TRAI revises data-sharing plan after DoT pushback

MUMBAI: A regulatory tug-of-war over how telecom operators should share subscriber data has prompted the Telecom Regulatory Authority of India to rewrite part of its own playbook. In a fresh response to the Department of Telecommunications, TRAI has refined its earlier proposals on consent-based KYC data sharing during mobile number portability, while standing firm on a broader framework meant to future-proof India’s data ecosystem.

Back in 2022, TRAI had recommended adopting the Data Empowerment and Protection Architecture, a model that lets users control when and how their personal data is shared. The idea was simple, give subscribers the power to securely share their KYC details with operators when they port their numbers, making the process quicker and more transparent. The DoT, however, believed this clashed with the current porting rules and asked the regulator to take another look.

The DoT’s concern stemmed from rising cases of fraudulent porting, where mobile numbers were being shifted without the real owner’s knowledge. Its solution was more stringent verification. It had earlier suggested transferring the customer’s original application form and documents from the donor operator to the recipient operator so demographic details and even photographs could be matched before approving the port. A proof of concept was completed and a working group formed to explore machine-based demographic matching.

TRAI acknowledged the need to curb porting fraud and has already made room for demographic matching via the DoT’s Digital Intelligence Unit platform. Crucially, this avoids directly sharing KYC documents between operators, which licensing rules do not currently permit. A final rollout date will be set once the proof of concept is fully assessed.

The regulatory landscape has shifted further with new government rules on biometric verification, a mobile number validation platform, and draft provisions allowing the sharing of subscriber information when a user gives explicit consent. TRAI notes these developments show a clear intent to build a system where KYC data can move securely across platforms when a subscriber allows it.

With this backdrop, TRAI has revised its earlier stance. The updated recommendation now calls for a consent management framework based on DEPA that can enable consent-based sharing or validation of KYC data, including during number portability. This subtle tweak aligns the proposal with present-day licensing restrictions while keeping the user-centric vision intact.

What TRAI has not changed is its belief that India needs a broader, unified architecture for data flows. The regulator reiterates its call to integrate telecom data sharing with larger frameworks such as the account aggregator ecosystem, arguing that subscribers should one day be able to share more than just KYC details, including tariff preferences or even credit-related information, with entities across sectors. Since the DoT did not provide specific objections to this part, TRAI has maintained the recommendation.

For now, the regulatory chessboard stands reset. The telecom sector may be inching toward a future in which data truly moves at the speed of consent, but not without carefully matching the pieces along the way.