IoT, M2M and WHW, but DoT plays spoilsport

Woohoo so much jargon. I love it

IoT = Internet of Things

M2M = Machine to Machine

WHW = What Have We

DoT = Dept of Telecommunication (India)

TSPs = Telecom Service providers

SIM = Subscriber Identification Module

TRAI = Telecom Regulatory Authority of India

UAS = Unified Access Services

Having gotten that out of the way, on with my post. There’s a multi-gadzillion dollar opportunity in the IoT and M2M space (connected cars, homes, smart metering, industrial data management, WHW). An essential part of these services is the wireless cloud connectivity, and the best long range choice today is cellular. So, where does one source the cellular connection from? Obviously subscribed from one of the TSPs, and physically the service is provided using a cellular SIM card inserted into the device. OK so far.

Now starts the fun. DoT in all its majesty has so many rules for getting SIM cards it makes ones heads spin. As usual, its the grey area of terrorism and security that is attributed for all restrictions.

Proof of life

As of now, TRAI laws say:

A person interested in getting any of these services has to approach the service provider of his/her choice or its authorised sales outlets and submit an application form, generally known as the Customer Acquisition Form (CAF), along with photographs and proof establishing address and identity.

The authorised person selling SIM cards will have to give an undertaking that he has seen the applicant and matched the photograph attached on the application form.

Sure, maybe I should provide the photo of the IoT sensor module where the SIM card will be attached. Bah.

Well, fine, as long as I can produce relevant proof, I can take the SIM cards on my name as an individual, but then we run into the next problem. How many can I take? I’m going to need 100s, 1000s depending on the use case.

A cat has 9 lives

Seems to be an urban legend that no person can have more than 9 SIM cards in India. A search shows various gyanis including some on Quora who claim that there’s a limit of 5 to 9. Here’s the only info on this, quite dated, and its from an exclusive source, so woohoo, it must be true.  (source:

According to our exclusive sources, DoT is all set to put cap of maximum 9 mobile numbers/ SIM card taken by an individual or on Single Name in next few days.

Deep dive into licensing clauses

Note that I’ve not actually found any official notification of this; on the contrary, the UAS license agreement dated 16.3.2005 clauses 41.19(i) & (v) say:

Utmost vigilance should be exercised in providing bulk telephone connections for a single user as well as for a single location. Provision of 10 or more connections may be taken as bulk connections for this purpose. Special verification of  bonafide should be carried out for providing such bulk connections. Information about bulk connections shall be forwarded to VTM Cell of DoT, DDG (Security) DoT and any other officer authorized by Licensor from time to time as well as all Security Agencies on monthly basis.

Bulk users premises should be inspected by the service providers at regular intervals for satisfying themselves about bonafide use of such facilities. A record of such inspection should be maintained and preserved for minimum one year, for inspection / verification by the licensing authority or a designated officer of the authority.

So quite clearly, bulk connections are allowed, as long as they can be verified. But this puts the onus on the end-user of the devices to acquire 100s of SIM cards (and therefore connections) so that the IoT or M2M modules can have data connection. Kind of cumbersome, no?

What if I’m a new age company and want to provide a complete solution (devices and the connectivity) to the customer sans all this headache.

Apparently, thats where I may run into a problem. Clause 41.14 says

The LICENSEE shall make it clear to the subscriber that the SIM card used
in the user terminal registered against him is non-transferable and that he alone will be responsible for proper and bonafide personal use of the service.

Which again means that the SIM cards have to registered to an end user, and as an separate entity, I may not take SIM cards in bulk from one of the TSPs and then give them out to my end customers.

6.1 The LICENSEE shall not, without the prior written consent as described below, of the LICENSOR, either directly or indirectly, assign or transfer this LICENCE in any manner whatsoever to a third party or enter into any agreement for sub-Licence and/or partnership relating to any subject matter of the LICENCE to any third party either in whole or in part i.e. no sub-leasing/partnership/third party interest shall be created.

Foiled again.

Am I making this stuff up on the fly?

I wish 🙂 I’m relying on a very important order passed by the Telecom Disputes Settlement and Appelate Tribunal, dated 18.10.2011: Petition no 404/2011, M/S Bharti Airtel Ltd vs DoT.

It makes for fantastic reading, and based on the facts presented in the order, I understand the following: Airtel entered an agreement with two companies which were taking bulk mobile connections from Airtel and the renting out the same to individuals, e.g. Matrix. This ran afoul of clause 41.14. To make matters worse, those companies were “adding value” above what Airtel was responsible for, in terms of “carrying out activities like a mobile service provider”, which is disallowed under clause 6.1. Airtel did not have knowledge about the end users and that ran afoul of clause 41.19(i) & (v). The order directed Airtel to pay Rs 25 crores.

Also read Vodafone India contesting Matrix Cellular allegations over SIM renting case

Why is this important?

This matter is super important if we want to have a thriving IoT or M2M industry in India. Like I said at the start, long range wireless connectivity = cellular = SIM card. No SIM card, no business.  The problem is simply this unnecessary linkage between SIM cards and humans.

Based on my analysis, no company can provide SIM cards (along with devices) to its end users in IoT or M2M space after having acquired them from the TSPs. The entire model of asking end users to acquire their own SIM cards is cumbersome and a deal-killer. Especially if the end user is not going to be using the device for long, i.e. he gets it on a time slice (i.e. rental).

Ummm… so are we screwed as a country?

Yes, this is India. Its a fact of life. Nevertheless, there may be some light at the end of the tunnel.

It seems that the DOT is working on a policy to regulate the usage of SIM cards in machines, as distinct from usage by individuals. It will come in handy for companies which are currently unsure about the documentation required for procurement of SIM cards used by machines.


From DoT’s draft National Telecom M2M Roadmap, clause 4.2.2 is the most important part dealing with KYC Norms for M2M services, relevant text below:

…Present KYC norms are primarily centric to human communication. 

… M2M service provider shall get the SIMs issued from TSP after fulfilling requisite KYC norms as required in case of Corporate connections. Thus ownership of all such SIMs shall be with M2M service provider. 

And clause 4.2.4 dealing with SIM transfer is similarly very relevant:

Current regulations mandate SIM ownership with its custodian in case of individual connections and with organizations in case of bulk/ corporate connections. Transfer of SIM and use of Pre-activated SIM is not permitted due to its security related implications. In case of M2M, the M2M service provider ties up with TSP, fits the device with activated SIM card issued in his name and sells the device through its retail chain. SIM’s are generally secured in the device so as to ward off the possibility of the customer removing it and using it for some other purpose. In continuity of same, device manufacturers & M2M application providers can get the SIM issued in their name after completing KYC requirements and get the M2M device tested after fitting it with SIM and subsequently communicate the actual custodian of the device to TSP after the sale of the device.

So all’s well then?

Not really… the above light at the end of the tunnel is only virtual. Given the glacial pace of regulations in this country, I have no guesses as to when this stuff would become reality. One may note that DoT released a questionnaire on M2M etc in 2013, and then it took 2 years to come out with a 100 page draft roadmap. The “roadmap” is a conglomeration of many disjointed stories, anecdotes, educational material, use cases and could easily be mistaken for a Btech or Mtech final year project / thesis. There’s a lot of thought thats gone in for sure, but clearly its not of a form that lends itself to regulation drafting immediately.

End note

I’ve written this article while researching on this topic and having a roller coaster ride in the process. I started with a notion that a business plan of mine was potentially getting into a minefield (down), then discovering that its not a minefield but an active battle zone (down and out), then discovering that there may be solution on the cards (up), and finally realizing that its going to take long to become reality (down again).

I’d love to hear rebuttal, suggestions, ideas!