TRAI Launches Digital Consent Pilot with RBI to Tackle Spam and Fraud Calls

In a decisive move to combat the rampant menace of spam calls and unsolicited messages, the Telecom Regulatory Authority of India (TRAI) has initiated a nationwide Pilot Project in collaboration with the Reserve Bank of India (RBI) and select banking institutions. The initiative aims to establish a robust, secure, and digitally verifiable system for consumer consent under the regulatory framework of the Telecom Commercial Communications Customer Preference Regulations (TCCCPR), 2018.

Rising Spam Complaints and the Consent Dilemma

TRAI has noted a disturbing trend: a significant portion of spam complaints come from consumers who have previously transacted with the business entities they are now complaining about. Upon investigation, these businesses often defend themselves by claiming they have the customer’s consent to send commercial messages or make promotional calls.

Under TCCCPR 2018, entities are allowed to communicate with consumers despite Do Not Disturb (DND) preferences—if they have obtained explicit consent. However, this consent is frequently collected through unverifiable channels, such as physical forms, oral agreements, or indirect marketing partnerships. This lack of traceability makes it nearly impossible to confirm whether a consumer genuinely opted in.

In many reported cases, mobile numbers were acquired without user knowledge, often through misrepresentation or unauthorized data-sharing practices, leading to a breach of consumer trust and widespread dissatisfaction.

TRAI's Regulatory Response and the Push for Digital Consent

Over the past few years, TRAI has rolled out a series of stringent regulations aimed at reducing telecom misuse:

• Empowering consumers to report spam even without DND activation.

• Cracking down on unregistered telemarketers (UTMs).

• Disconnecting telecom resources being misused for spam.

• Penalizing violators and issuing public advisories.

Despite these efforts, offline and unverifiable consents remain a loophole. Recognizing this, TRAI is now shifting towards a digitally secure consent framework, where consumer consents must be obtained and recorded through verifiable digital platforms.

The Digital Consent Registry and Role of Telecom Service Providers (TSPs)

The centerpiece of this new regulatory drive is the Digital Consent Registry, a centralized and interoperable repository of consents, to be maintained by Telecom Service Providers. The idea is to create a real-time verification mechanism for each commercial communication, ensuring that only those with proper, digitally verified consent can proceed.

To operationalize this system, TRAI has mandated that TSPs onboard commercial communication entities and implement a Consent Registration Function (CRF). This digital mechanism will allow for:

• Seamless onboarding of businesses.

• End-to-end encryption of consumer data.

• Quick verification of consent status.

• Efficient audit and compliance tracking.

Pilot Rollout with RBI and Banks: A Priority Sector Focus

Recognizing the grave financial risks associated with spam calls, phishing, and fraud in the banking sector, TRAI has prioritized banks in the first phase of this initiative. On June 13, 2025, TRAI issued formal directions to all TSPs, instructing them to coordinate with select banks and implement the pilot under a Regulatory Sandbox framework.

The banking sector is particularly vulnerable due to its exposure to sensitive consumer data and financial transactions. Spam calls impersonating banks or insurance agents have led to major financial scams in recent years. By integrating verified digital consent into the communication process, the risk of such frauds is expected to drop significantly.

This pilot will test the operational, technical, and regulatory feasibility of the new system. Key metrics like response time, user experience, scalability, and data integrity will be studied before expanding the framework across other sectors.

Future Roadmap and Multi-Sector Scaling

Following successful validation, the digital consent ecosystem is expected to be extended to other sectors that rely heavily on customer outreach—such as e-commerce, insurance, healthcare, and travel. TRAI’s vision is to eventually establish an industry-wide consent-based communication protocol, empowering consumers to control how and when they are contacted.

Key features of the proposed expansion include:

• Consumer-facing dashboards to manage consents across services.

• Revocation and expiry mechanisms for outdated or misused consents.

• Secure APIs for enterprise integration.

• Transparency reports from TSPs.

Commitment to Consumer Rights and Data Ethics

TRAI emphasized its commitment to consumer protection, data privacy, and transparent governance. The Authority has pledged to work closely with sectoral regulators like RBI, SEBI, IRDAI, and MeitY to build a unified, interoperable digital trust framework.

“Consumer trust is the foundation of a thriving digital economy,” a TRAI spokesperson said. “This pilot is not just about technology—it’s about reinforcing the rights of every mobile user to have control over their data and their digital interactions.”

TRAI also plans to conduct periodic stakeholder consultations, awareness campaigns, and public education drives to ensure both businesses and consumers are aligned with the new regime.

With this bold move, TRAI has set the stage for a transformative shift in how commercial communication is regulated in India. By eliminating ambiguity around consumer consent and enhancing digital verification, the Authority hopes to build a cleaner, safer, and more respectful telecom ecosystem—one that values privacy and upholds the dignity of user choice.