140 Series Consent Rules: What the 7-Day and 90-Day Windows Mean for Your Campaign

Key Facts at a Glance

Item	Detail
Regulation	TCCCPR, 2018 (Second Amendment, 12 Feb 2025)
Governing body	TRAI / DoT
Applies to	All senders (banks, NBFCs, insurers, fintechs, marketing teams) using 140xxxxxxx for promotional calls and messages
Number series	140xxxxxxx for promotional and telemarketing voice calls
Explicit consent validity	7 days from date of acquisition
Inferred consent validity	Duration of underlying contractual relationship only
Opt-out lockout	90 days from date subscriber opts out
DCA platform	Distributed Ledger Technology (DLT) platform via access provider
First-violation penalty	Rs 2,00,000
Blacklist trigger	5 valid complaints in any rolling 10-day period

• The TCCCPR Second Amendment (12 Feb 2025) caps explicit consent for transactional purposes at 7 days from acquisition. After that, the sender must re-obtain consent before contacting the subscriber again.
• Once a subscriber opts out of 140 series calls or messages, the sender cannot contact them on the same purpose for 90 days from the opt-out date. This applies even if the subscriber later shows fresh interest.
• Inferred consent is now valid only for the duration of the active contractual relationship. Many campaigns previously assumed it lasted indefinitely; the 2025 amendment ends that assumption.
• All consent must flow through the DLT platform via the Digital Consent Acquisition (DCA) facility before any 140 series outbound communication goes out.
• Sending a promotional call from a 140 number without valid, DLT-recorded consent constitutes UCC. Financial penalties start at Rs 2,00,000 per instance. After five complaints in ten days, TRAI can impose service blacklisting for up to one year.

In this article:

1. What Are 140 Series Numbers and Who Must Use Them?
2. What Is the 7-Day Consent Rule Under TCCCPR 2025?
3. What Is the 90-Day Opt-Out Rule and How Does It Affect Campaigns?
4. Inferred Consent vs Explicit Consent: What Is the Difference?
5. What Is Digital Consent Acquisition (DCA) and Why Is It Mandatory?
6. How Should Marketing and Compliance Teams Restructure Their Campaigns?
7. What Are the Penalties for Violating the 140 Series Consent Rules?
8. How FreJun Helps BFSI Teams Manage DCA-Compliant 140 Series Campaigns
9. Frequently Asked Questions
10. Key Takeaways
11. Compliance Disclaimer
12. References and Sources

India’s 140 series consent rules changed fundamentally on 12 February 2025. TRAI issued the TCCCPR Second Amendment to tighten the consent architecture governing every promotional call and message sent from a 140xxxxxxx number. For banks, NBFCs, insurers, fintechs, and any marketing team running outbound 140 series campaigns, the new rules are not optional refinements. They impose hard operational constraints. Consent-capture workflows, campaign scheduling logic, and DLT platform setups all need reconfiguration now.

In my work advising telecom-sector clients on TRAI compliance, I hear two questions constantly: “Does our consent expire after seven days?” and “Can we call back a customer who opted out last month?” The answer to both, under the amended rules, is unambiguous. This article answers every question a compliance officer or marketing head needs answered before the next campaign goes live.

Quick Answer: The TCCCPR Second Amendment (12 Feb 2025) gives explicit consent for transactional purposes a strict 7-day validity window. Inferred consent lasts only for the duration of the contractual relationship. Once a subscriber opts out, the sender must observe a 90-day lockout before re-contacting. All consent must pass through the DLT platform via the DCA facility before any 140 series call or message goes out.

What Are 140 Series Numbers and Who Must Use Them?

The 140 series is the designated route for all promotional voice calls in India. Every entity must use a 140xxxxxxx number for outbound promotional calls. This covers large private banks promoting credit cards and fintechs pushing personal loan offers alike. The Department of Telecommunications (DoT) formalised this in its 30 May 2024 press release (PRID 2022249). That release simultaneously introduced the 1600 series for service and transactional calls. Together, these two series create a hard segregation: 140 for promotions, 1600 for service and transactions.

Additionally, the 140 series carries a structural disadvantage that the DoT itself acknowledged. Consumers have long associated 140 calls with spam, so pickup rates are lower than for calls from verified service-number series. Moreover, any promotional call from a 10-digit mobile number instead of a registered 140 number faces classification as UCC from an Unregistered Telemarketer. Penalties escalate to full disconnection on the third violation.

Which Entities Must Register and Use 140 Series Numbers?

Every Principal Entity (PE) that makes promotional voice calls must register on the DLT platform. All such calls must originate from a 140 series allocation under TCCCPR, 2018. The category is broad. The scope is broad. Banks, NBFCs, insurers, stockbrokers, mutual fund distributors, educational institutions, real estate firms, healthcare providers, and e-commerce platforms all fall within it. Telemarketing agencies and BPOs must use the Principal Entity’s registered 140 number. They cannot substitute their own number pool.

Furthermore, the Principal Entity remains vicariously liable for calls made by its outsourced agents. The TCCCPR makes no exception for intermediaries. If an agent makes a non-compliant promotional call using the PE’s 140 number, the PE faces the regulatory consequence. This is a critical point that many compliance teams underestimate when managing large outbound call centre operations.

What this means for your compliance team: Register every promotional calling number on the DLT platform before launch. Verify that outsourced partners use your registered 140 number, not their own. Confirm the Principal Entity appears as the accountable sender in the DLT system.

Get Legal Guidance

What Is the 7-Day Consent Rule Under TCCCPR 2025?

The 7-day rule means explicit consent a subscriber gives for a specific purpose stays valid for only 7 days. After seven days, the consent lapses. The sender must obtain fresh consent through the DCA facility before making further contact. The TCCCPR Second Amendment (12 Feb 2025) introduced this rule for explicit consent tied to fulfilling a commercial transaction (TRAI, TCCCPR Second Amendment, Feb 2025).

What Triggers the 7-Day Clock?

The clock starts running on the date the subscriber gives consent, not the date the first communication is sent. For example, if a subscriber fills in a lead form on 1 June and consents to a home loan call, the sender may call them through 7 June only. A call on 8 June uses expired consent and constitutes UCC, even if the subscriber never opted out.

Consequently, marketing teams cannot batch up consents collected over a week and call all leads on day eight. Each lead must receive contact within seven days of their consent date. Instead of weekly campaign batches, teams must run rolling daily queues keyed to each lead’s consent timestamp. This is the structural shift the 7-day rule forces.

Notably, the 7-day rule applies to explicit consent for transactional purposes. It is distinct from inferred consent, which has its own separate validity framework discussed in the next section. In practice, most BFSI marketing teams treat all campaign consent as subject to the 7-day cap to avoid the risk of misclassification.

What this means for your compliance team: Timestamp every consent capture event and auto-expire leads from the callable queue after day seven. Any lead not reached within the window must go back through a fresh DCA consent flow before the next contact attempt.

What Is the 90-Day Opt-Out Rule and How Does It Affect Campaigns?

The 90-day opt-out rule bars contact with any opted-out subscriber on the same purpose for 90 days from the opt-out date. For teams running large-volume 140 series campaigns, this is one of the most operationally disruptive rules in the Second Amendment. The amendment states clearly that a subscriber showing interest (visiting a product page or filling a form) does not override the opt-out. The sender must wait for the full 90-day window.

How Is an Opt-Out Recorded and Enforced?

Subscribers opt out via the TRAI DND app, the 1909 helpline, or the opt-out link every promotional SMS must carry under the amended rules. Once the DLT platform records the opt-out, it triggers an automatic scrubbing mechanism. The access provider blocks all such calls or messages before they reach the subscriber’s handset.

Furthermore, the access provider must enforce the opt-out within the timeframes specified in TCCCPR. The Principal Entity has no authority to instruct its TSP to bypass the scrub. The 90-day lockout is also purpose-specific. An opt-out from “banking and financial services” does not block calls filed under “insurance” when both are separate consent purposes on the DLT platform. Compliance teams should treat cross-category contact with extreme caution. Regulators have flagged deliberate re-categorisation of the same offer as an evasion tactic.

What this means for your compliance team: Maintain a real-time opt-out register synchronised with the DLT platform. Flag every opt-out with a 90-day expiry date. Remove that subscriber from all callable lists until the date passes. Do not rely on manual processes. A single missed opt-out that generates a complaint moves you one step closer to the five-complaint blacklist trigger.

Inferred Consent vs Explicit Consent: What Is the Difference?

The TCCCPR distinguishes between two types of consent, and the 2025 amendment tightened the validity rules for both. Understanding the difference matters. Many BFSI campaigns have historically relied on inferred consent, and the amendment has significantly narrowed that basis.

What Does This Mean Practically for Campaign Design?

Before the 2025 amendment, many BFSI entities treated inferred consent as an indefinite licence to market to their entire customer base. That approach is no longer tenable. A bank cannot send promotional 140 series calls to a customer whose account closed three months ago. The contractual relationship ended at closure, and with it the inferred consent. Similarly, an NBFC cannot call a borrower who has fully repaid their loan and closed their account.

Additionally, the explicit consent 7-day cap means that lead nurturing funnels built on a single consent event no longer work across extended follow-up sequences. A team running a five-touch sequence over two weeks must obtain fresh consent before day eight. This matters most for insurance and mutual fund distributors who run multi-week conversion campaigns.

Moreover, purpose limitation applies to both types of consent. Consent obtained for a home loan offer cannot cover a credit card offer, even within the same bank. Each product category needs its own purpose-specific consent record on the DLT platform. TRAI stated clearly in the Second Amendment’s explanatory memorandum that purpose-bundling is not permitted.

How to Audit Your Campaign Lists for Consent Compliance

What this means for your compliance team: Audit every customer segment in your outbound lists. Remove customers whose contractual relationship has ended. Re-segment active customers by specific product consent. Confirm each segment’s consent timestamp falls within the 7-day window before dialling.

What Is Digital Consent Acquisition (DCA) and Why Is It Mandatory?

The Digital Consent Acquisition (DCA) facility is the statutory platform through which TCCCPR now requires all subscriber consents to pass. TRAI directed all access providers to build and deploy it in 2023. The 2025 amendment then made DCA-recorded consent the only legally valid basis for 140 series outbound communications.

How Does DCA Work in Practice?

The DCA process uses a common short code, 127xxx, allocated by DoT. To obtain consent, the Principal Entity sends a structured consent-seeking message through this short code. The message clearly states the purpose, the product or service, and the brand name. The subscriber responds to confirm, and the access provider verifies via OTP. Upon verification, the consent record is written to the DLT platform.

Each time the Principal Entity attempts a 140 series outbound call, the DLT platform performs a real-time scrub. It checks whether a valid, current DCA consent record exists for that subscriber and purpose. If no valid record exists, the platform blocks the communication. This covers cases where consent was never obtained, has expired, or the subscriber revoked it.

Notably, the TRAI-RBI DCA pilot (December 2025) targets the large stock of legacy paper-based consents entities never migrated to the DLT platform (IndiaLaw.in, Dec 2025). Teams relying on pre-2023 consent records must treat them as void under TCCCPR and run fresh DCA acquisition across all active lists.

What this means for your compliance team: Do not assume that consent collected through your website form, CRM lead capture, or paper application is DCA-compliant. Map every consent capture touchpoint in your customer journey to the DCA short code flow and update your CRM integration accordingly.

How Should Marketing and Compliance Teams Restructure Their Campaigns?

Restructuring a 140 series campaign for TCCCPR 2025 compliance requires changes at four levels: consent capture, list management, campaign scheduling, and call execution. Each level must work in sequence, because a failure at any one stage contaminates the entire campaign.

Step 1: Rebuild Consent Capture Around DCA

First, audit every lead capture touchpoint: website forms, offline application forms, WhatsApp opt-in flows, branch sign-ups, and referral pipelines. Each must connect to the DCA short code flow. The system then OTP-verifies consent and writes it to the DLT platform in real time. After the 2025 amendment, paper or CRM-only consent records are no longer valid for 140 series calls.

Furthermore, each consent record must be purpose-specific. A customer who consents to receiving calls about a savings account cannot be called about a personal loan on the same consent. Build separate DCA consent flows for each product category your team promotes.

Step 2: Implement Rolling Consent Expiry and Opt-Out Suppression

Next, update your outbound calling list logic to enforce two automatic filters. The first is consent expiry: no lead with a consent timestamp older than 7 days should appear in a callable queue. The second filter suppresses opt-outs: no number that registered an opt-out within 90 days should appear in any queue for the same purpose.

These filters must run in real time at the point of dialling, not only at list upload. A consent that was valid at list-build time may have expired by the time the agent dials. A subscriber who opts out mid-campaign must be removed immediately, not at the next list refresh cycle.

Step 3: Shift from Weekly Batches to Rolling Daily Queues

Weekly batching breaks compliance for any lead whose consent expires before the batch dials. Replace weekly uploads with a rolling daily queue. Ingest new consents daily, dial them within seven days, and move unreached leads to a re-consent queue.

Additionally, build a re-consent automation. For leads the team did not reach within seven days, the system sends a new DCA consent message. It requests a fresh opt-in before returning the lead to the callable queue. This closes the loop without human intervention and ensures the pipeline does not leak compliant leads.

Step 4: Validate Consent Status at the Point of Dial

Finally, the calling platform must query the DLT for active consent before connecting each outbound call. A real-time API check at dial time catches consent that lapsed or was revoked since list build. Any platform without real-time DLT scrubbing at dial time should not carry 140 series campaigns after the 2025 amendment.

What this means for your compliance team: The four steps are sequential dependencies. Each stage must work correctly before the next has any value. Start from step one and work forward.

What Are the Penalties for Violating the 140 Series Consent Rules?

Non-compliance with the 140 series consent rules triggers a multi-layer penalty structure. Consequences range from financial disincentives at the telecom layer to sectoral regulatory action. In the most severe cases, TRAI can blacklist all the entity’s telecom resources across every operator in India for one year.

Financial Disincentives Under TCCCPR

TRAI levies graded financial disincentives on access providers under the TCCCPR Second Amendment (12 Feb 2025) when they fail to act against violating senders. Access providers then cascade these penalties contractually to the Principal Entity. The amounts are:

• First instance: Rs 2,00,000
• Second instance: Rs 5,00,000
• Third and each subsequent instance: Rs 10,00,000 per instance

These are levied per instance of violation, not per campaign. A campaign generating multiple complaints can therefore attract multiple penalty instances in one billing cycle.

Operational Consequences: Service Suspension and Blacklisting

More disruptive than the financial penalty is the service suspension regime. TRAI tightened the blacklist trigger threshold under the 2025 rules: 5 valid consumer complaints within any rolling 10-day period now suffice. The consequence:

• First violation of the complaint threshold: All outgoing services on the entity’s telecom resources barred for 15 days.
• Subsequent violations: All telecom resources, including PRI and SIP trunks, disconnected across all access providers for up to one year. The entity is blacklisted nationally.

For a BFSI entity, a national, one-year blacklist is operationally catastrophic. The entity cannot deliver OTPs. Service calls stop. Collection calls stop. The disruption extends far beyond the marketing team that made the non-compliant calls. The mandatory disclosure obligation compels the entity to report telecom regulatory action in certificates filed with its sectoral regulator (RBI or SEBI). This creates a secondary compliance exposure on top of the direct telecom penalty.

Secondary Consequences: Disclosure and Sectoral Regulator Action

What this means for your compliance team: A five-complaint blacklist trigger reached through a poorly managed 140 series campaign is not a marketing problem. It is a board-level operational risk that affects every function of the business that relies on outbound communications.

How FreJun Helps BFSI Teams Manage DCA-Compliant 140 Series Campaigns

FreJun is a cloud telephony and AI calling platform for BFSI, fintech, and enterprise teams running outbound 140 series campaigns under TCCCPR 2025. It directly addresses the four structural compliance requirements the Second Amendment introduced.

Real-Time DLT Consent Checks and 7-Day Expiry Automation

Specifically, FreJun integrates with the DLT platform to perform real-time consent status checks at the point of dial. Every outbound 140 series call through FreJun triggers an automated scrub. If consent has expired, been revoked, or falls under the 90-day lockout, the system suppresses the call before it connects. Agents never dial a non-consented number by accident. FreJun’s consent timestamp engine also flags leads nearing the 7-day expiry and routes them to a re-consent queue automatically. Your callable pipeline stays full without compliance risk.

CRM Integration, CDR Logging, and Routing Segregation

FreJun also integrates with HubSpot, Zoho, Salesforce, and LeadSquared. Campaign lists in your CRM cross-check automatically against live DLT consent records. The platform handles DLT template registration, call routing segregation, and CDR logging with Template ID attribution. Promotional 140 traffic and transactional 1600 traffic never share the same trunk. Your legal and compliance team gains an auditable record. Your marketing team gets a calling queue that is always compliant at the moment of dial.

For a walkthrough of how FreJun maps to your specific campaign architecture, see our BFSI Communication Compliance Guide 2026 and the 160 Series vs 140 Series explainer.

Most compliance teams find that the DCA integration and consent expiry automation alone eliminate over 90% of their UCC complaint risk. A 30-minute call shows you exactly how to map the 7-day and 90-day rules to your current campaign stack. Live campaigns face no disruption during the transition.

Talk to FreJun’s Legal Team

Frequently Asked Questions

160 series vs 140 series: what is the difference for BFSI compliance teams?

The 140 series is for promotional and telemarketing calls only. The 1600 series, specifically 1601 for financial entities regulated by RBI, SEBI, PFRDA, and IRDAI, is for service and transactional calls only. Using a 140 number for a service call (OTP or account alert) breaches the TCCCPR purpose restriction. So does using a 1600 number for a promotional call. Both trigger penalty action. Teams must technically segregate the two series at the dialer level.

What happens if we call a subscriber after their 7-day consent has expired?

A call made after the 7-day explicit consent window closes constitutes Unsolicited Commercial Communication. When the subscriber files a complaint through the DND app or 1909 helpline, it counts toward the 5-complaint blacklist trigger. The first financial penalty under TCCCPR is Rs 2,00,000, and five complaints in any rolling 10-day period can trigger a 15-day outgoing service bar. Subsequent violations escalate to a one-year national blacklist across all telecom resources.

How do we apply for and register a 140 series number in India?

Contact your Telecom Service Provider (TSP) and apply for a 140 series allocation under your Principal Entity registration on the DLT platform. Your TSP verifies your credentials, assigns a 140xxxxxxx number, and configures it on the DLT system. Register all voice script templates as pre-approved content templates with unique Template IDs on the DLT platform before making any outbound 140 calls.

Can a subscriber who opted out give fresh consent before 90 days?

No. The 90-day lockout under the TCCCPR Second Amendment (Feb 2025) is absolute for the same purpose. Even if the subscriber proactively contacts the entity or submits a new lead form, the entity cannot use that interaction to override the opt-out. The entity must wait for the full 90-day window before initiating a new DCA consent request for that subscriber on the same purpose.

Does inferred consent from an existing customer relationship cover 140 series promotional calls?

Inferred consent from an active contractual relationship can support certain service communications but does not automatically cover promotional 140 series calls. Promotional calls require explicit, DCA-recorded consent for the specific product. Additionally, inferred consent lapses the moment the contractual relationship ends, so closed accounts and repaid loans fall entirely outside its scope.

What is the DCA short code and how does it work for 140 series consent?

The DCA short code 127xxx is the DoT-allocated number through which entities send consent-seeking messages to subscribers. The message states the purpose, product, and brand name. The subscriber confirms via OTP, and the access provider writes the record to the DLT platform. This DCA-recorded consent is the only valid basis for 140 series outbound calls under the 2025 rules.

How often must we refresh consent for an ongoing campaign targeting the same leads?

For explicit consent (transactional purpose), every 7 days. A multi-week campaign sequence requires a fresh DCA consent event for each subscriber once the initial 7-day window closes. If the subscriber does not respond to the re-consent message, remove them from the callable list until they actively re-consent. Most teams solve this by building an automated re-consent queue into their CRM or calling platform.

Key Takeaways

• The TCCCPR Second Amendment (12 Feb 2025) caps explicit consent for transactional purposes at 7 days from acquisition. Every lead in a 140 series queue needs a consent timestamp no older than seven days at dial time.
• The 90-day opt-out lockout is absolute for the same purpose: entities cannot contact an opted-out subscriber for 90 days, regardless of any fresh signal of interest.
• Inferred consent now has a hard upper limit tied to the active contractual relationship. Customers with closed accounts, repaid loans, or lapsed policies are outside the scope of inferred consent and must go through DCA before further contact.
• All consent must be captured through the DCA facility on the DLT platform. Pre-2023 paper-based or CRM-only consent records are not legally sufficient under the current rules.
• Five valid complaints in any rolling 10-day period triggers the blacklist mechanism. TRAI can then suspend all outgoing services for up to one year across every operator in India.
• Purpose limitation applies strictly: consent obtained for one product category cannot be reused for a different product, even from the same entity. Each campaign requires its own DCA consent record per subscriber.
• Platform-level real-time DLT consent scrubbing at the point of dial is the only reliable way to block non-compliant calls in a high-volume environment.

You have now seen the full consent architecture governing 140 series campaigns under the 2025 rules. FreJun’s platform handles the DLT integration, real-time consent checks, and automated re-consent queues, so your team dials compliantly without adding manual overhead. The setup typically takes under a week for most BFSI teams.

For Any Questions Reach Out to Our Legal Team

Compliance Disclaimer

Disclaimer: This article is published for informational purposes only and represents FreJun’s understanding of the relevant legal and regulatory position based on its own independent research and interpretation of publicly available materials. It should not be construed as legal advice, legal opinion, or regulatory guidance. Readers are encouraged to seek independent legal counsel or consult the appropriate regulatory authorities before taking any action based on the information contained herein. While reasonable efforts have been made to ensure the accuracy and completeness of the information presented, laws, regulations, interpretations, and enforcement positions may evolve or vary based on specific facts and circumstances. FreJun does not warrant that the contents are free from inaccuracies, omissions, or inadvertent errors and shall not be responsible or liable for any misinformation, inaccuracies, or reliance placed upon the contents of this article, whether published knowingly or unknowingly.

References and Sources

• DoT Press Release, 30 May 2024 (PRID 2022249) — pib.gov.in
• TRAI Direction, 19 Nov 2025 (PRID 2191647) — pib.gov.in
• TRAI Direction, 16 Dec 2025 (PRID 2205350) — pib.gov.in
• TCCCPR Second Amendment, 12 Feb 2025 — trai.gov.in (PDF)
• TRAI-RBI Digital Consent Acquisition Pilot (Dec 2025) — indialaw.in
• Sigma Chambers, TCCCPR 2025 Amendment Analysis — sigmachambers.in
• Securiti, India Spam Rules TRAI Latest Amendment (Mar 2025) — securiti.ai
• Bar and Bench, TRAI Crackdown on Spam Calls (Mar 2026) — barandbench.com