Free Tool · 5-Minute Self-Assessment

TRAI / DoT Cyber Rules Readiness Checklist

Twenty practitioner-grade questions to test whether your TSP, ISP, VNO, or telecom-infra organisation is ready for DoT / TRAI / NCIIPC / CERT-In oversight — without surprises in the next audit.

Questions
20
Time
5 min
Output
Score band
Email gate
None
Start the Checklist Read the Full Guide

20 questions · 5 minutes · Score band on completion

Your readiness
0 / 20
The Checklist

Answer Honestly. No One Is Watching.

Five sections, twenty yes/no questions. Click Yes only if you can produce the evidence today.

01

Licence & Trusted Sources

Unified Licence security obligations are auditable; vendor source is auditable too.

1
Our Unified Licence (or category authorisation) is current; designated network elements are inventoried with current security policy attached.
2
Equipment in designated network elements is sourced exclusively from Trusted Sources / Trusted Telecom Portal entries.
3
OMC / NMS for our network is operated under Indian control (jurisdiction, personnel, infrastructure) with documented evidence.
4
Personnel with privileged access to designated network elements have current background verification, refreshed within the prescribed cycle.
02

Localisation & Lawful Interception

CDR, IPDR, CAF, and lawful interception infrastructure are inspection priorities.

5
Customer Application Forms (CAF), CDR, and IPDR are stored within India for the prescribed retention period with integrity protection.
6
Lawful Interception & Monitoring (LIM) systems are deployed per DoT specifications; CMS interface is tested.
7
A designated compliance officer is in place for lawful-interception requests with documented log of authorisations and actions.
8
Cross-border data flows for transit / interconnection have specific safeguards aligned with DoT directions.
03

NCIIPC & Audit

CII designation, annual audit, threat intelligence, and remediation discipline.

9
Designated CII components are inventoried and reported to NCIIPC; a current liaison officer is in place with documented credentials.
10
Our last annual security audit was conducted by a CERT-In empanelled vendor with full network coverage and remediation tracking.
11
NCIIPC threat-intel feeds are ingested into our SOC; sectoral advisories produce documented response actions.
12
Critical / high audit findings are remediated within prescribed timelines with re-test letters on file.
04

TRAI Spam, DLT & Consumer

Anti-spam compliance has teeth — financial deductions and reputational consequences.

13
Bulk SMS / voice senders connected to our network are DLT-registered with current headers and templates; non-compliant traffic is blocked.
14
AI/ML-based UCC detection is deployed (or in roadmap) per TRAI directions, with measured precision/recall and false-positive review.
15
Caller-name / scam-call labelling pilot participation (where applicable) is documented; consumer-protection metrics are tracked.
16
Quality-of-service obligations under TRAI directions are met with monthly performance reports filed correctly.
05

CERT-In, Telecom Act & Incident

CERT-In April 2022, Telecom Act 2023 transition, and multi-regulator incident reporting.

17
CERT-In April 2022 directions are implemented end-to-end: 180-day log retention, NTP sync to NIC/NPL, designated POC, 6h incident reporting.
18
A multi-regulator incident playbook covers CERT-In (6h), NCIIPC, DoT/TRAI (per service), and DPDP Board (72h) with templates pre-drafted.
19
Telecom Act 2023 transition is tracked; authorisation conditions reviewed against the new regime; user-protection consent flows updated.
20
Annual cyber drill / tabletop is conducted with leadership participation and documented learnings.
What "Ready" Looks Like

Three Bands. Three Plays.

0–7
Licence at risk

Multiple licence-condition gaps. Spend the next 90 days on Trusted Sources, OMC localisation, CDR/IPDR storage, LIM, and the annual audit. Material breach can lead to licence action.

8–14
At risk

Foundations exist but specific TRAI / NCIIPC / Telecom-Act-2023 transition gaps remain. Close in the next 60 days with named owners and audit-committee oversight.

15–20
Audit-defensible

DoT / TRAI / NCIIPC inspection should land cleanly. Move to AI-UCC detection maturity, threat-intel automation, and Telecom Act 2023 transition leadership.

FAQ

Common Questions

Are OTT communication services regulated like telecoms? +

The position is evolving. The Telecom Act 2023 introduces an authorisation regime that has been read both narrowly and broadly. As of 2026, OTT-only communication services are not licensed like TSPs but face increasing regulatory attention; many adopt voluntary compliance with TRAI consumer protections.

What is the Trusted Telecom Portal? +

A DoT-managed portal listing approved equipment sources for designated network elements. Telecom operators must source from this list. The portal exists to manage supply-chain risk in critical telecom equipment.

How does NCIIPC interact with CERT-In? +

CERT-In handles incident response across all sectors. NCIIPC focuses on Critical Information Infrastructure protection. Many telecom networks are designated CII and report to both — CERT-In for general incidents, NCIIPC for CII-specific ones.

What about the AI-UCC detection requirements? +

TRAI has issued directions requiring TSPs to deploy AI/ML-based detection of unsolicited commercial communications. Implementation is phased; expect periodic measurement and reporting on detection efficacy.

What is the difference between this checklist and the buyer's guide? +

The checklist diagnoses readiness in 5 minutes. The full TRAI / DoT cyber guide walks through UL security, LIM, localisation, NCIIPC, audit, TRAI commercial-comms, Telecom Act 2023, and a 90-day roadmap.

Need a TRAI / DoT roadmap?

Skip the Guesswork. Get a 90-Day Plan.

A 30-minute consultation. Walk away with a prioritised remediation list mapped to UL conditions, NCIIPC, TRAI directions, and Telecom Act 2023 transition.

Book Free Consultation Read the Full Guide

No sales pitch. Responds within 24 hours.