A one-size-fits-all law will harm OTTs, telecom services

The Department of Telecommunications (DoT) released the Draft Indian Telecommunication Bill, 2022 (‘Draft Bill’) on the September 21, 2022, intending to replace the existing legislation governing telecommunications in India with a singular framework that will regulate this sector. The draft bill brings in major reforms for the telecom industry. Provisions relating to providing relief to the entities in case of default payments, creating a regulatory sandbox, simplifying the framework for mergers and acquisitions, and providing clarity for operations during insolvency proceedings will help the telecom industry.

While some laudable steps are taken for the telecom industry, expanding the framework’s scope to include OTT communication services is concerning. The rationale behind bringing in Internet-based communication services under the umbrella of telecom regulation is not clear, as presently, such platforms are regulated under the IT Act, with appropriate safeguards for consumers and accountability on the part of the platforms. Bringing them under the telecom bill will increase regulatory overlaps, and will create a licensing regime for the OTT players and increase their compliance burden. Unlike the telecom sector, OTT platform services comprise both large and small businesses. A one-size-fits-all approach therefore is not suitable.

Under the current framework, OTT communication services are required to comply with several due diligence provisions such as publishing of privacy policy and user agreement, and deploy grievance redressal mechanisms. Additionally, significant social media intermediaries (SSMIs) are required to appoint a Chief Compliance Officer, a Nodal Contact Person and a Resident Grievance Officer to ensure the compliance with IT rules, 2021.

Since the Telecom Bill is looking at telecom services, which are carriage based, and OTT communication services fall in the domain of the Internet, which is content based, it is important to separately regulate the two services, as is the case now. Also, data through OTT communication platforms is delivered in data packets based on the best-effort-delivery model with no dedicated end-to-end channel being established for the duration of the communication. This is in stark contrast to traditional voice services offered by TSPs, where dedicated channels of communication are established between devices for the duration of the communication.

Digital platforms and services deliver instant messaging over IP networks as opposed to traditional SMS services, which utilise dedicated infrastructure involving short message centres, short message entities and SMS gateways. At the same time, most TSPs already provide online services in addition to network access. Therefore, while TSPs can operate in both the network and application layers, Internet companies are restricted to the application layer. It is prudent that these two fundamentally different sectors are not regulated under a single framework.

The Draft Bill, through clause 24, also enables state and central governments to intercept messages on end-to-end encrypted OTT platforms in the interest of national security. This would require OTT platforms to weaken their encryption to comply with the laws. Such wide powers in the hands of the executive without fulfilling the necessity and proportionality mandate as envisaged under the Puttaswamy judgement may impact user privacy. The Telecom Regulatory Authority of India, in its 2020 recommendations to DoT on regulating OTT platforms, cautioned against tinkering with encryption as it would affect the privacy and security of citizens.

Furthermore, the weakening of encryption has multiple implications that affect not just the citizenry but also have consequences for national security. The link between individual security and national security in the context of encryption has been studied at length, with the conclusion that breaking encryption for citizens fundamentally weakens the country’s national security. It is imperative to note that end-to-end encryption is the foundational plane enabling the flow of confidential information amongst and within businesses. A tinkering with the same, despite the valid intentions backing such a move, can leave businesses vulnerable to cybersecurity breaches. The companies would have to make significant changes in their security infrastructure, increasing the cost involved. Additionally, it would be detrimental to have licensing for communication applications and Internet platforms. A licensing regime, as envisaged under the draft bill, might increase barriers to entry, impact innovation and
the growth of the start-up ecosystem as compliance costs would increase.

Almost all the apps use some sort of communication setup for their operation, be it chatbox or other interpersonal or business communication medium. This legislation might bring all those platforms under the ambit due to its broad definition.

(Rizvi is Founder, and Tripathi is Programme Manager, The Dialogue, a public policy think tank)