BFSI Communication Compliance Guide 2026: 140 Series and 160 Series Numbers

Key Facts at a Glance

Item	Detail
Regulation	TCCCPR, 2018 (Second Amendment, 12 Feb 2025)
Governing body	TRAI and DoT
Applies to	All BFSI entities regulated by RBI, SEBI, PFRDA, IRDAI
Service/transactional series	160xxxxxxx (sub-prefix 1601 for financial entities)
Promotional series	140xxxxxxx
First-violation penalty	Rs 2,00,000
Blacklist trigger	5 complaints in any rolling 10-day period
Maximum blacklist duration	Up to 1 year, all telecom resources, all TSPs
Entities adopted (as of Dec 2025)	570 entities, 3,000-plus numbers
Latest deadline (IRDAI entities)	15 February 2026

• The DoT allocated the 160xxxxxxx series exclusively for service and transactional voice calls on 30 May 2024. The 140xxxxxxx series remains limited to promotional telemarketing only.
• TRAI issued phase-wise mandatory adoption directions in November and December 2025, covering all RBI, SEBI, PFRDA, and IRDAI-regulated entities. Most deadlines fell between January and March 2026.
• A single non-compliant call pattern can trigger simultaneous action from TRAI, the sectoral regulator (RBI, SEBI, IRDAI, or PFRDA), and the Data Protection Board under the DPDP Act, 2023.
• The one-year telecom blacklist is the most operationally severe penalty. It cuts off OTP delivery, customer service calls, and collection outreach across all TSPs simultaneously.
• FreJun provisions 1600-series numbers, handles DLT template registration, enforces routing segregation, and maintains CDR logs so your entity meets every technical compliance layer.

Table of Contents

1. What Is BFSI Communication Compliance in India?
2. What Is the 140 Series and Who Uses It?
3. What Is the 160 Series and Why Was It Created?
4. What Does a Call from 1601 Mean?
5. What Are the Phase-Wise Adoption Deadlines for 2026?
6. What Are the Operating Rules Under TCCCPR?
7. How Does DLT Registration Work for BFSI Entities?
8. What Are the Penalties for Non-Compliance?
9. How Do These Rules Apply to Recovery Agents and BPOs?
10. How Does the DPDP Act 2023 Intersect with BFSI Calling Rules?
11. How FreJun Helps BFSI Entities Stay Compliant
12. Frequently Asked Questions
13. Key Takeaways
14. Compliance Disclaimer
15. References and Sources

Quick Answer: BFSI communication compliance in India for 2026 requires all regulated entities to make service and transactional calls from 160-series numbers (specifically 1601 for RBI, SEBI, PFRDA, and IRDAI entities), register every call script on the DLT platform, and respect TCCCPR consent and timing rules. Violations trigger penalties starting at Rs 2,00,000 and can result in a one-year telecom blacklist.

What Is BFSI Communication Compliance in India?

BFSI communication compliance means every outbound voice call your bank, NBFC, insurer, stockbroker, or pension fund makes must follow a specific numbering series, a pre-registered content template, a verified consent record, and a documented audit trail. This framework did not exist in its current form before 2024. The DoT’s 30 May 2024 press release (PRID 2022249) created the structural distinction between the 140-series for promotions and the 160-series for service and transactional calls. TRAI’s November and December 2025 directions converted voluntary adoption into a mandatory, time-bound obligation for every regulated BFSI entity.

In my practice advising telecom-industry clients, the single most consistent compliance gap I encounter is routing: entities continue to use standard 10-digit mobile numbers or repurposed 140-series trunks for OTP delivery and EMI reminders simply because no one mapped their existing calling infrastructure to the new regulatory framework. That gap is now an enforcement risk. The practical step for any compliance team reading this is to inventory every outbound calling trunk your entity currently uses and classify each by call purpose before anything else.

Try FreJun for Free

FreJun provisions 1600-series numbers, manages DLT template registration, and automates CDR logging. Most BFSI teams are operationally live within one week. No credit card required to get started.

What Is the 140 Series and Who Uses It?

The 140xxxxxxx series is India’s dedicated numbering range for promotional and telemarketing voice calls. DoT allocated this series to registered telemarketers to give consumers a visual cue that an incoming call is commercial in nature. If your phone displays a number beginning with 140, the call originates from a registered promotional sender.

What Is the 140 Series Permitted to Do?

Entities using 140-series numbers may make promotional calls to consumers who have not opted out under the DND (Do Not Disturb) framework, or to consumers who have registered a relevant preference category. However, they cannot use 140 numbers for service or transactional calls. That prohibition is absolute and was reinforced by the Second Amendment to TCCCPR dated 12 February 2025.

In practice, the 140 series became associated with spam because entities used it indiscriminately for all call types. Consumers began ignoring 140-series calls entirely, including legitimate transactional communications. This created the fraud window that fraudsters exploited by switching to standard 10-digit mobile numbers to impersonate banks. The DoT’s solution was to create a separate, trust-signalling series for verified service calls: the 160xxxxxxx range.

Is the 140 Series Still Valid After 2025?

Yes. The 140 series remains valid for promotional and telemarketing calls. No regulation has discontinued it. Entities running outbound marketing campaigns, insurance product promotion, or credit card acquisition calls still use 140-series numbers, provided their telemarketers are registered on the DLT platform, their call scripts are template-approved, and they respect consumer DND preferences. What changed is that 140 numbers can no longer carry service or transactional calls for BFSI entities. Those calls must move to the 1600 series.

What Is the 160 Series and Why Was It Created?

The 160xxxxxxx series is the DoT’s dedicated numbering range for service and transactional voice calls from verified Principal Entities. DoT formally allocated this series on 30 May 2024 through press release PRID 2022249, recognising that consumer trust in telephone-based service communication had collapsed because fraudsters were using standard 10-digit numbers to impersonate regulated institutions.

What Problem Does the 160 Series Solve?

Before the 160 series, every genuine bank OTP call, insurance renewal reminder, or EMI confirmation could look identical on a consumer’s screen to a scam call from a fraudster impersonating the same institution. Both used 10-digit mobile numbers. Consumers had no reliable visual cue to distinguish them. Industry reports indicate roughly 147 million spam-call complaints in India in 2024, reflecting the scale of the problem the 160 series is designed to address.

Additionally, the 160 series enforces verification at the allocation stage. Telecom Service Providers (TSPs) must verify every entity’s eligibility before assigning a 160-series number. The entity must then undertake to use it strictly for service and transactional calls under TCCCPR, 2018. This allocation-stage obligation means the 160 series carries institutional accountability that a 10-digit mobile number never could.

What Counts as a Service Call Versus a Transactional Call?

The distinction matters operationally and determines which consent stack applies. A service call facilitates, completes, or confirms a transaction the consumer has already consented to, or delivers warranty, recall, safety, or security information related to a product the consumer has used. A transactional call, under the 2025 amendments, is a call triggered within 30 minutes of a customer-initiated event, such as an OTP for a login or a transaction confirmation alert. Any call made more than 30 minutes after the triggering event loses transactional classification and is treated as a service call, requiring the corresponding consent stack.

What this means for your compliance team is that any automated dialer firing OTPs or confirmation calls must have a strict 30-minute window check built into its logic. Missing that window reclassifies the call, potentially invalidating your consent basis and triggering TCCCPR liability.

What Does a Call from 1601 Mean?

A call displaying a number beginning with 1601 originates specifically from a financial-sector entity regulated by RBI, SEBI, PFRDA, or IRDAI. The DoT allocated the 1601xxxxxxx sub-prefix to this regulated financial segment as a further trust signal within the broader 160 series. When a consumer sees 1601 on their screen, they can be confident the call comes from a verified bank, NBFC, insurer, stockbroker, mutual fund, or pension entity.

Conversely, a call claiming to be from your bank or insurance company that displays a standard 10-digit number should be treated as suspicious after the mandatory migration deadlines have passed. Regulated entities with valid 1601 allocations have no operational reason to call from unregistered mobile numbers. That is precisely the fraud-reduction logic the 160 series was built on.

What Are the Phase-Wise Adoption Deadlines for 2026?

TRAI issued two Directions mandating phase-wise adoption. The first, dated 19 November 2025 (PRID 2191647), covers RBI-, SEBI-, and PFRDA-regulated entities. The second, dated 16 December 2025 (PRID 2205350), brought IRDAI-regulated insurers within the same framework, setting their deadline at 15 February 2026.

RBI-Regulated Entities

Entity Type	Mandatory Deadline
Commercial Banks (Public, Private, Foreign)	1 January 2026
Large NBFCs (asset size above Rs 5,000 crore), Payments Banks, Small Finance Banks	1 February 2026
Remaining NBFCs, Co-operative Banks, Regional Rural Banks, smaller entities	1 March 2026

SEBI-Regulated Entities

Entity Type	Mandatory Deadline
Mutual Funds and Asset Management Companies (AMCs)	15 February 2026
Qualified Stockbrokers (QSBs)	15 March 2026
Other SEBI-registered intermediaries	Voluntary migration encouraged; mandatory deadline to be notified

PFRDA and IRDAI-Regulated Entities

Entity Type	Mandatory Deadline
Central Recordkeeping Agencies (CRAs) and Pension Fund Managers (PFRDA)	15 February 2026
All IRDAI-regulated insurance entities	15 February 2026

These deadlines are operative as issued. If your entity has not migrated, it should consult its TSP immediately and verify current status through the SARAL SANCHAR portal at saralsanchar.gov.in. The legal team should also review the operative Direction text directly at PRID 2191647 and PRID 2205350 to confirm any entity-specific nuances that secondary commentary may have missed.

What Are the Operating Rules Under TCCCPR?

The Telecom Commercial Communications Customer Preference Regulations, 2018 (TCCCPR), as amended on 12 February 2025, impose a layered set of obligations on every entity using the 160-series or 140-series. Compliance is not limited to using the right number. It extends to content registration, consent management, timing, caller identification, and record-keeping.

Consent Rules Under the 2025 Amendment

The Second Amendment tightened consent rules considerably for BFSI entities. Implicit consent for transactional or service calls is valid only for the duration of the underlying contract between the entity and the customer. Explicit consent for a purpose where there is no continuing contractual relationship is valid for only 7 days. Once a subscriber opts out, the entity cannot contact them again for the same purpose for 90 days.

Furthermore, the use of auto-dialers and robo-calls must be disclosed at the start of the call. Consent capture must align with the Digital Consent Acquisition (DCA) framework on the DLT platform. These requirements interact with Section 7 of the Digital Personal Data Protection Act, 2023, which requires a lawful basis for every processing activity. For most outbound BFSI calls, the lawful basis is the underlying contractual relationship, but that basis must be documented and available on audit.

Timing and Frequency Rules

The RBI’s Fair Practices Code restricts recovery and collection contact to 08:00 to 19:00 IST only. Customer-initiated contact outside that window is permitted, but outbound contact from the BFSI entity is not. Additionally, TCCCPR empowers TRAI to impose a usage cap of a maximum of 20 outgoing voice calls per day per number on senders found in violation. For a collections or recovery operation, that cap is operationally catastrophic.

What this means for your compliance team is that any dialer running collection campaigns must enforce a hard cutoff at 19:00 IST and must not restart until 08:00 the following day. This is a technical configuration requirement, not just a policy statement. Auditors and regulators have been consistent: a written policy without enforced routing logic does not constitute adequate compliance.

Caller ID and Anti-Spoofing Rules

Spoofing or masking caller identification is prohibited under multiple instruments simultaneously. Section 42 of the Telecommunications Act, 2023 criminalises tampering with telecommunication identifiers, with penalties of up to three years imprisonment or a fine of Rs 50 lakh, or both. TCCCPR requires the originating number presented in the call to be the actual allocated number. DoT’s Calling Name Presentation (CNAP) regime further mandates accurate caller identity disclosure on the receiving handset.

Any service or transactional call made from a 10-digit mobile number, a virtual number masking an allocated 1600 number, or a number not allocated to the entity will be treated as unauthorised commercial communication after the applicable migration deadline. The practical step here is to audit your SIP trunk configuration and confirm the CLI (Calling Line Identity) presented to the consumer matches your allocated 1601 number precisely.

Cross-Use and Routing Segregation

The same dialer instance cannot route both 140-series promotional traffic and 1600-series transactional traffic through the same number pool. The boundary must be technical, not merely a policy statement. Marketing campaigns and OTP delivery cannot share the same outbound trunk. This is one of the most frequently overlooked requirements in BFSI dial infrastructure, and it is one of the first things a TRAI inspection will test.

How Does DLT Registration Work for BFSI Entities?

Every voice script your entity uses, from the IVR opener to the agent introduction to the EMI reminder text, must be pre-registered as a content template on the Distributed Ledger Technology (DLT) platform operated by an access provider. DLT registration is not optional. TCCCPR, 2018 mandates it for every entity making commercial communications, including voice calls.

Step-by-Step DLT Registration for Voice Calls

1. Register as a Principal Entity (PE) on any one DLT portal (Jio TrueConnect, Vodafone Idea, Airtel, or BSNL). Your registration ID is shared across all four portals through the blockchain backbone. Expect 2 to 7 business days for entity verification.
2. Register your Header, the caller identification tag that maps to your 1601 number. For voice calls, this is the 1601xxxxxxx number itself.
3. Register each content template, the pre-approved script for every IVR flow, agent introduction, OTP delivery, or service message. Each approved template receives a unique Template ID. Calling with an unregistered, outdated, or blacklisted template is a violation regardless of whether your number allocation is valid.
4. Register your Consent Templates under the DCA framework if your call purpose requires explicit consent capture.
5. Link Template IDs to your CDR system so every outbound call records which template was used. This audit linkage is a mandatory record-keeping requirement.

In practice, the clients I advise in the telecom space find that template registration takes the longest, often 2 to 3 weeks for first-time registrants with complex IVR flows. Starting this process before your compliance deadline is essential, not optional.

Record-Keeping Requirements After DLT Registration

Once your entity is DLT-registered and calling from a 1601 number, ongoing record-keeping obligations apply. Your entity must retain full Call Detail Records (CDRs) in auditable form, with the Template ID invoked mapped to each CDR entry. Additionally, consent records (where consent was the calling basis), call recordings (where your workflow records conversations), and complaint logs with resolution trails must be maintained. Under the DPDP Act, 2023, your entity as a Data Fiduciary must demonstrate lawful basis, purpose limitation, and retention controls on demand from the Data Protection Board.

What Are the Penalties for Non-Compliance?

Non-compliance with the 160-series mandate and TCCCPR obligations does not trigger a single penalty. It triggers a layered response across at least three regulatory bodies simultaneously. Understanding this multi-layer exposure is critical for any BFSI compliance team.

TCCCPR Financial Disincentives

Under the Second Amendment dated 12 February 2025, graded financial disincentives apply per instance of violation:

Violation Instance	Financial Disincentive
First instance	Rs 2,00,000
Second instance	Rs 5,00,000
Third and subsequent instances	Rs 10,00,000 per instance

Service Suspension and Blacklisting

Materially more disruptive than the financial penalty is the service suspension regime. The blacklist trigger is 5 valid complaints in any rolling 10-day period. On first violation of the regulatory complaint threshold, outgoing services on all telecom resources of the entity are barred for 15 days. On subsequent violations, all telecom resources including PRI and SIP trunks are disconnected across all TSPs for up to one year, and the entity is blacklisted nationally.

For a BFSI entity, a one-year blacklist is operationally catastrophic. OTP delivery stops. Customer service calls stop. Collection outreach stops. The entity cannot communicate with customers by voice for an entire year while remaining regulated by RBI, SEBI, IRDAI, or PFRDA, each of which requires ongoing customer communication as part of licence conditions. This is the single most severe lever available to TRAI, and a properly managed compliance programme is materially cheaper than any one violation cycle.

Treatment as Unregistered Telemarketer

If your entity misses the migration deadline and continues making service or transactional calls from 10-digit numbers, TRAI classifies those calls as Unsolicited Commercial Communication from an Unregistered Telemarketer (UTM). The enforcement progression for UTMs is: warning (first violation), usage cap of 20 outgoing voice calls per day for six months (second violation), and disconnection of all telecom resources (third and subsequent violations).

Sectoral Regulator Action

Beyond TRAI, the sectoral regulator can act independently on the same underlying conduct. RBI may invoke Section 35A of the Banking Regulation Act, 1949, or impose monetary penalties under Sections 46 and 47A. IRDAI may act under Sections 102 to 105B of the Insurance Act, 1938. SEBI may impose penalties under Section 15HB of the SEBI Act, 1992. PFRDA may act under Section 28 of the PFRDA Act, 2013. These are cumulative, not alternative, to TRAI penalties.

Additionally, DPDP Act, 2023 penalties apply if calling conduct involves a personal data breach or unauthorised processing. The Data Protection Board may impose fines of up to Rs 250 crore for failure to take reasonable security safeguards, Rs 200 crore for failure to notify a personal data breach, and Rs 150 crore for breach of obligations applicable to Significant Data Fiduciaries.

Understanding the penalty structure is one thing. Structuring your calling infrastructure to avoid it is another. FreJun’s compliance team walks through the exact technical requirements for your entity type in a single session.

Talk to FreJun’s Legal Team

How Do These Rules Apply to Recovery Agents and BPOs?

The legal position on outsourced calling is settled and is frequently misunderstood. A recovery agency, BPO, or telemarketer acting on behalf of a BFSI Principal Entity must make calls using the Principal Entity’s allocated 1601 numbers, not its own pool. The 1601 allocation belongs to the BFSI entity. The outsourced party operates within that allocation.

Vicarious Liability of the Principal Entity

The Principal Entity is vicariously liable for the conduct of its agents under TCCCPR, under the RBI Fair Practices Code, and under the RBI Master Direction on Outsourcing of Information Technology Services dated 10 April 2023. This means a non-compliant call made by your recovery vendor is, legally, your non-compliant call. The complaint, the penalty, and the blacklist risk all attach to the Principal Entity, not to the vendor.

Furthermore, individual recovery agents must hold a valid IIBF certification obtained after the prescribed 100-hour training programme. The Principal Entity must maintain a board-approved Code of Conduct for recovery agents. These requirements sit alongside the 1601 calling obligation, not as alternatives to it.

Practical Compliance Steps for Collections Teams

Your collections compliance architecture should enforce four technical controls simultaneously. First, all outbound recovery calls must route through your 1601 trunk, never through the vendor’s own number pool. Second, all call scripts must be DLT-registered under your entity’s PE registration, with Template IDs passed in call signalling. Third, the dialer must enforce the 08:00 to 19:00 IST window at a system level. Fourth, every call must be CDR-logged with Template ID mapping, creating the audit trail your sectoral regulator may inspect.

How Does the DPDP Act 2023 Intersect with BFSI Calling Rules?

The Digital Personal Data Protection Act, 2023 (DPDP Act) intersects with BFSI calling compliance in three significant ways. Understanding this crossover is important because non-compliance with TCCCPR can simultaneously constitute a DPDP Act violation, triggering a second regulator.

Lawful Basis for Processing Call Data

Section 7 of the DPDP Act requires every processing activity to rest on either consent or a specified legitimate use. A service or transactional call to your own customer typically rests on the contractual relationship as a legitimate use. However, that basis must be documented. An entity that cannot produce its lawful basis documentation on demand from the Data Protection Board faces penalties independent of any TRAI enforcement.

Data Localisation for Call Records

Call recordings, CDRs, and voicemail data of Indian BFSI customers sit at the intersection of the DPDP Act, 2023, and RBI’s Storage of Payment System Data circular dated 6 April 2018, which requires payment-related data to be stored only in India. Additionally, the RBI IT Outsourcing Master Direction requires any vendor handling this data to provide audit rights, business continuity provisions, and data protection commitments. Any cloud telephony vendor processing BFSI call data must host on servers located within India, with documented cross-border transfer protocols if any processing occurs outside the country.

Opt-Out Obligations Under TCCCPR and DPDP Together

Under TCCCPR, once a subscriber opts out, the entity cannot contact them for the same purpose for 90 days. Under the DPDP Act, the consumer has a right to withdraw consent at any time, and the entity must honour that withdrawal promptly. These two regimes overlap for BFSI entities making calls on a consent basis. A failure to honour an opt-out therefore violates both TCCCPR and the DPDP Act simultaneously, attracting parallel penalty proceedings from TRAI and the Data Protection Board.

How FreJun Helps BFSI Entities Stay Compliant

FreJun’s platform is designed to handle the technical compliance layer, specifically the provisioning and management of 1600-series numbers, DLT template registration, CDR logging with Template ID mapping, routing segregation between 140 and 1600 trunks, and consent record management. This means your legal team can focus on the substantive obligations, not the technical infrastructure.

Key Compliance Capabilities

• 1600-series number provisioning: FreJun works with TSPs to allocate 1601xxxxxxx numbers for RBI, SEBI, PFRDA, and IRDAI-regulated entities after regulatory eligibility verification.
• DLT integration: All call templates are registered on the DLT platform through FreJun’s integrated workflow, with Template IDs automatically passed in call signalling for every outbound call.
• Routing segregation: FreJun’s architecture enforces a hard technical boundary between 140-series promotional trunks and 1600-series service trunks, satisfying TCCCPR’s segregation requirement at the system level.
• Automated CDR logging: Every call generates a CDR with Template ID, timestamp, caller number, called number, and call duration, creating the audit trail required by TCCCPR and sectoral regulators.
• CRM integrations: Native integrations with HubSpot, Zoho, Salesforce, and LeadSquared allow consent records to be managed within your existing customer data infrastructure.
• Data localisation: FreJun’s infrastructure for Indian BFSI customers operates on India-based servers, satisfying RBI’s data localisation requirements for payment and call data.

FreJun is not a Telecom Service Provider. It is a cloud telephony platform that works within the BFSI entity’s TSP relationship to provision, configure, and manage compliant calling infrastructure. Your entity retains the 1601 number allocation. FreJun manages the technical layer around it. For an internal reference on the full BFSI compliance framework, see our guide to TCCCPR 2018 compliance for BFSI entities and our comparison of 160 series versus 140 series number obligations.

Get Legal Guidance

Frequently Asked Questions

160 series versus 140 series: what is the core difference?

The 160-series is exclusively for service and transactional voice calls from verified Principal Entities regulated by RBI, SEBI, PFRDA, or IRDAI. The 140-series is exclusively for promotional and telemarketing calls. These series are not interchangeable. Using a 140 number for a transactional call, or a 160 number for a promotional call, constitutes a TCCCPR violation triggering penalties from Rs 2,00,000 upward.

What is the penalty for using a regular 10-digit number for transactional calls after the migration deadline?

After the applicable deadline, TRAI classifies such calls as Unsolicited Commercial Communication from an Unregistered Telemarketer. The progression is: warning (first violation), a usage cap of 20 outgoing calls per day for six months (second violation), and disconnection of all telecom resources (third violation). Sectoral regulator action from RBI, SEBI, IRDAI, or PFRDA may follow independently on the same facts.

How does a BFSI entity apply for a 1601 number?

Your entity applies to a licensed Telecom Service Provider (TSP) holding a Unified License or UL-VNO authorisation. The TSP verifies your regulatory status (RBI, SEBI, PFRDA, or IRDAI registration) before allocating a 1601xxxxxxx number. You can verify a TSP’s licence status through the SARAL SANCHAR portal at saralsanchar.gov.in. Once allocated, your entity undertakes to use the number strictly for service and transactional calls under TCCCPR, 2018.

Are recovery agents and BPOs allowed to call from their own numbers on behalf of a bank?

No. Recovery agencies and BPOs acting for a BFSI Principal Entity must use the Principal Entity’s allocated 1601 numbers, not their own pool. The Principal Entity bears vicarious liability for any non-compliant call made by its agents under TCCCPR and the RBI Fair Practices Code. Non-compliance by the vendor attaches the penalty to the bank or NBFC, not to the vendor.

What is the DLT platform and why does every call template need to be registered on it?

The Distributed Ledger Technology (DLT) platform is a blockchain-based registry mandated by TRAI under TCCCPR, 2018. Every entity making commercial voice calls must register its Principal Entity identity, its calling headers, and each call content template on a DLT portal. Each approved template receives a unique Template ID that must be passed in call signalling. Calling with an unregistered or blacklisted template is a TCCCPR violation regardless of whether your 1601 number is otherwise valid.

Which BFSI entities have already adopted the 1600 series?

As of the December 2025 TRAI direction (PRID 2205350), approximately 570 entities had adopted 1600-series numbers, subscribing to over 3,000 numbers. This figure represents voluntary early adopters. The mandatory phase-wise deadlines issued in November and December 2025 require all remaining regulated entities to follow by 15 March 2026 at the latest, with most categories required by January or February 2026.

Can a 1601 number be transferred to a subsidiary or group company?

No. A 1601 number is a telecom resource of the State allocated to the specific regulated entity. It cannot be transferred, sub-allocated to subsidiaries, or used after the entity surrenders its licence or is de-registered by its sectoral regulator. Each group company or subsidiary must obtain its own allocation through the TSP eligibility verification process.

How does the DPDP Act 2023 create additional risk for entities that miss the 1600 migration deadline?

An entity calling from an unallocated 10-digit number after the deadline may lack a documented lawful basis for processing the consumer’s contact data, exposing it to DPDP Act penalties simultaneously with TCCCPR action. Failing to honour opt-outs violates both TCCCPR (90-day lockout) and the DPDP Act’s right to withdraw consent. The Data Protection Board can impose fines up to Rs 250 crore independently of TRAI penalties for the same conduct.

Key Takeaways

• The 160-series mandate is not voluntary for BFSI entities. TRAI’s November and December 2025 directions set hard deadlines, most of which have already passed or fall in early 2026. Any entity still calling from 10-digit numbers on service or transactional purposes is in active non-compliance.
• The 140-series remains valid for promotional calls but is categorically prohibited from service or transactional use. These two series are not interchangeable under any circumstances.
• DLT template registration is a prerequisite for compliant calling, not an optional add-on. Every voice script must have an approved Template ID before a single call is made.
• The one-year telecom blacklist is the most operationally severe regulatory tool TRAI holds. Five complaints in 10 days can trigger it, making proactive consumer preference compliance essential.
• Recovery agents and BPOs must call from the Principal Entity’s 1601 numbers. Vicarious liability means the BFSI entity bears all consequences of vendor non-compliance.
• DPDP Act, 2023 obligations run parallel to TCCCPR. The same non-compliant call can attract concurrent penalties from TRAI, the sectoral regulator, and the Data Protection Board.
• A compliance programme built on technical enforcement (routing segregation, system-enforced calling hours, automated CDR logging with Template ID mapping) is materially cheaper than any one violation cycle.

Try FreJun for Free

You now have the full compliance picture. FreJun’s platform handles every technical layer described in this guide, from 1601 number provisioning to DLT registration to CDR logging. Most BFSI teams are fully live within one week of onboarding.

Compliance Disclaimer

Disclaimer: This article is published for informational purposes only and represents FreJun’s understanding of the relevant legal and regulatory position based on its own independent research and interpretation of publicly available materials. It should not be construed as legal advice, legal opinion, or regulatory guidance. Readers are encouraged to seek independent legal counsel or consult the appropriate regulatory authorities before taking any action based on the information contained herein. While reasonable efforts have been made to ensure the accuracy and completeness of the information presented, laws, regulations, interpretations, and enforcement positions may evolve or vary based on specific facts and circumstances. FreJun does not warrant that the contents are free from inaccuracies, omissions, or inadvertent errors and shall not be responsible or liable for any misinformation, inaccuracies, or reliance placed upon the contents of this article, whether published knowingly or unknowingly.

References and Sources

• DoT Press Release, 30 May 2024 (PRID 2022249) — pib.gov.in
• TRAI Direction, 19 November 2025 (PRID 2191647) — pib.gov.in
• TRAI Direction (IRDAI), 16 December 2025 (PRID 2205350) — pib.gov.in
• TCCCPR Second Amendment, 12 February 2025 — trai.gov.in (PDF)
• TCCCPR 2018 — trai.gov.in
• RBI Master Direction on Outsourcing of IT Services, 10 April 2023 — rbi.org.in
• DPDP Act, 2023 — meity.gov.in
• SARAL SANCHAR Portal (TSP licence verification) — saralsanchar.gov.in
• Mondaq analysis: TRAI 1600 Series and DPDP crossover — mondaq.com