DoT rings in tougher satcom norms after Pahalgam terrorist attack

New guidelines may pose fresh hurdle for Starlink, Project Kuiper

The Department of Telecommunications (DoT) has tightened the security conditions that must be met under the Global Mobile Personal Communication by Satellite (GMPCS) services licence, required to offer satellite-based broadband services in India. These include securing separate security clearances for each satellite gateway in India, localisation of all lawful interception facilities, and special provisions mandating services to specific individuals, groups, or geographical areas during hostilities.

 

Operators must also submit a year-wise phased manufacturing programme aimed at indigenising the ground segment of their satellite networks, which should reach at least 20 per cent within five years of commencing commercial operations. Issued through an office memorandum on Monday, the updated security preconditions come weeks after the April 22 terrorist attack in Jammu & Kashmir’s Pahalgam.

 

Closer scrutiny of satellite gateways has been mandated, with integration into centralised monitoring systems.

 

Operators will have to demonstrate the system’s monitoring capability before beginning operations. The government also requires detailed information on individual user terminals (UTs), including latitude and longitude, device ID, International Mobile Equipment Identity, and both public and private internet protocol addresses. The UTs must be registered in India and include mechanisms for regular verification. Most importantly, licensees must ensure that no spoofing device can be incorporated into these UTs to conceal their actual location.

 

The government has emphasised satellite communication (satcom) coverage through conditions that require services to be provided according to official Survey of India maps, with demarcation and special monitoring zones within 50 kilometres of international borders, and geofencing in certain areas.

 

Operators must also ensure greater compliance by enabling metadata collection by the Telecom Security Operation Centre under DoT and by blocking all websites already restricted in India.

 

To ensure greater Indian oversight, licensees will have to integrate the NaviC (navigation with Indian constellation) satellite navigation system into their user terminals by 2029. The new conditions also restrict remote operational access to Indian infrastructure from outside the country, permitting it only under strict compliance with remote access protocols issued by DoT.

 

They further prohibit the copying or decryption of Indian telecommunications data outside the country. All user traffic must be routed through Indian gateways, and any form of direct communication between user terminals via satellite that bypasses Indian infrastructure is forbidden.

 

The latest move may further delay the plans of Elon Musk-owned Starlink and Amazon’s subsidiary Project Kuiper to enter India. Starlink’s application for a GMPCS licence has remained under review since November 2022. The government has also sought details from Starlink regarding the satcom major’s upcoming operations in neighbouring Pakistan and Bangladesh, sources told Business Standard last week.

 

The licence has already been granted by DoT to Airtel-backed Eutelsat OneWeb and Reliance Jio’s satellite arm, Jio Space. Starlink’s application has also been held up due to a long list of exemptions the company has sought, citing technical limitations, including its inability to comply with mandatory ownership disclosure norms overseen by the Department for Promotion of Industry and Internal Trade and mandatory lawful interception facilities.

 

HIGHER COMPLIANCE

 

·         Metadata tracking by DoT agency; separate clearances for voice and data services

·         Coverage area must align with Survey of India maps

·         Special monitoring zones within 50 km of international borders and Exclusive Economic Zones (200 nautical miles)

 

SATELLITE GATEWAYS

 

·         Separate clearance required for individual hubs

·         Minimum 20% indigenisation of ground equipment within five years

·         No user traffic may bypass Indian gateways

·         Remote access from abroad permitted only after technical compliance

 

USER TERMINALS

 

·         Must be spoof-proof and enable real-time data tracking

·         Should be integrated with the homegrown NavIC system by 2029

·         Must have domestic registration and inbuilt mechanisms for re-verification