Massive penalties ahead? Indian government warns manufacturers on mandatory IMEI compliance

The Department of Telecommunications (DoT) advises to all manufacturers, brand owners, importers, and sellers to comply fully with the laid legal framework.

Key Legal Provisions:

The Telecommunications Act, 2023 imposes stringent penalties for tampering with telecommunication identifiers including IMEI numbers.

Section 42(3)(c) specifically prohibits tampering of telecommunication identifiers . Section 42 (3) (f) states that willful possession of any radio equipment like mobile handset, modem, module, SIM Box etc., knowing that it uses unauthorised or tampered telecommunication identifiers, is also an offence.

Penalties for violation include imprisonment for up to three years, fines up to ₹50 lakh, or both. These offenses are cognizable and non-bailable under Section 42(7) of the Act. Section 42(6) provides identical punishment for those who abet or promote such offenses.

Key Regulatory Requirements:

1. As per the Telecom Cyber Security Rules, 2024:   

a. Manufacturers shall register the IMEI number of every device like mobile handset, module, modem, SIM Box etc. bearing IMEI manufactured in India with the Government prior to first sale, testing, research & development (R&D) or any other purpose on Device Setu (Indian Counterfeited Device Restriction (ICDR)) portal at https://icdr.ceir.gov.in

b. Importers shall register IMEI numbers with the Central Government before importing any equipment (like mobile handset, module, modem, SIM Box etc.) bearing IMEI into India for sale, testing, research & development (R&D) or any other purpose on Device Setu- (Indian Counterfeited Device Restriction (ICDR)) portal at https://icdr.ceir.gov.in

As per The Telecom Cyber Security Amendment Rules, 2025, the Central Government can issue directions to manufacturers of telecommunication equipment bearing IMEI number not to assign IMEIs that are already in use in telecommunication networks in India to new telecommunication equipment that are manufactured in India or imported to India.

The government maintains a central database of tampered or blacklisted IMEIs. Entities involved in buying or selling used mobile devices must check this national IMEI database before completing transactions, paying certain fees per IMEI verification. All equipment including smartphones, cellular enabled smartwatches, mobile Wi-Fi hotspots, tablets, USB modems, modules, dongles, laptops, any assembled devices like SIM Boxes etc. that bear International Mobile Equipment Identity (IMEI) number are to be registered at Device Setu - ICDR portal.

The Rule 8 (3) of the Telecom Cyber Security Rules, 2024 prohibits any person to intentionally remove, obliterate, change, or alter the unique telecommunication equipment identification number; or use, produce, traffic in, have control or custody of, or possess hardware or software related to the telecommunication identifier or telecommunication equipment, knowing it has been configured as specified above.

Use of devices which have capability of programmable IMEIs tantamount to tampering with the IMEI and shall attract legal provisions as per the Act and Telecom Cyber Security Rules, 2024. Manufacturers, brand owners, importers, sellers, re-sellers, retailers should be aware that manufacturing, procuring, assembling or using devices with tampered or configurable IMEI numbers can result in serious legal consequences.

As per Rule 5 of Telecom Cyber Security Rules, 2024, the Central Government may issue directions to telecommunication entities to block the use of telecommunication equipment with tampered International Mobile Equipment Identity (IMEI) number in telecommunication networks or telecommunication services.

DoT emphasises that these regulations are essential for maintaining telecom cyber security, preventing counterfeiting, facilitating law enforcement, and ensuring proper tax collection. Strict compliance protects India's telecom infrastructure from counterfeit and tampered devices, supports law enforcement, and ensures tax and regulatory adherence. Failure to comply attracts stringent legal penalties.

Registration Portal and Process

All registrations must be completed through the Device Setu - Indian Counterfeited Device Restriction (ICDR) portal at https://icdr.ceir.gov.in.

The process includes company registration, brand registration linked to GSMA Type Allocation Code (TAC), device model registration, IMEI number registration, and certificate generation for customs clearance.

Important links:

The Telecommunications Act, 2023, Telecom Cyber Security Rules, 2024 and Telecom Cyber Security Amendment Rules, 2025 are available at https://dot.gov.in/act-rules-content/3296