Extending the global IT infrastructure for India operations: How to be compliant

A company can use a traditional on-premise phone system to fulfil their corporate telephony needs or may have switched to OTT (Over the top)/ Cloud applications. There is no specific policy or guideline for enterprise telephony with the Department of Telecom (DoT). There are various restrictions around usage of internet telephony, toll bypass, and intermixing of public and private traffic, however, there is no check levied by the government on the companies to abide by these regulations. The TSP (Telecom Service Provider) can make periodic audits of the telecom resources to check if their circuits are being used in a compliant and legitimate manner. The companies can implement India specific LBR (Location Based Routing) restrictions and logical partitioning configurations on the call manager to avoid accidental bypass of the toll rules and intermix of PSTN and IP traffic.?

Additionally, there is no specific requirement for CDR (Call Data Records) storage and no surveillance framework from the government has been mandated. With that said, it remains a matter of choice for a company to incorporate these compliance checks in their internal policy and ensure compliance to DoT restrictions in India.?

For OSPs (Other Service Providers), there are security conditions levied by the government that emphasize on local storage of CDR (Call Data Records), system logs, and system configurations in a tamper proof format. It should be possible for the OSP company to provide access to this data to DoT, as and when required. It should be possible to facilitate DoT with complete traceability and transparency of the voice traffic to ensure that no violations are being committed.?

For call centers and KPOs, the new Other Service Provider (OSP) guidelines have simplified the entire process of conducting business. Firstly, the registration requirement for OSPs has been done away with altogether and the BPO industry engaged in data related work have been taken out of the ambit of OSP regulations. In addition, requirements such as deposit of bank guarantees, requirement for static IPs for Work from Home, frequent reporting obligations, publication of network diagrams, penal provisions etc. have also been removed. However, compliance to OSP security conditions and data privacy laws should be ensured.

Hence, new players entering India must be aware and understand how the licensing conditions differ in India and design the network accordingly. They can also reach out to local partners or advisors that can guide them with recommendations on market conditions and licensing framework.