In its response to the back-reference received from Department of Telecommunications (DoT) in respect of TRAI’s recommendations on the ‘Framework for Service Authorisations to be Granted Under the Telecom Act, 2023’, the Telecom Regulatory Authority of India (TRAI) has informed that it can not regulate the virtual private network (VPN) apps stating that these are governed by the IT Act.
TRAI clarified to DoT that the former is legally not authorised to give recommendations on regulating the VPNs.
In a letter signed by TRAI secretary Atul Kumar Chaudhary, the Authority said “[A]s application VPN service providers are not licensed entities under the Telegraph Act, TRAI is not empowered under the TRAI Act, 1997, to furnish regulatory recommendations on Application VPNs. Hence, the reference seeking recommendations on monitoring and controlling VPN misuse falls outside TRAI’s regulatory scope and is hereby returned.”
DoT had requested TRAI to inter-alia provide recommendations on monitoring and controlling the misuse of layer-7 VPNs (i.e. application later VPNs). In the letter dated (20.06.2024), DoT has defined the term ‘Application-layer VPNs’ as “A non network based network i.e. the network which has been established without seeking connectivity form the service providers explicitly, established through logical rather than physical means being used for remote access or site-to-site access.”
While the VPNs provided by the eligible entities authorised under telecom laws to provide telecommunication services are network based, the application-layer VPNs (layer-7 VPNs) are essentially non-network based.
Earlier, DoT through a reference (dated 21.06.2024), under Section 11(1)(a) of the TRAI Act, 1997, requested TRAI to provide recommendations on terms and conditions, including fees or charges, for authorisation to provide telecommunication services as per the provisions of the TelecomAct, 2023. After a detailed consultation with stakeholders, TRAI provided its recommendations on ‘the Framework for Service Authorisations to be Granted Under the Telecommunications Act, 2023’ (dated 18.09.2024) to DoT.
In this regard, DoT, through a back-reference (dated 14.01.2025), informed TRAI that the recommendations of TRAI on ‘the Framework for Service Authorisations to be Granted Under the Telecom Act, 2023’ have been considered by the Government.
DoT through the back-reference, shared its prima fade views in respect of each recommendation. Further, DoT, through the back-reference, requested TRAI to provide its reconsidered recommendations, in accordance with the provisions of Section 11(1) of the TRAI Act 1997, on the recommendations, in respect of which, the Government has reached a prima-fade conclusion that the recommendations may not be accepted or may need modification.
After examining the prima facie views of DoT, TRAI has finalised its response to the back-reference.
TRAI also reiterated that satellite-based service authorisation should remain separate and should not be offered as a service under the main authorisation as the service and technology is distinct.
Additionally, it also mentioned separate authorisation for machine 2 machine (M2M) services to enable start-ups and small business entities with limited financial strength but with the right kind of skill sets to provide M2M services. The Authority also reiterated that to encourage investment in the Indian telecom sector and to maintain the investors’ confidence, the authorised entities must be given a certain degree of assurance that no substantive changes will be made to the terms and conditions of authorisations unilaterally.