On November 05, 2020, the Department of Telecommunications (the "DoT") issued the New Guidelines ("New OSP Guidelines") for Other Service Providers (the "OSPs")1. The New OSP Guidelines supersede the existing guidelines, that is, the 'Terms and Conditions for Other Service Provider (OSP) Category' issued by the DoT on August 05, 2008 along with amendments made thereto ("Old OSP Guidelines")2.
The New OSP Guidelines have been issued by the DoT with an objective of devising a framework to accommodate the constant innovations in technology and for setting up a platform for OSPs to operate in the most cost-efficient manner with simplified compliance. We have summarized below the key changes introduced by the New OSP Guidelines over the framework under the Old OSP Guidelines.
2. KEY HIGHLIGHTS
2.1. Scope of the term 'OSP' has been (i) limited to entities providing voice based Business Process Outsourcing ("BPO") services and (ii) widened to include different forms of entities
Under the Old OSP Guidelines, the term 'OSP' referred to entities providing application services, which included the provision of a broad category of services like tele-banking, telemedicine, tele-education, tele-trading, e-commerce, call centre, network operation center and other 'IT enabled services' by using telecom resources provided by authorized telecom service providers.
As a consequence, any company providing services on the backbone of telecom resources, even if purely data-driven, was falling within the scope of an 'OSP'. Moreover, under the Old OSP Guidelines, the term OSP only included following forms of entities within its scope (i) a company registered under the Companies Act, 1956 and 2013, and (ii) a Limited Liability Partnership ("LLP") registered under the Limited Liability Partnership Act, 2008.
The prominent changes introduced by the New OSP Guidelines are the (i) limitation in the scope of the term 'OSP' to only cover entities providing voice based BPO services, thereby removing purely data or internet based services and non-voice based services entirely from within its ambit, and (ii) expansion of the scope of the term 'OSP' to include a partnership firm or an organization registered under state specific Shops and Establishment Acts or a legal person providing voice based BPO services apart from a company and an LLP.
2.2. OSP registration requirement done away with
The primary objectives for initially introducing the registration requirement for an OSP under the Old OSP Guidelines were to (i) maintain statistical information, (b) ensure that there were no infringement on the jurisdiction of other access providers including telecom service providers ("TSP") who had been granted a license by the DoT, and (c) provide special dispensation to boost the BPO sector. However, the Old OSP Guidelines had a complex procedure for registration which only created more restrictions on OSPs rather than providing special dispensations to the BPO sector.
Additionally, new age technology offerings often posed challenges in providing the requisite information at the time of making an application, since they would not accurately fit within the contours of the application form (which was structured for more traditional IT-enabled offerings). Further, the OSP registration requirements under the Old OSP Guidelines were location specific and in case of any change in the location of the OSP center including for the purpose of addition of a location, an OSP had to apply to the DoT for amending the original registration granted by the DoT. In the case of new age digital products offered remotely on a pan-India basis, the aforesaid 'location specific registration' often created hurdles for OSPs. Additionally, every time a new location had to be added, the OSP had to approach the DoT.
In what is possibly the boldest move by the DoT in the OSP regulatory space so far, it has, through the introduction of the New OSP Guidelines, completely done away with the requirement for an OSP to obtain registration from the DoT, even for providing voice based BPO services.
2.3. Special dispensation provided to OSP to boost the BPO sector
(a) Carriage of Public Switched Telephone Network ("PSTN") or Public Land Mobile Network ("PLMN") or Integrated Services Digital Network ("ISDN") traffic over the virtual private network ("VPN") has been permitted: A massive pain point for multiple OSPs over recent years was the inability to carry PSTN or PLMN traffic over VPN in the wake of emerging innovative technology products, which not only significantly increased costs for such OSPs but also led to the creation of complicated telecom architecture in order to ensure legal compliance while attempting to service the requirements of clients across the world, who had already adopted such technology solutions. Considering that carriage and exchange of PSTN or PLMN or ISDN traffic over the VPN does not have far reaching security issues and bearing in mind the global practices, the DoT has finally permitted OSPs to collect, convert, carry and exchange PSTN or PLMN or ISDN traffic over the VPN (such as National Private Leased Circuit ("NPLC"), Multiprotocol Label Switching ("MPLS") VPN) interconnecting the different OSP centres.
(b) International OSPs permitted to carry the aggregated switched voice traffic from their Point of Presence ("POP") in a foreign country to their OSP centre in India over leased line or MPLS VPN: Under the Old OSP Guidelines, it was prohibited to exchange voice traffic between a domestic OSP and international OSP. In order to solve the practical infrastructural challenges, the DoT has come to the aid of the OSPs catering to an international market and has removed the prohibition and permitted international OSPs to carry the aggregated switched voice traffic from their POP in a foreign country to their OSP centre in India over leased line or MPLS VPN.
(c) Interconnection of the remote agent to the OSP centre or resources is permitted: Under the Old OSP Guidelines, interconnection of a remote agent to an OSP centre was permitted but only through authorised service Providers Provisioned (secured) VPN ("PPVPN") which have pre-defined locations, that is, home of the agents and OSP centres, listed as VPN sites. With the outbreak of COVID-19 and the increasing requirement of organisations to rely upon a work from home ("WFH") culture, disallowing interconnection of remote agents without specific permissions is no longer feasible in the present economy. Accordingly, under the New OSP Guidelines, a remote agent can now work from anywhere and there is no need to provide pre-defined locations from where such agent can work.
(d) Centralisation of internet connectivity for OSPs having multiple OSP centres: Under the Old OSP Guidelines, an OSP was permitted to have internet connectivity from an authorized Internet Service Provider ("ISP") only. However, the OSPs were required to get separate internet connection for each OSP centre. This requirement has now been removed under the New OSP Guidelines and OSPs having multiple OSP centres to obtain internet connection at a centralised location is now permitted. This internet connection can be accessed from other OSP centres using leased circuits or MPLS VPN.
2.4. Requirement to furnish bank guarantee has been removed
Under the Old OSP Guidelines, an OSP was required to furnish security deposit in the form of bank guarantee amounting to (i) INR 50 lakhs for separate and independent Electronic Private Automatic Branch Exchange ("EPABX") to be used for international and domestic OSP centers with sharing of same operator position, (ii) INR 1 crore for sharing of common EPABX infrastructure with logical partitioning between international OSP and domestic OSP, and (iii) INR 1 crore for use of the WFH facility.
Under the New OSP Guidelines, no bank guarantee whatsoever will be required from an OSP for availing any facility or dispensation. This change comes as a welcome move and a much needed relief for OSPs in the wake of the COVID-19 pandemic considering that (i) the aforesaid bank guarantee or security deposit requirement for availing WFH facility was extremely high and only acted as a practical impediment and (ii) there was a sudden exponential hike in the number of employees of OSPs who were required to avail the WFH facility to work during the COVID-19 lockdown situation.
Additionally, this change brings a sigh of relief to harrowed start-up community as the requirement to furnish bulky bank guarantees would cause tremendous financial stress on them, especially those start-ups which ended up being regulated only due to the immensely wide coverage of the term 'OSP' under the Old OSP Guidelines.
2.5. International OSPs allowed to use an EPABX at a foreign location
Under the Old OSP Guidelines, there was no specific permission which allowed international OSPs to use an EPABX at a foreign location. The DoT in its consultation paper on 'Review of Terms and Conditions for registration of OSP' dated March 29, 20193 ("Consultation Paper") while discussing the need to specifically permit the use of an EPABX at a foreign location observed that (i) multi-national companies with global foot prints across many countries will have to locate their centralized EPABX in one of the countries where they are operating and accordingly, insistence by every country such as India, to have the EPABX installed in their respective country cannot be met with a centralized architecture and (ii) setting up of EPABX solely for the purpose of meeting a country's regulatory requirement is cost-ineffective and such practices will affect competitiveness.
Accordingly, under the New OSP Guidelines, an international OSP is allowed to use an EPABX at a single foreign location only, if it so desires, subject to such OSP (i) taking all the necessary measures to comply with the requirements of relevant provisions of Indian laws including applicable data privacy laws and (ii) maintaining a copy of all call detail records ("CDRs") and system logs in storage at any of its OSP centres in India.
2.6. No approval of DoT required for sharing of infrastructure between domestic OSP and international OSPs
Under the Old OSP Guidelines, sharing of infrastructure by the domestic OSP and the international OSP required prior written approval of the DoT and such approval was subject to conditions such as (i) periodic audit by the DoT, (ii) furnishing of a bank guarantee, and (iii) the implementation of logical partitioning of EPABX for use between the domestic and international OSPs.
The New OSP Guidelines have done away with the aforesaid requirements and allow sharing of infrastructure between the domestic and international OSPs without any approval requirement from the DoT. In case an international OSP desires to share infrastructure with a domestic OSP and vice-versa, then such OSPs need to ensure that there is no bypass of the network of the authorized TSP including in cases of National Long Distance ("NLD") calls and International Long Distance ("ILD") calls.
2.7. Concept of 'Work from Anywhere in India' introduced
The concept of 'WFH' under the erstwhile Old OSP Guidelines has been extended to include 'Work from Anywhere in India' under the New OSP Guidelines. As stated in paragraphs 2.3(c) and 2.4 above, under the New OSP Guidelines, the OSPs are not required to (i) work from pre-identified locations and (ii) furnish bank guarantee, for availing 'Work from Anywhere in India' facility. However, in order to avail the 'Work from Anywhere in India' facility, an OSP shall ensure that there is no violation related to toll-bypass of the network of the authorized TSP including in cases of NLD calls and ILD calls.
2.8. Security related obligations streamlined
Under the New OSP Guidelines, an OSP shall: (i) maintain all CDRs, system logs, access logs, configurations of the EPABX, and routing tables, for a period of 1 year and provide remote access of the same to the DoT from at least 1 of the OSP centre, (ii) not engage in the provision of any telecom services, (iii) extend required support to the DoT in tracing any malicious calls, messages or communications carried on its network, (iv) ensure that the system logs are tamper-proof in relation to the 'Work from Anywhere in India' facility availed and (v) ensure that carriage of objectionable, obscene, unauthorized messages or communications infringing copyright, intellectual property, among others, ("Unauthorized Materials") in any form on their networks is prevented immediately. Further, a domestic OSP is also required to ensure that (i) it does not engage in any telecom services, and (ii) its EPABX and client's data centre are located in India.
The aforesaid security conditions have been streamlined bearing in mind the liberalisation of the overall regulatory framework governing the OSPs under the New OSP Guidelines. However, in cases where the client is using a vendor that is storing the data in overseas centres, the domestic OSPs are likely to face challenges in meeting the security obligations relating to storing of client's data in India. Additionally, the obligation on an OSP to immediately prevent carriage of Unauthorized Materials on its network may affect its status as an 'intermediary' under the Information Technology Act, 2000 since an intermediary is required to disable or remove Unauthorized Materials from its network only after receiving a court order or a notification from the appropriate government or its agency in this regard4.
3. INDUSLAW VIEW
The New OSP Guidelines are forward looking, aligned to accommodate the innovation induced dynamic changes in the BPO sector and have been promulgated with a view to foster the initiative of the Government for ease of doing business in India. The efforts of the DoT to simplify the regulations governing OSPs, bearing in mind the new normal that the BPO sector is required to adapt to owing to the current COVID-19 pandemic situation, must be appreciated.
However, we are yet to see how the DoT comes up with a process to transition the deregulation of certain OSP categories from the older regime into the new one - especially from the perspective of the return, if at all, of bank guarantees already furnished by existing OSP registration holders who no longer qualify for such status. Further, while the DoT considered the aspects relating to the use of Contract Centre Service Providers ("CCSPs") and cloud based Private Automatic Branch Exchange ("PABX") systems in the Consultation Paper while seeking recommendations for review of the Old OSP Guidelines, the New OSP Guidelines have not dealt with these aspects - given that this is something that the ecosystem could benefit from, we are hopeful that the DoT will soon release some guidance on this front as well.
4. Section 79(3) of the Information Technology Act, 2000 read with judgement of Supreme Court of India in the case of Shreya Singhal v. Union of India (AIR 2015 SC 1523).
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.