SMS Regulations in India: Comprehensive Guide to Promotional and Transactional Messaging

India's commercial SMS communications are governed by a strict legal framework overseen by the Telecom Regulatory Authority of India (TRAI). The cornerstone is the Telecom Commercial Communications Customer Preference Regulations, 2018 (TCCCPR), which established a robust mechanism to curb spam calls and SMS using a blockchain-based system. This framework replaced earlier "Do Not Disturb" rules and introduced new definitions for Promotional vs Transactional messages.

Under TCCCPR 2018, any organization (called a Principal Entity) or telemarketer must comply with pre-registration and verification requirements before sending commercial communications. The regulations empower TRAI to set rules on when and to whom businesses can send SMS, and enforce penalties for unsolicited or fraudulent messaging. TRAI works alongside the Department of Telecommunications (DoT) to crack down on violators, reflecting the high priority on consumer privacy and fraud prevention in telecom.

In essence, TRAI's regulations require businesses to obtain user consent, honor Do Not Disturb (DND) preferences, and use authorized channels for all marketing or notification SMS.

Timeline of Key TRAI Regulations

TRAI first conceived the DLT-based anti-spam framework in 2018, launched it in phases from 2019, and made it mandatory by 2020-2022 for all A2P (Application-to-Person) messaging. Subsequent updates (2021–2023) introduced content template IDs and stricter template formats to close loopholes.

A centerpiece of India's SMS regulation is the use of Distributed Ledger Technology (DLT) to register and monitor all commercial SMS campaigns. In simple terms, DLT is a blockchain-based ledger where telemarketers and enterprises must register their sender identities and message templates. As per TRAI's mandate, no A2P SMS can be sent in India without DLT registration.

The goal is to create an immutable, transparent record of every commercial SMS – including who sent it (the registered entity), what content was sent (the pre-approved template), and under what user consent it was sent. Major telecom operators in India (Jio, Airtel, Vodafone Idea, BSNL, etc.) each provide a DLT portal, but these are interoperable: registering on one platform propagates your records to all operators via the blockchain network.

DLT Registration Process

Under the DLT system, every Principal Entity (business sender) and Telemarketer (aggregator) must complete a Know-Your-Customer (KYC) process and obtain a unique registration ID. A one-time fee (about ₹5,900) is charged for initial registration. Once registered, the entity can apply for message Headers (Sender IDs) and Content Templates on the portal.

The DLT ledger ensures that all operators share a common view of authorized senders and templates, enabling 100% traceability of commercial communications. In effect, DLT regulations force accountability and traceability: only messages from registered senders with approved content will pass through, while others are automatically blocked.

By leveraging blockchain, any change or addition (such as a new consent or template) is recorded in a tamper-proof way and synchronized across the network of mobile operators in real time. This dramatically improves industry coordination in fighting spam.

Evolution from Pre-DLT to Post-DLT Framework

India's regulations give consumers strong control over what messages they receive, and the DLT system operationalizes this via consent recording and preference management. Consent in this context means a customer's voluntary permission to receive commercial messages for a specific purpose, product, or service.

Under the DLT framework, telecom providers maintain a Consent Register – a digital ledger of all consents granted by subscribers to principal entities. Businesses must acquire and digitally document explicit consent from recipients before sending them promotional messages, especially if those recipients have registered on DND (fully or partially).

Consent Collection and Management

In practice, this means if a user has opted out of marketing, you can only reach them if you have a record of them opting back in for your specific content. For example, a bank or e-commerce site can send promotional offers to a DND-registered customer only if that customer gave explicit opt-in consent (say, via a web form or SMS reply), which is then uploaded to the DLT portal as proof.

Advanced Preference Features

Users may specify time slots or days when they wish to allow promotional messages – an extension introduced in the new framework. For instance, a subscriber could permit promo SMS only on weekends, or only 9am–11am on Mondays, and the DLT system will ensure messages outside those preferences are blocked.

Consent Revocation

Another key feature is Consent Revocation. If a customer previously gave an opt-in (for example, by texting "YES" to a campaign), they can later revoke it – typically by texting "STOP" or through the operator's website. The DLT ledger updates the consent status in real time across all operators, meaning the revocation is universally honored.

Telecom operators are responsible for providing interfaces (apps, SMS keywords, websites) for subscribers to review which consents they have given and to withdraw any if desired. This ensures that control over consent lies with the consumer at all times.

Notably, implied or inferred consent is allowed for transactional or service messages (for example, if you have an active banking relationship, it's inferred you consent to necessary alerts), but any promotional use requires explicit consent unless the user is not on DND. Indian regulations thus treat consent not as a one-time formality, but as a dynamic, user-controlled preference that businesses must continuously respect and manage via the DLT system.

A cornerstone of the anti-spam system is content template registration and automated scrubbing of messages. Every SMS that an enterprise wishes to send must conform to a pre-registered template on the DLT platform. A template is essentially the fixed text of the message with placeholders for variables (like OTP codes, names, order numbers, etc.).

Template Structure and Registration

For example, a bank's OTP template might be: "Dear Customer, your OTP is {####}. Do not share it." – where {####} is a variable field for the one-time passcode. These templates, along with their category (promo/transactional/service), have to be approved and assigned a Template ID in the DLT system.

When an SMS is submitted for delivery, the operator's system checks: (a) that the Header (Sender ID) is valid and registered to the sender, and (b) that the content matches one of the approved templates for that header (with any variables in the right positions). If either check fails, the message is blocked (scrubbed) and never reaches the user.

Header Verification System

Header verification is equally critical. Headers (also known as Sender IDs) are the alphanumeric or numeric codes that appear as the sender of the SMS. Under DLT, businesses register headers that typically reflect their brand or service (e.g., ACMECO for Acme Co.).

• Promotional headers: Must be 6-digit numeric IDs, randomly assigned (e.g., 625XXX), to clearly mark them as telemarketing messages
• Transactional and service headers: Are 6-character alphabetic strings (e.g., ACMECO), allowing brand recognition

Once a header is approved, it is linked to the entity's ID and only that entity (or its authorized telemarketer) can use it. Messages claiming to be from that header will be honored only if coming through the registered entity's route, preventing spoofing of sender names.

Category-Based Enforcement

The DLT platform also enforces that each header is used for the correct category of messages – e.g., a header registered for Transactional traffic cannot be used to send promotions. Every template is explicitly tied to a header and a category in the registry.

TRAI also specified that every template must include the business's identity (brand or trademark name) in the message text, to help consumers identify the sender even if the header is numeric. Importantly, template scrubbing is applied not just for promotional messages but also for service and transactional messages (to prevent clever spammers from misusing service routes).

Overall, through header and template registration, the DLT system creates a locked-down environment: only pre-verified combinations of sender and content are allowed. This virtually eliminates SMS spoofing and spam blasts, as any deviation (wrong sender ID, unapproved text, or sending to users without consent) triggers an automatic block by the operator's scrubbing engine.

Promotional SMS – i.e. messages that contain marketing or advertising content – face the most stringent restrictions in India. To prevent consumer annoyance, TRAI mandates a "Do Not Disturb time window" each day during which promotional messages cannot be sent.

Time Window Restrictions

Promotional SMS are barred between 9:00 PM and 10:00 AM IST; they are only permitted during the 10:00 AM to 9:00 PM period. Any attempt to deliver marketing texts at night or early morning will be automatically blocked by the operator's systems, regardless of user preferences.

Sender ID Format Requirements

Sender IDs for promotional SMS are unique in format. They consist of randomized numeric codes (six digits) rather than brand names. This convention, enforced by the DLT platform, immediately signals to recipients that a message is promotional – historically, many spam texts arrived from numbers like LM-620110 or AD-012345, where the digits indicate a telemarketing sender.

The rationale is that a genuine service or transactional message should display a recognizable business name (like ICICIB for ICICI Bank), whereas an unsolicited marketing blast should not masquerade as a personal or known contact. Thus, alphabetical headers are reserved for transactional and service communications, while pure promotional campaigns to unknown prospects use numeric headers.

Brand Identity in Content

One side effect is that purely promotional messages often rely on the SMS content itself to convey the brand (e.g., "This is BigBazaar SALE – Up to 50% off…") since the sender ID might be an obscure number.

There are some nuanced exceptions. If a company is sending promotional offers to its own existing customers (who have given consent), those messages were historically categorized as "Service Explicit" and could use the company's alpha header. Effective 2025, TRAI merged Service Explicit into the Promotional category but is allowing such messages to continue using alphanumeric brand headers (with a special suffix).

DND List Compliance

Regardless of header type, no promotional content should ever be sent to a user who has opted out or is in the fully blocked DND list. Operators maintain the DND list and will scrub out promotional attempts to those numbers automatically.

For partially blocked users (those who only allow certain categories of promo), the system checks the promotional category tag of the message template against the user's allowed preferences. For example, if a user opted to receive only "Financial" and "Healthcare" promos, and you send a real estate ad, it will be filtered out by the DLT scrubbing engine.

Delivery Report Limitations

Additionally, delivery reports (acknowledgments of message delivery) are typically not provided for promotional messages on shared numeric routes – operators treat them as low-priority, "fire-and-forget" traffic.

To summarize, promotional SMS must navigate three key restrictions: (1) send only during permitted hours, (2) use the proper sender ID format (numeric or appropriately suffixed alphanumeric) as assigned by the DLT registry, and (3) target only those recipients who have not blocked such messages (either not on DND or explicitly consented). These measures have significantly reduced consumer complaints about late-night spam and helped channel legitimate marketing messages in a more controlled manner.

Seven years on from its inception, the DLT regime in India continues to evolve with new enforcement measures and updates in 2024–2025. While the volume of spam has reduced, the problem has not disappeared – especially due to unregistered senders (so-called "grey route" or 10-digit SIM senders) who try to evade DLT.

In 2023, TRAI still logged over 1.2 million complaints against unsolicited communications from unregistered telemarketers. In response, TRAI and DoT ramped up enforcement in 2024.

Enhanced Enforcement Measures (2024)

On 13 August 2024, TRAI issued strict directions to all telecom operators to immediately shut down any promotional voice call operations from unregistered entities and to use blacklisting aggressively against offenders. Under these directions, if an operator finds an entity sending bulk promos without registration, they must disconnect that sender's resources and blacklist them for two years, sharing the blacklist with all other operators via the DLT platform within 24 hours.

Technology Enhancements

Enforcement technology was also enhanced. TRAI worked on advanced UCC (Unsolicited Commercial Communication) detection systems, including deploying honeypot numbers and analytics to flag suspicious patterns. Proposals were floated to automatically detect potential spammers – for instance, any individual number sending over 50 SMS per day to over 60% unique recipients could be flagged as a likely UTM (Unregistered Telemarketer).

URL Registration Requirements (October 2024)

A notable update came into force on 1 October 2024: TRAI required that all URL links in SMS (especially shortened URLs) be pre-registered and whitelisted for each sender. This was a reaction to the rise of phishing scams using deceptive links. Now, if an SMS contains a URL (e.g., a bit.ly or a custom short link), the domain and format of that URL must have been submitted and approved on the DLT portal for that sender, or else the message may be blocked.

Message Category Suffixes (2025)

Perhaps the most visible change for end-users was the introduction of Message Category Suffixes in 2025. Effective from May 6, 2025, all A2P SMS headers in India automatically include a one-letter suffix indicating the message type. The mapping is -P for Promotional, -S for Service (which covers both implicit and explicit service messages), -T for Transactional, and -G for Government communications.

For example, if a company's header was ACMECO, when they send a service alert it will appear as XY-ACMECO-S on the user's phone (where XY are operator codes). If the same company sends a marketing SMS, it would show as XY-ACMECO-P. This initiative aims to enhance transparency, allowing users to instantly recognize the nature of an incoming SMS just by looking at the sender ID.

Extended Complaint Window

Other 2024–25 updates include extending the complaint filing window for users. Previously, a consumer had 3 days to report a UCC (unsolicited commercial communication) after receiving it. This was extended to 7 days from April 2025, giving users more time to lodge complaints about spam.

TRAI also enabled complaints against messages from ordinary 10-digit numbers (which are usually person-to-person), because spammers had started using personal numbers to send bulk SMS in small batches. Now, even if a promotional message comes from what looks like a personal mobile number, users can report it and operators will take action under the UCC rules.

As a result of these measures, by mid-2025 operators were aggressively cutting off detected SIM farms and unregistered gateways. The current enforcement status is that Indian telecom operators, under TRAI's guidance, have zeroed in on remaining sources of spam: unregistered telemarketers, misuse of person-to-person channels, and fraudulent links. Compliance is no longer optional or superficial – it is rigorously policed, and non-compliance now leads to immediate and often severe consequences such as multi-year blacklisting across all networks.

Looking ahead, India's commercial communication rules are poised to become even more stringent and technologically sophisticated. A major anticipated development is the creation of a centralized Digital Consent Registry that further strengthens how consent is obtained and verified.

Digital Consent Acquisition (DCA) Pilot

In June 2025, TRAI launched a pilot project (in partnership with the Reserve Bank of India) to test a new Digital Consent Acquisition (DCA) mechanism. This pilot targets the banking sector first – one of the heaviest users of promotional messaging – and aims to establish a standardized, secure process for capturing customer consent for communications.

The motivation is that, under current practice, many businesses claim to have user consent but cannot prove when or how it was obtained, leading to "consent" being an often vague or abused concept. The envisioned system would likely require businesses to obtain consent through a verifiable digital workflow (perhaps involving an OTP validation or a recorded confirmation) that feeds directly into a Consent Registry accessible by all telecom operators.

AI and Advanced Spam Detection

On the spam detection front, future regulations are likely to leverage more analytics and even AI. TRAI's consultation in 2024 discussed algorithmic flags for identifying suspected spam senders (e.g., monitoring how many unique numbers one device contacts in a day). By 2026, operators might integrate these triggers network-wide to proactively spot SIMs or numbers being used for mass unsolicited messaging.

International Traffic Oversight

Another area of focus will be international A2P traffic. So far, messages coming into India from abroad (via international long-distance routes) have not been subject to the DLT registration requirements. However, if spam or fraud shifts to those channels, TRAI could coordinate with the DoT and perhaps global carriers to impose similar scrutiny.

By 2025, domestic businesses are effectively required to use domestic (DLT-compliant) routes. The next step may be to engage international messaging hubs to ensure they tag traffic to India with correct identifiers (perhaps enforcing that even international SMS include a proper header suffix or similar).

Enhanced User Empowerment

We also anticipate enhancements in user empowerment and fraud prevention. TRAI might mandate labeling of call/SMS intent – a concept where certain legitimate communications (like financial transaction alerts) are cryptographically signed or delivered via verified templates to assure recipients of authenticity.

In summary, beyond 2025 the direction is clear: tighter consent verification, smarter spam detection, and greater transparency. The TRAI pilot for digital consent management is a harbinger of a consent-first era, where no commercial message will reach a user unless an auditable proof of consent is on record. For businesses, this means preparing for even more robust consent collection processes (possibly using TRAI-approved consent gateways) by the time these changes crystallize.

Under the Indian SMS regulations, different stakeholders in the messaging ecosystem have defined obligations to ensure compliance:

Telecom Operators (Access Providers)

The mobile operators (Jio, Airtel, Vi, BSNL/MTNL, etc.) carry the heaviest responsibility as the gatekeepers. They must deploy and maintain the DLT platform and related systems. This involves performing KYC checks and approving registrations of entities, headers, and templates on their platform.

Operators are required to scrub every commercial SMS in real-time against the DLT records – checking header validity, template match, consent status, and user preferences. If a message fails any check, the operator must block it. They also handle customer complaints: operators need to provide mechanisms for users to report UCC and then investigate and take action within stipulated timelines.

Message Aggregators / Telemarketers

Aggregators, referred to as Registered Telemarketers (RTMs) in TRAI's terms, are entities that interface between enterprises and the telecom networks (for example, SMS gateway service providers). Every telemarketer must register on the DLT platform of an operator (or multiple operators) and obtain a unique Telemarketer ID.

Telemarketers are obliged to follow the operators' code of conduct, which includes ensuring that all their client businesses (principal entities) are also registered and linked under their telemarketer ID in the system. This is sometimes called PE-TM binding – a principal entity must explicitly authorize a telemarketer to send on its behalf via the DLT portal.

Aggregators must ensure that they transmit the correct identifiers with each message – typically this means every API call to an operator's SMSC must include the Principal Entity ID, the Template ID, and Header so the message can be verified. They need to have workflows such that if a client tries to send a message over an unregistered template or to a blacklisted number, it is caught and not sent upstream.

Enterprises / Principal Entities

These are the actual originators of the content – banks, e-commerce companies, marketing firms, etc. Their foremost obligation is to register themselves as a Principal Entity (PE) on a DLT portal (through any one operator) with full KYC details (business PAN, proof of incorporation, authorization letter, etc.).

Enterprises have to pay the registration fee and obtain their Entity ID. Once registered, they must register all the Headers (Sender IDs) they intend to use, for each desired route: e.g., one header for OTPs (Transactional route), maybe another for notifications (Service route), and a numeric series for promotions.

Next, enterprises must register Content Templates for all messages they plan to send under those headers. This requires drafting the message content, marking variables, and tagging it to the correct category and header on the portal. They are responsible for keeping these updated – any new campaign or change in wording must be updated as a new or edited template and re-approved.

Furthermore, if they intend to send promotional messages, enterprises are obliged to manage recipient consent. This means they should have a process to collect opt-ins (say via website checkboxes, SMS keywords, etc.), and then upload those consents onto the DLT system under their account.

International organizations reaching Indian mobile users via SMS must navigate a somewhat different path, as they are not directly subject to the domestic registration mandates but still impacted by them.

International Long Distance Operator (ILDO) Routes

The first thing to note is that international A2P messages terminating in India are generally delivered via International Long Distance Operator (ILDO) routes, not via the domestic A2P infrastructure. Therefore, such messages do not carry a registered DLT header; in fact, Indian networks do not allow foreign A2P SMS to display an arbitrary alphanumeric sender.

Instead, any international SMS arriving is usually overwritten with a generic or numeric origin by the Indian carrier. For example, if a US company tries to send an SMS showing sender "MyCompany", Indian users might receive it from a short code or a random international number. This is important for branding – it means unless you obtain an Indian header via registration, you cannot have your brand name as the SMS sender for Indian recipients when sending from abroad.

DLT Exemption for International Senders

International businesses are currently exempt from the requirement to pre-register content templates and consent on India's DLT. TRAI's rules and DLT platform apply to "domestic" senders (entities with an Indian presence or local telemarketing arrangements). International SMS traffic is still monitored and filtered, but via different means: primarily through firewall systems that check for spam patterns, phishing links, and adherence to time/DND rules.

Message Classification for International Traffic

If an international enterprise can demonstrate that their messages are purely transactional (like one-time passwords or important account alerts) or that the recipients have explicitly opted in, many aggregators will route these via ILDO channels that operate 24/7 and ignore DND (since the user has consented).

International traffic is often categorized into two buckets: "International OTP/Transactional/Opted-in Promo" versus "International Promotional (without opt-in)". The former is delivered round-the-clock to all users (with content whitelisting to ensure it truly is service/consent-based content), while the latter is throttled to daytime and non-DND only.

Content and Regional Restrictions

International businesses should also be aware of content regulations: even if not registered on DLT, if they send spam or fraudulent content that triggers user complaints or violates Indian law, the local operators can and will filter or block such traffic. The Indian government has been known to shut down messaging (even internet and SMS services regionally) for security reasons.

A specific example: SMS to Jammu & Kashmir networks are heavily controlled – messages to J&K are blocked due to political sensitivity, and any political campaign SMS is prohibited during election periods. International senders must thus also comply with these content restrictions.

Recommended Strategies for International Businesses

For international businesses, a recommended strategy is to engage a local partner or acquire a local DLT registration if volumes are significant. By registering as a Principal Entity in India (which is possible even for foreign companies through local offices or affiliates), one can get official headers and templates, ensuring their messages appear properly branded and face fewer limitations.

If obtaining a local presence is not feasible, then working with international aggregators that have ILDO agreements and are knowledgeable about Indian regulations is key. They can often whitelist your content (essentially pre-declare the template to Indian operators) to improve delivery.

Cost is another factor: sending via international routes can be more expensive per SMS than domestic A2P pricing. Some international enterprises choose to rent an Indian short code or long number and use that for messaging via an Indian aggregator – effectively simulating domestic sending.

Achieving and maintaining compliance with India's SMS regulations can be challenging, but it is feasible with the right strategies. Here are detailed best practices and common challenges from both business and technical perspectives:

Early Registration and Setup

Before sending a single message, complete all required DLT registrations. This includes Principal Entity registration, header approvals, and content template registrations. Allocate sufficient time for this process – while some templates might be approved within 24-48 hours, others could take longer if clarifications are needed.

Consent Management and Record-Keeping

Develop a clear process to capture user consent for promotional messages. This might mean adding an SMS opt-in during user signup flows, or having users text a keyword to confirm consent. Whenever you obtain consent, immediately log it in the DLT portal's Consent Register (through API or bulk upload).

Keeping the consent data updated in the system is crucial because it overrides DND restrictions. If a customer revokes consent, honor it promptly and update the records. Internally, train marketing teams that just because a user is in your CRM doesn't mean you can SMS them – check the DLT consent status first.

Template and Header Governance

Maintain a centralized repository of all approved templates and headers, and enforce their use. Technically, your SMS sending system or API integration should require a Template ID for each message send request. If someone tries to send free-form text or modify a template on the fly, the system should reject it.

Also monitor template usage – if a template isn't used for a long time, ensure it doesn't expire or get auto-deactivated (some operators might deactivate headers/templates not used for 90 days as a cleanup measure). Keep your list of templates lean and up-to-date to avoid confusion.

Timing and Throttling Controls

Implement logic to ensure promotional campaigns are dispatched only during allowed hours (10 AM–9 PM). Your messaging platform can have a scheduling feature that holds messages outside this window. Additionally, incorporate throttling rules to comply with per-recipient limits.

Indian regulations specify limits such as no more than 6 identical messages to the same number in an hour, and no more than 200 messages to the same number per day (across all sources). Exceeding these can trigger operator anti-spam filters.

Monitoring and Alerts

Set up monitoring on your SMS delivery rates and error codes. If you start seeing sudden drops in delivery or an uptick in "blocked" errors from operators, investigate immediately – it could be an unapproved template or a new rule in effect.

For instance, after Oct 2024, if you included a URL in messages and suddenly deliveries fell, it might indicate your domain wasn't whitelisted as per the new TRAI link rule. Proactively monitoring such trends helps catch compliance gaps.

Technical Integration Best Practices

If you are integrating via API to an SMS provider, ensure you pass all required parameters (like the DLT template ID, PE ID, etc.) with each message as needed. Work closely with your provider during onboarding to test that your messages pass DLT scrubbing.

It may be useful to maintain connectivity with more than one aggregator or operator as a failover, but note that you must have your entity and templates registered on whichever routes you plan to use. Most DLT platforms propagate registrations to others, but you may still need to do entity onboarding on each network.

Compliance Culture and Training

Regulatory compliance is not just an IT task; it involves marketing, customer support, legal, and management. Establish clear policies internally that no commercial SMS will be sent outside the approved systems. Provide training to marketing teams about the importance of templates and consent.

Having a compliance officer or team to audit messaging practices periodically is a good idea, especially for large enterprises. They can simulate some tests (like ensuring opt-out commands are working, or that new campaign lists are properly filtered against DND) to catch any lapses.

Future-Proofing

Keep an eye on upcoming changes. For instance, if the digital consent framework becomes operational, be ready to integrate with it – possibly by using a Consent Management Service Provider if TRAI introduces licensed consent managers. Also, plan for stricter template rules; TRAI may limit variables or enforce more standardization.

In conclusion, while India's SMS regulations add complexity, they ultimately lead to a cleaner messaging ecosystem. By embracing compliance as part of your operational workflow – using the DLT tools, respecting user preferences, and staying updated with TRAI's directives – businesses can achieve both high deliverability and customer trust. Staying comprehensive in compliance is the best strategy to avoid disruptions and leverage SMS as a reliable channel in India's regulated environment.