Trai relaxes URL whitelisting mandate for SMS to minimise disruptions

Trai reassured banks that only the static parts of URLs in SMS need whitelisting to avoid disruption fears

The Telecom Regulatory Authority of India (Trai) has reassured businesses, particularly banks, that only the static parts of URLs in commercial SMS messages need to be whitelisted, addressing concerns about potential disruptions in message deliveries. According to a report by The Economic Times, the clarification aims to ease fears of mass disruptions as the new mandate on whitelisting commercial messages containing URLs, OTT (over-the-top) links, and APKs (Android application packages) comes into effect on Tuesday (October 1).

While Trai officials acknowledged that there might be some minor disruptions, they emphasised that sufficient time and clear guidelines had been provided to all stakeholders to prepare for the transition.

Initially, Trai gave telecom operators an ultimatum to halt the transmission of unwhitelisted messages by September 1. However, the deadline was later extended to October 1, as many operators needed more time to set up the necessary infrastructure.

What is whitelisting?

Whitelisting, in this context, refers to the process of telecom operators allowing pre-approved URLs and links from specific businesses to pass through their networks. By contrast, unverified or suspicious URLs are automatically filtered out to reduce spam and fraudulent messages.

The whitelisting mandate requires businesses to provide all relevant information about URLs, OTT links, and APKs in their commercial messages to telecom operators. These details are then added to a blockchain-based distributed ledger technology platform. Messages with verified URLs are approved for delivery, while those without proper verification are blocked.

Billions of SMS messages processed daily in India

India processes an estimated 1.5-1.7 billion commercial SMS messages daily, and various entities, including banks and e-commerce platforms, have raised concerns about implementing the new rules. Many of these institutions rely on dynamic URLs — those that change with each user interaction — which contain special symbols and characters. However, Trai has clarified that only the static portion of URLs, which helps identify the sender, needs to be whitelisted. This should alleviate concerns about the complexity of dynamic links.

Telecom operators have also faced challenges with implementing the whitelisting system, particularly for short URLs and dynamic links. However, Trai has provided guidelines to address these issues and has worked to coordinate with key regulatory bodies such as the Reserve Bank of India (RBI), the Securities and Exchange Board of India (Sebi), and the Insurance Regulatory and Development Authority of India (Irdai) to minimise disruptions.