SDG 9: Industry, Innovation, and Infrastructure | SDG 16: Peace, Justice, and Strong Institutions
Institutions: Telecom Regulatory Authority of India (TRAI) | Department of Telecommunications (DoT)
The Telecom Regulatory Authority of India (TRAI), in its response dated 17.11.2025, has strategically revised and reaffirmed its recommendations for creating a consent-based data-sharing framework, despite a back-reference from the Department of Telecommunications (DoT).
The issue began with TRAI’s 18.11.2022 recommendations to create a Data Empowerment and Protection Architecture (DEPA)-aligned framework, allowing subscribers to share their existing KYC data during Mobile Number Portability (MNP). On 29.08.2025, DoT referred this back, stating it was “not feasible” and “contradictory” to existing MNP regulations (Clause 12), which mandate that the new provider must conduct a “complete KYC”.
In its new response, TRAI has revised recommendation 6.39 to propose a consent-based framework for sharing or validating KYC data, aligning with current norms. Crucially, TRAI reiterated recommendation 6.40, advocating for a centralized consent management framework to facilitate secure data sharing across sectors like telecom and banking. TRAI justified this stance by highlighting that the newly notified rules under the Telecommunications Act, 2023, explicitly allow for user information sharing with express consent and establish a Mobile Number Validation (MNV) platform, which supports TRAI’s forward-looking vision.
This regulatory exchange highlights a critical friction point between legacy security rules (requiring repetitive, manual KYC) and India’s new data economy goals (promoting seamless, consent-based data flow via DEPA). TRAI’s strategic use of the new Telecommunications Act, 2023, signals that the legal architecture is now in place to supersede older, siloed regulations, paving the way for a unified, cross-sectoral consent framework that balances security with digital efficiency.
What is the Data Empowerment and Protection Architecture (DEPA) and its relation to MNP?→ The Data Empowerment and Protection Architecture (DEPA) is India’s national framework for a consent-based data sharing ecosystem, famously used in the financial sector for “Account Aggregators”. TRAI’s recommendation aims to apply this DEPA logic to the telecom sector, allowing a subscriber (the data principal) to give digital consent to their old bank (or telecom operator) to securely share their verified KYC data with a new one. This would eliminate the need for the subscriber to manually resubmit KYC documents for MNP, dramatically reducing friction and costs.
What do TRAI’s recommendations entail for the consumers?
Short-Term Implication: Security Over Convenience
Nothing changes immediately for the consumer. The DoT has rejected TRAI’s proposal to let operators reuse existing KYC, stating it is “not feasible” under current MNP rules, which require the new operator to perform a full KYC.
Implication: Every time a consumer ports a mobile number, the consumer must still undergo complete KYC (Aadhaar, biometrics, photos, etc.).
Long-Term Implication: Convenience With Consumer Control
TRAI signals a shift toward a one-time, reusable digital KYC, aligned with the Telecommunications Act, 2023 and built on DEPA, already used in finance.
What this future looks like for consumers:
Consumer-controlled data: Verified KYC is stored securely.
Consent-based access: When accessing a new service, the consumer simply approves data-sharing.
Instant verification: Providers receive authenticated data immediately—no documents, no repetition.
In essence: TRAI is laying the groundwork for a secure, portable digital identity that reduces friction and eliminates today’s repetitive paperwork for every new service.
Relevant Question for Policy Stakeholders: How can DoT and TRAI create a unified technical framework that uses the new Telecom Act’s provisions to satisfy both the security mandate for MNP and the economic goal of DEPA?
Follow the full news here: TRAI Recommendations on Regulatory Framework for Promoting Data Economy