Investigative Analysis: Questions Surrounding Accuracy
In August 2025, a contentious issue has arisen in India's tech industry regarding the proposed Mobile Number Validation (MNV) platform under the Telecom Cybersecurity Rules, 2024. The platform, designed to authenticate users by matching mobile numbers against telecom databases, has sparked concerns over privacy, regulatory overreach, economic impact, and potential negative effects on user rights and digital business practices.
The MNV platform allows a government-controlled system to verify if a mobile number actually belongs to a given user, with telecom operators charging a fee (up to Rs 3 per validation request). This raises concerns over economic costs for digital firms repeatedly validating users, potentially increasing operational expenses and service costs, especially burdening start-ups and MSMEs.
Moreover, the introduction of the broad category called Telecommunication Identifier User Entities (TIUEs) includes a wide range of digital service providers beyond licensed telecom operators, such as e-commerce, fintech, social media, and ride-hailing platforms. These entities must compulsorily validate mobile numbers through the MNV platform, significantly expanding regulatory scope and triggering fears of excessive compliance burdens and stifling innovation.
From a privacy standpoint, the government gains enhanced powers to seek user data linked with telecom identifiers and may direct firms to suspend or block the use of certain numbers without prior notice to users. This raises risks of illegal personal data processing, arbitrary user deactivation, and violations of user privacy. Additionally, the MNV platform centralizes sensitive telecommunications identifiers and user identity data, which could create single points of vulnerability to data breaches or misuse by authorities or third parties.
Industry bodies like IAMAI and NASSCOM have strongly urged the government to reconsider or rework these provisions to balance security needs with privacy and innovation concerns. The draft rules lack clarity on the criteria of necessity, proportionality, and legal oversight, as required by the Supreme Court in KS Puttaswamy vs Union of India (2017). Without tight controls, the MNV system could be gamed by bad actors posing as TIUEs and purchasing sensitive user data under the guise of verification.
The denial of services through invalidation of mobile numbers raises due process concerns, and without clear limits on data use, retention, or safeguards, there is a risk of misuse or surveillance with the MNV platform. The final rules for the MNV system must include user notification protocols, an appeal mechanism, stringent limits on data use, and a transparent governance framework.
The economic impact of the MNV system could discourage new entrants in the tech ecosystem, and without guardrails such as consent, audit trails, explicit limitation of purpose, and strong eligibility checks, the MNV system poses a problem. In a country where mobile phones are often shared, this rigidity could deny legitimate users access to essential services, deepening digital exclusion or harassment by state agencies.
The proposed amendments aim to tighten cybersecurity and combat digital fraud, but without addressing these concerns, the MNV platform may do more harm than good. The article was published on August 8, 2025.
- The MNV platform's economic costs for digital firms, especially start-ups and MSMEs, stem from repeated user validations that could increase operational expenses and service costs due to fees charged by telecom operators.
- The expansion of regulatory scope through the introduction of Telecommunication Identifier User Entities (TIUEs) and the mandatory validation of mobile numbers through the MNV platform could trigger excessive compliance burdens and stifle innovation among various digital service providers.
- The denial of services through invalidation of mobile numbers, without clear user notification protocols, an appeal mechanism, and stringent limits on data use, could lead to due process concerns and potential abuses such as digital exclusion or harassment by state agencies.
