Search Your Queries Related To Trilegal

Update

The OSP Framework gets a Progressive Overhaul

05 Nov 2020

Cloud thumb image
In a boost to the ease of doing business, the DoT has overhauled the OSP Framework. The new framework applies only to entities carrying out voice-based BPO activities. Several provisions have been removed such as the requirement for registration, bank guarantees, network diagrams, restrictions on interconnection, and penalty and audit provisions. India’s IT sector may now implement modern network structures, WFH facilities and infrastructure sharing for greater efficiency. Security related obligations such as requiring OSPs to maintain CDRs and to avoid toll bypass have been retained.

The Department of Telecommunications (DoT) has published the Guidelines for Other Service Providers (OSP) implementing a significant overhaul of the existing telecom framework for Business Process Outsourcing (BPO) entities in India.

The OSP framework was originally put in place to ensure that the special dispensations provided to the then nascent BPO sector had adequate safeguards. These safeguards were designed to ensure that OSPs did not impinge into the jurisdiction of Telecom Service Providers (TSP) as well as to address associated security concerns. Over time, thanks to the increased availability (and the decreasing cost) of telecom connectivity, as well as the convergence of voice and data technologies, these regulations were no longer relevant. To the contrary, they imposed a significant compliance burden on the IT and ITeS industries which were made even more challenging given the vague language with which the framework had been drafted.

The DoT has radically pared the framework down to restrict its applicability and to remove a number of the procedural compliances. These include:

  • the applicability of the framework to non-voice based BPO activities;
  • the registration requirement for all OSP entities;
  • penalty and audit provisions;
  • requirements to furnish a bank guarantee;
  • content monitoring;
  • most restrictions on sharing of infrastructure; and
  • location and network specific requirements like the need to provide a network diagram.

In effect, the framework now primarily contains certain security obligations with additional high-level protections to prevent toll bypass. The definition of the term OSP has been limited to only voice based BPO service providers removing data-based services entirely from the ambit of the regulation. The new framework permits (i) the sharing of infrastructure between international and domestic OSPs over VPNs, (ii) the interconnectivity of OSPs, (iii) the use of closed user groups for internal communications, (iv) the facility of work from home/work from anywhere, and (v) the use of distributed EPABXs, without any limitations or registration/intimation requirements. All that OSPs are required to do is ensure that there is no toll bypass.

International OSPs may host their EPABX abroad, provided they have a copy of their call data records (CDR) and system logs stored at any of their centres in India. Domestic OSPs on the other hand are required to retain their EPABX and client data centre only in India. As far as security related obligations are concerned, the new framework requires OSPs to maintain CDRs, system logs, access log, configurations of the EPABX, and routing tables, for a period of one year. Remote access is required to be provided to the authority to view the CDRs along with details of the agent manning the position. In case of specific instances of unlawful content (such as content that infringes intellectual property), the OSP is required to extend support to the authority in tracing any malicious calls, messages or communications carried on its network.

Download PDF to read more

Subscribe to our Knowledge Repository

If you would like to receive content directly in your inbox from our knowledge repository, please complete this subscription form. This service is reserved for clients and eligible contacts.








    Disclaimer

    Under the rules of the Bar Council of India, Trilegal is prohibited from soliciting work or advertising in any form or manner. By accessing this website, www.trilegal.com, you acknowledge that:

    • You are seeking information about Trilegal of your own accord and there has been no form of solicitation, advertisement or inducement by Trilegal or its members.
    • This website should not be construed as providing legal advice for any purpose.
    • All information, content, and materials available on this website are for general informational purposes only.
    • Any information obtained or material downloaded from this website is completely at the user’s volition, and any transmission, receipt or use of this website is not intended to, and will not, create any lawyer-client relationship.
    • Information on this website may not constitute the most up-to-date legal or other information. Trilegal is not liable for the consequences of any action taken by any person based on any material or information available on this website, or for any inaccuracy in or exclusion of any information or interpretation thereof.
    • Readers of this website or recipients of content or information available on this website should not act based on any or all such content or information, and should always seek advice of competent legal counsel licensed to practice in the appropriate jurisdiction.
    • Third party links contained on this website re-directing users to such third-party websites should neither be construed as legal reference / legal advice, nor considered as referrals to, endorsements of, or affiliations with, any such third party website operators.
    • The communication platform provided on this website should not be used for exchange of any confidential, business or politically sensitive information.
    • The contents of this website are the intellectual property of Trilegal.

    We prioritize your privacy. Before proceeding, we encourage you to read our privacy policy, which outlines the below, and terms of use to understand how we handle your data:

    • The types of information we collect and why we collect them.
    • How we use your information to provide a personalized experience.
    • The measures we take to ensure the security of your data.
    • Your rights and choices in managing your personal information.
    • How we may share information with trusted partners for specific purpose.

    For more information, please read our terms of use and our privacy policy.

    Up arrow