In recent times, due to the liberalization of the satellite communications sector in India, various entities have been working towards obtaining the Global Mobile Personal Communication by Satellite (“GMPCS“) license which is necessary for providing satellite communication services in India. The GMPCS license allows an authorized entity to offer all types of mobile services, including voice and non-voice messages, as well as data or internet services through satellite technology to Indian customers.

In this context, recently the Department of Telecommunications (“DoT“) vide Office Memorandum (“OM“) dated May 05, 2025, has released additional security instructions, applicable to a GMPCS authorized entity (“Licensee“), which have been issued over and above the existing security conditions laid down in Chapter XII of the Unified License (“UL“).  In the event of any conflict with the existing conditions provided under the UL and the OM, the conditions prescribed under the OM shall prevail.

We have discussed some of the key highlights of the OM below.

Key Highlights of the new GMPCS Security Conditions

1. Monitoring and Interception Requirements:

• Security Clearance & Monitoring Integration: The Licensee must obtain security clearance for specified hubs/gateways in India and ensure compliance with monitoring or interception equipment requirements. We believe that the Department of Telecommunications (“DoT“) is likely to issue guidance in relation to the specific hubs / gateways that will require this additional security clearance, which, once published, will constitute an action point for Licensees operating in this sector.
  In addition, lawful interception and monitoring practices must align with the UL terms at the gateway/point of presence or similar facility. As per the applicable regulatory framework, the Lawful Interception and Monitoring System (“LIM“) should be integrated with Central Monitoring System (“CMS“) or Integrated Monitoring System (“IMS“).^[1] These system capabilities must be demonstrated to the DoT before launch of operations by the Licensee.
• Network Control Facilities in India: Core functions like lawful interception, monitoring of user terminals, user data traffic routing, and control of equipment in routing operations at the Gateway, must be located in India.
• Special Monitoring Zones: Areas within 50 km of international borders and coastal borders (which includes EEZ up to 200 nautical miles) of India shall be designated by the Government of India for user activity monitoring by authorized law enforcement agencies (“LEAs“). It should be noted that as per the existing conditions under the UL, the Licensee is required to establish a Government-defined buffer zone along India’s international borders where GMPCS service should not be operational and is therefore prohibited.
• Traffic Routing Within India: The Licensee shall provide real time monitoring facilities to the security agencies to ensure that no user traffic to or from India is routed through any foreign gateway. In addition, no Indian user traffic shall be routed via foreign gateways or space systems not part of the GMPCS service constellation. The Licensee is not allowed to route traffic outside gateways through Inter-Satellite Communication Links even in case of failure of its Indian gateway(s). Further, prior Government approval is required for network changes including in relation to number of satellites, orbits, or any other configuration related to ground and space segments.
• No Direct Terminal-to-Terminal Satellite Communication: Under the existing conditions of the UL, the Licensee is required to ensure that all calls originating or terminating from mobile terminals in India must pass through the GMPCS gateway switch located in India. However as per the conditions under the OM, all user traffic must pass through Indian gateways and direct terminal communication via satellite is not permitted. In our view, it appears that the new condition under the OM has expanded the scope in relation to routing of communications though Indian gateways.
• Separate Security: The Licensee will be required to obtain separate security clearance for voice and data services, as well as fixed / limited mobility and full mobility services.

2. Obligations of the Licensee:

• Service Restrictions During Emergencies: The Licensee must restrict or deny services to individuals, groups, or areas during hostilities or as directed by LEAs. Geo-fencing and signal footprints must be accurate, especially near borders. To ensure adherence to this condition, the Licensee will likely need to implement robust technical mechanisms, particularly in proximity to international borders and other sensitive regions in India and continue to stay updated of Government notifications in this regard.
• Border Area Operations: The Licensee must align services in border/sensitive areas with Survey of India maps, and access to the services should be limited to authorized/whitelisted user terminal (“UT“) as directed by LEAs.
• Metadata Collection: The Licensee must support metadata collection by DoT’s Telecom Security Operation Centre (“TSOC“). It may be noted that the TSOC was established to safeguard the telecommunication network from potential cyber threats.
• Remote Access from Outside India: No user terminal is allowed to access the network from outside the gateway located outside of India.
• Data Handling Assurance: The Licensee shall submit an undertaking to not copy or decrypt Indian telecom data outside India. It should be noted that the term ‘Indian telecom data’ is not defined. Further, this undertaking will be required at the time of filing for GMPCS and at present, the DoT has not yet issued a format of this undertaking.
• Interference and Coordination: The Licensee shall coordinate with the Department of Space and must prevent interference with GSO / strategic satellites and comply with Article 22 of ITU-Radio Regulation and shut down interference-causing transmissions.
• Data Centre and Domain Name System in India: The Licensee shall ensure that the data centre/point of presence used for satellite service is based in India and shall make provision to provide Domain Name System resolution within India.
• Indigenization Plan: The Licensee must submit a year wise phased manufacturing program to the DoT to indigenize/manufacture at least 20% of ground segment of the satellite network within 5 years of commercial launch in India. This is a new requirement for domestic manufacturing. While there is no definition of a “ground segment” – the Norms, Guidelines And Procedures For Implementation Of Indian Space Policy-2023 In Respect Of Authorization Of Space Activities issued by IN-SPACe, define category of ground stations to include: satellite control centre (SCC), Telemetry, Tracking and Command (TT&C), mission control centre (MCC), remote sensing data reception station, and ground stations for supporting operations of space-based services such as space situational awareness, space science or navigation missions, etc.
• Compliance with TEC Standards: The Licensee must adhere to clauses 5.4 and 1–8.3 of TEC IR 42032:2024 for NGSO satellite networks.

3. Information gathering requirements:

• Additional details in relation to Call Detail Record (“CDR”) and Internet Protocol Detail Record (“IPDR”): The following additional details may be required to be included in CDR and IPDR provided by the Licensee:
  • UT location with precise latitude / longitude;
  • Device ID, International Mobile Equipment Identity (IMEI), Mobile Station International Subscriber
  • Directory Number (“MSISDN“);
  • Public and private IP addresses;
  • Devices directly connected to Licensee’s UT: IP, MAC address, or other unique IDs.

• UT Information Sharing: The Licensee shall share UT data (name, address, unique IDs) with LEAs as per UL Condition17^[2], at specified intervals or when requested and quarterly report relocated/shifted UTs to DoT and LEAs.
• Additional Information to be Provided Upon Request: The DoT may require the Licensee to furnish information such as list of security standards being complied for the network(s), details about nature of payloads on satellites proposed to be used, etc.

4. Requirements related to UTs:

• Geo-Fencing Enforcement: UTs registered in India must not access the network from outside the designated geo-fenced coverage area or via gateways located abroad. Indian-registered UTs are strictly prohibited from connecting to any non-Indian
• Fixed UTs – Location Binding: Fixed satellite subscribers/UTs without mobility/portability must remain restricted to their authorized service location as granted by DoT. Any relocation must be formally requested and authorized by DoT. Unauthorized physical movement of UT is not permitted.
• Rogue Terminal Blocking & Frequency Monitoring: The Licensee must implement systems to immediately block any UT flagged as malicious. Real-time monitoring of assigned frequencies at gateway(s) or point of presence must be available to detect and halt interference-causing transmissions.
• Registration, Authentication, and Tracking of UTs: Earlier under the UL, any UT registered in the gateway of another country was required to re-register with Indian gateway when operating from Indian territory. Now, the OM prescribes that UTs in the Indian territory must be registered in India with regular re-authentication being included in the UT design. Further, any unregistered device or any foreign device is permitted to use the GMPCS service within geo-fenced area of the Indian territory, after due authentication and registration. The OM also requires real time tracking of the UTs as may be required by the LEAs. These requirements are incremental and will require a re-assessment of UTs proposed to be used by satcom providers in India.
• Spoofing Prevention: The Licensee must ensure that no location spoofing technology (hardware/software) is integrated into the UTs.
• Navigation with Indian Constellation (“NavIC”) Integration: The Licensee is encouraged to adopt the NavIC based positioning system in UTs on a best-effort basis, with a clear transition plan for full implementation by 2029.

5. Security conditions for Land-Mobility Terminals

• Land mobility UTs must report their location every 2.6 km of movement or every 1 minute, whichever is earlier. The Licensee may be required to demonstrate real-time tracking capabilities as per the licensing conditions.
• The network must automatically disable service when a terminal moves from an authorized to a restricted area, whether idle or during active communication.
• The Licensee must comply with Clause 8.4 of Telecommunication Engineering Centre Interface Requirement (TEC IR) 42032:2024 for earth stations in motion and transportable earth stations under NGSO networks, with demonstration of compliance required before commencing operations in India.

6. Concluding Remarks:

• To conclude, the security guidelines outlined in this document appear to be directed towards safeguarding national security interests along with enabling the provision of GMPCS services in India, with the ongoing liberalization of the satellite communication sector in India. There are many incremental requirements that were earlier not present in the UL, such as updated CDR details, prohibition of access of foreign UTs (unless specifically permitted and subject to conditions), updated security requirements for UTs permitted to be used by satcom providers in India, mandating indigenization plans for ground segments operating in India, restrictions on routing of traffic through foreign gateways, and maintaining compliance with geo-fencing requirements updated from DoT from time to time.
• In addition to the above, it should be kept in mind that with the enactment of the Telecommunications Act, 2023 (“Telecom Act“), there may be additional changes with respect to the terms and conditions of the GMPCS service, when the UL regime is entirely replaced.
• Till such time, the DoT will continue to monitor compliance with the conditions prescribed under the OM and reserves the right to amend these instructions as may be required to address emerging security challenges. The satcom providers intending to operate in India will need to liaise with the DoT on the above framework, both at the time of seeking set up permissions and during operation of their business in India.

[1] CMS is a centralized platform for lawful interception and monitoring of telecommunications and internet traffic, whereas IMS is the technical interface through which telecom service providers route intercepted data to law enforcement agencies.

[2] Condition 39.17 of the UL essentially obligates the Licensee to perform verification of every customer prior to service activation, by strictly following guidelines issued by the DoT. Customer identity must be authenticated using photo ID, and by verifying customer details as per the prescribed Customer Acquisition Form.