In a major regulatory move, the Department of Telecommunications (DoT), under the Ministry of Communications, has issued comprehensive security guidelines for the provision of GMPCS (Global Mobile Personal Communication by Satellite) services in India. These directives, dated May 5, 2025, are aimed at strengthening national security and enhancing oversight over satellite-based communication networks.
The new instructions supplement Chapter XII of the Unified License (UL) Agreement and are binding on all licensees authorized to offer GMPCS services in the country. The directions are issued under Clause 39 of Chapter VI of the UL, which empowers the government to intervene in the interest of national security.
🔒 Key Highlights of the Security Instructions:
India-Based Infrastructure Requirement:
All key systems such as Network Control Centers, Gateways, Lawful Interception, and Monitoring (LIS/LIM) must be located within Indian territory and integrated with national monitoring systems like CMS and IMS.
Strict Geo-Fencing & Service Restriction:
Services must be geo-fenced within India, with capabilities to deny access in sensitive or restricted zones, and real-time location tracking of all user terminals is mandatory.
Metadata and Traffic Monitoring:
Licensees must ensure real-time traffic monitoring, and no user traffic may bypass Indian gateways or route via foreign systems, including inter-satellite communication links.
Data Sovereignty and Access Control:
Licensees are strictly prohibited from copying or decrypting Indian telecom data outside India, and all user authentication and registration must occur domestically.
Border and Coastal Surveillance:
Special Monitoring Zones (50 km within international borders and up to 200 nautical miles in coastal regions) are to be enforced for user activity surveillance.
Prohibition on Location Spoofing:
Any device enabling location spoofing (hardware/software) is banned. Terminals must accurately relay their location using verified systems, with NavIC integration encouraged by 2029.
Device and User Data Reporting:
Details such as IMEI, MAC address, IP address, and location must be included in CDR/IPDR logs and shared periodically with designated LEAs (Law Enforcement Agencies).
Provisions for Blocking and Interference Control:
Real-time capabilities to block rogue terminals and manage signal interference are mandated.
Separate Security Clearances Required:
Distinct clearances are necessary for voice and data services, and for mobile versus fixed services.
Indigenization Roadmap:
Licensees must present a plan to indigenize 20% of ground segment infrastructure within five years of commercial launch.
Compliance with TEC Standards:
Adherence to TEC IR 42032:2024 is required, including additional requirements for land-mobile terminals and Earth Stations in Motion (ESIMs).
Data Centre & DNS Hosting in India:
All PoPs and DNS resolution for GMPCS services must be physically located within India.
These measures are expected to tighten control over satellite communications, enhance national cyber and telecom security, and ensure that Indian user data and traffic remain within sovereign bounds.
The DoT has also clarified that in case of any conflict between the new guidelines and the existing UL Agreement, the new instructions will take precedence. These guidelines may be revised in the future depending on evolving national security needs.
