As the Telecom Regulatory Authority of India’s (TRAI) new whitelisting regulations for commercial messages come into effect from October 1, 2024, businesses across sectors including banks and insurance companies are adjusting to the changes. The mandate requires all commercial SMS messages containing links, Android application packages (APKs), or over-the-top (OTT) links to be whitelisted by telecom operators. Aimed at reducing spam and protecting consumers from phishing attacks, the new rules are set to transform how businesses communicate with customers. Here’s a breakdown of what the new regulations mean and how they are expected to impact message traffic and user security.What are the new whitelisting regulations introduced by TRAI?
The Telecom Regulatory Authority of India (TRAI) has mandated that all commercial messages containing URLs, Android Package Kits (APKs), and over-the-top (OTT) links be whitelisted before being sent to consumers. These regulations, effective from October 1, 2024, require telecom service providers to ensure only whitelisted links are transmitted via SMS to reduce the risk of fraud and phishing attacks.
What does “whitelisting” mean in this context?
Whitelisting involves registering specific URLs, APKs, and OTT links with telecom operators. These links are input into a blockchain-based Distributed Ledger Technology (DLT) platform, which verifies them before allowing message transmission. If a link is not whitelisted, the message containing it is blocked by the telecom operators.
Why did TRAI introduce these regulations?
TRAI introduced the whitelisting regulations to combat the growing threat of spam, phishing, and fraudulent activities conducted through malicious links in commercial messages. By ensuring that only verified and whitelisted links are transmitted via SMS, the regulator aims to protect consumers from potential security risks and financial losses.
Who is affected by these regulations?
All entities that send commercial messages containing URLs, APKs, or OTT links are affected by the regulations. This includes national and private sector banks, insurance companies, and other financial institutions that communicate with customers via SMS. Telecom operators are also responsible for ensuring compliance by blocking non-whitelisted messages.
Has there been any impact on message traffic since the regulations took effect?
According to early reports, the introduction of the whitelisting regulations has led to a 15-20% reduction in message traffic. This decline is largely due to some entities not having their URLs whitelisted yet, causing those messages to be blocked.
What happens if a message contains a non-whitelisted link?
If a message contains a URL, APK, or OTT link that has not been whitelisted, the telecom operator will block the message, preventing it from reaching consumers. This measure ensures that only verified links are delivered via SMS.
Will customers experience disruptions in receiving service messages?
There could be some minor disruptions, particularly for customers of banks, financial institutions, or e-commerce platforms that have not yet whitelisted all their links. These disruptions may affect the delivery of service messages, transactional alerts, and one-time passwords (OTPs), but the situation is expected to improve as more entities complete the whitelisting process.
How are telcos ensuring compliance with the new regulations?
Telecom operators have configured their DLT platforms to verify the static portion of URLs included in commercial messages. This means only the fixed part of a URL needs to be whitelisted, while dynamic content is not required for whitelisting, making it easier for entities to comply while still ensuring message delivery.
What steps have been taken to mitigate disruptions?
TRAI extended the initial deadline for compliance from September 1 to October 1, 2024, giving businesses more time to whitelist their URLs and ensure smoother implementation. Many entities have already whitelisted a significant portion of their links, and the process is ongoing to minimise disruptions.
How does this regulation help fight spam and fraud?
By requiring the verification of all commercial messages containing URLs, APKs, and OTT links before they are sent, the new whitelisting regulations aim to prevent the transmission of malicious links often used in phishing attacks. This initiative enhances user security by ensuring that SMS links are from trusted, verified sources.
What are the next steps for TRAI and telecom operators?
TRAI will continue to monitor the implementation of the whitelisting regulations and require full traceability of commercial messages by November 1, 2024. Telecom operators are expected to ensure all messages follow the defined telemarketer chain and comply with whitelisting standards. Messages that fail to meet these requirements will be rejected.
