TRAI Eases SMS Whitelisting Rules to Prevent Major Disruptions for Banks and Businesses

The Telecom Regulatory Authority of India (TRAI) has announced new guidelines aimed at easing the SMS whitelisting process for entities, particularly banks. The updated rules clarify that only the static parts of URLs in commercial messages need to be whitelisted, alleviating concerns about potential widespread disruptions in SMS deliveries starting Tuesday, October 1.

Senior officials at TRAI acknowledged that there may still be some disruptions, as not all entities have completed the whitelisting process with telecom operators. However, they emphasized that TRAI has provided ample time for stakeholders to comply and has clarified all necessary requirements.

“Some entities have not whitelisted the details, but the majority have done so. The system is expected to stabilize in the coming few days,” an official told the Economic Times.

The new whitelisting mandate takes effect on October 1, meaning any commercial message containing URLs, over-the-top (OTT) links, and Android application packages (APKs) must be whitelisted before being sent to consumers. If these messages are not verified, they will be blocked by telecom operators.

Whitelisting requires entities sending commercial messages to provide all relevant information related to URLs, OTT links, and APKs to telecom companies. These companies will then input the information into their blockchain-based distributed ledger technology platform. If the information matches, the message will be allowed; if not, it will be blocked.

In India, approximately 1.5 to 1.7 billion commercial messages are sent daily, according to industry data.

Several banks had previously expressed concerns to TRAI, stating they wouldn’t be able to send messages containing URLs because most of them include dynamic links with various symbols and characters.

In addition to banks and e-commerce players, telecom companies have also reported challenges with implementing the whitelisting mandate, particularly for URLs that have dynamic links generated by individual users.

“The mandate comes into effect from October 1, and it has been clarified to entities that the dynamic portion need not be whitelisted. The entities have to whitelist the static portion of the URL, which lets the customer know from whom it is coming,” said an official.

TRAI has also informed the Reserve Bank of India, the Securities and Exchange Board of India, and the Insurance Regulatory and Development Authority of India about the whitelisting mandate to ensure minimal disruption.

On August 30, TRAI extended the deadline for telecom companies to complete the whitelisting process by one month to October 1. This extension followed an ultimatum given to telecom companies on August 20, instructing them to stop sending messages that contained URLs, OTT links, and call-back numbers that were not whitelisted by September 1.

Telecom companies faced initial difficulties in whitelisting short URLs or the static portions of URLs because there was no specific requirement regarding such URLs in the initial TRAI directive.

Since May 2023, TRAI has been encouraging telecom operators to implement the whitelisting mechanism, but the industry was not adequately prepared for the required infrastructure. At that time, TRAI instructed telecom companies to ensure that only whitelisted URLs, APKs, OTT links, and call-back numbers were included in the content template. They were also required to submit a compliance report on this matter within 45 days. Additionally, TRAI mandated that there be traceability of messages from senders to recipients.