wordpress blog stats
Connect with us

Hi, what are you looking for?

Summary: Draft DoT M2M norms require “decryption” of data, assistance in counteracting “espionage”

With less than ten days provided for comments from stakeholders, the Department of Telecommunications has put out a set of Draft Guidelines for Registration Process of M2M Service Providers (M2MSP) & WPAN/WLAN Connectivity Provider for M2M Services. Machine to Machine services (M2M services) are when two distinct technological entities (such as routers or autonomous vehicles) communicate with each other with minimal human intervention. In 2017, the Telecom Regulatory Authority of India had recommended, among other things, that third-party companies providing such connectivity services using telecom resources should obtain a registration from the government. The last day for comments is currently July 1.

The security conditions of the guidelines require that M2M service providers assist the government in decrypting information on their networks, and provide assistance in counteracting “espionage, subversive act, sabotage, or any other unlawful activity”.

Summary of the guidelines

Definitions: M2M services in the draft rules are defined as involving “communication of end device/object with predefined back-end platform(s) either directly or through some gateway. Examples of M2M services include fleet management, supply chain management, agriculture automation, smart utilities including power, water, gas, etc. The M2M end devices/objects and the platform(s) collecting and analysing information from these devices/ objects are controlled by some organization.” (emphasis supplied)

General terms

  1. M2M service provider registration can be provided to any entity in India that is registered under the LLP Act, 2008, Companies Act, 2013, or the Shops and Establishment Act. M2MSPs should provide details of incorporation while registering. Registration for M2M service provision and WPAN/WLAN (wireless personal/local area network) connectivity solutions are separate. Registration will require a non-refundable Rs 5,000 application fee. DoT will grant certificate within 15 days of receiving a complete application.
  2. M2MSPs should not infringe upon the jurisdiction of telecom licensees, and should only provide services for which they are registered. The registration is not transferable. Telecom operators seeking to provide M2M services to third parties need to register under these rules too.
  3. “Applicant shall provide the details of location of their IT setup/core network at the time of registration. However, if there are any changes in location of their IT setup/core network at a later point of time, the same shall be intimated to the Authority within 5 days of shifting the operation to the next location.” Similar changes in authorised signatories, address, and contact details of the company as well as partners of the company have to be intimated to DoT within 30 days.
  4. Registration can be surrendered with a 60 days’ notice. Suspension can be done through a 21-day notice period by DoT unless the “situation so warrants” to get rid of the license immediately, in which case the decision shall be final and binding.
  5. DoT is indemnified from all claims related to the provision of the service. The department is empowered to conduct investigations into complaints, and the applicant must comply with such requests.

Technical conditions

  1. M2MSPs and WPAN/WLAN service providers have to use an authorised telecom provider’s services for backhaul connectivity. Unlicensed spectrum bands (like WiFi) can be used. KYC guidelines should be obeyed when registering SIM cards and connections for such backhaul connectivity, which can be audited by DoT at any time. Service providers should tell DoT from which telco they’re getting services and notify changes in provider.
  2.  “The details of all the customers of M2M services i.e., physical custodian of machines fitted with SIMs, shall be maintained by M2MSP. Up-dated information regarding (a) details of M2M end device i.e. IMEI, ESN etc., (b) Make, Model, Registration number etc. of the machines (i.e. Cars, Utility Meters, POS etc.) & (c) corresponding physical custodian’s name and address shall be made available to Telecom Licensee and designated Authority by M2MSP. Any changes in customers and machines details shall be updated.”
  3. Guidelines issued to regulate SIMs that are manufactured abroad and imported (such as in Kindle 4G devices and cars) should be obeyed. e-SIM guidelines issued by DoT in the past should be followed.
  4. Quality of Service guidelines as may be prescribed by TRAI should be followed. A “duty cycle” of 10% should be maintained at all times.
  5. For disaster management and emergency response, any guidelines or directions that may be issued by DoT should be followed.
  6. Devices that ship with a SIM card should come with a leaflet that tells customers to tell the M2MSP if they’re reselling or transferring the device.

Security conditions

  1. If the applicant is told that objectionable content is being carried over their network by enforcement agencies, they shall prevent the carriage of such material immediately.
  2. Applicants should make their equipment available for technical scrutiny and inspection.
  3. “Applicant shall provide necessary facilities depending upon the specific situation at the relevant time to the Government to counteract espionage, subversive act, sabotage or any other unlawful activity.”
  4. Privacy of communications shall be maintained as per law in force. Equipment installations should not be a safety hazard or violate any statute or rules.
  5. “Applicant shall provide decryption facility for the content riding on its network as and when required by the Authority or any authorized agencies.”
  6. Equipment should meet norms set by international and Indian standardisation bodies, such as the ITU, ETSI, IEEE, ISO, and TEC.
  7. Mandatory testing of equipment must be done before deployment in accordance with the Indian Telegraph (Amendment) Rules, 2017.
  8. The security of the network should be safeguarded. However, “Existing security & encryption related regulation in IT Act as amended from time to time or any other rules framed in this regard should be adhered.” Other security controls specified in the IT Act and subordinate legislation should be adhered to.
  9. Applicants must set up systems to isolate infected/hacked networks. Network logs should be preserved for one year and DoT can inspect them at any time.
  10. Genuine IMEI and ESNs should be used in an M2M device.
  11. Security guidelines in the North East and in Jammu & Kashmir apply as they are along the International Border.
  12. Installation of equipment in sensitive areas should be done after approval by the DoT.

Also read

Written By

I cover the digital content ecosystem and telecom for MediaNama.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ