TRAI Launches Pilot Project for Digital Consent Management in Partnership with RBI and Banks

By Anuradha Gandhi and Rachita Thakur

Introduction

In June 2025, Telecom Regulatory Authority of India (TRAI) in coordination with Reserve Bank of India and select banks[1], launched Pilot project for Digital Consent Management. This initiative builds on TRAI’s earlier direction[2] regarding implementation of Digital Consent Acquisition (DCA) where it focused on creating a unified platform and process to register customer consent digitally across all service providers and further implementing it in phased manner.

The pilot project

The project has been launched to curb and manage the ever-growing spam complaints made by the customers against business entities

What are Spam complaints?

UCC or Spam is an unwanted message individual receive by:

Message
Voice call[3]

Over the past year, more than 60% of Indians were reportedly receiving an average of three or more ‘pesky’ or spam calls.[4] As also observed by TRAI that large number of spam complaints are made by the customers against the business entities from whom consumers have earlier purchased goods or services. Such business entities then claim that they have the consent of the consumer for receiving such calls and messages.

Objective of the project

To address the difficulty of ascertaining the validity and genuineness of offline consent obtained for commercial communication, acquiring consent digitally and registering them in a secure and interoperable digital consent registry maintained by Telecom Service providers (hereinafter referred to as TSPs) in order to enable real-time verification of consent prior to initiating any commercial communication.

Key feature

Consent Registration Function (CRF) which will help in easy verification of consent while commercial communication is being made to the consumers for which entities will be on boarded.
Regulatory Sandbox framework will validate operational, technical and regulatory aspect of CRF and lay foundation for digital consent ecosystem.
The Sensitive data involved in banking and financial ecosystem therefore the banking sector has been prioritized for the first phase of implementation.

Impact

By mandating digital consent and secure registration the project will:

Directly address the rampant issue of unsolicited commercial communications and financial fraud, especially in the sensitive banking sector.
Consumer will gain more control over their data and purpose for which their data can be utilized.
Reduce risk of data leaks and unauthorized access as compared to offline verification.
This initiative will also have a substantial ripple effect beyond the banking sector. Once validated through this pilot project, the digital consent management framework will scale and implement across vital sectors.

Current Regulatory framework on commercial communication

Presently consent mechanism under TRAI is regulated by TCCCPR, 2018 which allows an entity to send commercial communications to a consumer irrespective of his/her Do Not Disturb (DND) preferences provided the entity has obtained the consumer’s explicit consent.

To enhance consumer protection and combat fraud, the Reserve Bank of India has also introduced two dedicated phone number series for financial institutions. These numbers are designated for making transactional and marketing calls to customers, helping individuals easily identify legitimate calls from banks and distinguish them from scam or phishing attempts.[5]

Compliance with Data Protection Law

The pilot project is a significant step towards secure, transparent and consumer centric digital communication ecosystem with strong positive impacts on both user experience and data privacy.

By acquiring consent digitally by the entities and registering them in a secure and interoperable digital consent registry the authorities have tried to align the telecommunication and Banking sector with evolving Data Protection law. As it will provide customers/data principals with right to give and revoke consent. Further it also put in place technical safeguard to secure consent.