Telecom Commercial Communications Customer
Preference Regulations, 2018
Telecom Commercial
Communications Customer Preference Regulations, 2018
[6
of 2018]
[19th
July, 2018]
In exercise of powers
conferred by Section 36 read with sub-clause (v) of clause (b) and clause (c)
of sub-section (1) of Section 11 of the Telecom Regulatory Authority of India
Act, 1997 (24 of 1997), the Telecom Regulatory Authority of India hereby makes
the following regulations, namely—
Chapter
I PRELIMINARY
Regulation - 1. Short title and commencement.
(1) These regulations may be
called the Telecom Commercial Communications Customer Preference Regulations,
2018.
(2) (a) Except as otherwise
provided in clause (b), (c), (d) and (e) these regulations shall come into
force from the date of their publication in the Official Gazette;
(b) Regulations
4,5,11,15,28,34, 35 and 36 of these regulations shall come into force after 30
days from the date of publication of these regulations in the Official Gazette;
(c) Regulations 6, 13 and
14 of these regulations shall come into force after 90 days from the date of
publication of these regulations in the Official Gazette;
(d) Regulations 3, 7, 8, 9,
10, 12, 18 and 32 of these regulations shall come into force after 120 days
from the date of publication of these regulations in the Official Gazette;
[(e) Regulations 23, 29 and
sub-regulations (5) and (6) of Regulation 25 of these regulations shall come
into force after 150 days from the date of publication of these regulations in
the Official Gazette.]
[(f) Regulation 24 of these
regulations shall come into force from the 31st day of January, 2019;
(g) Regulations 26, 27 and
sub-regulations (1), (2), (3) and (4) of Regulation 25 of these regulations
shall come into force from the 28th day of February, 2019.]
Regulation - 2. Definitions.
In these regulations,
unless the context otherwise requires—
(a) “Abandoned Call” means an
outgoing call in which the sender does not connect the call to a live agent
after the call is established and is answered by the recipient.
(b) “Access Providers” includes
the Basic Telephone Service Provider, Cellular Mobile Telephone Service
Provider, Unified Access Service Provider, Universal Access Service Provider
and Virtual Network Operator (VNO) as defined in the respective licenses issued
by Department of Telecommunications (DoT);
(c) “Act” means the Telecom
Regulatory Authority of India Act, 1997 (24 of 1997)
(d) “Authority” means the
Telecom Regulatory Authority of India established under sub-section (1) of
Section 3 of the Act;
(e) “Auto Dialer Call” means a
call which is initiated automatically by an equipment, in accordance to a
stored and/ or programmable instruction(s), to a telephone number(s), already
stored or a list auto generated by the software, and once the call has been
answered, equipment
(i)
either
plays a recorded message; or
(ii)
connects
the call to a live person;
(f) “Bulk” means number of
messages or voice calls on the same or similar subject-matter sent, caused to
be sent or authorized to be sent in excess of the following limits—
(iii)
more
than 20 during a twenty-four hours period; or
(iv)
more
than 100 during a seven days period; or
(v)
more
than 300 during a thirty days period;
(g) “Business Day” means any
day other than a Saturday, Sunday and a Gazette holiday declared by the Central
Government;
(h) “Calling Name or Number
(CNAM)” means name or number which is presented by the terminating access
provider (TAP) to the recipient of a commercial communication which may be the
header assigned to the sender or a name or number assigned by the access
provider in lieu of header or number;
(i) “Commercial Communication”
means any voice call or message using telecommunication services, where the
primary purpose is to inform about or advertise or solicit business for
(A) goods or services; or
(B) a supplier or prospective
supplier of offered goods or services; or
(C) a business or investment
opportunity; or
(D) a provider or prospective
provider of such an opportunity;
Explanation: For the
purposes of this regulation it is immaterial whether the goods, services, land
or opportunity referred to in the content of the communication exist(s), is/are
lawful, or otherwise. Further, the purpose or intent of the communication may
be inferred from:
(A) The content of the
communication in the message or voice call
(B) The manner in which the
content of message or voice call is presented
(C) The content in the
communication during call back to phone numbers presented or referred to in the
content of message or voice call; or the content presented at the web links
included in such communication.
(j) “Consensus” means the
concurrence among the participants on a distributed ledger to record an
irrevocable data value, which is cryptographically secured;
(k) “Consent” means any
voluntary permission given by the customer to sender to receive commercial
communication related to specific purpose, product or service. Consent may be
explicit or inferred as defined in these regulations;
(l) “Consent Acquirer or CA”
means any sender with registered and valid header(s), who acquires consent
through a prescribed process under the relevant regulations;
(m) “Consent Register” means a
Distributed Ledger for Consent (DL-Consent) having all relevant details of
consent acquired by sender, in a secure and safe manner, to send commercial
communications and may be required for the purpose of pre and post checks for
regulatory compliance based on the consent;
(n) “Consent Registrar or CR”
is an authorized entity under relevant regulations responsible for maintaining
the consent register, customer consent acquisition facility and customer
consent verification facility;
(o) “Consent Template or CT”
means a template of content which is presented to the customer while acquiring
his consent and clearly mentions purpose of the consent and details of sender;
(p) “Consent Template Register”
means a Distributed Ledger for registration of Consent Template (DL-TCS) which
keeps record of unique consent template identity along with the content of
consent template and details of sender who got it registered, in a secure and
safe manner;
(q) “Content Template for
Transaction” means a template of content registered by any sender with the
access provider for sending transactional message, service message or
transactional voice call, service call for the purpose of commercial
communication and contains content which may be a combination of fixed part of
content and variable part of content, where
(i)
fixed
part of content is that part of content which is common across all commercial
communications sent to different recipients for same or similar subject;
(ii)
variable
part of content is that part of content which may vary across commercial
communications sent to different recipients for same or similar subject on
account of information which is very specific to the particular transaction for
a particular recipient or may vary on account of reference to date, time, place
or unique reference number;
(r) “Content Template for
Promotion” means a template of content registered by any sender with the access
provider for sending promotional message or promotional voice call for the
purpose of commercial communication and contains content which is fixed content
and common across all commercial communications sent to different recipients
for same or similar subject;
(s) “Content Template Register”
means a Distributed Ledger for Content Template which keeps records of unique
content template identity along with the content of content template and
details of sender who got it registered in a safe and secure manner;
(t) “Content Template
Registrar” is an authorized entity under the relevant regulations responsible
for maintaining the Content template register and Content template registration
facility;
(u) “Customer” means
subscriber;
(v) “Customer Preference
Registration Facility or CPRF” means the facility established by an Access
Provider, under relevant regulations, for the purpose of registration,
modifications or de-registration of the preference of its customers in respect
of receipt of commercial communications;
(w) “Distributed Ledger
Technologies (DLT)” means a set of technological solutions that enables a
single, sequenced, standardized and cryptographically-secured record of
activities to be safely distributed to, and acted upon, by a network of varied
participants and their
(i) database can be spread
across multiple sites or institutions;
(ii) records are stored one
after the other in a continuous ledger and can only be added when the
participants reach a consensus;
(x) “Entity Register” means a
Distributed Ledger for Entities (DL-Entities) having a records of all entities
registered to carry out telemarketing related function(s) with all relevant
details.
(y) “Explicit consent” means
such consent as has been verified directly from the Recipient in a robust and
verifiable manner and recorded by Consent Registrar as defined under these
regulations;
(z) “Fully blocked” means
stoppage of all types of commercial communication requiring explicit consent
except commercial communication sent under inferred consent;
(aa)
“Header” means an alphanumeric string of
maximum eleven characters or numbers assigned to an individual, business or
legal entity under these regulations to send commercial communications;
(ab)
“Header Root” means the common sub string
of block of headers, starting from the first character;
(ac)
“Header Branch” means the sub string of a
header other than header root;
(ad)
“Header Registration Facility or HRF”
means the facility established by Header Registrar, under relevant regulations,
for registration or de-registration of the header of any principal entity or
content provider for sending commercial communications;
(ae)
“Header Register” means a Distributed
Ledger for Header (DL-Header) which keeps records of header(s), its purpose of
sending commercial communications and details of sender to whom it is assigned
in a safe and secure manner;
(af)
“Header Registrar” is an authorised
entity under relevant regulations responsible for maintaining the header
register, header registration facility and header verification facility;
(ag)
“Immutable” means data added to the
distributed ledger after achieving consensus, which thereafter is unchangeable,
secure and preserved for the life of the ledger;
(ah)
“Inferred Consent” means any permission
that can be reasonably inferred from the customer's conduct or the Relationship
between the Recipient and the Sender;
(ai)
“Message” shall have the meaning
assigned to it in clause (3) of Section 3 of the Indian Telegraph Act, 1885 (13
of 1885);
(aj)
“National Numbering Plan” (NNP) means the
National Numbering Plan issued by DoT from time to time;
(ak)
“Node” means participants on a
distributed ledger having particular rights to read or write data;
(al)
“Non-repudiable” means
(i) making available proof of
various network-related actions (such as proof of obligation, intent, or
commitment; proof of data origin, proof of ownership, proof of resource use) so
that an individual or entity cannot deny having performed a particular action;
(ii) ensuring the availability
of evidence that can be presented to Authority and used to prove that some kind
of event or action has taken place;
(am)
“One Time Password or OTP” means an automatically generated random number used
to authenticate the action of user for a single transaction or session.
(an)
“Originating Access Provider” (OAP) means
the Access Provider who has provided the telecom resources to a sender;
(ao)
“Permissioned DLT networks” means those
DLT networks where participants in the process are preselected and addition of
new record on the ledger is checked by a limited consensus process using a
digital signature;
(ap)
“Preference of Category of Commercial
Communication” means preference exercised by the customer to permit only a
selected category of commercial communications out of available choices
prescribed by relevant regulations;
(aq)
“Preference of Mode for Commercial
Communication” means preference exercised by the customer to permit commercial
communications only through the selected mode of communications from the
choices for modes made available in the relevant regulations or code(s) of
practice;
(ar)
“Preference of Time band and Day type for
Commercial Communication” means preference exercised by the customer to permit
unsolicited commercial communications only during time slots and type of days
out of choices for time band(s) and types of day(s) made available in the
relevant regulations;
(as)
“Preference Register” means a Distributed
Ledger for Preference (DL-Preference) which keeps records of preference(s) of
customers about category of content, mode(s) of communication, time band(s),
type of day(s) along with the details of customer who has exercised choices of
preference(s), day and time such choices or changes in choices were exercised
in a safe and secure manner;
(at)
“Private DLT networks” means those DLT
networks where visibility is restricted to a subset of users;
(au)
“Promotional messages” means commercial
communication message for which the sender has not taken any explicit consent
from the intended Recipient to send such messages;
(av)
“Promotional voice call” means commercial
communication voice call for which the Sender has not taken any explicit
consent from the Recipient to make such voice calls to him;
(aw)
“Recipient”, in relation to a commercial
communication, means an authorised user of the telephone number(s) to whom the
message is sent or voice call is made.
Explanation: Where a
recipient of a message or voice call has one or more Telephone numbers in
addition to the Telephone number to which the message was sent or voice call
was made, the recipient shall be treated as a separate recipient with respect
to each such Telephone number;
(ax)
“Referred Telephone Number” (RTN) means
telephone number or telecom resource referred to in the content of commercial
communication messages or voice calls from the sender;
(ay)
“Registered Telemarketer (RTM)” means any
telemarketer who is registered with the access provider(s) in accordance with
the procedure and conditions specified in these regulations.
(az)
“Regulations” means the Telecom
Commercial Communications Customer Preference Regulations, 2018, unless
otherwise indicated;
(ba)
“Regulatory Sandbox” means specifically
constructed experimental space, with a safe environment, within which various
stakeholders can use Regulatory Technology solutions to develop and refine
Code(s) of Practice to comply with new regulatory requirements;
(bb)
“Relationship” means a prior or existing
relationship
(i) for business or commercial
reasons, between a person or entity and a subscriber with or without an
exchange of consideration,
(ii) on the basis of the
purchase or transaction made by or done by the recipient with the sender within
the tweleve months immediately preceding the date of the communication; or
(iii) on the basis of inquiry or
application regarding products or services made by or submitted by recipient to
sender within the three months immediately preceding the date of the receiving
of communication, which relationship has not been previously terminated by
either party;
(iv) for social reasons, between
a person or entity and a subscriber with or without an exchange of
consideration, by voluntary two-way communication, initiated from both sides at
different points in time;
(bc)
“Robo Calls” means any call made to any
customer using an artificial or prerecorded voice to interactively deliver a
voice message without the involvement of human being on calling side for
participating in the dialogue;
(bd)
“Scrubber” means an entity registered
with the access provider(s) and authorised by the relevant regulations to
perform the function of scrubbing in accordance with the relevant regulations;
(be)
“Scrubbing” means process of comparing
target list of telephone number(s) provided by the Sender, to whom it wishes to
send commercial communication with the list of telephone number(s) in DL-Preference
and DL-Consent to check whether commercial communication(s) can be sent to the
Recipient as per his registered preference(s) or as per consent;
(bf)
“Sender”, in relation to a commercial
communication, means
(i) The person or entity who
owns the telephone number or the header(s) that were used;
(ii) A person or entity that
publicly asserts or uses a Calling Line Identity (CLI) or the phone number(s)
referred to in the communication, except where such assertion is fraudulent;
(iii) The person who sent the
message or made a voice call, caused the message to be sent or the voice call
to be made or authorized the sending of the message or making of the voice
call;
(iv) The person or legal entity
dealing with goods, or services, or land or property, or a business or investment
opportunity that is offered or promoted; except where such entity maintains a
distinct legal identity for the division or line of business dealing with
offered goods, services or opportunity, in which case such division or line of
business;
(bg)
“Sender information or SI” means the
source, destination and routing information attached to a message or voice
call, including, where applicable, the originator's name and originating phone
number, reference telephone number, and any other information that appears in
the content of commercial communication identifying, or purporting to identify,
the sender of the message or making voice call;
(bh)
“Service message or Service Call” means a
message sent to a recipient or voice call made to recipient either with his
consent or using a template registered for the purpose, the primary purpose of
which is—
(i) to facilitate, complete, or
confirm a commercial transaction that the recipient has previously consented to
enter into with the sender; or
(ii) to provide warranty information,
product recall information, safety or security information with respect to a
commercial product or service used or purchased by the recipient;
to provide—
(A) notification concerning a
change in the terms or features of; or
(B) notification of a change in
the recipient's standing or status with respect to; or
(C) at regular periodic
intervals, account balance information or other type of account statement with
respect to, a subscription, membership, account, loan, or comparable ongoing;
or
(D) commercial relationship
involving the ongoing purchase or use by the recipient of products or services
offered by the sender; or
(E) information directly
related to an employment relationship or related benefit plan in which the
Recipient is currently involved, participating, or enrolled; or
(F) information relating to
delivery of goods or services, including product updates or upgrades, that the
recipient is entitled to receive under the terms of a transaction that the
recipient has previously consented to enter into with the sender;
(bi)
“Signature” means pattern in
communications from particular telephone number(s) or telecom resource(s) or
person, entity which are not registered with the access provider(s) for
commercial communication purposes and also includes pattern in communications
from particular sender(s), who are registered with the access provider(s) but
not authorised to send commercial communication of particular type or for
specific purpose(s) which may require additional authorisations from relevant
Government or statutory bodies to send such commercial communications;
(bj)
“Silent Call” means any unsolicited call
made by a person or an entity to a customer for a very short duration in which
either called party has not yet been alerted by his or her device, or it is
very unlikely to be answered, wherein the intention of caller is to get call
back from called party and then enter into commercial communication;
(bk)
“Smart contract” means a functionality of
intelligent and programmable code which can execute predetermined commands or
business rules set to pre-check regulatory compliance without further human
intervention and suitable for DLT system to create a digital agreement, with
cryptographic certainty that the agreement has been honored in the ledgers, databases
or accounts of all parties to the agreement;
(bl)
“Smartphone” means a device with large
display, predominantly with touch screen technology, fast processor and memory
in the GB range. A fully-featured Operating System or platform that provides voice
and data communications capabilities, enables personalization of the device by
the user and in addition supports installation and maintenance of mobile
applications e.g., downloadable from an Application store.
(bm)
“SMS” means a message which is sent through short message service and includes
a Multi-Media message which is sent through Multi-Media message service (MMS);
(bn)
“Subscriber” means a person or legal
entity who subscribes to a telecom service provided by an Access Provider;
(bo)
“Telecom resources” means any telegraph
used to send voice call or messages;
(bp)
“Telemarketer” means a person or legal
entity engaged in the activity of transmission or delivery of commercial
communication or scrubbing or aggregation.
(bq)
“Telephone number” means a number which
may or may not have been assigned to the subscriber of a Public Switched
Telecom Network (PSTN) or a wireless access network or a mobile network from a
numbering series already assigned to a telecom service providers to which
either an SMS or MMS can be sent, or Voice calls can be made.
Explanation: For the
purposes of these regulations, it is immaterial whether the telephone number is
actually assigned to any customer or not or has ceased to exist;
(br)
“Telephone number harvesting software”
means software that is specifically designed or marketed for use in —
(i) searching the Internet,
directories, contact lists in devices for telephone numbers; and
(ii) collecting, compiling,
capturing or otherwise harvesting those telephone numbers;
(iii) generating most likely
valid telephone numbers using automated means;
(bs)
“Terminating Access Provider” (TAP) means
the Access Provider of which Recipient of commercial communication is a
Subscriber;
(bt)
“Transactional message” means a message
triggered by a transaction performed by the Subscriber, who is also the
Sender's customer, provided such a message is sent within thirty minutes of the
transaction being performed and is directly related to it.
Provided that the
transaction may be a banking transaction, delivery of OTP, purchase of goods or
services, etc.
(bu)
“Transactional Voice Call” means a voice
call which is not promotional in nature and is for the purpose of alerts to its
own customers or account holders and information to be communicated by the
voice call is time critical in the nature;
(bv)
“Unregistered Telemarketer” (UTM) means
any Sender of commercial communication who is not registered for the purpose of
telemarketing with the access provider(s);
(bw)
“Unsolicited commercial communication or UCC” means any commercial
communication that is neither as per the consent nor as per registered
preference(s) of recipient, but shall not include:
(i) Any transactional message
or transactional voice call;
(ii) Any service message or
service voice call;
(iii) Any message or voice calls
transmitted on the directions of the Central Government or the State Government
or bodies established under the Constitution, when such communication is in
Public Interest;
(iv) Any message or voice calls
transmitted by or on the direction of the Authority or by an agency expressly
authorized for the purpose by the Authority.
(bx)
“Usage Cap” means a limit put on a
telephone number for making a maximum of twenty outgoing voice calls per day
and a maximum of twenty outgoing messages per day.
Chapter
II COMMERCIAL
COMMUNICATION THROUGH ACCESS PROVIDER NETWORK
Regulation - 3.
Every Access Provider shall
ensure that any commercial communication using its network only takes place
using registered header(s) assigned to the sender(s) for the purpose of
commercial communication; and
(1) No Subscriber, who is not
registered with any access provider for the purpose of sending commercial
communications under these regulations, shall make unsolicited commercial
communication and
(a) in case, any Subscriber is
sending Commercial Communication, telecom resources of the sender may be put
under usage cap; and
(b) if the Subscriber continues
to send Commercial Communication despite notice given to him under these
regulations, all telecom resources of the sender may also be disconnected;
Regulation - 4.
No Sender registered for
making commercial communication shall initiate calls with an Auto dialer that
may result in silent or abandoned calls.
Provided that the sender
has notified the originating access provider in advance about the use of the
auto dialer and taken steps to maintain abandoned calls within limits provided
for in these regulations or Code(s) of Practice.
Regulation - 5.
Every Access Provider shall
develop or cause to develop an ecosystem with the following functions to
regulate the delivery of the commercial communications as provided for in these
regulations—
(1) to provide facility to its
Subscribers for registering preference(s) for Commercial Communication and
maintain complete and accurate records of preference(s);
(2) to register entities for
participating in the ecosystem and prescribe their roles and responsibilities
for efficient and effective control of commercial communications;
(3) to provide facility to
record consent(s) of the Subscribers acquired by the sender(s) for sending
Commercial Communication and maintain complete and accurate records of
consent(s);
(4) to provide facility for
revocation of consent by its Subscribers and accordingly update records of
consent for the Subscribers;
(5) to register sender(s),
carry out verifications of their identities and prescribe processes for sending
commercial communications;
(6) to prescribe process and
specific functions of particular entity to carry out pre-delivery checks before
sending commercial communications and ensuring regulatory compliance(s);
(7) to provide facilities for
its Subscribers to register complaints against Sender(s) of Commercial
Communication and maintain complete and accurate records of status of
resolution of complaints;
(8) to examine and investigate
complaints, take actions against defaulters and take remedial measures to
ensure compliance with the regulations;
(9) to detect, identify and act
against sender(s) of Commercial Communication who are not registered with them;
(10) to comply with any other
directions, guidelines and instructions issued by the Authority in this regard.
Chapter
III CUSTOMER
PREFERENCE REGISTRATION
Regulation - 6.
Every Access Provider shall
establish Customer Preference Registration Facility (CPRF) and shall make
necessary arrangements to facilitate its customers, on 24 hours X 7 days basis
throughout the year:
(1) to provide ways and means
to record consent or record revocation of consent related to Commercial
Communication and exercise his preference(s) from the list(s), mentioned in the
Schedule-II, of choices for:
(a) preference(s) of categories
of Commercial Communication;
(b) preference(s) of the
mode(s) of communication,
(c) preference(s) of time
band(s) and types of day(s) of the week including public and national holidays;
(2) to provide following modes,
free of cost, to the customer, as per his choice, to register, modify or de
register preference(s)—
(a) sending SMS to short code
1909; or
(b) calling on 1909; or
(c) Interactive Voice Response
System (IVRS); or
(d) sending USSD; or
(e) Mobile app developed in
this regard either by the Authority or by any other person or entity and
approved by the Authority; or
(f) Web portal with
authentication through OTP; or
(g) Any other means as may be
prescribed by the Authority from time to time.
(3) to duly acknowledge the
receipt within fifteen minutes of the request made by the customer for
registering, modifying, deregistering the preference with unique reference
number;
Regulation - 7.
Every Access Provider shall
ensure that preferences recorded or modified by the Subscriber are given effect
to in near real time and in such a manner that no delivery of commercial
communication is made or blocked in contravention to the Subscribers'
preference after twenty-four hours or such time as the Authority may prescribe.
Chapter
IV FUNCTIONS
OF ACCESS PROVIDERS
Regulation - 8.
Every Access Provider shall
undertake following activities in accordance with the provisions of these
regulations before allowing any commercial communication through its
network(s)—
(1) Develop Code(s) of Practice
to establish system and make arrangements to govern the specified activities—
(a) Code of Practice for
Entities of ecosystem (CoP-Entities) as per Schedule-I;
(b) Code of Practice for
Registration of preference(s), recording consent(s) and revocation of
consent(s) (CoP-Preference) as per Schedule-II;
(c) Code of Practice for
Complaint Handling (CoP-Complaints) as per Schedule-III;
(d) Code of Practice for
Unsolicited Commercial Communications Detection (CoP-UCC_Detect) as per Schedule-IV;
(e) Code of Practice for
monthly reporting (CoP-Reports) as per Schedule-V
(2) Register entities as
provided for in Code(s) of Practice for Entities
(3) Register Sender(s) and
assign the header(s), header root(s);
(4) Register the Content
Templates;
(5) Register the Consent
Templates;
Regulation - 9.
Every Access Provider shall
ensure that no commercial communication is made to any Recipient, except as per
the preference(s) or digitally registered consent(s) registered in accordance
with these regulations.
Regulation - 10.
Every Access Provider shall
ensure that no commercial communication takes place through its network(s)
except by using header(s) assigned to the registered Sender(s) for the purpose
of sending commercial communication;
Regulation - 11.
Every Access Provider shall
give due publicity through appropriate means to make the customers aware
regarding—
(1) The procedure(s) and
facilities for registering preference(s);
(2) The procedure(s) and
facilities for registration and revocation of Consent(s);
(3) The procedure(s) and
facilities for making complaint(s), providing information or reporting
Unsolicited Commercial Communication;
(4) Every Access provider shall
inform its Subscribers while giving telecom resources that he shall not get
involved in the activity of sending Commercial Communication or cause sending
Commercial communication, or authorize the sending of the Commercial
Communication using the telecom resources failing which the telecom resources
used or assigned to him may be put under Usage Cap or his telecom resources may
be disconnected;
Provided that the Authority
may, from time to time, issue such directions as it deems necessary, specifying
the content, medium, frequency and manner of such publicity;
Chapter
V OBLIGATIONS
OF ACCESS PROVIDERS
Regulation - 12.
Access Providers shall
deploy, maintain and operate a system, by themselves or through delegation, to
ensure that requisite functions are performed in a non-repudiable and immutable
manner—
(1) to record preference(s),
consent(s), revocation of consent(s), complaint(s) etc.
(2) to carry out regulatory
pre-checks and post-checks in respect of Commercial Communication being offered
for delivery and also to keep records of actions performed;
(3) to register person(s),
business entity(ies) or legal entity(ies) in making Commercial Communication
through its network involved from origination, transmission or delivery and
have adequate documentary evidence in support to prove its identity;
(4) to ensure that functions
and actions performed by registered entities are identifiable, distinguishable
and recordable;
(5) to ensure that the data is
stored and shared in a secure and safe manner;
(6) to ensure that data is
accessible only to the relevant entities for performing roles assigned to them
under these regulations;
Note: If not specifically
permitted, the data should not be accessible in clear text to any person,
including the person(s) operating the system or performing a delegated
function, e.g. scrubbing, or accessible to any application(s) other than the
application performing the delegated function(s).
(7) to detect non-compliances
and take immediate action to effectively ensure compliance with regulations;
(8) to ensure compliance by the
registered sender(s) who have notified the access provider about the use of
auto dialer(s), and to take action against the sender(s) found to be failing to
maintain silent calls or abandoned calls within the prescribed limits;
Regulation - 13.
Access Providers shall
adopt Distributed Ledger Technology (DLT) with permissioned and private DLT
networks for implementation of the system, functions and processes as
prescribed in Code(s) of Practice:
(1) to ensure that all
necessary regulatory pre-checks are carried out for sending Commercial
Communication;
(2) to operate smart contracts
among entities for effectively controlling the flow of Commercial
Communication;
Regulation - 14.
Access Providers may
authorise one or more DLT network operators, as deemed fit, to provide
technology solution(s) to all entities to carry out the functions as provided
for in these regulations.
Regulation - 15.
Every Access Provider shall
develop the prescribed Code(s) of Practice, if necessary, in collaboration with
other Access Providers, including relevant stakeholders required to participate
to carry out the functions provide for in these regulations.
Regulation - 16.
The Access Providers shall
submit the Code(s) of Practice (CoPs) to the Authority within three months from
the date of coming into force of these regulations.
Regulation - 17.
Authority may direct Access
Provider(s) to make changes, at any time, in the Code(s) of Practice and Access
Providers shall incorporate such changes and submit revised CoP within fifteen
days from the date of direction issued in this regard.
Regulation - 18.
Every Access Provider shall
comply with the submitted Codes of Practices and implement them in accordance
with the specified time line(s),
Provided that any provision
in Code(s) of Practice shall not have effect to the extent of being
inconsistent with these regulations.
Regulation - 19.
The Authority reserves the
right to formulate a standard Code(s) of Practice in case the formulated CoP is
deficient to serve the purposes of these regulations.
Regulation - 20.
Every access provider shall
comply with the provisions of Standard Code(s) of Practice.
Regulation - 21.
In case of non-compliance
to the provisions of Code(s) of Practice, Access Provider shall be liable to
pay, by way of financial disincentive, following amount—
(1) not exceeding Rupees five
thousand per day for the period of exceeding the timeline if the period of
delay is less than or equal to thirty days;
(2) not exceeding Rupees twenty
thousand per day for the additional period of delay which is more than thirty
days;
The amount payable by way
of financial disincentive under these regulations shall be remitted to such
head of account as may be specified by the Authority.
The total amount payable as
financial disincentives under sub-regulations (1) and (2) shall not exceed
rupees ten lakhs.
The Authority reserves the
right not to impose financial disincentive or to impose a lower amount of
financial disincentive or no incentive where it finds merit in the reasons
furnished by the access provider.
Provided that no order for
payment of any amount by way of financial disincentive shall be made by the
Authority, unless the concerned Access Provider has been given a reasonable
opportunity to represent.
Regulation - 22.
Prescription of fee/
charges by Access Providers: Access Providers may prescribe fee from participating
entities for sending commercial communications for registration and to carry
out activities provided for in these regulations and may also prescribe
security deposits. Access providers may impose financial disincentive on
participating entities in case violation of regulations can be attributed to
failure of functions assigned to such entities.
Chapter
VI COMPLAINT
REDRESSAL
Regulation - 23.
Every Access Provider shall
establish Customer Complaint Registration Facility (CCRF) and shall make
necessary arrangements to facilitate its customers on 24 hours × 7 days basis
throughout the year—
(1) to provide ways and means—
(a) to make complaint(s), by
its customer who has registered his preference(s), against sender(s) of
unsolicited commercial communication in violation of the registered preferences
or digitally registered consents;
(b) to submit report(s),
against sender(s) of commercial communication in violation of provisions of
these regulation(s) by any customer;
(2) to provide following modes,
as per choice of the customer and free of cost, to make complaint or to report
violation of regulations—
(a) sending SMS to short code
1909; or
(b) calling on 1909; or
(c) Interactive Voice Response
System (IVRS); or
(d) Mobile app developed in
this regard either by the Authority or by any other person or entity and
approved by the Authority; or
(e) Web portal with
authentication through One Time Password (OTP); or
(f) Any other means as may be
notified by the Authority from time to time.
Provided that every such
complaint shall be made by a subscriber within three days of receipt of the
unsolicited commercial communication;
(3) to duly acknowledge the
receipt within fifteen minutes of the complaint or report made by the customer
with unique reference number;
(4) to provide details to the
subscriber about the mobile app provided for in sub-regulation (2)(d)
(5) to provide details about
format and procedure to the customer, as given in the appropriate Code(s) of
Practice, where a complaint is rejected by the access provider on the grounds
of incomplete information or improper format;
Regulation - 24.
Distributed Ledger(s) for
Complaints: Every Access Provider shall establish or cause to establish
Distributed Ledger(s) for Complaints (DL-Complaints) with requisite functions,
processes and interfaces—
(1) to record complaints and
reports regarding violation of Regulations made by the customer in the
Distributed Ledger for Complaints (DL-Complaints) in an immutable and non
repudiable manner;
(2) to record, at least,
following details about the complaint or report regarding violation of
Regulations:
(a) telephone number(s) or
header(s) from which Unsolicited Commercial Communication was received;
(b) telephone number(s) of
Complainant or reporter;
(c) Referred telephone
number(s) (RTN), if any;
(d) Date and time of occurrence
of Unsolicited Commercial Communication, if available;
(e) unique registration number
issued at the time of making complaint or reporting;
(f) resolution status of the
complaint or report regarding violation of Regulations;
(3) to record three years
history of complainant with details of all complaint(s) made by him, with
date(s) and time(s), and status of resolution of complaints;
(4) to record three years
history of sender(s) against which complaint is made or reported with details
of all complaint(s), with date(s) and time(s), and status of resolution of
complaints;
(5) to interact and exchange
information with other relevant entities in a safe and secure manner;
(6) to support any other
functionalities as required to carry out functions provided for in these
regulations;
Regulation - 25.
Complaint Mechanism: Every
Access Provider shall establish system(s), functions and processes to resolve
complaints made by the customers and to take remedial action against sender(s)
as provided hereunder—
(1) Terminating Access Provider
(TAP) shall record the complaint on DL-Complaints in non-repudiable and
immutable manner and shall notify, in real time, the details of the complaint
to the concerned Originating Access Provider (OAP).
(2) Terminating Access Provider
(TAP) shall examine within one business day from the date of receipt of
complaint, to check the occurrence of complained communication between the
complainant and the reported telephone number or header from which unsolicited
commercial communication was received and update the findings on DL-Complaints.
(3) Terminating Access Provider
shall also verify if the date of receipt of complaint is within three days of
receiving commercial communication and in case the complaint is reported by the
customer after three days, the TAP shall communicate to the customer about the
closure of his complaint in accordance to the Code of Practice for Complaint
Handling and change status of complaint on DL-Complaint as a report instead of
complaint.
(4) The OAP, in case the
complaint is related to RTM, shall examine, within one business day from the
date of receipt of complaint, whether all regulatory pre-checks were carried
out in the reported case before delivering Unsolicited Commercial
Communications; and
(a) In case, all regulatory
pre-checks were carried out and delivery of commercial communication to the
recipient was in confirmation to the provisions in the regulations and Code(s)
of Practice, OAP shall communicate to TAP to inform complainant about the
closure of complaint as provided for in the Code(s) of Practice;
(b) in case of non-compliance
with the regulations, the OAP shall, within two business days from the date of
receipt of complaint, take actions against the defaulting entity and
communicate to TAP to inform the complainant about the action taken against his
complaint as provided for in Code(s) of Practice;
(c) the OAP shall take
appropriate remedial action, as provided for in the Code of Practice(s), to
control Unsolicted Commercial Communications so as to ensure compliance with
these regulations;
(5) The OAP, in case, the
complaint is related to a UTM,
(a) shall examine communication
detail records (CDRs), within one business day from the date of receipt of
complaint, to check the occurrence of complained communication between the
complainant and the reported telephone number or header from which unsolicited
commercial communication was received.
(b) In case of no occurrence of
complained communications under sub-regulation (5)(a), OAP shall communicate to
the TAP to inform the complainant about the closure of complaint in a manner
prescribed in the Code(s) of Practice;
(c) In case of occurrence of
complained communications under sub-regulation (5)(a), OAP shall further
examine, within two business days from the date of complaint, whether there are
similar complaints or reports against the same sender; and
(i) in case, it is found that
number of complaints against the sender are from ten or more than ten
recipients over a period of last seven days, the OAP shall put sender under
Usage Cap and at the same time shall initiate investigation as provided for in
sub-regulation (6);
Provided that such Usage
Cap shall be valid till investigation is completed or thirty days from the date
of effect of restrictions, whichever is earlier;
(ii) in case it is found that
number of complaints against the sender are from less than ten recipients over
a period of last seven days, the OAP shall, from the previous thirty days data
of CoP_UCC_Detect System, check whether suspected sender is involved in sending
Commercial Communication in bulk or not; and
(A) in case, sender has sent
commercial communications in bulk, the OAP shall put the sender under Usage
Cap, and at the same time initiate investigation as provided for in
sub-regulation (6);
Provided that such
restrictions shall be valid till investigation in this regard is completed
under relevant regulations or thirty days from the date of effect of
restrictions, whichever is earlier;
(B) in case, sender has not
sent commercial communications in bulk, the OAP shall warn such sender through
appropriate means as provided for in Code(s) of Practice;
[(6)] OAP shall issue
notice, within three business days, to give opportunity to such sender(s),
under sub-regulations (5)(c)(i), (5)(c)(ii)(A) to represent his case and shall
investigate, within thirty business days from the date of receipt of complaint
and shall conclude whether the communication so made was unsolicited commercial
communication or not; and conclusion of the investigation was that sender was
engaged in sending unsolicited commercial communications, OAP shall take action
against such sender as under—
(a) for first instance of
violation, due warning shall be given;
Provided that the first
instance of the violation shall include all the complaints against the sender
within two business days after the date of receipt of the first complaint,
against which the sender is to be warned under this sub-regulation.
(b) for the second instance of
violation, Usage Cap shall continue for a period of six months;
Provided that the second
instance of the violation shall include all the complaints against the sender
after the issuance of first warning within two business days after the date of
receipt of the complaint against which second warning is being given to the
sender under this sub-regulation.
(c) for third and subsequent
instances of violations, all telecom resources of the sender shall be
disconnected for a period up to two years and OAP shall put the sender under
blacklist category and communicate to all other access providers to not to
allocate new telecom resources to such sender for up to two years from the date
of such communication;
Provided that the third
instance of the violation shall include all the complaints received against the
sender after the date of second warning within two business days after the
receipt of the complaint against which telecom resources are being disconnected
under this sub-regulation.
Provided further that one
telephone number may be allowed to be retained by such sender with the Usage
Cap for a period up to two years.
Regulation - 26. Record keeping and reporting.
(1) Every Access Provider shall
maintain records of complaints, from its customers and received from
Terminating Access Provider(s), against registered sender(s) for sending
unsolicited commercial communications on daily basis for each service area and
submit performance monitoring report to the Authority as and when required in a
format as prescribed.
(2) Every Access Provider shall
maintain records of complaints, from its customers and received from
Terminating Access Provider(s), against unregistered sender(s) for sending
unsolicited commercial communications on daily basis for each service area and
submit performance monitoring report to the Authority as and when required in a
format as prescribed.
(3) Every Access Provider shall
submit to the Authority its compliance reports in respect of unsolicited
commercial communications, complaints or reports from its customers in such
manner and format, at such periodic intervals and within such time limits as
may be specified by the Authority, from time to time, by an order or direction;
(4) The Authority may, from
time to time, through audit conducted either by its own officers or employees
or through agency appointed by it, verify and assess the process followed by
the access provider for registration and resolution of complaints, examination
and investigation of the complaints and reporting to the Authority.
Regulation - 27.
Consequences for the
Originating Access Provider (OAP) failing to curb the unsolicited commercial
communications sent through its network(s)—
(1) If OAP fails to curb UCC,
Financial Disincentives for not controlling the Unsolicited Commercial
Communications (UCC) from RTMs by the access provider in each License Service
Area for one calendar month shall be as under
|
Value of “Counts of UCC for RTMs for one calendar
month”
|
Amount of financial disincentives in Rupees
|
|
(a)
|
More than zero but not exceeding hundred
|
Rupees one thousand per count
|
|
(b)
|
More than hundred but not exceeding one thousand
|
Maximum financial disincentives at (a) plus
Rupees five thousand per count exceeding hundred
|
|
(c)
|
More than one thousand
|
Maximum financial disincentives at (b) plus
Rupees ten thousand per count exceeding one thousand
|
Provided that no order for payment
of any amount by way of financial disincentive shall be made by the Authority,
unless the concerned Access Provider has been given a reasonable opportunity to
represent.
The amount payable by way
of financial disincentive under these regulations shall be remitted to such
head of account as may be specified by the Authority.
(2) The total amount payable as
financial disincentives under sub-regulations (1) shall not exceed rupees fifty
lakhs per calendar month. The Authority may impose no financial disincentive or
a lower amount of financial disincentive than the amount payable as per the
provisions in sub-regulation (1) where it finds merit in the reasons furnished
by the access provider.
Regulation - 28. Consequences for contravention of the provisions of regulations by Access Providers.
(1) Power of Authority to order
inquiry—
(a) Where the Authority has a
reason to believe that any Access Provider has contravened the provisions of
these regulations, it may constitute an inquiry committee, to inquire into the
contravention of the regulations and to report thereon to the Authority.
(b) The inquiry committee shall
give a reasonable opportunity to the concerned Access Provider to represent
itself, before submitting its findings to the Authority.
(2) If on inquiry, under sub-regulation
(1), the Access Provider is found to have misreported the count of UCC for
RTMs, it shall, without prejudice to any penalty which may be imposed under its
licence or other provisions under these regulations, be liable to pay, by way
of financial disincentive, an amount—
(a) ten times the difference
between disincentive computed by the Inquiry Committee and that computed
earlier based on service provider's data, or Rs 5 lakhs, whichever is higher;
and
Provided that in case of
second and subsequent contraventions, to pay an amount equal to twice that of
computed financial disincentives under this sub-regulation
(b) one lakh per instance for
access provider found to be not imposing timely restrictions on outgoing usage
of unregistered sender(s) in accordance with provisions in Regulations 25(5)
and 25(6);
Provided that no order for
payment of any amount by way of financial disincentive shall be made by the
Authority, unless the concerned Access Provider had been given a reasonable
opportunity of representing against the findings of the inquiry committee.
The amount payable by way
of financial disincentive under these regulations shall be remitted to such
head of account as may be specified by the Authority.
The total amount payable as
financial disincentives under sub-regulations (2)(a) and (2)(b) shall not
exceed rupees ten lakhs in a week.
(3) The Authority may impose no
financial disincentive or a lower amount of financial disincentive than the
amount payable as per the provisions in sub-regulations (2)(a) and 2(b) where
it finds merit in the reasons furnished by the access provider.
Regulation - 29. Examination of telecom resources put under outgoing Usage Cap or having been disconnected.
(1) The Authority may, if it
considers expedient to do so, on receipt of complaint, call for the details of
the telecom resources put under Usage Cap or disconnected under the Regulations
25(5) and 25(6), on account of unregistered telemarketing activity under and
upon examination, for reasons to be recorded,
(a) If the Authority finds that
conclusion of investigation lacks adequate evidence against the sender, it may
direct the Access Provider to remove such restrictions on usage or restore all
telephone number(s) of the person and delete the name and address of such customer(s)
or sender(s) from the blacklist.
(b) If the customer or the
Sender whose telecom resources have been put under restriction or disconnected
on account of adequate evidence against the sender, makes a request, within
sixty days of such action, to the Authority for restoring his telecom resources
or removing the restrictions on usage and satisfies the Authority that it has
taken reasonable steps to prevent recurrence of such contravention, the
Authority may by order ask access provider(s) to remove such restrictions on
usage or restore all telephone number(s) of the person and delete the name and
address of such Sender(s) from the blacklist, as the case may be, on payment of
an amount of five thousand rupees per resource to the Authority for restoration
of all such telecom resources, subject to the condition that the total amount
payable by the customer or sender shall not exceed rupees five lakhs.
Provided that the Authority
may impose no financial disincentive or impose a lower amount where it finds
merit in the reasons furnished by the customer.
Migration of Existing
Registered Entities and Records
Regulation - 30.
Access providers shall
prepare migration plan for existing data, process and role being played at
present by different entities to the new system of data, process and role of
new entities prescribed in these regulations;
Regulation - 31.
List of key activities (but
not an exhaustive list) for preparation of migration plan, attached are as per
Schedule VI;
Chapter
VII MISCELLANEOUS
Regulation - 32.
No business or legal entity
not registered with the access provider for the purpose of sending commercial
communications under these regulations shall make commercial communication or
cause such message to be sent or voice call to be made or authorize the sending
of such message or making of a voice call;
Regulation - 33. Power to appoint inquiry committee.
(1) Where the Authority has a
reason to believe that any Sender of commercial communications on behalf of
business or legal entities has contravened the provisions of these regulations,
it may constitute an inquiry committee, to inquire into the contravention of
the regulations and to report thereon to the Authority.
(2) The inquiry committee shall
give a reasonable opportunity to the concerned entities to represent itself,
before submitting its findings to the Authority.
(3) In case, it is found by the
Inquiry committee set up in this regard that particular business or legal
entity is engaged in sending commercial communications in contravention to the
provisions of these regulations, the Authority may order or direct access
provider(s) to disconnect all telecom resources or put all telecom resources of
such business or legal entity under Usage Cap of such telecom resources for the
period up to two years;
Provided that if such
entity maintains a distinct legal identity for the division or line of business
dealing with offered goods, services or opportunity, the Usage Cap or
disconnection of telecom resources shall be limited to resources pertaining to
such division or line of business;
Provided further that no
order or direction shall be made by the Authority, unless the concerned
business or legal entity had been given a reasonable opportunity to represent
against the findings of the inquiry committee.
Regulation - 34.
Every Access Provider shall
ensure, within six months' time, that all smart phone devices registered on its
network support the permissions required for the functioning of such Apps as
prescribed in the Regulations 6(2)(e) and Regulations 23(2)(d);
Provided that where such
devices do not permit functioning of such Apps as prescribed in Regulations
6(2)(e) and Regulations 23(2)(d), Access Providers shall, on the order or
direction of the Authority, derecognize such devices from their telecom
networks.
Provided further that no
order or direction of derecognition of devices shall be made by the Authority
unless the concerned parties have been given a reasonable opportunity of
representing against the contravention of regulations observed by the
Authority.
Regulation - 35.
Terminating Access Provider
(TAP) may charge Originating Access Provider (OAP) for Commercial communication
messages as following—
(1) Upto Rs. 0.05 (five paisa
only) for each promotional SMS;
(2) Upto Rs. 0.05 (five paisa
only) for each service SMS;
Provided that there shall
be no Service SMS charge on—
(i) any message transmitted by
or on the directions of the Central Government or State Government;
(ii) any message transmitted by
or on the directions of bodies established under the Constitution;
(iii) any message transmitted by
or on the directions of the Authority;
(iv) any message transmitted by
any agency authorized by the Authority from time to time;
Regulation - 36.
Authority may set up or
permit to set up a Regulatory Sandbox for testing implementation of regulatory
checks using DLT networks and other technological solutions complementing DLT
network(s) and to operationalize such regulatory sandbox, the Authority may, by
order or direction, specify the requisite processes.
Regulation - 37.
Every Access Provider and
International Long Distance Operators shall ensure that no international
incoming SMS containing alphanumeric header or originating country code +91 is
delivered through its network.
Provided that Authority may
issue directions as it deems necessary to control bulk international messages
from time to time.
Regulation - 38.Repeal and Saving.
Save as provided hereunder,
The Telecom Commercial Communications Customer Preference Regulations, 2010 (6
of 2010) are hereby repealed. Notwithstanding the repeal of the Telecom
Commercial Communications Customer Preference Regulations, 2010 (6 of 2010),—
(a) anything done, or any
action taken or purported to have been done under the said regulations shall be
deemed to have been done or taken under the corresponding provisions of these
regulations;
(b) the provisions contained in
Regulations 2 to 13, 16 to 20, 21 and 22 of the Telecom Commercial
Communications Customer Preference Regulations, 2010 (6 of 2010) shall remain
in force until these regulations come into force in their entirety.
SCHEDULE I
Action
Items for preparing Code of Practice for Entity(ies) (CoP-Entities)
(1) Entity Registration
Functionality:
(1) All entities with
associated functions, who will be carrying out given functions for effective
control of Unsolicited Commercial Communications being delivered through them,
shall be declared by each Access Provider on their websites;
(2) any individual, business
entity or legal entity may carry out one or more functions while keeping all
records and execution of functions separately against each activity for
internal audit by the access provider to ensure the effectiveness of
Unsolicited Commercial Communications control to meet regulatory outcomes
specified in the regulations;
(3) each functional entity
shall be given unique identity by the access provider(s) to be used to
authenticate and track the events;
(2) Every Access Provider shall
formulate structure and format for headers to be assigned Senders for the
purpose of commercial communications via sending SMS or making voice calls to
participants which shall include following—
(1) SMS Header, SMS Header
Root, SMS Header Branch for Senders sending Promotional SMS, Transactional SMS
and Service SMS from 11-character alphanumeric strings which are not allocated
or assigned by DoT for other purpose(s) or in accordance to directions of the
Authority/ DoT;
(2) Calling Line Identity for
Senders making Promotional Voice Calls, Transactional Voice Calls and Service
Voice Calls from 140-level numbering series or any other numbering series
directed by the Authority/DoT;
(3) Every Access Provider shall
formulate Code of Practice for Entities (CoP-Entities) involved from registered
sender(s) to recipient(s) and
(1) CoP-Entities shall include
at least following entities
(a) Header Registrar;
(b) Consent Registrar;
(c) Consent Template Registrar;
(d) Content Template Registrar;
(e) Content Template Verifier;
(f) Telemarketer Functional
Entity Registrar for various functions prescribed in the relevant
regulation(s);
(g) timeline(s) for implementation
of the functionality referred in code of practice and operationalizing it;
(h) such other matters as the
Authority may deem fit, from time to time;
(2) CoP-Entities shall also
include at least following Distributed Ledger Nodes for the purpose of—
(a) Header Register;
(b) Consent Register;
(c) Consent Template Register;
(d) Content Template Register;
(e) Content Template Verifier;
(f) Complaint Register;
(g) Preference Register;
(h) Telemarketer Scrubbing
Function Register;
(i) Telemarketer Message
Delivery Function Register;
(j) Telemarketer Voice Delivery
Function Register;
(3) CoP-Entities shall include
at least following—
(a) implementation details for
all functional entities;
(b) additional measures, as
deemed fit by access provider(s), for functional entities required to ensure
regulatory compliance;
(c) minimum standards of
technical measures to effectively control the sending of unsolicited commercial
electronic messages;
(d) technical mechanism to make
available latest version of relevant and reliable data for an entity to carry
out its desired function;
(e) such other matters as the
Authority may deem fit, from time to time.
(4) Every Access Provider shall
carry out following functions—
(1) Header Registration
Function (HRF)
(a) assign header or Header
root for SMS via Header Registration Functionality, on its own or through its
agents, as per allocation and assignment principles and policies, to facilitate
content provider or principal entity to get new headers;
(b) carry out pre-verifications
of documents and credentials submitted by an individual, business entity or
legal entity requesting for assigning of the header;
(c) bind with a mobile device
and mobile number(s), in a secure and safe manner, which shall be used
subsequently on regular intervals for logins to the sessions by the header assignee;
(d) carry out additional
authentications in case of a request for headers to be issued to SEBI
registered brokers or other entities specified by Authority by directions,
orders or instructions issued from time to time;
(e) carry out additional
authentications in case of a request for headers to be issued to government
entities, corporate(s) or well-known brands, including specific directions,
orders or instructions, if any, issued from time to time by the Authority;
(f) carry out additional checks
for look-alike headers which may mislead to a common recipient of commercial
communication, it may also include proximity checks, similarity after substring
swaps specifically in case of government entities, corporate(s), well-known
brands while assigning headers irrespective of current assignments of such
headers, and to follow specific directions, orders or instructions, if any,
issued from time to time by the Authority;
(2) Consent Registration
Function (CRF)
(a) record consent via Customer
Consent Acquisition Functionality on Consent Register, on its own or through
its agents, to facilitate consent acquirers to record the consent taken from
the customers in a robust manner which is immutable and non-repudiable and as
specified by relevant regulations;
(b) Presenting content of
consent acquisition template to the customer before taking consent;
(c) Taking agreement to the
purpose of consent and details of sender;
(d) Authenticate customer
giving the consent through OTP;
(e) record revocation of
consent by the customer via revoke request in a robust manner which is
immutable and non-repudiable and as specified by relevant regulations;
(f) record sufficient contact
information, valid for at least 30 days, required to revoke consent and present
it to recipient to enable them to submit request for revoking consent;
(3) Content Template
Registration Function (CTRF)
(a) to check content of the
template being offered for registration as a transactional template and service
message template;
(b) to identify fixed and
variable portion(s) of the content in the offered transactional template and
service message template with identification of type of content for each
portion of variable part of the content, e.g. date format, numeric format, name
of recipient, amount with currency; reference number, transaction identity;
(c) to estimate the total
length of variable portion, viz. total length of fixed portion for a typical
transactional message, service message for offered template;
(d) to de-register template or
temporarily suspend use of template;
(e) to generate one-way hash
for fixed portion of content of template and ways to extract fixed portion and
variable portion(s) from actual message for carrying out pre and post checks of
actual content of actual message offered for delivery or already delivered;
(f) to check content of the
template being offered for registration as a promotional from perspective of
content category;
(g) assigning unique template
identity to registered template of content;
(4) Scrubbing function (SF)
(a) to process scrubbing as
defined, in a secure and safe manner, using preferences and consent of
customer(s) and category of content;
(b) provide details about
preferred time slots and types of days for delivery;
(c) take necessary measures to
protect Preference Register and Consent Register data during scrubbing, e.g. by
Generating virtual identities and tokens for each number for the messages and
voice calls and not disclosing real identities to any other entity than
authorized to know it;
(d) make available relevant
details of scrubbed list to corresponding OAPs and TAPs for carrying out
reverse mapping of virtual identities to real identities for further delivery;
(e) to identify and report
probable instances of request received for scrubbing of list of phone numbers
collected through harvesting software or instances of dictionary attack to
relevant entities authorized to take action;
(5) Content Verification
Function (CVF)
(a) to identify the content
type and category of messages to be delivered or already delivered via an
automated tool or utility software;
(6) Delivery Function for
Messages with Telecom Resource Connectivity to Access Provider (DF)
(a) deliver messages to OAP, in
a secure and safe manner, during specified time slots and types of days of
delivery in accordance to the preferences of the customer(s);
[(b)] select OAP for
particular customer(s) or messages and conveying to Scrubber for generating
tokens for corresponding OAP to access information of list of messages which
would be required to be delivered by it;
(7) Aggregation Function for
Message to other Telemarketer for delivery function (AF)
(a) deliver messages to RTM
having telecom resource connectivity with access provider(s), in a secure and
safe manner;
(8) Voice Calling Function with
Telecom Resource Connectivity (VCF)
(a) deliver voice calls to OAP,
in a secure and safe manner, during specified time slots and types of days of
delivery in accordance to the preferences of the customer(s);
(b) select OAP for particular
customer(s) or voice calls and conveying selected OAPs to Scrubber for
generating tokens for corresponding OAP to access information of list of
messages which would be required to be delivered by it;
(5) Every Access Provider shall
set up following functional entities or may delegate roles to perform following
functions—
(1) Header Registrar (HR) to
(a) establish and maintain
header register as distributed ledger to keep headers, in a secure and safe
manner, and make accessible relevant information for identifying the assignee
at the time of request to carry out various functions, e.g. scrubbing function from
the registered telemarketers for scrubbing, delivery function from
telemarketer;
(b) carry out Header
Registration Function;
(c) keep record of headers
throughout its lifecycle, i.e. free for assignment, assigned to an entity,
withdrawn, surrendered, re-assigned etc.;
(d) keep record of header(s),
header root(s) reserved for specific purpose;
(e) synchronize records, in
real time, among all header ledgers available with participating nodes in
Header Registration Functionality in an immutable and non-repudiable manner;
(f) maintain with minimum
performance requirements as specified;
(g) perform any other function
and keep relevant details required for carrying out pre and post checks for
regulatory compliance;
(2) Consent Registrar (CR) to
(a) establish and maintain
consent register as distributed ledger to keep consent, in a secure and safe
manner, and make accessible relevant data for scrubbing function to the
registered telemarketers for scrubbing;
(b) establish Customer Consent
Acquisition Facility (CCAF), to record recipient's consent to receive
commercial communications from the sender or consent acquirer;
(c) establish Customer Consent
Verification Facility (CCVF) for the purpose of facilitating
(i) customers to verify,
modify, renew or revoke their consent in respect of commercial communications,
and
(ii) Access Providers to verify
the consent in case of complaint;
(d) keep consent for each
consent acquirer, in a manner that client data of entity is adequately
protected;
(e) keep record of revocation
of consent by the customer, whenever exercised, in an immutable and
non-repudiable manner;
(f) synchronize records, in
real time, among all consent ledgers available with participating nodes in
Consent Acquisition Functionality in an immutable and non-repudiable manner;
(g) maintain with minimum performance
requirements as specified;
(h) perform any other function
and keep relevant details required for carrying out pre and post checks for
regulatory compliance;
(3) Content Template Registrar
(CTR) to
(a) carry out content template
registration function;
(b) keep records of registered
templates in immutable and non repudiable manner;
(c) maintain with minimum
performance requirements as specified;
(d) perform any other function
and keep relevant details required for carrying out pre and post checks for
regulatory compliance;
(4) Content Format and Type
Verifiers (CFTV) to
(a) carry out content
verification;
(b) keep records with all
relevant details for future references;
(5) Telemarketers for Scrubbing
function (TM-SF) to
(a) carry out scrubbing;
[(b)] keep record of all
numbers scrubbed for complaints resolution;
[(c)] maintain with minimum
performance requirements as specified;
[(d)] perform any other
function and keep relevant details required for carrying out pre and post
checks for regulatory compliance;
(6) Telemarketers for Delivery
Function of Messages with telecom resource connectivity to AP (TM-DF) to
(a) carry out delivery function
(b) insert its Unique identity
with delivery processing reference number along with identity through which
scrubbing was carried out;
(c) authenticate source of the
messages submitted for delivery by header assignee or by aggregator and ensure
their identity is part of content of message for traceability;
(d) maintain with minimum
performance requirements as specified;
(e) perform any other function
and keep other relevant details which may be required for carrying out pre and
post checks for regulatory compliance;
(7) Telemarketers for
Aggregation Function for messages to other Telemarketer for delivery function
(TM-AF) to
(a) carry out aggregation
function;
(b) keep record of all numbers
aggregated for complaints resolution and traceability;
(c) authenticate source of the
messages submitted for delivery by header assignee or by aggregator and ensure
their identity is part of content of message for traceability;
(d) maintain with minimum
performance requirements as specified;
(e) perform any other function
and keep other relevant details which may be required for carrying out pre and
post checks for regulatory compliance;
(8) Telemarketer for voice
calling function with Telecom Resource Connectivity for voice calls to Access
Provider (TM-VCF) to
(a) to carry out voice calling
function;
(b) take necessary measures to
protect Preference Register and Consent Register data during voice calling,
e.g. using virtual identities to make voice calls on a secure Internet Protocol
(IP) based Virtual Private Networks (VPN) with OAP and not disclosing real
identities to any other entities than authorized to know it;
(c) take initiatives to enable
calling name display (CNAM) based on Intelligent Network or ISDN based
protocols, enhanced calling name (eCNAM) functionality as defined in 3GPP
technical specifications TS 24.196 for providing services to terminating user
with the name associated with the originating user and optionally delivering
metadata about that originating user;
(d) maintain with minimum
performance requirements as specified;
(e) perform any other function
and keep other relevant details which may be required for carrying out pre and
post checks for regulatory compliance;
(6) Every Access Provider shall
ensure that
(1) content of any commercial
communication sent by the sender(s) shall be categorized and compared with the
list of preference(s) of the recipient and/or purpose of consent given by the
recipient to the sender for the purpose of scrubbing and for this purpose
access provider shall ensure that
(a) any commercial
communication through its network takes place only using registered content
template(s) for transaction and/ or content template(s) for promotion;
(b) Unique Identity for
registered template of content shall be assigned to the sender(s) at the time
of registration of content template;
(c) Following Label shall be
prefixed by the access provider to the text of commercial communication
(i) Label <Transactional>
in case of Transactional Message;
(ii) Label <Service> in
case of Service Message;
(iii) Label <Promotional>
in case of Promotional Message;
(d) Every Access Provider shall
suffix relevant information required to revoke the consent to the text of
promotional message;
(e) Content template shall be
recorded on Distributed Ledger for Content Template (DL-CT) in an immutable and
non repudiable manner;
(2) commercial communication is
sent to the particular telephone number(s) in the target list of telephone
numbers provided by the sender, to whom he wishes to send commercial
communication only after scrubbing the target list and scrubbing includes
(a) verification of
preference(s) by comparing the target telephone numbers, category of content
with the list of telephone numbers and preference(s) of category of content by
the target recipient customer in the Distributed Ledger for Preference
(DL-Preference); and
(b) verification of consent(s)
by comparing the target telephone number(s), category of content with the list
of telephone numbers and consent(s) given by the recipient to the sender in the
Distributed Ledger for Consent (DL-Consent); and
(c) verification of time
band(s) by comparing the target telephone number(s), type of target time band
for delivery with the list of telephone numbers and preference(s) of time
band(s) of target recipient customer in Distributed Ledger for Preference
(DL-Preference); and
(d) verification of type of
day(s) by comparing the target telephone number(s), type of target day(s) for
delivery with the list of telephone numbers and preference(s) of type of day(s)
of target recipient customer in Distributed Ledger for Preference
(DL-Preference);
(e) output of scrubbed list is
a positive match of verifications in either of 2(a) or 2(b) as consent given by
the recipient to the sender(s) shall override choice of preference(s) made by
the recipient customer and positive match of verifications in 2(c) or 2(d);
(7) Every Access Provider shall
formulate—
(1) Message Sequence Charts for
messages with parameter details and time sequence to provide details about the
process between two entities and action taken by particular entity;
(2) Flow Charts to provide
details about the process between two entities and action taken
SCHEDULE II
Code of Practice for
Process of registration, modification or deregistration of Preferences,
recording consent and revocation of consent
(1) Procedure for registration
or change of preference of Categories of content for Commercial
Communications:—
[(1)] Customer can opt-out
for any or all of following Commercial Communications Content category(ies) of
content:
|
Commercial Communications Category to be blocked
or opted out
|
IVRS: Call to 1909 and press at prompt to block
|
SMS: Send SMS to 1909 following text
|
USSD: Dial USSD String
|
|
All CC Categories (to be blocked) except
transactional type of commercial communications
|
0
|
FULLY BLOCK
|
*1909*0#
|
|
All CC Categories (to be blocked) except
transactional and service type of commercial communications
|
50
|
BLOCK PROMO
|
*1909*50#
|
|
(i) Banking/Insurance/Financial products/ credit
cards,
|
1
|
BLOCK 1
|
*1909*1#
|
|
(ii) Real Estate,
|
2
|
BLOCK 2
|
*1909*2#
|
|
(iii) Education,
|
3
|
BLOCK 3
|
*1909*3#
|
|
(iv) Health,
|
4
|
BLOCK 4
|
*1909*4#
|
|
(v) Consumer goods and automobiles,
|
5
|
BLOCK 5
|
*1909*5#
|
|
(vi) Communication/Broadcasting/ Entertainment/IT,
|
6
|
BLOCK 6
|
*1909*6#
|
|
(vii) Tourism and Leisure,
|
7
|
BLOCK 7
|
*1909*7#
|
|
(viii) Food and Beverages;
|
8
|
BLOCK 8
|
*1909*8#
|
Note-1: In case of
communication with customer executive of Customer Care Center of access
provider, preference to opt-out may be communicated;
Note-2: Customer to be
communicated with confirmation and final status along with options to unblock;
Note-3: FULLY BLOCK option
shall put the customer in Fully Blocked state and block service as well as
promotional types of commercial communications for all categories of content,
mode, time band and day types;
Note-4: BLOCK PROMO option
shall block only promotional types of commercial communications for all
categories of content, mode, time band and day types except service and transaction
type of commercial communications;
Provided that the Authority
may, from time to time, add or remove number of category(ies), or sub
category(ies) for content;
[(2)] Customer can opt-in
for any or all of following Commercial Communications Content category(ies) of
content:
|
UCC Category to be unblocked or opted in
|
IVRS: Call to 1909 and press at prompt to unblock
|
SMS to 1909 following text
|
USSD send
|
|
All UCC Categories (to be unblocked)
|
90
|
UNBLOCK ALL
|
*#1909*90#
|
|
All UCC Categories (to be unblocked) except
Promotional
|
51
|
UNBLOCK SERVICE
|
*#1909*51#
|
|
(i) Banking/Insurance/Financial products/credit
cards,
|
91
|
UNBLOCK 91
|
*#1909*91#
|
|
(ii) Real Estate,
|
92
|
UNBLOCK 92
|
*#1909*92#
|
|
(iii) Education,
|
93
|
UNBLOCK 93
|
*#1909*93#
|
|
(iv) Health,
|
94
|
UNBLOCK 94
|
*#1909*94#
|
|
(v) Consumer goods and automobiles,
|
95
|
UNBLOCK 95
|
*#1909*95#
|
|
(vi) Communication/Broadcasting/
Entertainment/IT,
|
96
|
UNBLOCK 96
|
*#1909*96#
|
|
(vii) Tourism and Leisure,
|
97
|
UNBLOCK 97
|
*#1909*97#
|
|
(viii) Food and Beverages;
|
98
|
UNBLOCK 98
|
*#1909*98#
|
Note-1: In case of
communication with customer executive of Customer Care Center of access
provider, preference to opt-in may be communicated;
Note-2: Customer to be
communicated with confirmation and final status along with options to block
Note-3: UNBLOCK ALL option
shall unblock all categories of content, mode, time band and day types with
default options;
Note-4: UNBLOCK 51 shall
restore service type of commercial communications for all categories of
content, mode, time band and day types as per the previous state of the
customer while he exercised block option last time or with the default options
as the case may be while promotional type of commercial communications shall
remain in blocked state;
Provided that the Authority
may, from time to time, add or remove number of category(ies), or sub
category(ies) for content;
(2) Procedure for registration
of preference or change of preference of Mode for Commercial Communications—
(1) Customer can opt-out of any
or all of following category(ies) of mode(s) of communication:
|
UCC Mode of Communication [Choices for
Preference(s)]
|
IVRS: Call to 1909 and press at prompt to block
|
SMS: Send SMS to 1909 following text
|
USSD: Dial USSD String
|
|
All Categories of Mode (to be blocked)
|
10
|
BLOCK 10
|
*1909*10#
|
|
(i) Voice Call,
|
11
|
BLOCK 11
|
*1909*11#
|
|
(ii) SMS,
|
12
|
BLOCK 12
|
*1909*12#
|
|
(iii) Auto Dialer Call (With Pre-recorded
Announcement),
|
13
|
BLOCK 13
|
*1909*13#
|
|
(iv) Auto Dialer Call (With Connectivity to live
agent),
|
14
|
BLOCK 14
|
*1909*14#
|
|
(v) Robo-Calls,
|
15
|
BLOCK 15
|
*1909*15#
|
Note-1: In case of
communication with customer executive of Customer Care Center of access
provider, preference to opt-out may be communicated;
Note-2: Customer to be
communicated with confirmation and final status along with options to unblock;
Note-3: BLOCK 10 option
shall block all categories of modes except transactional type commercial
communications while saving the status of customer for categories of time band
and day types;
Provided that the Authority
may, from time to time, add or remove number of category(ies), or sub
category(ies) for mode;
(2) Customer can opt-in for any
or all of following category(ies) of mode(s) of communication:
|
UCC Mode of Communication [Choices for
Preference(s)]
|
IVRS: Call to 1909 and press at prompt to block
|
SMS: Send SMS to 1909 following text
|
USSD: Dial
USSD
String
|
|
All Categories of Mode (to be unblocked)
|
80
|
UNBLOCK 80
|
*1909*80#
|
|
(i) Voice Call,
|
81
|
UNBLOCK 81
|
*1909*81#
|
|
(ii) SMS,
|
82
|
UNBLOCK 82
|
*1909*82#
|
|
(iii) Auto Dialer Call (With Prerecorded A
nnouncement),
|
83
|
UNBLOCK 83
|
*1909*83#
|
|
(iv) Auto Dialer Call (With Connectivity to live
agent),
|
84
|
UNBLOCK 84
|
*1909*84#
|
|
(v) Robo-Calls,
|
85
|
UNBLOCK 85
|
*1909*85#
|
Note-1: In case of
communication with customer executive of Customer Care Center of access
provider, preference to opt-in may be communicated;
Note-2: Customer to be
communicated with confirmation and final status along with options to block;
Note-3: UNBLOCK 80 option
shall restore all categories of modes for categories of time band and day types
as per the previous status of customer when he exercised block option last time
or as per the default options as the case maybe;
Provided that the Authority
may, from time to time, add or remove number of category(ies), or sub
category(ies) for modes;
(3) Procedure for registration
or change of preference of Time band(s) for Commercial Communications—
(1) Customer can opt-out of any
or all of following time bands for receiving of commercial communications:
|
UCC Time band for Communication [Choices for
Preference(s)]
|
IVRS: Call to 1909 and press at prompt to block
|
SMS: Send SMS to 1909 following text
|
USSD: Dial USSD String
|
|
All Time Bands (to be blocked)
|
20
|
BLOCK 20
|
*1909*20#
|
|
(i) 00:00 Hrs to 06:00 Hrs,
|
21
|
BLOCK 21
|
*1909*11#
|
|
(ii) 06:00 Hrs to 08:00 Hrs,
|
22
|
BLOCK 22
|
*1909*22#
|
|
(iii) 08:00 Hrs to 10:00 Hrs,
|
23
|
BLOCK 23
|
*1909*23#
|
|
(iv) 10:00 Hrs to 12:00 Hrs,
|
24
|
BLOCK 24
|
*1909*24#
|
|
(v) 12:00 Hrs to 14:00 Hrs,
|
25
|
BLOCK 25
|
*1909*25#
|
|
(vi) 14:00 Hrs to 16:00 Hrs,
|
26
|
BLOCK 26
|
*1909*26#
|
|
(vii) 16:00 Hrs to 18:00 Hrs,
|
27
|
BLOCK 27
|
*1909*27#
|
|
(viii) 18:00 Hrs to 21:00 Hrs,
|
28
|
BLOCK 28
|
*1909*28#
|
|
(ix) 21:00 Hrs to 24:00 Hrs,
|
29
|
BLOCK 29
|
*1909*29#
|
Note-1: Time Bands (i),
(ii), (iii) and (ix) shall be default OFF for all customers irrespective of the
status of registration of customer i.e. for all customers including those who
have not registered any type of preference(s), anytime unless customer has
registered its preference(s) and switched ON;
Note-2: In case of
communication with customer executive of Customer Care Center of access provider,
preference to opt-out may be communicated;
Note-3: Customer to be
communicated with confirmation and final status along with options to unblock;
Note-4: BLOCK 20 option
shall block all categories of modes while saving current status of customer for
categories of content, time band and day types, however transactional type of
commercial communications may not be blocked;
Provided that the Authority
may, from time to time, add or remove number of category(ies), or sub
category(ies) for time band;
(2) Customer can opt-in for any
or all of following time band(s):
|
UCC Time band for Communication [Choices for
Preference(s)]
|
IVRS: Call to 1909 and press at prompt to block
|
SMS: Send SMS to 1909 following text
|
USSD: Dial USSD String
|
|
All Time Bands (to be unblocked)
|
70
|
UNBLOCK 70
|
*1909*70#
|
|
(i) 00:00 Hrs to 06:00 Hrs,
|
71
|
UNBLOCK 71
|
*1909*71#
|
|
(ii) 06:00 Hrs to 08:00 Hrs,
|
72
|
UNBLOCK 72
|
*1909*72#
|
|
(iii) 08:00 Hrs to 10:00 Hrs,
|
73
|
UNBLOCK 73
|
*1909*73#
|
|
(iv) 10:00 Hrs to 12:00 Hrs,
|
74
|
UNBLOCK 74
|
*1909*74#
|
|
(v) 12:00 Hrs to 14:00 Hrs,
|
75
|
UNBLOCK 75
|
*1909*75#
|
|
(vi) 14:00 Hrs to 16:00 Hrs,
|
76
|
UNBLOCK 76
|
*1909*76#
|
|
(vii) 16:00 Hrs to 18:00 Hrs,
|
77
|
UNBLOCK 77
|
*1909*77#
|
|
(viii) 18:00 Hrs to 21:00 Hrs,
|
78
|
UNBLOCK 78
|
*1909*78#
|
|
(ix) 21:00 Hrs to 24:00 Hrs,
|
79
|
UNBLOCK 79
|
*1909*79#
|
Note-1: In case of
communication with customer executive of Customer Care Center of access
provider, preference to opt-out may be communicated;
Note-2: Customer to be
communicated with confirmation and final status along with options to block;
Note-3: UNBLOCK 70 shall
restore all categories of time bands for the customer in which he was before he
exercised option to block last time, if any, otherwise as per the default
options;
Provided that the Authority
may, from time to time, add or remove number of category(ies), or sub
category(ies) for time band;
(4) Procedure for registration
or change of preference of Day Type(s) for Commercial Communications—
(1) Customer can opt-out of any
or all of following day type(s):
|
UCC Day Type(s) for receiving Communication
[Choices for Preference(s)]
|
IVRS: Call to 1909 and press at prompt to block
|
SMS: Send SMS to 1909 following text
|
USSD: Dial USSD String
|
|
All Day Type(s) (to be blocked)
|
30
|
BLOCK 30
|
*1909*30#
|
|
(i) Monday
|
31
|
BLOCK 31
|
*1909*31#
|
|
(ii) Tuesday
|
32
|
BLOCK 32
|
*1909*32#
|
|
(iii) Wednesday
|
33
|
BLOCK 33
|
*1909*33#
|
|
(iv) Thursday
|
34
|
BLOCK 34
|
*1909*34#
|
|
(v) Friday
|
35
|
BLOCK 35
|
*1909*35#
|
|
(vi) Sat urday
|
36
|
BLOCK 36
|
*1909*36#
|
|
(vii) Sunday
|
37
|
BLOCK 37
|
*1909*37#
|
|
(viii) Public Holiday and National Holiday
|
38
|
BLOCK 38
|
*1909*38#
|
Note-1: Time Bands (i),
(ii), (iii) and (ix) shall be default OFF for all customers irrespective of the
status of registration of customer i.e. for all customers including those who
have not registered any type of preference(s), anytime unless customer has
registered its preference(s) and switched ON;
Note-2: In case of
communication with customer executive of Customer Care Center of access provider,
preference to opt-in may be communicated;
Note-3: Customer to be
communicated with confirmation and final status along with options to unblock;
Note-4: BLOCK 30 option
shall block all categories of types of days while saving the status of customer
for categories of time band and day types, however transactional type of
commercial communications may not be blocked;
Provided that the Authority
may, from time to time, add or remove number of category(ies), or sub
category(ies) for day type(s);
(2) Customer can opt-in for any
or all of following day type(s):
|
Day Type(s) for receiving Commercial
Communication [Choices for Preference(s)]
|
IVRS: Call to 1909 and press at prompt to block
|
SMS: Send SMS to 1909 following text
|
USSD: Dial USSD String
|
|
All Day Type(s) (to be unblocked)
|
60
|
UNBLOCK 60
|
*1909*60#
|
|
(i) Monday
|
61
|
UNBLOCK 61
|
*1909*61#
|
|
(ii) Tuesday
|
62
|
UNBLOCK 62
|
*1909*62#
|
|
(iii) Wednesday
|
63
|
UNBLOCK 63
|
*1909*63#
|
|
(iv) Thursday
|
64
|
UNBLOCK 64
|
*1909*64#
|
|
(v) Friday
|
65
|
UNBLOCK 65
|
*1909*65#
|
|
(vi) Saturday
|
66
|
UNBLOCK 66
|
*1909*66#
|
|
(vii) Sunday
|
67
|
UNBLOCK 67
|
*1909*67#
|
|
(viii) Public Holiday and National Holiday
|
68
|
UNBLOCK 68
|
*1909*68#
|
Note-1: In case of
communication with customer executive of Customer Care Center of access
provider, preference to opt-in may be communicated;
Note-2: Customer to be
communicated with confirmation and final status along with options to block;
Note-3: UNBLOCK 60 shall
restore all categories of types of day for the customer in which he was before
he exercised option to block last time, if any, otherwise as per the default
options;
Provided that the Authority
may, from time to time, add or remove number of category(ies), or sub
category(ies) for day type(s);
(5) Recording preferences on
Distributed Ledger for Preferences (DL-Preferences)
(1) Access Provider shall
automate its internal systems and develop appropriate APIs to interact with DL Preferences;
(2) Access Provider shall
record preferences on DL-Preferences within 15 minutes for requests received
from all modes;
(3) These revised preferences
shall be available, in real time, for considerations by entities for scrubbing
process for new list of telephone numbers under process, however, earlier
messages or voice calls which have already been scrubbed and have validity may
be delivered;
(6) Every Access Provider shall
establish, maintain and operate Distributed Ledger(s) for Preference
(DL-Preference) with requisite functions, process and interfaces—
(1) to record choices of
preference(s) exercised by the customer in the Distribute Ledger for Preferences
(DL Preferences) in an immutable and non repudiable manner;
(2) to record, at least,
following details of the customer who has registered its preference(s):
(a) telephone number in the
international numbering format as referred in the National Numbering Plan;
[(b)] Location Routing
Number (LRN), as assigned by DoT to the access provider, of current serving
network of the customer and changes in LRN of the new serving network, in case
customer is being ported-in during Mobile Number Portability;
[(c)] lifetime history,
with date(s) and time stamp(s), of choices exercised by the customer for
registering his preference(s) and subsequent changes to it made by the customer
from time to time;
[(d)] changes in the
subscription of telephone number, during the process of opening and closing of
subscription;
[(e)] unique registration
number issued at the time of registration of preference(s);
(3) to interact and exchange
information with other relevant entities, responsible to carry out functions
for regulatory compliance(s), in a safe and secure manner;
(4) to support any other
functionalities as may be required to carry out functions for regulatory
compliance(s);
(7) Every Access Provider shall
establish facility for revoking the consent by its customers and shall make necessary
arrangements—
(1) to receive request, from
the customer, for revoking the consent, if any, given by the recipient to the
sender or to the consent acquirer for the purpose of receiving a commercial
communication message or voice call;
(2) to provide modes, free of
cost, to the customer, as per his choice, to revoke consent either by—
(i) sending SMS to short code
1909 with Label <Revoke> and <Sender ID> or to telephone number
mentioned in the message or during the voice call received from the sender(s);
or
(ii) calling on 1909 or number
mentioned for revoking the consent during the voice call received from the
sender(s); or
(iii) calling on customer care
number; or
(iv) Interactive Voice Response
System (IVRS); or
(v) Mobile app developed in
this regard either by the Authority or by any other person or entity and
approved by the Authority; or
(vi) Web portal with
authentication through OTP; or
(vii) Any other means as may be
notified by the Authority from time to time.
(3) to remove the recipient's
contact information (telephone number to which the message was sent) from the
consent record(s) corresponding to the sender for all purposes requiring
explicit consent except in case specific purpose(s) is indicated by the
customer during revocation of consent from the consent register within 1
business day;
(4) to duly acknowledge the
customer's request to revoke the consent with unique reference number;
(5) to ensure that any person
who receives request to revoke consent must not disclose the customer's
personal information to others without his consent;
(6) to fetch details of the
consent including its purpose(s), details about day and time when it was taken,
and details about sender(s) or consent acquirer(s) who has or have taken the
consent;
(8) Every Access Provider shall
establish, maintain and operate Distributed Ledger(s) for Consent (DL-Consent)
with requisite functions, process and interfaces—
(1) to record consent given by
the customer to sender(s) or consent acquirer(s) in the Distribute Ledger for
Consent (DL-Consent) in an immutable and non repudiable manner;
(2) to record, at least,
following details of the consent—
(a) telephone number of
customer in international numbering format as referred in National Numbering
Plan;
(b) Header of Sender(s) or
Consent Acquirer(s) against which consent is taken;
(c) Day & Time when consent
was taken;
(d) Validity period of consent;
(e) Type and purpose(s) of
consent;
(3) to make consent data
accessible for other entities in safe and secure manner;
(4) to keep record of
revocation of consent by the customer with specific purpose(s), if any, in an
immutable and non-repudiable manner;
(5) to interact and exchange
information with other relevant entities, responsible to carry out functions
for regulatory compliance(s), in a safe and secure manner;
(6) to support any other
functionalities as may be required to carry out functions for regulatory
compliance(s);
(9) Every Access Provider shall
specify—
(1) Entity and process for
generation of One Time Password (OTP) for different purposes and its validity
period;
(2) Entity and process for
verification of OTP received from the customer or for verification of entity
carrying out activity under Code(s) of Practice for Entities;
(10) Every Access Provider shall
formulate—
(1) Message Sequence Charts for
messages with parameter details and time sequence to provide details about the
process between two entities and action taken by particular entity;
(2) Flow Charts to provide
details about the process between two entities and action taken;
SCHEDULE
III
List
of Action items for Code of Practice for Complaint Handling (CoP-Complaints)
(1) Every Access Provider shall
formulate Code of Practice for Complaint handling (CoP-Complaints) and shall
prescribe role, responsibilities of entities involved in examining,
investigating and resolving complaints;
(2) CoP-Complaints shall also
include details about
(1) Complaint registration
through voice call
(a) Procedure for a customer to
make a call to 1909 for registering his complaint.
(b) Procedure and role of the
customer care executive to interact with the customer about the details like particulars
of telemarketer, the telephone number from which the unsolicited commercial
communication has originated the date, time and brief description of such
unsolicited commercial communication.
(c) Procedure and role of the
customer care executive to register the customer complaint and acknowledge the
complaint by providing a unique complaint number.
(2) Complaint Registration
through SMS
(a) Format for making
complaints in which a customer may register his complaint pertaining to receipt
of unsolicited commercial communication.
[(b)] Details to be
provided by the complainant e.g. Unsolicited Commercial Communications with
date on which it was received along with content of received message and in
case of voice call, brief of content of communication etc.
(3) Complaint registration
through a mobile app
(a) Functioning of intelligent
and intuitive mobile app(s) for devices with different operating systems and
helping customer to identify and report suspected sources of spam and also
making use of it by the customer to make complaints;
(b) Ways and means which can be
used to enhance mobile App and other modes for the customer to help him to
identify probable source of spam in an intelligent manner and offers to select
source of messages and voice calls against which complaint is to be made;
(c) Ways and means which can be
used by the customer to compose complaint on behalf of recipient in a
convenient manner and quickly;
(d) App which helps user of app
to keep track of complaints made earlier for the app user;
(e) Ways and means to Increase
adoption of App to quickly detect spam participate to actively report to lead
to larger set of information helpful to curb menace of Unsolicited Commercial
Communications;
(4) Complaint registration
through Web Portal
(a) Procedure for the customer
to make complaints by visiting website of access provider and register his
complaint.
(b) Procedure for filling form
and design it for the purpose of filing complaint with all relevant details
required to investigate complaint and take appropriate action;
(c) Procedure for
authentication process to ensure that complaint is made by recipient;
(d) Procedure to generate and
communicate Reference number to the customer which may be used to check status
of complaint;
(3) Every Access Provider shall
formulate—
(1) Message Sequence Charts for
messages with parameter details and time sequence to provide details about the
process between two entities and action taken by particular entity;
(2) Flow Charts to provide
details about the process between two entities and action taken;
SCHEDULE IV
Action Items for preparing
Code of Practice for Unsolicited Commercial Communications Detection
(CoP-UCC_Detect)
(1) Every Access Provider shall
establish, maintain and operate following system, functions and processes to
detect sender(s) who are sending Unsolicited Commercial Communications in bulk
and not complying with the regulation(s), and act to curb such activities—
(1) System which have
intelligence at least following functionalities
(a) identifying sender(s) on
basis of signature(s);
(b) deploying honeypot(s) and
using information collected by it;
(c) evolving signature(s) by
learning over time;
(d) interface to exchange
information with similar system(s) established by other access provider(s) to
evolve signature(s), detecting sender using Sender Information (SI);
(e) considering inputs
available from DL-Complaints about complaints and reports and analyze them;
(f) considering inputs
available, if any, from any other network element(s) of the access provider
system(s);
(2) provide ways and means for
resolving complaint(s) by sharing information related to telephone number(s) of
sender(s) against which complaint is made;
(2) Every Access Provider shall
formulate codes of practice (CoP-UCC Detect) for system, functions and process
prescribed as following—
(1) implementation details for
detecting Unsolicited Commercial Communications related to suspicious
unregistered telemarketing activity using Signature solution, deploying
honeypots and other technical measures;
(2) minimum standards of
technical measures to share intelligence information, rules, criteria to detect
suspected sources of spam;
(3) approaches to detect and
identify unregistered Unsolicited Commercial Communications sender(s), who are
camouflaging themselves by fragmenting their activity across multiple phone
numbers;
(4) approaches for deployment
of honeypots to capture Unsolicited Commercial Communications voice call(s);
(5) approaches to detect and
identify source(s) of dictionary attacks;
(6) timeline(s) for
implementation of the functionality referred in code of practice and
operationalizing it;
(7) such other matters as the
Authority may deem fit, from time to time.
(3) Report of entities found to
be engaged in making or causing to make silent calls, robocalls, abandoned
calls or using telephone directory harvesting software to make Unsolicited
Commercial Communications, as and when came to notice of the access provider,
or as provided for in the regulations for the registered sender(s) with the
access providers, on basis of following criteria—
(a) Ratio of Abandon Calls to
total attempted calls for a registered entity exceeding 3% over a period of 24
Hours by an entity using Auto Dialer for Commercial Communications calls;
(b) Ratio of Silent Calls to
total attempted calls for a registered entity exceeding 1% over a period of 24
hour by an entity using Auto Dialer for Commercial Communications Calls;
(c) Entity(ies) found to be
using telephone number harvesting software for sending Unsolicited Commercial
Communications are barred to use their network;
SCHEDULE
V
Action Items for preparing
Code of Practice for Periodic Monthly Reporting (CoP-PMR)
(1) Maintaining records of
complaints on daily basis for each service area—
(a) total number of complaints
received on each day, from its customers as Terminating Access Provider, in
each service area, against any registered sender;
(b) total number of complaints
transferred on each day, to Originating Access Provider(s) including itself, in
each service area, against any registered sender;
(c) total number of complaints
to be resolved as an Originating Access Provider, according to the date of
receipt of complaints;
(d) total number of complaints
rejected on account of insufficient details for further examination, according
to the date of receipt of complaint;
(e) total number of complaints
to be resolved as an Originating Access Provider, according to the date of
occurrence of unsolicited commercial communication;
(f) total number of senders
against whom complaints were reported under clause (c);
(g) total number of complaints
out of reported complaints under clause (f), after completion of investigation,
found to be valid complaint(s);
(h) total number of senders out
of reported senders under clause (f), found to be non-compliant as per the
provisions provided for in these regulations or Code(s) of Practice;
(i) total number of senders out
of reported senders under clause (h), who were put under restricted limits of
usage provided for in Code(s) of Practice, as an interim measure to control
unsolicited commercial communications during the investigation phase;
(j) numbers of commercial
communications sent by each sender, reported under clause(i);
(k) total number of entities
other than sender(s), after completion of investigation, found to be not
compliant to the provisions provided for in these regulations or Code(s) of
Practice and actions taken against them;
(l) report total number of
complaints on a day, for any sender, reported under clause(h);
(2) Maintain records of
complaints, from its customers and received from Terminating Access
Provider(s), against unregistered sender(s) for sending unsolicited commercial
communications on daily basis for each service area—
(a) total number of complaints
received on each day, from its customers as Terminating Access Provider, in
each service area, against any unregistered sender;
(b) total number of complaints
transferred on each day, to Originating Access Provider(s) including itself, in
each service area, against any unregistered sender;
(c) total number of complaints
to be resolved as an Originating Access Provider, according to the date of
receipt of complaints;
(d) total number of complaints
rejected on account of insufficient details for further examination, according
to the date of receipt of complaint;
(e) total number of complaints
to be resolved as an Originating Access Provider, according to the date of
occurrence of unsolicited commercial communication;
(f) total number of senders
against whom complaints were reported under clause (e);
(g) total number of complaints
out of reported complaints under clause(e), after completion of investigation,
found to be valid complaint(s);
(h) total number of senders,
under clause(f) against whom complaints were found to be valid;
(i) total number of senders out
of reported senders under clause(h), who were put under usage cap, as an
interim measure to control unsolicited commercial communications during the
investigation phase;
(j) total number of senders out
of reported senders under clause (i), who were put under Usage Cap or
disconnected, after conclusion of the investigation with following breakup—
(i) number of senders who were
given warning against first instance of violations;
(ii) number of senders found to
violating second time;
(iii) number of senders found to
be violating third or more number of times;
(k) numbers of commercial
communications sent by each sender, reported under clause(h);
(l) total number of outgoing
communications made by the sender(s), reported under clause(f) and exceeding
the restriction limits from the deemed date of imposition of such restrictions;
SCHEDULE VI
List
of key activities (but not an exhaustive list) for preparation of migration
plan
(1) Introducing Distributed
Ledger (DL) for registration of entities (DL-Entities);
(a) To register entities
declared by access provider or access provider(s) together for various
functions and registers like
(i) Header Register;
(ii) Consent Register;
(iii) Consent Template Register;
(iv) Content Template Register;
(v) Content Template Verifier;
(vi) Complaint Register;
(vii) Preference Register;
(viii) Telemarketer Scrubbing
Function Register;
(ix) Telemarketer Message
Delivery Function Register;
(x) Telemarketer Voice Delivery
Function Register;
(b) Deadline(s) for registering
entities with DL-Entities
(i) Header Register;
(ii) Consent Register;
(iii) Consent Template Register;
(iv) Content Template Register;
(v) Content Template Verifier;
(vi) Complaint Register;
(vii) Preference Register;
(viii) At least one entity for
Telemarketer Scrubbing Function;
(ix) At least one entity for
Telemarketer Message Delivery Function Register;
(x) At least one entity for
Telemarketer Voice Delivery Function Register;
(2) Registration of existing
assignee of Headers with Header Registrar;
(a) stop assigning headers
without verification of identity and scope of senders;
(b) register existing assignee
of headers after verification of identity and scope documents of Unsolicited
Commercial Communications sender(s) and bind to phone number(s);
(c) assign or reassign current
owner of header(s) considering at least following:—
(i) Whether headeris not
assigned to any other sender(s);
(ii) Whether header is matching
with brand name of a company;
(iii) Whether header is look
alike with other popular header(s) and may mislead recipients;
(iv) Any other reason or fact
which is important to consider before assigning header;
(d) use temporary header(s),
during migration phase, for all earlier assigned headers;
(e) fixing deadline for working
of temporary headers;
(3) Start assigning new headers
(a) assign headers after due
diligence, verification of identity and scope documents of Unsolicited
Commercial Communications sender(s) and bind to phone number(s);
(b) consider reason(s) and
fact(s) which are important to be considered before assigning headers and do
not mislead recipients;
(c) consider headers which may
be required to be reserved for central and state government entities and also
for statutory bodies;
(4) Develop mobile app for
devices which may be required for senders during login to sessions for various
activities like scrubbing, submission of messages to delivery, making voice
calls etc.;
(5) Introduce telemarketer with
scrubbing function, separate from telemarketer with delivery function
(6) Scrubbing envisaged in final
form to be achieved in phased manner
(i) Initially, using data from
existing register for customers' preferences;
(ii) subsequently, using records
of DL-Preferences;
(iii) then using records of DL
for Header Register;
(iv) then introducing virtual
identities and tokens among entities to access real identities;
(v) then using records of DL
for consent;
(7) Introduce DL for
Complaints;
(8) Register existing consents
on Consent Register;
(a) Register existing consents
with consent registrar in robust manner to make it non-repudiable;
(b) stop taking consent not in
accordance to these regulations;
(c) fix deadline for expiry of
consent not registered with consent registrar;
(9) Register new consents on
consent register as prescribed in relevant regulations or schedule or
directions
(a) Develop Application
Programme Interfaces (APIs) for Senders to recording consent with user agent or
application client available on a mobile device or enterprise system;
(b) Broadening of installation
and active base of consent acquisition application client;
(10) Make consent system ready
to become part of scrubbing for all cases;
(11) Migration of existing
registers with TRAI;
(a) Migrate NCPR data to
DL-Preferences and have observer node for TRAI;
(b) Migrate Telemarketer
registration module data of National Telemarketer Register (NTR) to DL-Entities
and have observer node for TRAI;
(c) Migrate complaint module
data to DL-Complaints and have observer node for TRAI;
(12) Introduce observer node of
DL-Consents and observer nodes of rest of registers envisaged in the relevant
regulations;
(13) Enhance signature solution
capabilities and exchange intelligence information, rule, criteria and other
relevant information among access providers to detect and identify suspicious
Unregistered Telemarketing Activities more effectively and efficiently;
(14) Deploy honeypots to detect
and identify suspicious Unsolicited Commercial Communications Voice calls by
capturing relevant information;