equipment

(i) either plays a recorded message; or

(ii) connects the call to a live person;

(f) Bulk means number of messages or voice calls on the same or similar subject-matter sent, caused to be sent or authorized to be sent in excess of the following limits

(iii) more than 20 during a twenty-four hours period; or

(iv) more than 100 during a seven days period; or

(v) more than 300 during a thirty days period;

(g) Business Day means any day other than a Saturday, Sunday and a Gazette holiday declared by the Central Government;

(h) Calling Name or Number (CNAM) means name or number which is presented by the terminating access provider (TAP) to the recipient of a commercial communication which may be the header assigned to the sender or a name or number assigned by the access provider in lieu of header or number;

(i) Commercial Communication means any voice call or message using telecommunication services, where the primary purpose is to inform about or advertise or solicit business for

(A) goods or services; or

(B) a supplier or prospective supplier of offered goods or services; or

(C) a business or investment opportunity; or

(D) a provider or prospective provider of such an opportunity;

Explanation: For the purposes of this regulation it is immaterial whether the goods, services, land or opportunity referred to in the content of the communication exist(s), is/are lawful, or otherwise. Further, the purpose or intent of the communication may be inferred from:

(A) The content of the communication in the message or voice call

(B) The manner in which the content of message or voice call is presented

(C) The content in the communication during call back to phone numbers presented or referred to in the content of message or voice call; or the content presented at the web links included in such communication.

(j) Consensus means the concurrence among the participants on a distributed ledger to record an irrevocable data value, which is cryptographically secured;

(k) Consent means any voluntary permission given by the customer to sender to receive commercial communication related to specific purpose, product or service. Consent may be explicit or inferred as defined in these regulations;

(l) Consent Acquirer or CA means any sender with registered and valid header(s), who acquires consent through a prescribed process under the relevant regulations;

(m) Consent Register means a Distributed Ledger for Consent (DL-Consent) having all relevant details of consent acquired by sender, in a secure and safe manner, to send commercial communications and may be required for the purpose of pre and post checks for regulatory compliance based on the consent;

(n) Consent Registrar or CR is an authorized entity under relevant regulations responsible for maintaining the consent register, customer consent acquisition facility and customer consent verification facility;

(o) Consent Template or CT means a template of content which is presented to the customer while acquiring his consent and clearly mentions purpose of the consent and details of sender;

(p) Consent Template Register means a Distributed Ledger for registration of Consent Template (DL-TCS) which keeps record of unique consent template identity along with the content of consent template and details of sender who got it registered, in a secure and safe manner;

(q) Content Template for Transaction means a template of content registered by any sender with the access provider for sending transactional message, service message or transactional voice call, service call for the purpose of commercial communication and contains content which may be a combination of fixed part of content and variable part of content, where

(i) fixed part of content is that part of content which is common across all commercial communications sent to different recipients for same or similar subject;

(ii) variable part of content is that part of content which may vary across commercial communications sent to different recipients for same or similar subject on account of information which is very specific to the particular transaction for a particular recipient or may vary on account of reference to date, time, place or unique reference number;

(r) Content Template for Promotion means a template of content registered by any sender with the access provider for sending promotional message or promotional voice call for the purpose of commercial communication and contains content which is fixed content and common across all commercial communications sent to different recipients for same or similar subject;

(s) Content Template Register means a Distributed Ledger for Content Template which keeps records of unique content template identity along with the content of content template and details of sender who got it registered in a safe and secure manner;

(t) Content Template Registrar is an authorized entity under the relevant regulations responsible for maintaining the Content template register and Content template registration facility;

(u) Customer means subscriber;

(v) Customer Preference Registration Facility or CPRF means the facility established by an Access Provider, under relevant regulations, for the purpose of registration, modifications or de-registration of the preference of its customers in respect of receipt of commercial communications;

(w) Distributed Ledger Technologies (DLT) means a set of technological solutions that enables a single, sequenced, standardized and cryptographically-secured record of activities to be safely distributed to, and acted upon, by a network of varied participants and their

(i) database can be spread across multiple sites or institutions;

(ii) records are stored one after the other in a continuous ledger and can only be added when the participants reach a consensus;

(x) Entity Register means a Distributed Ledger for Entities (DL-Entities) having a records of all entities registered to carry out telemarketing related function(s) with all relevant details.

(y) Explicit consent means such consent as has been verified directly from the Recipient in a robust and verifiable manner and recorded by Consent Registrar as defined under these regulations;

(z) Fully blocked means stoppage of all types of commercial communication requiring explicit consent except commercial communication sent under inferred consent;

(aa) Header means an alphanumeric string of maximum eleven characters or numbers assigned to an individual, business or legal entity under these regulations to send commercial communications;

(ab) Header Root means the common sub string of block of headers, starting from the first character;

(ac) Header Branch means the sub string of a header other than header root;

(ad) Header Registration Facility or HRF means the facility established by Header Registrar, under relevant regulations, for registration or de-registration of the header of any principal entity or content provider for sending commercial communications;

(ae) Header Register means a Distributed Ledger for Header (DL-Header) which keeps records of header(s), its purpose of sending commercial communications and details of sender to whom it is assigned in a safe and secure manner;

(af) Header Registrar is an authorised entity under relevant regulations responsible for maintaining the header register, header registration facility and header verification facility;

(ag) Immutable means data added to the distributed ledger after achieving consensus, which thereafter is unchangeable, secure and preserved for the life of the ledger;

(ah) Inferred Consent means any permission that can be reasonably inferred from the customer's conduct or the Relationship between the Recipient and the Sender;

(ai) Message shall have the meaning assigned to it in clause (3) of Section 3 of the Indian Telegraph Act, 1885 (13 of 1885);

(aj) National Numbering Plan (NNP) means the National Numbering Plan issued by DoT from time to time;

(ak) Node means participants on a distributed ledger having particular rights to read or write data;

(al) Non-repudiable means

(i) making available proof of various network-related actions (such as proof of obligation, intent, or commitment; proof of data origin, proof of ownership, proof of resource use) so that an individual or entity cannot deny having performed a particular action;

(ii) ensuring the availability of evidence that can be presented to Authority and used to prove that some kind of event or action has taken place;

(am) One Time Password or OTP means an automatically generated random number used to authenticate the action of user for a single transaction or session.

(an) Originating Access Provider (OAP) means the Access Provider who has provided the telecom resources to a sender;

(ao) Permissioned DLT networks means those DLT networks where participants in the process are preselected and addition of new record on the ledger is checked by a limited consensus process using a digital signature;

(ap) Preference of Category of Commercial Communication means preference exercised by the customer to permit only a selected category of commercial communications out of available choices prescribed by relevant regulations;

(aq) Preference of Mode for Commercial Communication means preference exercised by the customer to permit commercial communications only through the selected mode of communications from the choices for modes made available in the relevant regulations or code(s) of practice;

(ar) Preference of Time band and Day type for Commercial Communication means preference exercised by the customer to permit unsolicited commercial communications only during time slots and type of days out of choices for time band(s) and types of day(s) made available in the relevant regulations;

(as) Preference Register means a Distributed Ledger for Preference (DL-Preference) which keeps records of preference(s) of customers about category of content, mode(s) of communication, time band(s), type of day(s) along with the details of customer who has exercised choices of preference(s), day and time such choices or changes in choices were exercised in a safe and secure manner;

(at) Private DLT networks means those DLT networks where visibility is restricted to a subset of users;

(au) Promotional messages means commercial communication message for which the sender has not taken any explicit consent from the intended Recipient to send such messages;

(av) Promotional voice call means commercial communication voice call for which the Sender has not taken any explicit consent from the Recipient to make such voice calls to him;

(aw) Recipient , in relation to a commercial communication, means an authorised user of the telephone number(s) to whom the message is sent or voice call is made.

Explanation: Where a recipient of a message or voice call has one or more Telephone numbers in addition to the Telephone number to which the message was sent or voice call was made, the recipient shall be treated as a separate recipient with respect to each such Telephone number;

(ax) Referred Telephone Number (RTN) means telephone number or telecom resource referred to in the content of commercial communication messages or voice calls from the sender;

(ay) Registered Telemarketer (RTM) means any telemarketer who is registered with the access provider(s) in accordance with the procedure and conditions specified in these regulations.

(az) Regulations means the Telecom Commercial Communications Customer Preference Regulations, 2018, unless otherwise indicated;

(ba) Regulatory Sandbox means specifically constructed experimental space, with a safe environment, within which various stakeholders can use Regulatory Technology solutions to develop and refine Code(s) of Practice to comply with new regulatory requirements;

(bb) Relationship means a prior or existing relationship

(i) for business or commercial reasons, between a person or entity and a subscriber with or without an exchange of consideration,

(ii) on the basis of the purchase or transaction made by or done by the recipient with the sender within the tweleve months immediately preceding the date of the communication; or

(iii) on the basis of inquiry or application regarding products or services made by or submitted by recipient to sender within the three months immediately preceding the date of the receiving of communication, which relationship has not been previously terminated by either party;

(iv) for social reasons, between a person or entity and a subscriber with or without an exchange of consideration, by voluntary two-way communication, initiated from both sides at different points in time;

(bc) Robo Calls means any call made to any customer using an artificial or prerecorded voice to interactively deliver a voice message without the involvement of human being on calling side for participating in the dialogue;

(bd) Scrubber means an entity registered with the access provider(s) and authorised by the relevant regulations to perform the function of scrubbing in accordance with the relevant regulations;

(be) Scrubbing means process of comparing target list of telephone number(s) provided by the Sender, to whom it wishes to send commercial communication with the list of telephone number(s) in DL-Preference and DL-Consent to check whether commercial communication(s) can be sent to the Recipient as per his registered preference(s) or as per consent;

(bf) Sender , in relation to a commercial communication, means

(i) The person or entity who owns the telephone number or the header(s) that were used;

(ii) A person or entity that publicly asserts or uses a Calling Line Identity (CLI) or the phone number(s) referred to in the communication, except where such assertion is fraudulent;

(iii) The person who sent the message or made a voice call, caused the message to be sent or the voice call to be made or authorized the sending of the message or making of the voice call;

(iv) The person or legal entity dealing with goods, or services, or land or property, or a business or investment opportunity that is offered or promoted; except where such entity maintains a distinct legal identity for the division or line of business dealing with offered goods, services or opportunity, in which case such division or line of business;

(bg) Sender information or SI means the source, destination and routing information attached to a message or voice call, including, where applicable, the originator's name and originating phone number, reference telephone number, and any other information that appears in the content of commercial communication identifying, or purporting to identify, the sender of the message or making voice call;

(bh) Service message or Service Call means a message sent to a recipient or voice call made to recipient either with his consent or using a template registered for the purpose, the primary purpose of which is

(i) to facilitate, complete, or confirm a commercial transaction that the recipient has previously consented to enter into with the sender; or

(ii) to provide warranty information, product recall information, safety or security information with respect to a commercial product or service used or purchased by the recipient;

to provide

(A) notification concerning a change in the terms or features of; or

(B) notification of a change in the recipient's standing or status with respect to; or

(C) at regular periodic intervals, account balance information or other type of account statement with respect to, a subscription, membership, account, loan, or comparable ongoing; or

(D) commercial relationship involving the ongoing purchase or use by the recipient of products or services offered by the sender; or

(E) information directly related to an employment relationship or related benefit plan in which the Recipient is currently involved, participating, or enrolled; or

(F) information relating to delivery of goods or services, including product updates or upgrades, that the recipient is entitled to receive under the terms of a transaction that the recipient has previously consented to enter into with the sender;

(bi) Signature means pattern in communications from particular telephone number(s) or telecom resource(s) or person, entity which are not registered with the access provider(s) for commercial communication purposes and also includes pattern in communications from particular sender(s), who are registered with the access provider(s) but not authorised to send commercial communication of particular type or for specific purpose(s) which may require additional authorisations from relevant Government or statutory bodies to send such commercial communications;

(bj) Silent Call means any unsolicited call made by a person or an entity to a customer for a very short duration in which either called party has not yet been alerted by his or her device, or it is very unlikely to be answered, wherein the intention of caller is to get call back from called party and then enter into commercial communication;

(bk) Smart contract means a functionality of intelligent and programmable code which can execute predetermined commands or business rules set to pre-check regulatory compliance without further human intervention and suitable for DLT system to create a digital agreement, with cryptographic certainty that the agreement has been honored in the ledgers, databases or accounts of all parties to the agreement;

(bl) Smartphone means a device with large display, predominantly with touch screen technology, fast processor and memory in the GB range. A fully-featured Operating System or platform that provides voice and data communications capabilities, enables personalization of the device by the user and in addition supports installation and maintenance of mobile applications e.g., downloadable from an Application store.

(bm) SMS means a message which is sent through short message service and includes a Multi-Media message which is sent through Multi-Media message service (MMS);

(bn) Subscriber means a person or legal entity who subscribes to a telecom service provided by an Access Provider;

(bo) Telecom resources means any telegraph used to send voice call or messages;

(bp) Telemarketer means a person or legal entity engaged in the activity of transmission or delivery of commercial communication or scrubbing or aggregation.

(bq) Telephone number means a number which may or may not have been assigned to the subscriber of a Public Switched Telecom Network (PSTN) or a wireless access network or a mobile network from a numbering series already assigned to a telecom service providers to which either an SMS or MMS can be sent, or Voice calls can be made.

Explanation: For the purposes of these regulations, it is immaterial whether the telephone number is actually assigned to any customer or not or has ceased to exist;

(br) Telephone number harvesting software means software that is specifically designed or marketed for use in

(i) searching the Internet, directories, contact lists in devices for telephone numbers; and

(ii) collecting, compiling, capturing or otherwise harvesting those telephone numbers;

(iii) generating most likely valid telephone numbers using automated means;

(bs) Terminating Access Provider (TAP) means the Access Provider of which Recipient of commercial communication is a Subscriber;

(bt) Transactional message means a message triggered by a transaction performed by the Subscriber, who is also the Sender's customer, provided such a message is sent within thirty minutes of the transaction being performed and is directly related to it.

Provided that the transaction may be a banking transaction, delivery of OTP, purchase of goods or services, etc.

(bu) Transactional Voice Call means a voice call which is not promotional in nature and is for the purpose of alerts to its own customers or account holders and information to be communicated by the voice call is time critical in the nature;

(bv) Unregistered Telemarketer (UTM) means any Sender of commercial communication who is not registered for the purpose of telemarketing with the access provider(s);

(bw) Unsolicited commercial communication or UCC means any commercial communication that is neither as per the consent nor as per registered preference(s) of recipient, but shall not include:

(i) Any transactional message or transactional voice call;

(ii) Any service message or service voice call;

(iii) Any message or voice calls transmitted on the directions of the Central Government or the State Government or bodies established under the Constitution, when such communication is in Public Interest;

(iv) Any message or voice calls transmitted by or on the direction of the Authority or by an agency expressly authorized for the purpose by the Authority.

(bx) Usage Cap means a limit put on a telephone number for making a maximum of twenty outgoing voice calls per day and a maximum of twenty outgoing messages per day.

COMMERCIAL COMMUNICATION THROUGH ACCESS PROVIDER NETWORK

3. Every Access Provider shall ensure that any commercial communication using its network only takes place using registered header(s) assigned to the sender(s) for the purpose of commercial communication; and

(1) No Subscriber, who is not registered with any access provider for the purpose of sending commercial communications under these regulations, shall make unsolicited commercial communication and

(a) in case, any Subscriber is sending Commercial Communication, telecom resources of the sender may be put under usage cap; and

(b) if the Subscriber continues to send Commercial Communication despite notice given to him under these regulations, all telecom resources of the sender may also be disconnected;

4. No Sender registered for making commercial communication shall initiate calls with an Auto dialer that may result in silent or abandoned calls.

Provided that the sender has notified the originating access provider in advance about the use of the auto dialer and taken steps to maintain abandoned calls within limits provided for in these regulations or Code(s) of Practice.

5. Every Access Provider shall develop or cause to develop an ecosystem with the following functions to regulate the delivery of the commercial communications as provided for in these regulations

(1) to provide facility to its Subscribers for registering preference(s) for Commercial Communication and maintain complete and accurate records of preference(s);

(2) to register entities for participating in the ecosystem and prescribe their roles and responsibilities for efficient and effective control of commercial communications;

(3) to provide facility to record consent(s) of the Subscribers acquired by the sender(s) for sending Commercial Communication and maintain complete and accurate records of consent(s);

(4) to provide facility for revocation of consent by its Subscribers and accordingly update records of consent for the Subscribers;

(5) to register sender(s), carry out verifications of their identities and prescribe processes for sending commercial communications;

(6) to prescribe process and specific functions of particular entity to carry out pre-delivery checks before sending commercial communications and ensuring regulatory compliance(s);

(7) to provide facilities for its Subscribers to register complaints against Sender(s) of Commercial Communication and maintain complete and accurate records of status of resolution of complaints;

(8) to examine and investigate complaints, take actions against defaulters and take remedial measures to ensure compliance with the regulations;

(9) to detect, identify and act against sender(s) of Commercial Communication who are not registered with them;

(10) to comply with any other directions, guidelines and instructions issued by the Authority in this regard.

CUSTOMER PREFERENCE REGISTRATION

6. Every Access Provider shall establish Customer Preference Registration Facility (CPRF) and shall make necessary arrangements to facilitate its customers, on 24 hours X 7 days basis throughout the year:

(1) to provide ways and means to record consent or record revocation of consent related to Commercial Communication and exercise his preference(s) from the list(s), mentioned in the Schedule-II, of choices for:

(a) preference(s) of categories of Commercial Communication;

(b) preference(s) of the mode(s) of communication,

(c) preference(s) of time band(s) and types of day(s) of the week including public and national holidays;

(2) to provide following modes, free of cost, to the customer, as per his choice, to register, modify or de register preference(s)

(a) sending SMS to short code 1909; or

(b) calling on 1909; or

(c) Interactive Voice Response System (IVRS); or

(d) sending USSD; or

(e) Mobile app developed in this regard either by the Authority or by any other person or entity and approved by the Authority; or

(f) Web portal with authentication through OTP; or

(g) Any other means as may be prescribed by the Authority from time to time.

(3) to duly acknowledge the receipt within fifteen minutes of the request made by the customer for registering, modifying, deregistering the preference with unique reference number;

7. Every Access Provider shall ensure that preferences recorded or modified by the Subscriber are given effect to in near real time and in such a manner that no delivery of commercial communication is made or blocked in contravention to the Subscribers' preference after twenty-four hours or such time as the Authority may prescribe.

FUNCTIONS OF ACCESS PROVIDERS

8. Every Access Provider shall undertake following activities in accordance with the provisions of these regulations before allowing any commercial communication through its network(s)

(1) Develop Code(s) of Practice to establish system and make arrangements to govern the specified activities

(a) Code of Practice for Entities of ecosystem (CoP-Entities) as per Schedule-I;

(b) Code of Practice for Registration of preference(s), recording consent(s) and revocation of consent(s) (CoP-Preference) as per Schedule-II;

(c) Code of Practice for Complaint Handling (CoP-Complaints) as per Schedule-III;

(d) Code of Practice for Unsolicited Commercial Communications Detection (CoP-UCC_Detect) as per Schedule-IV;

(e) Code of Practice for monthly reporting (CoP-Reports) as per Schedule-V

(2) Register entities as provided for in Code(s) of Practice for Entities

(3) Register Sender(s) and assign the header(s), header root(s);

(4) Register the Content Templates;

(5) Register the Consent Templates;

9. Every Access Provider shall ensure that no commercial communication is made to any Recipient, except as per the preference(s) or digitally registered consent(s) registered in accordance with these regulations.

10. Every Access Provider shall ensure that no commercial communication takes place through its network(s) except by using header(s) assigned to the registered Sender(s) for the purpose of sending commercial communication;

11. Every Access Provider shall give due publicity through appropriate means to make the customers aware regarding

(1) The procedure(s) and facilities for registering preference(s);

(2) The procedure(s) and facilities for registration and revocation of Consent(s);

(3) The procedure(s) and facilities for making complaint(s), providing information or reporting Unsolicited Commercial Communication;

(4) Every Access provider shall inform its Subscribers while giving telecom resources that he shall not get involved in the activity of sending Commercial Communication or cause sending Commercial communication, or authorize the sending of the Commercial Communication using the telecom resources failing which the telecom resources used or assigned to him may be put under Usage Cap or his telecom resources may be disconnected;

Provided that the Authority may, from time to time, issue such directions as it deems necessary, specifying the content, medium, frequency and manner of such publicity;

OBLIGATIONS OF ACCESS PROVIDERS

12. Access Providers shall deploy, maintain and operate a system, by themselves or through delegation, to ensure that requisite functions are performed in a non-repudiable and immutable manner

(1) to record preference(s), consent(s), revocation of consent(s), complaint(s) etc.

(2) to carry out regulatory pre-checks and post-checks in respect of Commercial Communication being offered for delivery and also to keep records of actions performed;

(3) to register person(s), business entity(ies) or legal entity(ies) in making Commercial Communication through its network involved from origination, transmission or delivery and have adequate documentary evidence in support to prove its identity;

(4) to ensure that functions and actions performed by registered entities are identifiable, distinguishable and recordable;

(5) to ensure that the data is stored and shared in a secure and safe manner;

(6) to ensure that data is accessible only to the relevant entities for performing roles assigned to them under these regulations;

Note: If not specifically permitted, the data should not be accessible in clear text to any person, including the person(s) operating the system or performing a delegated function, e.g. scrubbing, or accessible to any application(s) other than the application performing the delegated function(s).

(7) to detect non-compliances and take immediate action to effectively ensure compliance with regulations;

(8) to ensure compliance by the registered sender(s) who have notified the access provider about the use of auto dialer(s), and to take action against the sender(s) found to be failing to maintain silent calls or abandoned calls within the prescribed limits;

13. Access Providers shall adopt Distributed Ledger Technology (DLT) with permissioned and private DLT networks for implementation of the system, functions and processes as prescribed in Code(s) of Practice:

(1) to ensure that all necessary regulatory pre-checks are carried out for sending Commercial Communication;

(2) to operate smart contracts among entities for effectively controlling the flow of Commercial Communication;

14. Access Providers may authorise one or more DLT network operators, as deemed fit, to provide technology solution(s) to all entities to carry out the functions as provided for in these regulations.

15. Every Access Provider shall develop the prescribed Code(s) of Practice, if necessary, in collaboration with other Access Providers, including relevant stakeholders required to participate to carry out the functions provide for in these regulations.

16. The Access Providers shall submit the Code(s) of Practice (CoPs) to the Authority within three months from the date of coming into force of these regulations.

17. Authority may direct Access Provider(s) to make changes, at any time, in the Code(s) of Practice and Access Providers shall incorporate such changes and submit revised CoP within fifteen days from the date of direction issued in this regard.

18. Every Access Provider shall comply with the submitted Codes of Practices and implement them in accordance with the specified time line(s),

Provided that any provision in Code(s) of Practice shall not have effect to the extent of being inconsistent with these regulations.

19. The Authority reserves the right to formulate a standard Code(s) of Practice in case the formulated CoP is deficient to serve the purposes of these regulations.

20. Every access provider shall comply with the provisions of Standard Code(s) of Practice.

21. In case of non-compliance to the provisions of Code(s) of Practice, Access Provider shall be liable to pay, by way of financial disincentive, following amount

(1) not exceeding Rupees five thousand per day for the period of exceeding the timeline if the period of delay is less than or equal to thirty days;

(2) not exceeding Rupees twenty thousand per day for the additional period of delay which is more than thirty days;

The amount payable by way of financial disincentive under these regulations shall be remitted to such head of account as may be specified by the Authority.

The total amount payable as financial disincentives under sub-regulations (1) and (2) shall not exceed rupees ten lakhs.

The Authority reserves the right not to impose financial disincentive or to impose a lower amount of financial disincentive or no incentive where it finds merit in the reasons furnished by the access provider.

Provided that no order for payment of any amount by way of financial disincentive shall be made by the Authority, unless the concerned Access Provider has been given a reasonable opportunity to represent.

22. Prescription of fee/ charges by Access Providers: Access Providers may prescribe fee from participating entities for sending commercial communications for registration and to carry out activities provided for in these regulations and may also prescribe security deposits. Access providers may impose financial disincentive on participating entities in case violation of regulations can be attributed to failure of functions assigned to such entities.

COMPLAINT REDRESSAL

23. Every Access Provider shall establish Customer Complaint Registration Facility (CCRF) and shall make necessary arrangements to facilitate its customers on 24 hours 7 days basis throughout the year

(1) to provide ways and means

(a) to make complaint(s), by its customer who has registered his preference(s), against sender(s) of unsolicited commercial communication in violation of the registered preferences or digitally registered consents;

(b) to submit report(s), against sender(s) of commercial communication in violation of provisions of these regulation(s) by any customer;

(2) to provide following modes, as per choice of the customer and free of cost, to make complaint or to report violation of regulations

(a) sending SMS to short code 1909; or

(b) calling on 1909; or

(c) Interactive Voice Response System (IVRS); or

(d) Mobile app developed in this regard either by the Authority or by any other person or entity and approved by the Authority; or

(e) Web portal with authentication through One Time Password (OTP); or

(f) Any other means as may be notified by the Authority from time to time.

Provided that every such complaint shall be made by a subscriber within three days of receipt of the unsolicited commercial communication;

(3) to duly acknowledge the receipt within fifteen minutes of the complaint or report made by the customer with unique reference number;

(4) to provide details to the subscriber about the mobile app provided for in sub-regulation (2)(d)

(5) to provide details about format and procedure to the customer, as given in the appropriate Code(s) of Practice, where a complaint is rejected by the access provider on the grounds of incomplete information or improper format;

24. Distributed Ledger(s) for Complaints: Every Access Provider shall establish or cause to establish Distributed Ledger(s) for Complaints (DL-Complaints) with requisite functions, processes and interfaces

(1) to record complaints and reports regarding violation of Regulations made by the customer in the Distributed Ledger for Complaints (DL-Complaints) in an immutable and non repudiable manner;

(2) to record, at least, following details about the complaint or report regarding violation of Regulations:

(a) telephone number(s) or header(s) from which Unsolicited Commercial Communication was received;

(b) telephone number(s) of Complainant or reporter;

(c) Referred telephone number(s) (RTN), if any;

(d) Date and time of occurrence of Unsolicited Commercial Communication, if available;

(e) unique registration number issued at the time of making complaint or reporting;

(f) resolution status of the complaint or report regarding violation of Regulations;

(3) to record three years history of complainant with details of all complaint(s) made by him, with date(s) and time(s), and status of resolution of complaints;

(4) to record three years history of sender(s) against which complaint is made or reported with details of all complaint(s), with date(s) and time(s), and status of resolution of complaints;

(5) to interact and exchange information with other relevant entities in a safe and secure manner;

(6) to support any other functionalities as required to carry out functions provided for in these regulations;

25. Complaint Mechanism: Every Access Provider shall establish system(s), functions and processes to resolve complaints made by the customers and to take remedial action against sender(s) as provided hereunder

(1) Terminating Access Provider (TAP) shall record the complaint on DL-Complaints in non-repudiable and immutable manner and shall notify, in real time, the details of the complaint to the concerned Originating Access Provider (OAP).

(2) Terminating Access Provider (TAP) shall examine within one business day from the date of receipt of complaint, to check the occurrence of complained communication between the complainant and the reported telephone number or header from which unsolicited commercial communication was received and update the findings on DL-Complaints.

(3) Terminating Access Provider shall also verify if the date of receipt of complaint is within three days of receiving commercial communication and in case the complaint is reported by the customer after three days, the TAP shall communicate to the customer about the closure of his complaint in accordance to the Code of Practice for Complaint Handling and change status of complaint on DL-Complaint as a report instead of complaint.

(4) The OAP, in case the complaint is related to RTM, shall examine, within one business day from the date of receipt of complaint, whether all regulatory pre-checks were carried out in the reported case before delivering Unsolicited Commercial Communications; and

(a) In case, all regulatory pre-checks were carried out and delivery of commercial communication to the recipient was in confirmation to the provisions in the regulations and Code(s) of Practice, OAP shall communicate to TAP to inform complainant about the closure of complaint as provided for in the Code(s) of Practice;

(b) in case of non-compliance with the regulations, the OAP shall, within two business days from the date of receipt of complaint, take actions against the defaulting entity and communicate to TAP to inform the complainant about the action taken against his complaint as provided for in Code(s) of Practice;

(c) the OAP shall take appropriate remedial action, as provided for in the Code of Practice(s), to control Unsolicted Commercial Communications so as to ensure compliance with these regulations;

(5) The OAP, in case, the complaint is related to a UTM,

(a) shall examine communication detail records (CDRs), within one business day from the date of receipt of complaint, to check the occurrence of complained communication between the complainant and the reported telephone number or header from which unsolicited commercial communication was received.

(b) In case of no occurrence of complained communications under sub-regulation (5)(a), OAP shall communicate to the TAP to inform the complainant about the closure of complaint in a manner prescribed in the Code(s) of Practice;

(c) In case of occurrence of complained communications under sub-regulation (5)(a), OAP shall further examine, within two business days from the date of complaint, whether there are similar complaints or reports against the same sender; and

(i) in case, it is found that number of complaints against the sender are from ten or more than ten recipients over a period of last seven days, the OAP shall put sender under Usage Cap and at the same time shall initiate investigation as provided for in sub-regulation (6);

Provided that such Usage Cap shall be valid till investigation is completed or thirty days from the date of effect of restrictions, whichever is earlier;

(ii) in case it is found that number of complaints against the sender are from less than ten recipients over a period of last seven days, the OAP shall, from the previous thirty days data of CoP_UCC_Detect System, check whether suspected sender is involved in sending Commercial Communication in bulk or not; and

(A) in case, sender has sent commercial communications in bulk, the OAP shall put the sender under Usage Cap, and at the same time initiate investigation as provided for in sub-regulation (6);

Provided that such restrictions shall be valid till investigation in this regard is completed under relevant regulations or thirty days from the date of effect of restrictions, whichever is earlier;

(B) in case, sender has not sent commercial communications in bulk, the OAP shall warn such sender through appropriate means as provided for in Code(s) of Practice;

^*[(6)] OAP shall issue notice, within three business days, to give opportunity to such sender(s), under sub-regulations (5)(c)(i), (5)(c)(ii)(A) to represent his case and shall investigate, within thirty business days from the date of receipt of complaint and shall conclude whether the communication so made was unsolicited commercial communication or not; and conclusion of the investigation was that sender was engaged in sending unsolicited commercial communications, OAP shall take action against such sender as under

(a) for first instance of violation, due warning shall be given;

Provided that the first instance of the violation shall include all the complaints against the sender within two business days after the date of receipt of the first complaint, against which the sender is to be warned under this sub-regulation.

(b) for the second instance of violation, Usage Cap shall continue for a period of six months;

Provided that the second instance of the violation shall include all the complaints against the sender after the issuance of first warning within two business days after the date of receipt of the complaint against which second warning is being given to the sender under this sub-regulation.

(c) for third and subsequent instances of violations, all telecom resources of the sender shall be disconnected for a period up to two years and OAP shall put the sender under blacklist category and communicate to all other access providers to not to allocate new telecom resources to such sender for up to two years from the date of such communication;

Provided that the third instance of the violation shall include all the complaints received against the sender after the date of second warning within two business days after the receipt of the complaint against which telecom resources are being disconnected under this sub-regulation.

Provided further that one telephone number may be allowed to be retained by such sender with the Usage Cap for a period up to two years.

(1) Every Access Provider shall maintain records of complaints, from its customers and received from Terminating Access Provider(s), against registered sender(s) for sending unsolicited commercial communications on daily basis for each service area and submit performance monitoring report to the Authority as and when required in a format as prescribed.

(2) Every Access Provider shall maintain records of complaints, from its customers and received from Terminating Access Provider(s), against unregistered sender(s) for sending unsolicited commercial communications on daily basis for each service area and submit performance monitoring report to the Authority as and when required in a format as prescribed.

(3) Every Access Provider shall submit to the Authority its compliance reports in respect of unsolicited commercial communications, complaints or reports from its customers in such manner and format, at such periodic intervals and within such time limits as may be specified by the Authority, from time to time, by an order or direction;

(4) The Authority may, from time to time, through audit conducted either by its own officers or employees or through agency appointed by it, verify and assess the process followed by the access provider for registration and resolution of complaints, examination and investigation of the complaints and reporting to the Authority.

27. Consequences for the Originating Access Provider (OAP) failing to curb the unsolicited commercial communications sent through its network(s)

(1) If OAP fails to curb UCC, Financial Disincentives for not controlling the Unsolicited Commercial Communications (UCC) from RTMs by the access provider in each License Service Area for one calendar month shall be as under

Provided that no order for payment of any amount by way of financial disincentive shall be made by the Authority, unless the concerned Access Provider has been given a reasonable opportunity to represent.

The amount payable by way of financial disincentive under these regulations shall be remitted to such head of account as may be specified by the Authority.

(2) The total amount payable as financial disincentives under sub-regulations (1) shall not exceed rupees fifty lakhs per calendar month. The Authority may impose no financial disincentive or a lower amount of financial disincentive than the amount payable as per the provisions in sub-regulation (1) where it finds merit in the reasons furnished by the access provider.

(1) Power of Authority to order inquiry

(a) Where the Authority has a reason to believe that any Access Provider has contravened the provisions of these regulations, it may constitute an inquiry committee, to inquire into the contravention of the regulations and to report thereon to the Authority.

(b) The inquiry committee shall give a reasonable opportunity to the concerned Access Provider to represent itself, before submitting its findings to the Authority.

(2) If on inquiry, under sub-regulation (1), the Access Provider is found to have misreported the count of UCC for RTMs, it shall, without prejudice to any penalty which may be imposed under its licence or other provisions under these regulations, be liable to pay, by way of financial disincentive, an amount

(a) ten times the difference between disincentive computed by the Inquiry Committee and that computed earlier based on service provider's data, or Rs 5 lakhs, whichever is higher; and

Provided that in case of second and subsequent contraventions, to pay an amount equal to twice that of computed financial disincentives under this sub-regulation

(b) one lakh per instance for access provider found to be not imposing timely restrictions on outgoing usage of unregistered sender(s) in accordance with provisions in Regulations 25(5) and 25(6);

Provided that no order for payment of any amount by way of financial disincentive shall be made by the Authority, unless the concerned Access Provider had been given a reasonable opportunity of representing against the findings of the inquiry committee.

The amount payable by way of financial disincentive under these regulations shall be remitted to such head of account as may be specified by the Authority.

The total amount payable as financial disincentives under sub-regulations (2)(a) and (2)(b) shall not exceed rupees ten lakhs in a week.

(3) The Authority may impose no financial disincentive or a lower amount of financial disincentive than the amount payable as per the provisions in sub-regulations (2)(a) and 2(b) where it finds merit in the reasons furnished by the access provider.

(1) The Authority may, if it considers expedient to do so, on receipt of complaint, call for the details of the telecom resources put under Usage Cap or disconnected under the Regulations 25(5) and 25(6), on account of unregistered telemarketing activity under and upon examination, for reasons to be recorded,

(a) If the Authority finds that conclusion of investigation lacks adequate evidence against the sender, it may direct the Access Provider to remove such restrictions on usage or restore all telephone number(s) of the person and delete the name and address of such customer(s) or sender(s) from the blacklist.

(b) If the customer or the Sender whose telecom resources have been put under restriction or disconnected on account of adequate evidence against the sender, makes a request, within sixty days of such action, to the Authority for restoring his telecom resources or removing the restrictions on usage and satisfies the Authority that it has taken reasonable steps to prevent recurrence of such contravention, the Authority may by order ask access provider(s) to remove such restrictions on usage or restore all telephone number(s) of the person and delete the name and address of such Sender(s) from the blacklist, as the case may be, on payment of an amount of five thousand rupees per resource to the Authority for restoration of all such telecom resources, subject to the condition that the total amount payable by the customer or sender shall not exceed rupees five lakhs.

Provided that the Authority may impose no financial disincentive or impose a lower amount where it finds merit in the reasons furnished by the customer.

30. Access providers shall prepare migration plan for existing data, process and role being played at present by different entities to the new system of data, process and role of new entities prescribed in these regulations;

31. List of key activities (but not an exhaustive list) for preparation of migration plan, attached are as per Schedule VI;

MISCELLANEOUS

32. No business or legal entity not registered with the access provider for the purpose of sending commercial communications under these regulations shall make commercial communication or cause such message to be sent or voice call to be made or authorize the sending of such message or making of a voice call;

(1) Where the Authority has a reason to believe that any Sender of commercial communications on behalf of business or legal entities has contravened the provisions of these regulations, it may constitute an inquiry committee, to inquire into the contravention of the regulations and to report thereon to the Authority.

(2) The inquiry committee shall give a reasonable opportunity to the concerned entities to represent itself, before submitting its findings to the Authority.

(3) In case, it is found by the Inquiry committee set up in this regard that particular business or legal entity is engaged in sending commercial communications in contravention to the provisions of these regulations, the Authority may order or direct access provider(s) to disconnect all telecom resources or put all telecom resources of such business or legal entity under Usage Cap of such telecom resources for the period up to two years;

Provided that if such entity maintains a distinct legal identity for the division or line of business dealing with offered goods, services or opportunity, the Usage Cap or disconnection of telecom resources shall be limited to resources pertaining to such division or line of business;

Provided further that no order or direction shall be made by the Authority, unless the concerned business or legal entity had been given a reasonable opportunity to represent against the findings of the inquiry committee.

34. Every Access Provider shall ensure, within six months' time, that all smart phone devices registered on its network support the permissions required for the functioning of such Apps as prescribed in the Regulations 6(2)(e) and Regulations 23(2)(d);

Provided that where such devices do not permit functioning of such Apps as prescribed in Regulations 6(2)(e) and Regulations 23(2)(d), Access Providers shall, on the order or direction of the Authority, derecognize such devices from their telecom networks.

Provided further that no order or direction of derecognition of devices shall be made by the Authority unless the concerned parties have been given a reasonable opportunity of representing against the contravention of regulations observed by the Authority.

35. Terminating Access Provider (TAP) may charge Originating Access Provider (OAP) for Commercial communication messages as following

(1) Upto Rs. 0.05 (five paisa only) for each promotional SMS;

(2) Upto Rs. 0.05 (five paisa only) for each service SMS;

Provided that there shall be no Service SMS charge on

(i) any message transmitted by or on the directions of the Central Government or State Government;

(ii) any message transmitted by or on the directions of bodies established under the Constitution;

(iii) any message transmitted by or on the directions of the Authority;

(iv) any message transmitted by any agency authorized by the Authority from time to time;

36. Authority may set up or permit to set up a Regulatory Sandbox for testing implementation of regulatory checks using DLT networks and other technological solutions complementing DLT network(s) and to operationalize such regulatory sandbox, the Authority may, by order or direction, specify the requisite processes.

37. Every Access Provider and International Long Distance Operators shall ensure that no international incoming SMS containing alphanumeric header or originating country code +91 is delivered through its network.

Provided that Authority may issue directions as it deems necessary to control bulk international messages from time to time.

38. Repeal and Saving. Save as provided hereunder, The Telecom Commercial Communications Customer Preference Regulations, 2010 (6 of 2010) are hereby repealed. Notwithstanding the repeal of the Telecom Commercial Communications Customer Preference Regulations, 2010 (6 of 2010),

(a) anything done, or any action taken or purported to have been done under the said regulations shall be deemed to have been done or taken under the corresponding provisions of these regulations;

(b) the provisions contained in Regulations 2 to 13, 16 to 20, 21 and 22 of the Telecom Commercial Communications Customer Preference Regulations, 2010 (6 of 2010) shall remain in force until these regulations come into force in their entirety.

Action Items for preparing Code of Practice for Entity(ies) (CoP-Entities)

1. Entity Registration Functionality:

(1) All entities with associated functions, who will be carrying out given functions for effective control of Unsolicited Commercial Communications being delivered through them, shall be declared by each Access Provider on their websites;

(2) any individual, business entity or legal entity may carry out one or more functions while keeping all records and execution of functions separately against each activity for internal audit by the access provider to ensure the effectiveness of Unsolicited Commercial Communications control to meet regulatory outcomes specified in the regulations;

(3) each functional entity shall be given unique identity by the access provider(s) to be used to authenticate and track the events;

2. Every Access Provider shall formulate structure and format for headers to be assigned Senders for the purpose of commercial communications via sending SMS or making voice calls to participants which shall include following

(1) SMS Header, SMS Header Root, SMS Header Branch for Senders sending Promotional SMS, Transactional SMS and Service SMS from 11-character alphanumeric strings which are not allocated or assigned by DoT for other purpose(s) or in accordance to directions of the Authority/ DoT;

(2) Calling Line Identity for Senders making Promotional Voice Calls, Transactional Voice Calls and Service Voice Calls from 140-level numbering series or any other numbering series directed by the Authority/DoT;

3. Every Access Provider shall formulate Code of Practice for Entities (CoP-Entities) involved from registered sender(s) to recipient(s) and

(1) CoP-Entities shall include at least following entities

(a) Header Registrar;

(b) Consent Registrar;

(c) Consent Template Registrar;

(d) Content Template Registrar;

(e) Content Template Verifier;

(f) Telemarketer Functional Entity Registrar for various functions prescribed in the relevant regulation(s);

(g) timeline(s) for implementation of the functionality referred in code of practice and operationalizing it;

(h) such other matters as the Authority may deem fit, from time to time;

(2) CoP-Entities shall also include at least following Distributed Ledger Nodes for the purpose of

(a) Header Register;

(b) Consent Register;

(c) Consent Template Register;

(d) Content Template Register;

(e) Content Template Verifier;

(f) Complaint Register;

(g) Preference Register;

(h) Telemarketer Scrubbing Function Register;

(i) Telemarketer Message Delivery Function Register;

(j) Telemarketer Voice Delivery Function Register;

(3) CoP-Entities shall include at least following

(a) implementation details for all functional entities;

(b) additional measures, as deemed fit by access provider(s), for functional entities required to ensure regulatory compliance;

(c) minimum standards of technical measures to effectively control the sending of unsolicited commercial electronic messages;

(d) technical mechanism to make available latest version of relevant and reliable data for an entity to carry out its desired function;

(e) such other matters as the Authority may deem fit, from time to time.

4. Every Access Provider shall carry out following functions

(1) Header Registration Function (HRF)

(a) assign header or Header root for SMS via Header Registration Functionality, on its own or through its agents, as per allocation and assignment principles and policies, to facilitate content provider or principal entity to get new headers;

(b) carry out pre-verifications of documents and credentials submitted by an individual, business entity or legal entity requesting for assigning of the header;

(c) bind with a mobile device and mobile number(s), in a secure and safe manner, which shall be used subsequently on regular intervals for logins to the sessions by the header assignee;

(d) carry out additional authentications in case of a request for headers to be issued to SEBI registered brokers or other entities specified by Authority by directions, orders or instructions issued from time to time;

(e) carry out additional authentications in case of a request for headers to be issued to government entities, corporate(s) or well-known brands, including specific directions, orders or instructions, if any, issued from time to time by the Authority;

(f) carry out additional checks for look-alike headers which may mislead to a common recipient of commercial communication, it may also include proximity checks, similarity after substring swaps specifically in case of government entities, corporate(s), well-known brands while assigning headers irrespective of current assignments of such headers, and to follow specific directions, orders or instructions, if any, issued from time to time by the Authority;

(2) Consent Registration Function (CRF)

(a) record consent via Customer Consent Acquisition Functionality on Consent Register, on its own or through its agents, to facilitate consent acquirers to record the consent taken from the customers in a robust manner which is immutable and non-repudiable and as specified by relevant regulations;

(b) Presenting content of consent acquisition template to the customer before taking consent;

(c) Taking agreement to the purpose of consent and details of sender;

(d) Authenticate customer giving the consent through OTP;

(e) record revocation of consent by the customer via revoke request in a robust manner which is immutable and non-repudiable and as specified by relevant regulations;

(f) record sufficient contact information, valid for at least 30 days, required to revoke consent and present it to recipient to enable them to submit request for revoking consent;

(3) Content Template Registration Function (CTRF)

(a) to check content of the template being offered for registration as a transactional template and service message template;

(b) to identify fixed and variable portion(s) of the content in the offered transactional template and service message template with identification of type of content for each portion of variable part of the content, e.g. date format, numeric format, name of recipient, amount with currency; reference number, transaction identity;

(c) to estimate the total length of variable portion, viz. total length of fixed portion for a typical transactional message, service message for offered template;

(d) to de-register template or temporarily suspend use of template;

(e) to generate one-way hash for fixed portion of content of template and ways to extract fixed portion and variable portion(s) from actual message for carrying out pre and post checks of actual content of actual message offered for delivery or already delivered;

(f) to check content of the template being offered for registration as a promotional from perspective of content category;

(g) assigning unique template identity to registered template of content;

(4) Scrubbing function (SF)

(a) to process scrubbing as defined, in a secure and safe manner, using preferences and consent of customer(s) and category of content;

(b) provide details about preferred time slots and types of days for delivery;

(c) take necessary measures to protect Preference Register and Consent Register data during scrubbing, e.g. by Generating virtual identities and tokens for each number for the messages and voice calls and not disclosing real identities to any other entity than authorized to know it;

(d) make available relevant details of scrubbed list to corresponding OAPs and TAPs for carrying out reverse mapping of virtual identities to real identities for further delivery;

(e) to identify and report probable instances of request received for scrubbing of list of phone numbers collected through harvesting software or instances of dictionary attack to relevant entities authorized to take action;

(5) Content Verification Function (CVF)

(a) to identify the content type and category of messages to be delivered or already delivered via an automated tool or utility software;

(6) Delivery Function for Messages with Telecom Resource Connectivity to Access Provider (DF)

(a) deliver messages to OAP, in a secure and safe manner, during specified time slots and types of days of delivery in accordance to the preferences of the customer(s);

^*[(b)] select OAP for particular customer(s) or messages and conveying to Scrubber for generating tokens for corresponding OAP to access information of list of messages which would be required to be delivered by it;

(7) Aggregation Function for Message to other Telemarketer for delivery function (AF)

(a) deliver messages to RTM having telecom resource connectivity with access provider(s), in a secure and safe manner;

(8) Voice Calling Function with Telecom Resource Connectivity (VCF)

(a) deliver voice calls to OAP, in a secure and safe manner, during specified time slots and types of days of delivery in accordance to the preferences of the customer(s);

(b) select OAP for particular customer(s) or voice calls and conveying selected OAPs to Scrubber for generating tokens for corresponding OAP to access information of list of messages which would be required to be delivered by it;

5. Every Access Provider shall set up following functional entities or may delegate roles to perform following functions

(1) Header Registrar (HR) to

(a) establish and maintain header register as distributed ledger to keep headers, in a secure and safe manner, and make accessible relevant information for identifying the assignee at the time of request to carry out various functions, e.g. scrubbing function from the registered telemarketers for scrubbing, delivery function from telemarketer;

(b) carry out Header Registration Function;

(c) keep record of headers throughout its lifecycle, i.e. free for assignment, assigned to an entity, withdrawn, surrendered, re-assigned etc.;

(d) keep record of header(s), header root(s) reserved for specific purpose;

(e) synchronize records, in real time, among all header ledgers available with participating nodes in Header Registration Functionality in an immutable and non-repudiable manner;

(f) maintain with minimum performance requirements as specified;

(g) perform any other function and keep relevant details required for carrying out pre and post checks for regulatory compliance;

(2) Consent Registrar (CR) to

(a) establish and maintain consent register as distributed ledger to keep consent, in a secure and safe manner, and make accessible relevant data for scrubbing function to the registered telemarketers for scrubbing;

(b) establish Customer Consent Acquisition Facility (CCAF), to record recipient's consent to receive commercial communications from the sender or consent acquirer;

(c) establish Customer Consent Verification Facility (CCVF) for the purpose of facilitating

(i) customers to verify, modify, renew or revoke their consent in respect of commercial communications, and

(ii) Access Providers to verify the consent in case of complaint;

(d) keep consent for each consent acquirer, in a manner that client data of entity is adequately protected;

(e) keep record of revocation of consent by the customer, whenever exercised, in an immutable and non-repudiable manner;

(f) synchronize records, in real time, among all consent ledgers available with participating nodes in Consent Acquisition Functionality in an immutable and non-repudiable manner;

(g) maintain with minimum performance requirements as specified;

(h) perform any other function and keep relevant details required for carrying out pre and post checks for regulatory compliance;

(3) Content Template Registrar (CTR) to

(a) carry out content template registration function;

(b) keep records of registered templates in immutable and non repudiable manner;

(c) maintain with minimum performance requirements as specified;

(d) perform any other function and keep relevant details required for carrying out pre and post checks for regulatory compliance;

(4) Content Format and Type Verifiers (CFTV) to

(a) carry out content verification;

(b) keep records with all relevant details for future references;

(5) Telemarketers for Scrubbing function (TM-SF) to

(a) carry out scrubbing;

^*[(b)] keep record of all numbers scrubbed for complaints resolution;

^*[(c)] maintain with minimum performance requirements as specified;

^*[(d)] perform any other function and keep relevant details required for carrying out pre and post checks for regulatory compliance;

(6) Telemarketers for Delivery Function of Messages with telecom resource connectivity to AP (TM-DF) to

(a) carry out delivery function

(b) insert its Unique identity with delivery processing reference number along with identity through which scrubbing was carried out;

(c) authenticate source of the messages submitted for delivery by header assignee or by aggregator and ensure their identity is part of content of message for traceability;

(d) maintain with minimum performance requirements as specified;

(e) perform any other function and keep other relevant details which may be required for carrying out pre and post checks for regulatory compliance;

(7) Telemarketers for Aggregation Function for messages to other Telemarketer for delivery function (TM-AF) to

(a) carry out aggregation function;

(b) keep record of all numbers aggregated for complaints resolution and traceability;

(c) authenticate source of the messages submitted for delivery by header assignee or by aggregator and ensure their identity is part of content of message for traceability;

(d) maintain with minimum performance requirements as specified;

(e) perform any other function and keep other relevant details which may be required for carrying out pre and post checks for regulatory compliance;

(8) Telemarketer for voice calling function with Telecom Resource Connectivity for voice calls to Access Provider (TM-VCF) to

(a) to carry out voice calling function;

(b) take necessary measures to protect Preference Register and Consent Register data during voice calling, e.g. using virtual identities to make voice calls on a secure Internet Protocol (IP) based Virtual Private Networks (VPN) with OAP and not disclosing real identities to any other entities than authorized to know it;

(c) take initiatives to enable calling name display (CNAM) based on Intelligent Network or ISDN based protocols, enhanced calling name (eCNAM) functionality as defined in 3GPP technical specifications TS 24.196 for providing services to terminating user with the name associated with the originating user and optionally delivering metadata about that originating user;

(d) maintain with minimum performance requirements as specified;

(e) perform any other function and keep other relevant details which may be required for carrying out pre and post checks for regulatory compliance;

6. Every Access Provider shall ensure that

(1) content of any commercial communication sent by the sender(s) shall be categorized and compared with the list of preference(s) of the recipient and/or purpose of consent given by the recipient to the sender for the purpose of scrubbing and for this purpose access provider shall ensure that

(a) any commercial communication through its network takes place only using registered content template(s) for transaction and/ or content template(s) for promotion;

(b) Unique Identity for registered template of content shall be assigned to the sender(s) at the time of registration of content template;

(c) Following Label shall be prefixed by the access provider to the text of commercial communication

(i) Label <Transactional> in case of Transactional Message;

(ii) Label <Service> in case of Service Message;

(iii) Label <Promotional> in case of Promotional Message;

(d) Every Access Provider shall suffix relevant information required to revoke the consent to the text of promotional message;

(e) Content template shall be recorded on Distributed Ledger for Content Template (DL-CT) in an immutable and non repudiable manner;

(2) commercial communication is sent to the particular telephone number(s) in the target list of telephone numbers provided by the sender, to whom he wishes to send commercial communication only after scrubbing the target list and scrubbing includes

(a) verification of preference(s) by comparing the target telephone numbers, category of content with the list of telephone numbers and preference(s) of category of content by the target recipient customer in the Distributed Ledger for Preference (DL-Preference); and

(b) verification of consent(s) by comparing the target telephone number(s), category of content with the list of telephone numbers and consent(s) given by the recipient to the sender in the Distributed Ledger for Consent (DL-Consent); and

(c) verification of time band(s) by comparing the target telephone number(s), type of target time band for delivery with the list of telephone numbers and preference(s) of time band(s) of target recipient customer in Distributed Ledger for Preference (DL-Preference); and

(d) verification of type of day(s) by comparing the target telephone number(s), type of target day(s) for delivery with the list of telephone numbers and preference(s) of type of day(s) of target recipient customer in Distributed Ledger for Preference (DL-Preference);

(e) output of scrubbed list is a positive match of verifications in either of 2(a) or 2(b) as consent given by the recipient to the sender(s) shall override choice of preference(s) made by the recipient customer and positive match of verifications in 2(c) or 2(d);

7. Every Access Provider shall formulate

(1) Message Sequence Charts for messages with parameter details and time sequence to provide details about the process between two entities and action taken by particular entity;

(2) Flow Charts to provide details about the process between two entities and action taken

Code of Practice for Process of registration, modification or deregistration of Preferences, recording consent and revocation of consent

1. Procedure for registration or change of preference of Categories of content for Commercial Communications:

^*[(1)] Customer can opt-out for any or all of following Commercial Communications Content category(ies) of content:

Note-1: In case of communication with customer executive of Customer Care Center of access provider, preference to opt-out may be communicated;

Note-2: Customer to be communicated with confirmation and final status along with options to unblock;

Note-3: FULLY BLOCK option shall put the customer in Fully Blocked state and block service as well as promotional types of commercial communications for all categories of content, mode, time band and day types;

Note-4: BLOCK PROMO option shall block only promotional types of commercial communications for all categories of content, mode, time band and day types except service and transaction type of commercial communications;

Provided that the Authority may, from time to time, add or remove number of category(ies), or sub category(ies) for content;

^*[(2)] Customer can opt-in for any or all of following Commercial Communications Content category(ies) of content:

Note-1: In case of communication with customer executive of Customer Care Center of access provider, preference to opt-in may be communicated;

Note-2: Customer to be communicated with confirmation and final status along with options to block

Note-3: UNBLOCK ALL option shall unblock all categories of content, mode, time band and day types with default options;

Note-4: UNBLOCK 51 shall restore service type of commercial communications for all categories of content, mode, time band and day types as per the previous state of the customer while he exercised block option last time or with the default options as the case may be while promotional type of commercial communications shall remain in blocked state;

Provided that the Authority may, from time to time, add or remove number of category(ies), or sub category(ies) for content;

2. Procedure for registration of preference or change of preference of Mode for Commercial Communications

(1) Customer can opt-out of any or all of following category(ies) of mode(s) of communication:

Note-1: In case of communication with customer executive of Customer Care Center of access provider, preference to opt-out may be communicated;

Note-2: Customer to be communicated with confirmation and final status along with options to unblock;

Note-3: BLOCK 10 option shall block all categories of modes except transactional type commercial communications while saving the status of customer for categories of time band and day types;

Provided that the Authority may, from time to time, add or remove number of category(ies), or sub category(ies) for mode;

(2) Customer can opt-in for any or all of following category(ies) of mode(s) of communication:

Note-1: In case of communication with customer executive of Customer Care Center of access provider, preference to opt-in may be communicated;

Note-2: Customer to be communicated with confirmation and final status along with options to block;

Note-3: UNBLOCK 80 option shall restore all categories of modes for categories of time band and day types as per the previous status of customer when he exercised block option last time or as per the default options as the case maybe;

Provided that the Authority may, from time to time, add or remove number of category(ies), or sub category(ies) for modes;

3. Procedure for registration or change of preference of Time band(s) for Commercial Communications

(1) Customer can opt-out of any or all of following time bands for receiving of commercial communications:

Note-1: Time Bands (i), (ii), (iii) and (ix) shall be default OFF for all customers irrespective of the status of registration of customer i.e. for all customers including those who have not registered any type of preference(s), anytime unless customer has registered its preference(s) and switched ON;

Note-2: In case of communication with customer executive of Customer Care Center of access provider, preference to opt-out may be communicated;

Note-3: Customer to be communicated with confirmation and final status along with options to unblock;

Note-4: BLOCK 20 option shall block all categories of modes while saving current status of customer for categories of content, time band and day types, however transactional type of commercial communications may not be blocked;

Provided that the Authority may, from time to time, add or remove number of category(ies), or sub category(ies) for time band;

(2) Customer can opt-in for any or all of following time band(s):

Note-1: In case of communication with customer executive of Customer Care Center of access provider, preference to opt-out may be communicated;

Note-2: Customer to be communicated with confirmation and final status along with options to block;

Note-3: UNBLOCK 70 shall restore all categories of time bands for the customer in which he was before he exercised option to block last time, if any, otherwise as per the default options;

Provided that the Authority may, from time to time, add or remove number of category(ies), or sub category(ies) for time band;

4. Procedure for registration or change of preference of Day Type(s) for Commercial Communications

(1) Customer can opt-out of any or all of following day type(s):

Note-1: Time Bands (i), (ii), (iii) and (ix) shall be default OFF for all customers irrespective of the status of registration of customer i.e. for all customers including those who have not registered any type of preference(s), anytime unless customer has registered its preference(s) and switched ON;

Note-2: In case of communication with customer executive of Customer Care Center of access provider, preference to opt-in may be communicated;

Note-3: Customer to be communicated with confirmation and final status along with options to unblock;

Note-4: BLOCK 30 option shall block all categories of types of days while saving the status of customer for categories of time band and day types, however transactional type of commercial communications may not be blocked;

Provided that the Authority may, from time to time, add or remove number of category(ies), or sub category(ies) for day type(s);

(2) Customer can opt-in for any or all of following day type(s):

Note-1: In case of communication with customer executive of Customer Care Center of access provider, preference to opt-in may be communicated;

Note-2: Customer to be communicated with confirmation and final status along with options to block;

Note-3: UNBLOCK 60 shall restore all categories of types of day for the customer in which he was before he exercised option to block last time, if any, otherwise as per the default options;

Provided that the Authority may, from time to time, add or remove number of category(ies), or sub category(ies) for day type(s);

5. Recording preferences on Distributed Ledger for Preferences (DL-Preferences)

(1) Access Provider shall automate its internal systems and develop appropriate APIs to interact with DLPreferences;

(2) Access Provider shall record preferences on DL-Preferences within 15 minutes for requests received from all modes;

(3) These revised preferences shall be available, in real time, for considerations by entities for scrubbing process for new list of telephone numbers under process, however, earlier messages or voice calls which have already been scrubbed and have validity may be delivered;

6. Every Access Provider shall establish, maintain and operate Distributed Ledger(s) for Preference (DL-Preference) with requisite functions, process and interfaces

(1) to record choices of preference(s) exercised by the customer in the Distribute Ledger for Preferences (DLPreferences) in an immutable and non repudiable manner;

(2) to record, at least, following details of the customer who has registered its preference(s):

(a) telephone number in the international numbering format as referred in the National Numbering Plan;

^*[(b)] Location Routing Number (LRN), as assigned by DoT to the access provider, of current serving network of the customer and changes in LRN of the new serving network, in case customer is being ported-in during Mobile Number Portability;

^*[(c)] lifetime history, with date(s) and time stamp(s), of choices exercised by the customer for registering his preference(s) and subsequent changes to it made by the customer from time to time;

^*[(d)] changes in the subscription of telephone number, during the process of opening and closing of subscription;

^*[(e)] unique registration number issued at the time of registration of preference(s);

(3) to interact and exchange information with other relevant entities, responsible to carry out functions for regulatory compliance(s), in a safe and secure manner;

(4) to support any other functionalities as may be required to carry out functions for regulatory compliance(s);

7. Every Access Provider shall establish facility for revoking the consent by its customers and shall make necessary arrangements

(1) to receive request, from the customer, for revoking the consent, if any, given by the recipient to the sender or to the consent acquirer for the purpose of receiving a commercial communication message or voice call;

(2) to provide modes, free of cost, to the customer, as per his choice, to revoke consent either by

(i) sending SMS to short code 1909 with Label <Revoke> and <Sender ID> or to telephone number mentioned in the message or during the voice call received from the sender(s); or

(ii) calling on 1909 or number mentioned for revoking the consent during the voice call received from the sender(s); or

(iii) calling on customer care number; or

(iv) Interactive Voice Response System (IVRS); or

(v) Mobile app developed in this regard either by the Authority or by any other person or entity and approved by the Authority; or

(vi) Web portal with authentication through OTP; or

(vii) Any other means as may be notified by the Authority from time to time.

(3) to remove the recipient's contact information (telephone number to which the message was sent) from the consent record(s) corresponding to the sender for all purposes requiring explicit consent except in case specific purpose(s) is indicated by the customer during revocation of consent from the consent register within 1 business day;

(4) to duly acknowledge the customer's request to revoke the consent with unique reference number;

(5) to ensure that any person who receives request to revoke consent must not disclose the customer's personal information to others without his consent;

(6) to fetch details of the consent including its purpose(s), details about day and time when it was taken, and details about sender(s) or consent acquirer(s) who has or have taken the consent;

8. Every Access Provider shall establish, maintain and operate Distributed Ledger(s) for Consent (DL-Consent) with requisite functions, process and interfaces

(1) to record consent given by the customer to sender(s) or consent acquirer(s) in the Distribute Ledger for Consent (DL-Consent) in an immutable and non repudiable manner;

(2) to record, at least, following details of the consent

(a) telephone number of customer in international numbering format as referred in National Numbering Plan;

(b) Header of Sender(s) or Consent Acquirer(s) against which consent is taken;

(c) Day & Time when consent was taken;

(d) Validity period of consent;

(e) Type and purpose(s) of consent;

(3) to make consent data accessible for other entities in safe and secure manner;

(4) to keep record of revocation of consent by the customer with specific purpose(s), if any, in an immutable and non-repudiable manner;

(5) to interact and exchange information with other relevant entities, responsible to carry out functions for regulatory compliance(s), in a safe and secure manner;

(6) to support any other functionalities as may be required to carry out functions for regulatory compliance(s);

9. Every Access Provider shall specify

(1) Entity and process for generation of One Time Password (OTP) for different purposes and its validity period;

(2) Entity and process for verification of OTP received from the customer or for verification of entity carrying out activity under Code(s) of Practice for Entities;

10. Every Access Provider shall formulate

(1) Message Sequence Charts for messages with parameter details and time sequence to provide details about the process between two entities and action taken by particular entity;

(2) Flow Charts to provide details about the process between two entities and action taken;

List of Action items for Code of Practice for Complaint Handling (CoP-Complaints)

1. Every Access Provider shall formulate Code of Practice for Complaint handling (CoP-Complaints) and shall prescribe role, responsibilities of entities involved in examining, investigating and resolving complaints;

2. CoP-Complaints shall also include details about

(1) Complaint registration through voice call

(a) Procedure for a customer to make a call to 1909 for registering his complaint.

(b) Procedure and role of the customer care executive to interact with the customer about the details like particulars of telemarketer, the telephone number from which the unsolicited commercial communication has originated the date, time and brief description of such unsolicited commercial communication.

(c) Procedure and role of the customer care executive to register the customer complaint and acknowledge the complaint by providing a unique complaint number.

(2) Complaint Registration through SMS

(a) Format for making complaints in which a customer may register his complaint pertaining to receipt of unsolicited commercial communication.

^*[(b)] Details to be provided by the complainant e.g. Unsolicited Commercial Communications with date on which it was received along with content of received message and in case of voice call, brief of content of communication etc.

(3) Complaint registration through a mobile app

(a) Functioning of intelligent and intuitive mobile app(s) for devices with different operating systems and helping customer to identify and report suspected sources of spam and also making use of it by the customer to make complaints;

(b) Ways and means which can be used to enhance mobile App and other modes for the customer to help him to identify probable source of spam in an intelligent manner and offers to select source of messages and voice calls against which complaint is to be made;

(c) Ways and means which can be used by the customer to compose complaint on behalf of recipient in a convenient manner and quickly;

(d) App which helps user of app to keep track of complaints made earlier for the app user;

(e) Ways and means to Increase adoption of App to quickly detect spam participate to actively report to lead to larger set of information helpful to curb menace of Unsolicited Commercial Communications;

(4) Complaint registration through Web Portal

(a) Procedure for the customer to make complaints by visiting website of access provider and register his complaint.

(b) Procedure for filling form and design it for the purpose of filing complaint with all relevant details required to investigate complaint and take appropriate action;

(c) Procedure for authentication process to ensure that complaint is made by recipient;

(d) Procedure to generate and communicate Reference number to the customer which may be used to check status of complaint;

3. Every Access Provider shall formulate

(1) Message Sequence Charts for messages with parameter details and time sequence to provide details about the process between two entities and action taken by particular entity;

(2) Flow Charts to provide details about the process between two entities and action taken;

Action Items for preparing Code of Practice for Unsolicited Commercial Communications Detection (CoP-UCC_Detect)

1. Every Access Provider shall establish, maintain and operate following system, functions and processes to detect sender(s) who are sending Unsolicited Commercial Communications in bulk and not complying with the regulation(s), and act to curb such activities

(1) System which have intelligence at least following functionalities

(a) identifying sender(s) on basis of signature(s);

(b) deploying honeypot(s) and using information collected by it;

(c) evolving signature(s) by learning over time;

(d) interface to exchange information with similar system(s) established by other access provider(s) to evolve signature(s), detecting sender using Sender Information (SI);

(e) considering inputs available from DL-Complaints about complaints and reports and analyze them;

(f) considering inputs available, if any, from any other network element(s) of the access provider system(s);

(2) provide ways and means for resolving complaint(s) by sharing information related to telephone number(s) of sender(s) against which complaint is made;

2. Every Access Provider shall formulate codes of practice (CoP-UCC_Detect) for system, functions and process prescribed as following

(1) implementation details for detecting Unsolicited Commercial Communications related to suspicious unregistered telemarketing activity using Signature solution, deploying honeypots and other technical measures;

(2) minimum standards of technical measures to share intelligence information, rules, criteria to detect suspected sources of spam;

(3) approaches to detect and identify unregistered Unsolicited Commercial Communications sender(s), who are camouflaging themselves by fragmenting their activity across multiple phone numbers;

(4) approaches for deployment of honeypots to capture Unsolicited Commercial Communications voice call(s);

(5) approaches to detect and identify source(s) of dictionary attacks;

(6) timeline(s) for implementation of the functionality referred in code of practice and operationalizing it;

(7) such other matters as the Authority may deem fit, from time to time.

3. Report of entities found to be engaged in making or causing to make silent calls, robocalls, abandoned calls or using telephone directory harvesting software to make Unsolicited Commercial Communications, as and when came to notice of the access provider, or as provided for in the regulations for the registered sender(s) with the access providers, on basis of following criteria

(a) Ratio of Abandon Calls to total attempted calls for a registered entity exceeding 3% over a period of 24 Hours by an entity using Auto Dialer for Commercial Communications calls;

(b) Ratio of Silent Calls to total attempted calls for a registered entity exceeding 1% over a period of 24 hour by an entity using Auto Dialer for Commercial Communications Calls;

(c) Entity(ies) found to be using telephone number harvesting software for sending Unsolicited Commercial Communications are barred to use their network;

Action Items for preparing Code of Practice for Periodic Monthly Reporting (CoP-PMR)

1. Maintaining records of complaints on daily basis for each service area

(a) total number of complaints received on each day, from its customers as Terminating Access Provider, in each service area, against any registered sender;

(b) total number of complaints transferred on each day, to Originating Access Provider(s) including itself, in each service area, against any registered sender;

(c) total number of complaints to be resolved as an Originating Access Provider, according to the date of receipt of complaints;

(d) total number of complaints rejected on account of insufficient details for further examination, according to the date of receipt of complaint;

(e) total number of complaints to be resolved as an Originating Access Provider, according to the date of occurrence of unsolicited commercial communication;

(f) total number of senders against whom complaints were reported under clause (c);

(g) total number of complaints out of reported complaints under clause (f), after completion of investigation, found to be valid complaint(s);

(h) total number of senders out of reported senders under clause (f), found to be non-compliant as per the provisions provided for in these regulations or Code(s) of Practice;

(i) total number of senders out of reported senders under clause (h), who were put under restricted limits of usage provided for in Code(s) of Practice, as an interim measure to control unsolicited commercial communications during the investigation phase;

(j) numbers of commercial communications sent by each sender, reported under clause(i);

(k) total number of entities other than sender(s), after completion of investigation, found to be not compliant to the provisions provided for in these regulations or Code(s) of Practice and actions taken against them;

(1) report total number of complaints on a day, for any sender, reported under clause(h);

2. Maintain records of complaints, from its customers and received from Terminating Access Provider(s), against unregistered sender(s) for sending unsolicited commercial communications on daily basis for each service area

(a) total number of complaints received on each day, from its customers as Terminating Access Provider, in each service area, against any unregistered sender;

(b) total number of complaints transferred on each day, to Originating Access Provider(s) including itself, in each service area, against any unregistered sender;

(c) total number of complaints to be resolved as an Originating Access Provider, according to the date of receipt of complaints;

(d) total number of complaints rejected on account of insufficient details for further examination, according to the date of receipt of complaint;

(e) total number of complaints to be resolved as an Originating Access Provider, according to the date of occurrence of unsolicited commercial communication;

(f) total number of senders against whom complaints were reported under clause (e);

(g) total number of complaints out of reported complaints under clause(e), after completion of investigation, found to be valid complaint(s);

(h) total number of senders, under clause(f) against whom complaints were found to be valid;

(i) total number of senders out of reported senders under clause(h), who were put under usage cap, as an interim measure to control unsolicited commercial communications during the investigation phase;

(j) total number of senders out of reported senders under clause (i), who were put under Usage Cap or disconnected, after conclusion of the investigation with following breakup

(i) number of senders who were given warning against first instance of violations;

(ii) number of senders found to violating second time;

(iii) number of senders found to be violating third or more number of times;

(k) numbers of commercial communications sent by each sender, reported under clause(h);

(l) total number of outgoing communications made by the sender(s), reported under clause(f) and exceeding the restriction limits from the deemed date of imposition of such restrictions;

List of key activities (but not an exhaustive list) for preparation of migration plan

(1) Introducing Distributed Ledger (DL) for registration of entities (DL-Entities);

(a) To register entities declared by access provider or access provider(s) together for various functions and registers like

(i) Header Register;

(ii) Consent Register;

(iii) Consent Template Register;

(iv) Content Template Register;

(v) Content Template Verifier;

(vi) Complaint Register;

(vii) Preference Register;

(viii) Telemarketer Scrubbing Function Register;

(ix) Telemarketer Message Delivery Function Register;

(x) Telemarketer Voice Delivery Function Register;

(b) Deadline(s) for registering entities with DL-Entities

(i) Header Register;

(ii) Consent Register;

(iii) Consent Template Register;

(iv) Content Template Register;

(v) Content Template Verifier;

(vi) Complaint Register;

(vii) Preference Register;

(viii) At least one entity for Telemarketer Scrubbing Function;

(ix) At least one entity for Telemarketer Message Delivery Function Register;

(x) At least one entity for Telemarketer Voice Delivery Function Register;

(2) Registration of existing assignee of Headers with Header Registrar;

(a) stop assigning headers without verification of identity and scope of senders;

(b) register existing assignee of headers after verification of identity and scope documents of Unsolicited Commercial Communications sender(s) and bind to phone number(s);

(c) assign or reassign current owner of header(s) considering at least following:

(i) Whether headeris not assigned to any other sender(s);

(ii) Whether header is matching with brand name of a company;

(iii) Whether header is look alike with other popular header(s) and may mislead recipients;

(iv) Any other reason or fact which is important to consider before assigning header;

(d) use temporary header(s), during migration phase, for all earlier assigned headers;

(e) fixing deadline for working of temporary headers;

(3) Start assigning new headers

(a) assign headers after due diligence, verification of identity and scope documents of Unsolicited Commercial Communications sender(s) and bind to phone number(s);

(b) consider reason(s) and fact(s) which are important to be considered before assigning headers and do not mislead recipients;

(c) consider headers which may be required to be reserved for central and state government entities and also for statutory bodies;

(4) Develop mobile app for devices which may be required for senders during login to sessions for various activities like scrubbing, submission of messages to delivery, making voice calls etc.;

(5) Introduce telemarketer with scrubbing function, separate from telemarketer with delivery function

(6) Scrubbing envisaged in final form to be achieved in phased manner

(i) Initially, using data from existing register for customers' preferences;

(ii) subsequently, using records of DL-Preferences;

(iii) then using records of DL for Header Register;

(iv) then introducing virtual identities and tokens among entities to access real identities;

(v) then using records of DL for consent;

(7) Introduce DL for Complaints;

(8) Register existing consents on Consent Register;

(a) Register existing consents with consent registrar in robust manner to make it non-repudiable;

(b) stop taking consent not in accordance to these regulations;

(c) fix deadline for expiry of consent not registered with consent registrar;

(9) Register new consents on consent register as prescribed in relevant regulations or schedule or directions

(a) Develop Application Programme Interfaces (APIs) for Senders to recording consent with user agent or application client available on a mobile device or enterprise system;

(b) Broadening of installation and active base of consent acquisition application client;

(10) Make consent system ready to become part of scrubbing for all cases;

(11) Migration of existing registers with TRAI;

(a) Migrate NCPR data to DL-Preferences and have observer node for TRAI;

(b) Migrate Telemarketer registration module data of National Telemarketer Register (NTR) to DL-Entities and have observer node for TRAI;

(c) Migrate complaint module data to DL-Complaints and have observer node for TRAI;

(12) Introduce observer node of DL-Consents and observer nodes of rest of registers envisaged in the relevant regulations;

(13) Enhance signature solution capabilities and exchange intelligence information, rule, criteria and other relevant information among access providers to detect and identify suspicious Unregistered Telemarketing Activities more effectively and efficiently;

(14) Deploy honeypots to detect and identify suspicious Unsolicited Commercial Communications Voice calls by capturing relevant information;

1. Telecom Regulatory Authority of India, Noti. No. 311-04/2017-QoS, dated July 19, 2018 and published in the Gazette of India, Extra., Part III, Section 4, dated 19th July, 2018, pp. 92-175, No. 275.

2. Subs. by Noti. No. 311-04/2017-QoS, dt. 21-12-2018 (w.e.f. 21-12-2018). Prior to substitution it reads as: (e) Regulations 23, 24, 25, 26, 27, 29 of these regulations shall come into force after 150 days from the date of publication of these regulations in the Official Gazette;

3. Ins. by Noti. No. 311-04/2017-QoS, dt. 21-12-2018 (w.e.f. 21-12-2018).

* Corrected by Noti. No. 311-04/2017-QOS, dt. 21-12-2018.

* Corrected by Noti. No. 311-04/2017-QOS, dt. 21-12-2018.

* Corrected by Noti. No. 311-04/2017-QOS, dt. 21-12-2018.

* Corrected by Noti. No. 311-04/2017-QOS, dt. 21-12-2018.

* Corrected by Noti. No. 311-04/2017-QOS, dt. 21-12-2018.

* Corrected by Noti. No. 311-04/2017-QOS, dt. 21-12-2018.

* Corrected by Noti. No. 311-04/2017-QOS, dt. 21-12-2018.

* Corrected by Noti. No. 311-04/2017-QOS, dt. 21-12-2018.

* Corrected by Noti. No. 311-04/2017-QOS, dt. 21-12-2018.

* Corrected by Noti. No. 311-04/2017-QOS, dt. 21-12-2018.

* Corrected by Noti. No. 311-04/2017-QOS, dt. 21-12-2018.

* Corrected by Noti. No. 311-04/2017-QOS, dt. 21-12-2018.