The Telecom Regulatory Authority of India (TRAI) has directed telecom operators to share information about suspected spam callers and message senders with each other within two hours of detection. The February 27 direction creates a system in which operators use artificial intelligence (AI) to flag suspected spammers and immediately alert other networks through a blockchain-based platform .

Operators must comply within 30 days, setting the effective implementation date as March 29, 2026. TRAI triggers enforcement when operators flag five or more phone numbers belonging to the same person as suspected spam within ten days across all networks, leading to KYC re-verification and potential disconnection.

The regulator aims to shift spam enforcement from being primarily complaint-driven to proactive. TRAI noted that unregistered telemarketers generate approximately 85% of spam complaints and observed that simply alerting users about spam calls without taking backend enforcement action “does not act as a deterrent.”

However, the direction raises questions about the privacy implications of sharing customer data across networks, how different AI systems with varying parameters will work together, and whether operators could wrongly flag legitimate businesses.

How does the two-hour sharing system work?

The direction establishes a six-step process:

• Step 1: When a telecom operator’s AI system identifies a phone number as suspected spam based on behavioural parameters, the operator must share that number with other networks within two hours through the Distributed Ledger Technology (DLT) platform.
• Step 2: The network that originally issued the flagged number immediately sends a notification via SMS or email to the number’s owner.
• Step 3: Within one business day, the originating operator identifies the sender’s unique Know Your Customer (KYC) identifiers using subscriber records.
• Step 4: The originating operator shares these KYC identifiers with all other access providers through the DLT platform within the next business day.
• Step 5: All other operators identify all telecom resources they have allocated to that sender within one business day. They then examine whether any other number allocated to the same sender was flagged as suspected spam during the preceding ten days and share this information on the DLT platform the same day.
• Step 6: Once operators receive data about all the sender’s numbers flagged across all networks, they check within one business day whether five or more numbers belonging to that person were flagged within the last ten days.

What happens to repeat offenders?

TRAI triggers enforcement when operators flag five or more phone numbers belonging to the same person as suspected spam within ten days across all networks.

For the first instance, the originating operator carries out re-verification of the sender’s KYC within three business days and takes necessary action in accordance with existing KYC guidelines.

For the second instance, the operator conducts physical KYC verification within five business days. If the KYC details do not match the details obtained during physical verification, or if the sender misuses telecom resources for sending spam, the operator disconnects the services.

For subsequent instances, the operator conducts physical KYC verification within five business days. If violations are found, the operator disconnects all numbers and blacklists the person for one year.

What questions does the direction raise?

How will different AI systems work together?

TRAI clarified that the direction does not require operators to disclose proprietary algorithms, source code, model architecture, or internal risk-scoring methodologies. Operators only need to share the output in the form of suspected spam identifiers.

However, different operators have deployed different AI systems with varying behavioural parameters. One operator’s AI might flag a number as spam based on call volume, while another might prioritise call duration or recipient diversity. The direction does not address how operators will reconcile these differences or establish standardised thresholds for flagging numbers.

What about false positives and legitimate businesses?

The direction does not specify a mechanism for legitimate businesses or individuals to appeal if they are wrongly flagged as spammers. Delivery services, customer support centres, and sales teams often make high volumes of calls that could trigger spam detection algorithms.

If operators flag five numbers belonging to a business within ten days across all networks, the business faces KYC re-verification and potential disconnection. The direction does not outline safeguards to protect legitimate commercial communication from enforcement.

What are the privacy implications of sharing KYC data?

The direction requires operators to share customers’ unique KYC identifiers with all other access providers through the DLT platform. This means that if one operator flags a number as suspected spam, the customer’s identity details are shared across all telecom networks within two business days.

The direction does not specify what data protection measures operators must implement when sharing KYC information, or how long this data remains accessible on the DLT platform. It also does not address whether operators will notify customers that they have shared their identity details across networks.

The framework creates a system where all operators can track how many numbers a single individual owns across all networks, and whether operators have flagged any of those numbers for suspected spam activity.

Why is TRAI requiring this now?

TRAI directed all access providers on June 13, 2023, to deploy AI and Machine Learning (ML)-based spam detection systems capable of constantly evolving to deal with new signatures, patterns, and techniques used by unregistered telemarketers.

Several access providers have deployed AI/ML-based, network-level spam detection and alert systems that analyse behavioural signatures, including call and message volume, velocity, diversity, duration, and temporal patterns. However, TRAI observed that access providers have largely used these detection systems for subscriber-facing alerts and have not institutionalised these outputs for investigation and enforcement against originating entities.

Moreover, TRAI issued over 731,000 notices to unregistered telemarketers in 2025, disconnected more than 184,000 telecom resources, and received 3.1 million consumer complaints about unsolicited commercial communication during the year. The regulator further amended the Telecom Commercial Communications Customer Preference Regulations (TCCCPR) in February 2025 to mandate proactive monitoring and increase operator accountability.

Despite these enforcement actions, the high volume of complaints suggests that existing measures have not adequately curbed spam. The direction attempts to address this by leveraging AI detection data that operators already collect but have not used for enforcement.

What notification will suspected spammers receive?

When operators flag a number as suspected spam, the originating operator must immediately notify the number’s owner via SMS or email. The direction specifies the exact notification format:

“Your from the has been flagged as suspected unsolicited commercial communication on the basis of pattern analysis. You are advised that commercial communication can only be made by registered senders or telemarketers in accordance with the TRAI regulations. If you are found to be engaged in sending unsolicited commercial communication, all your telephone connection across all the telecom service providers are liable for action including barring outgoing calls OR disconnection and blacklisting for one year. For any clarification, please call or mail to .”

Also read:

• No More Promotional Spam? Telcos Must Detect and Block Spammers Using AI Under TRAI’s New Rules
• Telecom Regulator instructs access providers to deploy an AI and Machine learning enabled spam detection system
• TRAI Issued Over 731,000 Notices to Unregistered Telemarketers In 2025, But Has Spam Declined?