TRAI, RBI Fight Spam with Digital Consent Pilot

New Delhi, Jun 16 (PTI) TRAI has launched a pilot project in partnership with the Reserve Bank of India (RBI) and banks to digitise users' legacy, paper-based consents for receiving calls and messages, as the regulator steps up efforts to combat financial frauds.

Telecom Regulatory Authority of India (TRAI) said that given the sensitivity of banking transactions and cases of financial fraud through spam calls, the banking sector has been prioritised for the first phase of implementation of the 'digital consent system'.

TRAI noted that a large number of spam complaints are made by customers against the business entities from whom they had previously purchased goods or services. On investigation, such business entities often claim that they have consumers' consent for making commercial calls and messages, according to TRAI.

"...regulations provide for acquiring consent digitally by the entities and registering them in a secure and interoperable digital consent registry maintained by the Telecom Service Providers (TSPs) for easy verification of consents while commercial communication is made to the consumers," TRAI said but noted that for successful operation of this 'consent registration framework', the onboarding of entities sending commercial communications is a must.

To begin the national roll-out, TRAI said it has launched a pilot project in coordination with the RBI involving select banks and has issued a direction on June 13, 2025, to all the telecom operators instructing them to pilot the framework in collaboration with banks.

Put simply, this essentially means that legacy or past consents given by users for receiving calls and messages from banks will now be onboarded to the digital platform, setting the stage for checking the veracity of such consent in future, and at some point, allow consumer to even withdraw consent he/she may have given in the past.

Today, under the regulatory framework defined by the Telecom Commercial Communications Customer Preference Regulations (TCCCPR), 2018, an entity can make commercial communications to a consumer irrespective of their Do Not Disturb (DND) preferences, provided the said organisation has taken explicit consent from the consumer.

"However, in many cases, these consents were collected through offline or unverifiable means, making it extremely difficult to ascertain their validity and genuineness. In several instances, consumers report that their mobile numbers have been acquired by the entities for this purpose through misrepresentation, deception, or unauthorised data-sharing practices," TRAI said in a release.

TRAI cited several regulatory measures it has undertaken in recent years to curb such practices. These include allowing consumers to register complaints against unregistered telemarketers (UTMs) even without prior DND registration, and initiating large-scale disconnection of telecom resources being misused by the entities for spamming activities.

Despite these efforts, however, the verification of offline consent when it comes to commercial communication remains a formidable challenge, the regulator acknowledged.

"Given the sensitivity of banking transactions and cases of financial frauds through spam calls, the banking sector has been prioritised for the first phase of implementation, TRAI said.

This pilot, running under a Regulatory Sandbox framework, will validate the operational, technical, and regulatory aspects of the enhanced Consent Registration Function (CRF) and lay the foundation for sector-wise scaling of the digital consent ecosystem.

Pledging its commitment to safeguard consumer interest and enhance the trust in legitimate commercial communications, TRAI said it will continue to work with sectoral regulators and stakeholders to ensure that the ecosystem evolves towards more secure, transparent, and consumer-centric practices.