Trai mandates telecom operators share AI spam detection data within hours on blockchain

AI-based spam data must be shared in hours, Trai to telcos

Telecom regulator Trai has mandated mobile operators to share data from their AI spam detection systems. This information will be shared on a blockchain platform within hours. Operators must now act against spammers proactively, even without user complaints. This move aims to curb unsolicited commercial communication effectively. Regulator Trai has directed all mobile operators to share data derived from their artificial intelligence (AI)-based anti-spam solutions within hours on the common blockchain-based platform and act against spammers, even in the absence of any complaints. The directions by the Telecom Regulatory Authority of India (Trai) were issued on February 27, and firms must comply within 30 days. While the regulator hasn't specifically asked for blocking numbers of potential spammers after telcos raised concerns on the draft rules, the regulator has fixed accountability for both the originating and terminating telco-from where the call or message originates and terminates-to coordinate among themselves and initiate action. As per the directions, every terminating mobile firm, through its AI/ML (machine learning)-based spam detection system, should identify and flag the calling line identification (CLI) or mobile number of the sender as "suspected spam CLI" based upon the behavioural parameters as specified in the system. Further, immediately upon such flagging and in any case within two hours of such flagging, the terminating operator should share, through the distributed ledger technology (DLT) or blockchain platform, the flagged CLI with the concerned originating operator. The originating operator is then required to reach out to the sender of the CLI informing him about flagging of the number as suspected spam and also the need to ascertain know your customer (KYC) identifiers of the sender of the CLI. The data should be shared on the DLT platform so that all telcos can identify the telecom resources allotted to the sender and check if other mobile numbers of the same sender are also identified as potential spam by their respective systems. In case it is ascertained that five or more CLIs of the sender have been identified as potential spam within 10 days, action should be initiated against the sender. Telcos had earlier cautioned against using AI-based data to act against spam as the data isn't entirely accurate and may tag or flag genuine numbers. The telcos want to continue with the existing mechanism when action is based on complaints by users. Further, AI solutions by telcos are not similar and have different technical parameters, so sharing of data can have technical limitations. Trai, however, said, "nothing in this direction shall require disclosure of proprietary algorithms, source code, model architecture or internal risk-scoring methodologies of the AI-based UCC (unsolicited commercial communication) or spam detection system deployed by any Access Provider." The authority feels that while the telcos have implemented the spam solutions, just alerting the subscriber without backend enforcement does not act as a deterrent. "...enforcement has, thus, remained predominantly complaint driven," it said. Further, Trai said around 85% of spam complaints are reported against unregistered telemarketers, and therefore, effective containment of such spam senders requires a calibrated leveraging of AI/ML-based network intelligence deployed by telcos.

TRAI Spam Rules - Telcos Must Share KYC in 2 Hours

The Telecom Regulatory Authority of India (TRAI) has directed telecom operators to share information about suspected spam callers and message senders with each other within two hours of detection. The February 27 direction creates a system in which operators use artificial intelligence (AI) to flag suspected spammers and immediately alert other networks through a blockchain-based platform . Operators must comply within 30 days, setting the effective implementation date as March 29, 2026. TRAI triggers enforcement when operators flag five or more phone numbers belonging to the same person as suspected spam within ten days across all networks, leading to KYC re-verification and potential disconnection. The regulator aims to shift spam enforcement from being primarily complaint-driven to proactive. TRAI noted that unregistered telemarketers generate approximately 85% of spam complaints and observed that simply alerting users about spam calls without taking backend enforcement action "does not act as a deterrent." However, the direction raises questions about the privacy implications of sharing customer data across networks, how different AI systems with varying parameters will work together, and whether operators could wrongly flag legitimate businesses. The direction establishes a six-step process: TRAI triggers enforcement when operators flag five or more phone numbers belonging to the same person as suspected spam within ten days across all networks. For the first instance, the originating operator carries out re-verification of the sender's KYC within three business days and takes necessary action in accordance with existing KYC guidelines. For the second instance, the operator conducts physical KYC verification within five business days. If the KYC details do not match the details obtained during physical verification, or if the sender misuses telecom resources for sending spam, the operator disconnects the services. For subsequent instances, the operator conducts physical KYC verification within five business days. If violations are found, the operator disconnects all numbers and blacklists the person for one year. TRAI clarified that the direction does not require operators to disclose proprietary algorithms, source code, model architecture, or internal risk-scoring methodologies. Operators only need to share the output in the form of suspected spam identifiers. However, different operators have deployed different AI systems with varying behavioural parameters. One operator's AI might flag a number as spam based on call volume, while another might prioritise call duration or recipient diversity. The direction does not address how operators will reconcile these differences or establish standardised thresholds for flagging numbers. The direction does not specify a mechanism for legitimate businesses or individuals to appeal if they are wrongly flagged as spammers. Delivery services, customer support centres, and sales teams often make high volumes of calls that could trigger spam detection algorithms. If operators flag five numbers belonging to a business within ten days across all networks, the business faces KYC re-verification and potential disconnection. The direction does not outline safeguards to protect legitimate commercial communication from enforcement. The direction requires operators to share customers' unique KYC identifiers with all other access providers through the DLT platform. This means that if one operator flags a number as suspected spam, the customer's identity details are shared across all telecom networks within two business days. The direction does not specify what data protection measures operators must implement when sharing KYC information, or how long this data remains accessible on the DLT platform. It also does not address whether operators will notify customers that they have shared their identity details across networks. The framework creates a system where all operators can track how many numbers a single individual owns across all networks, and whether operators have flagged any of those numbers for suspected spam activity. TRAI directed all access providers on June 13, 2023, to deploy AI and Machine Learning (ML)-based spam detection systems capable of constantly evolving to deal with new signatures, patterns, and techniques used by unregistered telemarketers. Several access providers have deployed AI/ML-based, network-level spam detection and alert systems that analyse behavioural signatures, including call and message volume, velocity, diversity, duration, and temporal patterns. However, TRAI observed that access providers have largely used these detection systems for subscriber-facing alerts and have not institutionalised these outputs for investigation and enforcement against originating entities. Moreover, TRAI issued over 731,000 notices to unregistered telemarketers in 2025, disconnected more than 184,000 telecom resources, and received 3.1 million consumer complaints about unsolicited commercial communication during the year. The regulator further amended the Telecom Commercial Communications Customer Preference Regulations (TCCCPR) in February 2025 to mandate proactive monitoring and increase operator accountability. Despite these enforcement actions, the high volume of complaints suggests that existing measures have not adequately curbed spam. The direction attempts to address this by leveraging AI detection data that operators already collect but have not used for enforcement. When operators flag a number as suspected spam, the originating operator must immediately notify the number's owner via SMS or email. The direction specifies the exact notification format: "Your <call/ SMS> from the <number> has been flagged as suspected unsolicited commercial communication on the basis of pattern analysis. You are advised that commercial communication can only be made by registered senders or telemarketers in accordance with the TRAI regulations. If you are found to be engaged in sending unsolicited commercial communication, all your telephone connection across all the telecom service providers are liable for action including barring outgoing calls OR disconnection and blacklisting for one year. For any clarification, please call <number> or mail to <mail-id>."