A Sea Change

The Government has changed the rules of the OSP game — our guide on what has changed, what remains the same, and what you need to do.

On 5th Nov, 2020, the government of India announced that to improve the Ease of Doing Business of the IT Industry, particularly Business Process Outsourcing (BPO) and IT Enabled Services, the Government has drastically simplified the Other Service Provider(OSP) guidelines of the Department of Telecom. It accompanied the announcement with a list of changes made to OSP regulations. Since then, the industry has been in a hubbub, trying to figure out whether this is really the case, what specifically has changed, and how it affects the industry.

This article is longer than usual — we unpack the key statements made in the new Guidelines, see what has been simplified, what has been retained, and what compliance the industry still needs to follow.

A lot! At first glance it looks like everything has changed but of course, that’s untrue. A closer look shows that the following rule changes are salient for most OSPs.

In essence, the government is freeing the industry from license raj! Getting registered was the first step into entering a regulatory thicket where OSPs have had to undertake annual filings, make amendments, coordinate with telecom service providers and then beyond that make sure that everything was done in time. By doing away with the requirement for registration the government is essentially asking the industry to become self-regulating. This really does seem to be an example of minimum government and maximum governance.

The key consequence of this is that TERM cells will no longer be aware of who is an OSP and who is not — inspections, if any, will be far fewer and will be focused on testing if toll bypass has been prevented.

OSP requirements used to be that TERM cell officers were expected to inspect each OSP center once a year, but it was more like once every 4 years. This still meant that if you were a medium size OSP with around 10–20 centers, you could expect 3–5 inspections per year. Without registration, this will go to zero!

As early as April 2020, the government had already relaxed remote worker norms for OSPs. As time went on the relaxations were better defined but a number of companies were still concerned because the relaxations were supposed to be temporary, lasting only until December 2020. Now, remote working relaxations have been made permanent. In addition the government has also allowed work from anywhere (WFA). As was the case earlier, the responsibility of keeping track of the agents location and IP address rests with the OSP. However the responsibility of sharing the agent info regularly with the TERM cells has been done away with. Again for most companies this would translate into dramatic savings in effort over compliance.

Domestic OSP centers of the same company or same group of companies are now allowed to interconnect. Similarly international OSP centers of the same company or the same group of companies are also now allowed to interconnect. Finally, OSP centers of different companies are also allowed to interconnect. Each of these changes is radical because each of these changes dramatically simplifies everything from communication network design to collaboration and partnerships between companies.

Another great example of minimum government has been the doing away of the requirement for bank guarantees. Larger OSPs have had to deal with significant uncertainty about the bank guarantees that needed to deposit with the DoT. Additionally, it meant large amounts of cash being locked up — now the same cash can be used to invest in sales and business development.

Just a couple of months ago, the DoT had issued a clarification that all OSPs needed to make sure that their PBXes were in India. In an about turn, you can now have a PBX located abroad! But you still need to ensure that you can furnish CDRs and system logs when asked. And you must adhere to all data privacy laws of India.

Also, if you are a domestic OSP, the location of your PBX and client’s data center must be in India.

One final point: data-only BPOs are no longer OSPs any more.

While the list above seems to imply that we have a free-for-all model now, the truth is different. There still are rules and there are penalties if the rules are not followed. The government, listening to the industry, has eased its compliance burdens, but it has not changed the underlying philosophy of the OSP world —avoidance of toll bypass, logical separation of domestic and international OSP and many of the existing restrictions in shared infrastructure.

Even as it treats the OSP industry as grown up, the government is also clear that the OSP is still responsible for all non-compliances, such as:

The government still reserves the right to demand proof that the OSP has been compliant with the law. The government still reserves the right to inspect CDRs, access log, configurations of EPABX and routing tables. In fact, since the OSP BGs are gone and so are the registration requirements, the penalties and impacts flow from the Telegraph Act, which has far harsher penalties for violations.

Broad strokes, the key change for every company is that their paperwork burden goes down. The quotidian tasks of getting registrations, filing annual reports, filing amendments — all that is gone. You no longer need DoT approvals to set up new OSP centers, you no longer need to make sure that your network is always aligned with the network diagrams submitted to DoT and you definitely can stop worrying if your statutory filings are up to date with the DoT. Inspections will become fewer, as DoT no longer maintains a record of whether you are an OSP or not.

At the same time, the responsibility to be compliant with the law of the land is still present — you still need to ensure that toll bypass is disallowed and you still need to make sure that CDRs and system logs are being maintained and available on demand.

In short, the era of Big Daddy Government is over for OSPs, while the era of responsible, self-regulating behavior for OSPs has just begun. Welcome to the future!

— — -

Related posts:

I learned about bush beans from a young co-worker. She told me all they needed was a basic tomato cage to keep them from collapsing to the ground. When she was growing up, her family kept a garden…

Nunchucks is a Linux machine and is considered an easy box by the hack the box. On this box, we will begin with a basic port scan and move laterally based on the findings. Then we will enumerate HTTP…

Today I am starting my writing with only one thing in mind. I want to try my Medium articles as if I am writing my day. The things that happened in my day, things that I learnt and things I would…