On April 22, 2025, the Telecom Regulatory Authority of India (TRAI) released its final recommendations on the regulatory framework for critical Machine-to-Machine (M2M) communication services and the transfer of ownership of M2M SIMs. These recommendations are the result of an extensive stakeholder consultation process that began in July 2023, aimed at addressing regulatory gaps in the rapidly growing M2M and Internet of Things (IoT) sectors. The move comes at a time when M2M services are becoming central to essential industries and national infrastructure, demanding clearer rules on service continuity, ownership, and security.
As M2M and IoT applications increasingly become vital to key services such as smart energy grids, connected vehicles, healthcare systems, and public safety networks, the need for regulatory clarity has significantly increased. TRAI’s recommendations seek to resolve two major regulatory shortcomings: the lack of a legal structure for transferring ownership of M2M SIMs and the absence of a systematic method to identify services needing enhanced security, quality, and continuity. By tackling these issues, TRAI aims to promote a more secure, resilient, and business-friendly digital environment.
Defining Critical M2M Services
TRAI has adopted a nuanced approach in defining critical M2M services, emphasising that the classification should occur at the level of specific applications or services, not entire sectors. This marks a shift from earlier models that treated whole domains, such as healthcare or automotive, as critical by default. According to TRAI, a service should be considered “critical” if it meets two essential criteria: it requires ultra-reliable, low-latency, high-availability M2M connectivity, and any disruption in its operation could cause a debilitating impact on national security, the economy, public health, or public safety.
To operationalise this, TRAI recommends that concerned ministries or sectoral regulators, in consultation with the Department of Telecommunications (DoT), identify services that qualify as critical based on these parameters. A formal institutional mechanism should be created in the form of standing committees, consisting of nominees from the relevant ministry or regulator, along with the DoT. These committees will assess candidate services based on defined criteria and recommend both their classification and the technical performance benchmarks (including reliability, latency, and availability) that they must fulfil.
To enhance transparency and regulatory accessibility, the DoT is encouraged to set up a centralised, publicly accessible repository listing all critical M2M/IoT services across various sectors, along with the relevant standards and obligations. TRAI also highlighted that, until officially notified, all M2M services will, by default, be considered non-critical, thereby preventing unnecessary regulation of low-risk applications.
Importantly, TRAI maintained a technology-neutral approach. Both licensed and unlicensed spectrum-based M2M communication technologies, along with wired alternatives, may be used to deliver critical services, as long as they meet the prescribed service performance benchmarks. This flexibility enables user agencies and service providers to select the most appropriate and cost-effective technology for their requirements, while continuing to meet quality and security standards.
While TRAI acknowledged the 20 services initially identified as critical by the Inter-Ministerial Working Group (IMWG), including remote surgery, connected vehicles, smart grids, disaster alerts, and defence applications, it clarified that the ultimate responsibility to classify and notify these services lies with the respective ministries under the new framework.
Need for a Secure SIM Ownership Transfer Framework
TRAI’s recommendations also address a long-standing industry concern: the lack of a formal mechanism for transferring ownership of M2M SIMs. Currently, telecom licensees can update end-user details when devices are sold or transferred, but the actual ownership of the SIM cannot legally change hands. This creates both legal and operational challenges during mergers, acquisitions, corporate restructuring, or when an M2M Service Provider (M2MSP) exits the market.
TRAI has recommended that the DoT enable the legal transfer of M2M SIM ownership, subject to compliance with existing regulations and a new and clearly defined procedural framework. Transfers may be permitted under circumstances such as mergers or takeovers, intra-group restructuring between parent and subsidiary companies, and when an M2MSP ceases operations or files for insolvency. The objective is to preserve service continuity and protect end-users of critical systems.
As part of the transfer process, both the transferring and receiving entities will be required to comply with Know Your Customer (KYC) norms. The telecom licensee must be informed in advance, and appropriate documentation must be submitted to validate the transaction. TRAI also encourages telecom operators to develop dedicated digital interfaces or platforms to manage and monitor ownership transfer requests, promoting transparency and ease of operation.
This recommendation holds particular significance for enterprises operating at scale, such as automotive manufacturers, utility providers, and smart city projects, where thousands or even millions of M2M SIMs are deployed in long-lifecycle infrastructure and cannot be easily reissued or reactivated without significant disruption.
KYC and Traceability Requirements
To support security and national interest objectives, TRAI has recommended that M2M service providers must ensure traceability of SIM usage, especially in critical sectors. This involves adherence to robust KYC processes comparable to those followed for regular mobile subscribers. Maintaining accurate and up-to-date device ownership and usage records will help in preventing misuse of M2M connections and ensure that accountability can be established when required.
Encouraging eSIM Adoption
The recommendations also recognise the growing importance of embedded SIM (eSIM) technology for M2M applications. Unlike conventional SIM cards, eSIMs offer remote provisioning capabilities and can host multiple operator profiles, making them ideal for mobile and globally deployed devices. TRAI has supported the expansion of eSIM usage in the M2M space and recommended the establishment of policies that will facilitate secure over-the-air (OTA) provisioning and switching between network providers. This move is expected to enhance operational efficiency and accelerate innovation in sectors such as logistics, fleet management, and connected vehicles.
Cross-Border Connectivity and International Roaming
Given the global nature of many M2M applications, particularly in logistics and transport, TRAI has recommended that Indian telecom service providers be allowed to enter into arrangements with foreign operators for international roaming and connectivity. However, the authority has underlined the need for ensuring that such cross-border communication complies with India’s data protection and national security regulations. Proper safeguards must be in place to maintain the integrity of domestic networks and protect against potential data breaches or misuse.
Licensing and Oversight of Critical M2M Service Providers
TRAI has also proposed that entities involved in providing critical M2M services, particularly those handling SIM provisioning, subscriber identity management, or data transmission, should come under a formal regulatory framework. This may involve mandatory registration or licensing by the Department of Telecommunications (DoT). The recommendation aims to bring transparency and regulatory oversight to key segments of the M2M value chain, especially where operations overlap with critical infrastructure.
Conclusion
TRAI’s final recommendations reflect a progressive and security-focused approach to shaping the rapidly evolving M2M landscape in India. By defining critical services, outlining clear processes for ownership transfer, strengthening KYC norms, and promoting technologies like eSIM and global connectivity, the recommendations establish a strong framework for secure and accountable M2M growth. These proposals will now be examined by the Department of Telecommunications, which may implement them through amendments to existing licensing conditions or by introducing new regulatory instruments. Once adopted, the framework is expected to enable secure innovation and boost investment in M2M services, supporting India’s broader goals in digital transformation and industrial automation.
Authors: Manisha Singh and Kratika Patel