DoT releases draft rules for testing new telecom products
The Department of Telecommunications, on Thursday, released draft rules prescribing how a regulatory sandbox can be set up.
The Department of Telecommunications, on Thursday, released draft rules prescribing how a regulatory sandbox – meant to test new telecom products, services, processes, and business models in a controlled environment – can be set up. The public consultation is open for thirty days. The draft rules have been released under Section 27 of the Telecommunications Act, 2023, which allows the government to create one or more regulatory sandboxes to “encourage and facilitate innovation and technological development in telecommunication”. Section 27 came into effect on June 26 through a gazette notification.

In a regulatory sandbox, entities can test their products on a limited set of test users for a specified time period.
“The sandbox regime is common in the banking industry and supported by the Reserve Bank of India,” Aprajita Rana, partner at AZB & Partners, said. “Given the high cost of launching telecom technology, a trial period will help in anticipating success and/or necessary compliance preparation,” she said.
Under the draft rules, the central government can set up a regulatory sandbox under two circumstances. First, if the central government, based on its own assessment, decides that there is a need for one. Second, on receiving a proposal from an applicant, either of its own volition or in response to a request for proposals by the government. In the second case, the applicant will have to pay a fee of ₹10,000. If the applicant’s proposal is rejected, the central government must give reasons for rejections.
Only entities constituted under Indian laws, or Indians, or research and development institution recognised by the Department of Science and Technology can submit proposals to create sandboxes. As per Rana, this follows TRAI recommendations as per which only Indian entities can apply. “However, it appears possible for non-licensed entities to collaborate with a principal entity for such projects as well,” Rana said.
A sandbox can be valid for at most 24 months, as per the draft rules. The government can increase its validity for at most 12 months at a time only if it gets a request for extension either from an approved applicant, or upon a recommendation from the Governance Committee (GC).
While announcing a sandbox, the government must specify its scope and objective, name and details of at least one approved application responsible for the operation and management of the sandbox, eligibility criteria for participation and obligations, what can be tested in this sandbox, details of exit strategy, and other details. The government will also specify if the participants will be exempted from seeking authorisation or any other provisions of the Telecom Act or its rules while participating in the sandbox.
The draft rules empower the government to specify one or more GCs to monitor and evaluate the performance of the sandboxes. The GCs will consist of government-nominated members from within the government, academia or private sector.
Depending on the nature of testing and the technology/model/product being tested, the GCs will specify the frequency and format of the periodic reports that the approved applicants will have to be submit.
The approved applicants must comply with the conditions set by the government to participate in the sandbox. The applicants will be responsible for “applying for or seeking exemption from allocation of resources including numbering resources, assignment of spectrum, and permission for right of way, as maybe required for implementation of the regulatory sandbox”. The applicants will have to give details of the participants in the sandbox to the central government as well as when they exit. The applicants will be required to comply with the Digital Personal Data Protection Act, 2023, while onboarding test users for testing within the sandbox, and must obtain their written informed consent, a move lauded by Rana.
While testing a product, service, process or business model, applicants cannot make them commercially available in the market during the sandbox period. The rules propose that the approved applicants will have to store records related to the testing (work plans, methodologies, consent records, etc.) for at least one year after the validity period of the sandbox ends. The draft rules empower the central government to determine longer periods for data retention. After this period ends, the applicants must destroy this data and records in a secure manner.
The approved applicants must indemnify (protect against losses and liability) the central government from “any acts, omissions, commissions, breaches or any kind of culpability arising out of or in relation to any testing in the regulatory sandbox by itself or by any participant”, a move that may deter participation in the space, as per Rana.
Approved applicants can surrender their approval to operate/manage the sandbox before the validity period ends if the testing is complete and they have got the completion certificate from the GC, or if the sandbox does not meet the desired aims.
Approved applicants will have to submit a comprehensive report to the GC about the testing results, feedback from test users, challenges faced, how they dealt with security issues, and anything else that the GC may specify.
Depending on this report, the GC can make recommendations --- both to the applicant and government --- about whether the testing should continue, if testing should be modified, if testing should be certified as complete, and whether the product or service is commercially viable.
After receiving the recommendations of the GC, the central government can either seek more information from the GC or applicant, extend validity period of the sandbox, modify the terms and conditions of the sandbox, or consider permitting the commercialisation of the product/service/process/model being tested under the relevant rules for authorisation.
The draft rules also empower the central government --- either of its own volition or on the recommendation of the GC --- to suspend or revoke the operations of a sandbox under two circumstances. First, in the interest of national security or public interest. Second, when the approved applicant has lied to the central government or not abided by the terms and conditions of using the sandbox. In the second case, the government must give the approved applicant a reasonable opportunity to be heard.
It is not clear if any technologies might be redlined from being tested at all, and what kind of limits, if any, the government might impose on exemptions from the Telecom Act. “It is unclear how DoT considers innovation, or how they will manage relaxation on spectrum assignment, in view of how contentious the issue is already,” Rana said.
The draft rules also empower the government to notify a portal for the digital implementation of the rules. For Rana, it is concerning that the portal is unprecedented and nobody knows how it will work.
ABOUT THE AUTHORAditi AgrawalAditi covers technology policy, online free speech, privacy, cybersecurity, and surveillance.

E-Paper


