By Anuradha Gandhi and Rachita Thakur
Introduction – The SPAM Scam
An incident of fraudulent email scam was detected when a Pune based company lost INR 22 Lakhs (24,000 Euros). The Pune Company had placed an order with a French Company earlier in 2023, the correspondence ensued between the two companies through e-mails. After the order being placed and a proforma invoice another e-mail flowed introducing a fresh bank account for the purpose payment. On non-delivery of the goods, it came to light that the payment was never received by the French company and the e-mail sharing the new account was fraudulent separated by the earlier e-mail address by a single letter
Truecaller, the Swedish Spam detection and caller ID Application Company, in its Global Spam Report titled, Global Spam Trends 2021 enlisted top 20 countries affected by Spam Calls with India at fourth number after Brazil, Peru and Ukraine. It further revealed that 202 million spam calls were made by just one spammer in India, that is to say, disturbing around 6,64,000 people every day and 27,000 people every hour.  Similarly, many WhatsApp users have been bombarded with calls (both video and voice calls) and messages from unknown international numbers promising part-time jobs and flats.
Tackling the menace of spam calls
The Minister of State for Ministry of Electronics and Information Technology (MEITY), Mr. Rajeev Chandrashekhar, on March 09, 2023 announced that the Information Technology Act, 2000 will be replaced by a new Digital India Act, 2023(hereinafter referred to as the “DIA”).
The provisions in the DIA that would hold companies accountable for unsolicited commercial email and other electronic messages. Which would include penalties for violations that may extend to communications over WhatsApp and other electronic formats. The Spam messages and calls inundate individuals through all modes of electronic communications, unfortunately the issue is not addressed by the present IT Act 2000.
The said move will be the first legislation against the problem of unsolicited commercial communications or spams in India.
TRAI’s existing framework
The Telecom Regulatory Authority of India (TRAI) has taken a few steps by directing the telecom service providers in the country to deploy Artificial Intelligence and Machine Learning Based UCC_Detect System in their calls and message services from May 01, 2023. UCC is an abbreviation used for the term ‘Unsolicited Commercial Communication’. These AI spam filters in their call and SMS Services which are programmed to detect and prevent fraud and promotional calls and messages from various sources.
Apart from the AI filters, TRAI has directed the telecom companies to discontinue sending promotional calls to 10-digit mobile numbers which are often used by scammers and fraudsters. Telecom companies have further been directed to implement Caller ID feature that will help customers to identify the caller by showing photo and name on the mobile screen.
The TRAI Direction dated June 02, 2023, directs that the commercial communication takes place using only registered headers assigned to the sender for the purpose of commercial communication only. The telecom companies were further directed to develop an ecosystem to regulate the delivery of commercial communication as provided under the Telecom Commercial Communications Customer Preference Regulations, 2018 for implementation of Digital Consent Acquisition. Where consent is defined as “voluntary permission given by the customer to receive commercial communication related to specific purpose, product or service.”
The Digital India Act- A shift in India’s Cyberspace Landscape
The MEITY has held consultations in discussing the essential features and legal framework of the DIA with different stakeholders and has released a skeleton of legal principles and core constituents being online safety, trust and accountability, open internet, adjudicatory mechanism and regulations of new age technology like artificial intelligence and block-chain technologies.
The presentation further outlined the urgent need to develop an adjudicatory mechanism for online civil and criminal offences which should be:
- Easily accessible
- Deliver timely remedies to citizens
- Resolve cyber disputes
- Develop a unified cyber jurisprudence
- Enforce the rule of law online
Current versus the Proposed Regulatory Mechanism
The current regulatory landscape under the Information Technology Act, 2000 include:
- Intermediary Guidelines and Digital Media Ethics Code
- Reasonable Security Practices and SPDI rules
- Certifying Authorities Rules
- Use of Electronic Records and Digital Signatures
- Indian Computer Emergency Response Team (CERT)
- Procedures and Safeguards for Blocking Rules
- Cyber Appellate Tribunal
The framework of Proposed Global Standard Cyber Laws under the Digital India Act will include:
- Digital Personal Data Protection Act
- Digital India Rules
- National Data Governance Policy
- Indian Penal Code Amendments for Cyber Crimes
The DIA is said to replace the Information Technology Act, 2000 (hereinafter referred to as the “IT Act”) since the current regulatory landscape is old and was enacted when there were around 5.5 million internet users, only on intermediary and covered the traditional harms such as cybercrimes and hacking. Comparatively, the number of internet users today have risen to 850 million, intermediaries are of multiple types and new and evolved ways of harms exist.
 Regulation 2(k) of the Telecom Commercial Communications Customer Preference Regulations, 2018.