It often came as a surprise to many, that entities operating a call centre / BPO in India are required to procure a separate registration for such activities. Companies providing ‘application services’ were required to procure the OSP registration from the Department of telecommunication (DoT). Under the Terms and Conditions - Other Service Providers (OSP) category - 2008 (read with the subsequent amendments) (2008 OSP Terms), application services were defined to include such services as tele-banking, tele-medicine, tele-education, tele-trading, e-commerce, call centre operations, network operation centres, vehicle tracking systems and other IT-enabled services using telecom resources provided by authorized telecom service providers (TSP). OSPs are generally categorised into domestic and international OSPs depending on whether an OSP is providing services within or outside India. The registration was location specific. Therefore, every location of the company from where such application services were carried out was deemed as an OSP centre and had to procure the registration.
For a startup or a small business the process of applying and the compliances were more than cumbersome. This actually involved filling up the application form, arranging for network diagrams from TSPs and submitting a bank guarantee of INR 1 crore if sharing of infrastructure (EPABX) permission was involved. I have seen the whole process taking upto 4 months earlier. Later this came down because of the online application process that was introduced through the Saral Sanchar portal. The DoT has now issued a new set of guidelines for the OSPs (New OSP Guidelines). This comes aftermath of the TRAI Recommendations in 2019 which deliberated the issues with the existing regime for OSPs and representation from NASSCOM and other stakeholders before the authorities regarding the issues with the existing terms and steps needed to make them more business friendly.
The New OSP Guidelines
The New OSP Guidelines are a right step towards deregulation. The earlier regulations were mainly there to ensure that the OSPs didn’t not impinge on the jurisdiction of the authorised telecom service providers. Given that this has ceased to be a concern and specially with the technological changes since then the 2008 OSP Terms seemed obsolete. This was causing multiple hindrances to businesses trying to lower cost and adopting new technology. The New OSP Guidelines has dropped the requirement to - (i) register an OSP; (ii) apply separately for the sharing of infrastructure registrations and provide a bank guarantee; (iii) procure permission for work from home. All the changes have been outlined below in brief:
Definition of OSP - only voice based BPOs are OSPs
The 2008 OSP Terms lacked clarity regarding who is required to get the OSP registration given the ambiguity in the definition of application services. This has on many occasions led to entities seeking legal advice on whether the services offered by them will qualify as providing application services. I have often seen data centre operators and cloud telephony service providers questioning the definition and the requirement for an OSP registration. The New OSP Guidelines in fact make it clear that - an Indian company or an LLP or any legal person providing voice based business process outsourcing services is an OSP. While voice-based BPOs are not defined under the New OSP Guidelines, they are likely to include call centres that provide inbound and outbound voice call support services and other voice support services such as help desk or support centres. This means non-voice and data based BPOs will not be regarded as OSPs. If you run a BPO which provides only chat support over the internet then your centre is no longer deemed as an OSP. This is a major boost to the start-ups looking to provide software based chat support services over the internet for their customers.
No registration is required
Even the voice based OSPs will not be required to procure a registration from the DoT as was the case earlier. This means that the lengthy process of filling up the form and drafting the network diagrams which inevitably required engaging a consultant is now done away with.
There are multiple other relaxation relating to routing of call traffic and interconnection that has been provided keeping in mind the pain points that the OSPs have faced for so long.
OSPs are allowed to route voice traffic (PSTN/ PLMN / ISDN) over Virtual Private Network (National Private Leased Circuit and MPLS VPN) between different OSP centres;
International OSPs are allowed to carry aggregated switched voice traffic from their Point of Presence in a foreign country to their Indian OSP centre over leased line/MPLS VPN;
Note: The above dispensation is to be read with the restriction that bypass of ILDO and NLDO network should not take place. Therefore, this entails voice traffic should not be carried over public internet. MPLS VPN and NPLC as mentioned above are allowed;
Interconnectivity between domestic OSPs of the same company or group companies, or between international OSPs of the same company or group companies is permitted;
Interconnection between OSPs of different companies is also allowed now;
Interconnection of remote agents with the OSP centre is permitted now;
OSPs having multiple centres may obtain internet connection at a centralized location and may allow sharing of the internet connection through VPN; and
International OSPs may also use an EPABX at a foreign location, provided that a copy of Call Data Records (CDRs) and system logs are stored at any OSP centre in India.
Infrastructure sharing and the bank guarantee requirement
Sharing of EPABX between OSPs and obtaining the permission for it was a tedious process under the 2008 OSP Terms. This also involved the submission of bank guarantee worth INR 1 crore with the DoT. Given this there was considerable delay in obtaining the sharing permission as the BG had to be drafted in a specific format. Considerable time was lost due to back and forth between the DoT and issuing bank.
The New OSP Guidelines permit the sharing of infrastructure between domestic and international OSPs and dispenses with the requirement to provide a BG. Sharing of the infrastructure can be enabled provided that no bypass of authorized telecom service providers occurs.
Further, the New OSP Guidelines allow for using a distributed architecture of the EPABX, provided that the EPABX is owned by the OSP. The OSP must also ensure that separate CDRs are maintained for the media gateways to the central EPABX.
The OSP Guidelines also allow for the usage of CUGs for internal communications of any OSP company.
Work from Home (WFH) and Work from Anywhere (WFA)
Under the 2008 OSP Terms the agents working from home were treated as extended agent positions of the call centre and were required to register for each such location along with a security deposit of INR 1 crore. The interconnection between such extended agent positions and the OSP centre could only happen through a provider provisioned virtual private network (PPVPN) which drove up the cost significantly. Due to the ongoing pandemic the DoT had allowed for certain relaxation to the OSPs as far as work from home is concerned. OSPs were exempted from the requirement to pay a security deposit and enter into an agreement with the DoT to enable WFH facility for its employees. The relaxations also ensured that OSPs can now also use a secured VPN configured using a 'static IP' or 'dynamic IP' (from the pool of private IP assigned for VPN) addresses by themselves to enable the interconnection between the employee (Extended Agent) with the OSP centre, where the employee's home and the OSP centre must be a predefined location.
However, the relaxed norms itself proved stringent for the existing OSPs to comply with and had impacted the call centre services of many entities initially during the lockdown.
The New OSP Guidelines encourage WFH. OSPs do not require permission of the DoT or provision of a security deposit for implementing WFH. Further, interconnection between the OSP and the employee may use commercially available VPN as no specific mode of connectivity has been prescribed. For WFH/WFA in India, the OSP is required to ensure that the system logs are tamper-proof and the CDRs/all logs of the activities carried out by the employees are maintained for one year. Further, OSPs are responsible for any violation related to toll bypass while permitting WFH/WFA.
Applicable compliance requirements
In terms of the compliance requirement for an OSP only the security conditions will be relevant now. The security conditions have been outlined below.
If the EPABX is installed at locations different from the OSP centre, the remote access of all CDRs, access log, configurations of EPABX and routing tables should be made available on demand to the DoT or law enforcement agencies;
For domestic OSPs the location of EPABX and client’s data centre shall be within India;
The OSP should not engage in the provision of any telecom services;
On specific instances of infringements such as carriage of objectionable or unauthorized communications infringing intellectual property rights etc. on their networks, the OSP is required to stop the carriage of such material on the networks immediately;
OSP shall support the DoT in tracing any nuisance, obnoxious or malicious communications transported through its equipment and network;
The OSP is required to preserve the CDRs for all the voice traffic carried using the EPABX. The CDRs should be segregated for each media gateway. CDR data along with details of the agent manning the position by remote login to CDR machine/server should be viewable. The timestamp in the CDRs shall be synchronized with Indian Standard Time; and
CDRs/Usage Detail Records (UDR)/system logs, etc. should be maintained for a period of one year.
While the OSP Guidelines themselves do not provide the penalties for non-compliance, such non-compliance may attract penalties under the Indian Telegraph Act, 1885.
As mentioned earlier this provides a much needed boost to the BPO and the IT sector in general. Given that work from home has become the norm the New OSP Guidelines make things much easier. This is also likely to reduce barriers to entry in the BPO industry and allow even start-ups to set up BPO operations. This also provides much needed relief to existing MSMEs who can now service their own customers without any registration and cumbersome compliance requirements.
If your entity has an OSP registration, you are likely concerned that - (a) do you have to surrender the OSP registration?; and (b) What will happen to the bank guarantee that you had provided for sharing permission or WFH?
So, the DoT has clarified (here) that there is no need to surrender the registration. The bank guarantees may be released on request from the entity. However, I understand that the local Telecom Enforcement Resource and Monitoring Cells (TERM Cells) are sending back the BGs to the address of the authorised signatory in the records of the DoT.
In terms of compliance the requirements listed under the section above will apply.
If you are looking to start your OSP operations you can begin immediately (subject to obtaining telecom resources from authorised telecom service providers) without the requirement of applying and obtaining the registration. OSPs will still be required to adhere to the security conditions.
Apart from this cloud services industry was expecting clarification regarding whether hosted cloud contact centres are officially allowed or not. For international OSPs, the New OSP Guidelines do allow for the EPABX to be located outside India subject to compliance with Indian data privacy laws and maintaining CDR and system logs at any of its OSP centres in India. For Domestic OSPs the location of the EPABX and the client’s data centre is required to be in India. Apart from this the New OSP Guidelines are silent on the use of hosted cloud contact centre service providers. Given that matter was discussed at length in the TRAI recommendations on OSPs, it is likely that the DoT may clarify this going forward.