In a move that will facilitate work-from-home for the tech industry, the Department of Telecommunications is scrapping regulations on some IT businesses and call centres in India (“Other Service Providers”) that industry associations have complained were onerous and unnecessary, the government announced on Thursday. IT businesses that work with data (as opposed to call centres) have been completely deregulated and left out of the definition of OSPs altogether. This comes months after some of these guidelines, like having to deposit a bank guarantee and exhaustive disclosure requirements for employees working remotely, were temporarily relaxed. These changes are now permanent, with further relaxations.

“Requirements such as deposit of bank guarantees, requirement for static IPs, frequent reporting obligations, publication of network diagram, penal provisions etc. have […] been removed,” the government said in its press release announcing new guidelines that only apply to voice-based OSPs like call centres.

The Telecom Regulatory Authority of India had suggested these changes last October, but even as the pandemic forced most IT workers to work remotely, these recommendations were only accepted partially, and temporarily. In fact, in September, the TRAI and the DoT were conflicted on some of the recommendations, with the DoT keen on keeping some form of regulation in place. TRAI’s arguments seem to have prevailed in Thursday’s relaxations.

What the new rules are

The deregulation is significant, but only from the perspective of the pre-existing rules; these regulations have little equivalent in developed countries, and have been called “draconian” and “archaic” by Microsoft and NASSCOM. “We will see restructuring of outsourcing arrangements in the coming days to align and take costs and operational benefits of these relaxations,” Trilegal partner Nikhil Narendran said. “It also gives a much needed push for tech and network agnostic call and network management which will see more adoption of cloud telephony and remote working tools.”

The new OSP guidelines do away with these restrictions, likely leading to simplified processes at OSPs, and less burdensome financial and procedural hurdles for an OSP starting business:

  • Registration of OSPs with the DoT is no longer required. TRAI had recommended only needing “intimation” to the DoT, but even this will not be required. As recently as September, DoT had reiterated that it wanted registration requirements to stay, but no longer.
  • Call traffic over VPN is now allowed: Using Virtual Private Networks, which let users route web traffic from a different location, or connect to a remote network, is now permissible for OSPs to integrate international call networks. This lets OSPs integrate their international locations better with India, and potentially save costs on call tariffs. However, bypassing International Long Distance call providers will not be allowed.
  • “Interconnection of Remote Agent to the OSP centre/resources is permitted”: This essentially removes the potential penalty associated with working from home. This rule was likely impractical to enforce due to the sheer extent of how many people were, and will probably continue to, work remotely in 2020 and beyond. However, “all logs of the activities carried out by the Extended Agent shall be maintained for one year,” the guidelines say.
  • VPN use allowed for internet: Using VPNs that are not provisioned by telcos is now allowed. Previously, only Provider-provisioned VPNs were allowed, which might be inconvenient for an OSP that wants to use a more reliable private circuit.
  • EPABX abroad allowed: An Electronic Private Automatic Branch Exchange (EPABX) is now allowed to be hosted abroad, as long as the OSP in question is international. However, they will still be required to maintain call logs for their Indian points of presence.
  • Infrastructure sharing is allowed: Infrastructure sharing between different OSPs as well as OSPs’ own points of presence in India and abroad is now allowed. Closed User Groups (an enterprise service by telcos that allows for telecom connections to be provided in bulk to a company’s employees) will also be allowed for internal communications.
  • No more bank guarantee: A bank guarantee to start an OSP, which the industry said was prohibitive and unnecessary, will no longer be required.

Security conditions

In addition to maintaining call logs (CDR), the following conditions are in place for OSPs:

  • For domestic OSPs, “access log, configurations of EPABX and routing tables” should be made available “on demand” from law enforcement agencies.
  • EPABX for a domestic OSP has to be located in India.
  • The carriage of “objectionable, obscene, unauthorized messages or communications infringing copyright, intellectual property” must be “prevented” immediately, the guidelines say.
  • OSPs should assist law enforcement in “tracing any nuisance, obnoxious or malicious calls, messages or communications transported through its equipment and network”.

Read the new OSP Guidelines

Correction (November 7): A previous version of this article said that all OSPs were subject to the new guidelines outlined above. Only voice-based OSPs will be subject to these guidelines, and data-based IT businesses are no longer defined as OSPs, which means they are not subject to the above restrictions. We regret the error.

Also read