Why in News?

India’s Department of Telecommunications (DoT) has issued stricter security guidelines for satellite communication (satcom) services.

It added new conditions related to data localization, website blocking, metadata collection, and the integration of the indigenous NavIC (Navigation with Indian Constellation) positioning system.

What’s in Today’s Article?

• Key Compliance Requirements for Satcom Companies in India
• Current Regulatory Landscape

Key Compliance Requirements for Satcom Companies in India

• The Department of Telecommunications (DoT) has issued a set of security and operational guidelines for satellite communication firms such as Starlink (Elon Musk), Amazon’s Kuiper, Eutelsat OneWeb, and Jio.
• Key Compliance Requirements
  • Local Manufacturing
    • Companies must submit a year-wise phased manufacturing plan, aiming to indigenise at least 20% of the ground segment within five years of starting commercial operations.
  • Data Localisation
    • All satellite communication-related data must be stored within India.
  • Domestic Navigation System Integration
    • Mandatory integration of NavIC, India’s regional navigation system, in user terminals on a best-effort basis, with full transition required by 2029.
  • Website Blocking Mechanism
    • Firms must enable systems to block government-identified websites.
  • Cooperation with Law Enforcement
    • Companies are required to collect and share metadata with security agencies when requested.
• Enhanced Data Localisation Requirements
  • No Routing Through Foreign Gateways
    • Satcom operators must ensure that user traffic originating from or destined for India is not routed through any foreign gateway, Point of Presence (PoP), or space system not part of the designated satellite constellation.
  • No Data Mirroring Abroad
    • Operators are prohibited from mirroring Indian user traffic to any server/system located outside India.
  • Decryption Ban Outside India
    • Companies must undertake not to copy or decrypt Indian telecom data outside the country.
  • India-Based Infrastructure Mandate
    • Data centres, DNS resolution systems, and lawful interception mechanisms must be located within India.
    • Network control, user terminal monitoring, and equipment control must also operate from within Indian territory.
• National Security and Law Enforcement Cooperation
  • Service Restrictions During Emergencies
    • Companies must be capable of restricting services to individuals, subscriber groups, or regions during periods of hostilities or national emergencies.
  • Clearances for Voice and Data Services
    • Separate security clearances are required before launching voice or data communication services.
  • Special Monitoring Zones (SMZs)
    • Designated zones include areas within 50 km of international borders and coastal regions up to the Exclusive Economic Zone (200 nautical miles).
    • These zones will be monitored by law enforcement and security agencies.
  • Real-Time User Terminal Tracking
    • Operators must provide real-time location data (latitude-longitude) of all user terminals, both fixed and mobile, upon request.
    • They must also report foreign or unregistered terminals connecting from within Indian territory.
• Strategic Intent
  • These guidelines reflect India’s push for:
    • Digital sovereignty
    • National security
    • Promotion of indigenous technologies like NavIC
    • Boosting local manufacturing in telecom infrastructure

Current Regulatory Landscape

• Starlink is currently undergoing security clearance to begin operations in India.
• It has already formed retail partnerships with Airtel and Jio.
• The Telecom Regulatory Authority of India (TRAI) is finalising the satellite spectrum allocation framework, which will impact how these companies operate.