Do Not Call Compliance Policy (India)
DO NOT CALL COMPLIANCE POLICY
Company: [Company Name]
Registered Address: [Company Address]
Effective Date: [Effective Date]
DNC Compliance Officer: [DNC Officer Name]
DLT Principal Entity ID: [DLT PE ID]
This Do Not Call Compliance Policy ("Policy") governs all commercial communications sent by [Company Name] ("Company") through voice calls, SMS, and other electronic channels. This Policy is adopted pursuant to the Telecom Commercial Communications Customer Preference Regulations 2018 (TCCCPR 2018) issued by the Telecom Regulatory Authority of India (TRAI) under Section 11 of the TRAI Act 1997, the Consumer Protection Act 2019, and the Digital Personal Data Protection Act 2023 (DPDPA 2023).
1. SCOPE AND DEFINITIONS
1.1 This Policy applies to all employees, contractors, and third-party agencies acting on behalf of the Company who initiate or facilitate commercial communications — including telemarketing calls, promotional SMS, WhatsApp Business messages, and email marketing.
1.2 Communication Channels in Use: [Communication Channels]. Each channel is managed in accordance with the applicable regulatory framework: voice calls and SMS under TRAI TCCCPR 2018; WhatsApp Business under Meta's Business Policy and applicable IT Act provisions; email under the IT Act 2000 and DPDPA 2023.
1.3 'Unsolicited Commercial Communication (UCC)' means any commercial communication sent to a subscriber who has not consented to receive it, or who is registered on the National Do Not Call (NDNC) Registry, except for transactional and service communications permitted by TRAI.
2. DLT REGISTRATION AND COMPLIANCE
2.1 DLT Registration: The Company is registered as a Principal Entity (PE) on the DLT platform (PE ID: [DLT PE ID]) as required by the TRAI TCCCPR 2018. All commercial SMS communications must be sent through DLT-registered Sender IDs (Headers) and pre-approved Message Templates.
2.2 All SMS Templates used for promotional, transactional, and service communications must be registered on the DLT platform before use. SMS messages that do not match registered templates or use unregistered headers will be blocked by Telecom Service Providers (TSPs) and may result in suspension of the Company's DLT account.
2.3 The DNC Compliance Officer ([DNC Officer Name]) is responsible for: (a) maintaining the Company's DLT registrations (headers and templates); (b) monitoring DLT compliance; (c) liaising with TSPs for DLT-related issues; and (d) ensuring all new marketing campaigns are DLT-compliant before launch.
3. NDNC/DND SCRUBBING
3.1 Before initiating any commercial communication campaign, the Company must scrub the target list against the NDNC (National Do Not Call) / DND (Do Not Disturb) Registry. Scrubbing frequency: [Scrubbing Frequency].
3.2 No promotional calls or SMS shall be made to subscribers registered on the NDNC/DND Registry without their prior written consent registered through a TRAI-approved consent mechanism (see Section 4).
3.3 Commercial communications (promotional calls and SMS) must only be made between 09:00 hours and 21:00 hours IST (Monday–Saturday). No commercial calls or SMS shall be initiated on Sundays or National Holidays as defined by the TCCCPR 2018.
3.4 Records of all NDNC scrubbing runs — including the date of scrubbing, the list scrubbed, and the number of records removed — must be maintained by the DNC Compliance Officer for a minimum of three years.
4. CONSENT MANAGEMENT
4.1 Consent Mechanism: [Consent Mechanism]. For promotional communications to DND-registered subscribers, the Company must obtain and register explicit consent through a TRAI-approved consent management pathway.
4.2 Consent records must capture: (a) the subscriber's telephone number; (b) the category of communication consented to; (c) the date, time, and IP address (for digital consents) of consent capture; and (d) the consent expiry period (TRAI consent validity is 3 years unless revoked earlier).
4.3 Consent Revocation: Subscribers have the right to revoke consent at any time by replying 'STOP' to SMS messages, pressing '9' (or the designated opt-out key) during calls, or through the Company's unsubscribe mechanisms. Opt-out requests must be processed within 24 hours and the subscriber must not receive further commercial communications from the Company after that time.
4.4 Under the DPDPA 2023, the right to withdraw consent for personal data processing is a statutory right of every Data Principal. Consent revocation under TRAI TCCCPR must be coordinated with data erasure/processing restriction requests under DPDPA 2023.
5. VIOLATIONS, PENALTIES, AND ENFORCEMENT
5.1 TRAI Enforcement: Violations of the TCCCPR 2018 are reported to TSPs through TRAI's DND App and the consumer portal. TSPs are required to disconnect a Principle Entity's account after a specified number of verified UCC complaints. Repeated violations may result in blacklisting from the DLT platform.
5.2 Internal Sanctions: Any employee, contractor, or third-party agency found to have initiated UCCs in violation of this Policy — including calling DND-registered numbers without consent, using unregistered DLT headers/templates, or misrepresenting consent — shall face: (a) immediate suspension from marketing activities; (b) disciplinary action (for employees) up to and including termination; (c) termination of the third-party agency agreement; and (d) a mandatory report to the DNC Compliance Officer.
5.3 Annual Audit: The DNC Compliance Officer shall conduct an annual audit of the Company's DNC compliance — covering DLT registrations, scrubbing records, consent records, and opt-out processing — and report findings to senior management.
5.4 This Policy is governed by the laws of India and the laws of the State of [Governing State]. This Policy shall be reviewed annually or upon material changes to TRAI regulations.
Authorised Signatory
________________
Signature
DNC Compliance Officer
________________
Signature
What Is a Do Not Call Compliance Policy (India)?
A Do Not Call Compliance Policy in India establishes the framework of rules governing the area it covers and the steps taken when those rules are broken.
India's TCCCPR 2018 introduced a globally unprecedented blockchain-based Distributed Ledger Technology (DLT) system for managing commercial communications. Under the DLT framework, all businesses ('Principle Entities') that send commercial SMS or make promotional calls must register on the DLT platform, register their Sender IDs (alphanumeric headers), and register the content templates for all messages. This system enables real-time filtering of non-compliant messages by telecom service providers (Jio, Airtel, Vodafone Idea, BSNL) and provides TRAI with a transparent record of all registered commercial communications.
The NDNC Registry allows mobile users to opt out of commercial communications entirely or to specify preferences for receiving communications only in selected categories (banking/insurance, real estate, education, health, consumer goods, communications/entertainment, IT, tourism). Businesses must scrub their contact lists against the NDNC Registry before initiating commercial communications.
A DNC Compliance Policy documents the organisation's DLT registration status, NDNC scrubbing procedures, consent management framework, training obligations for sales and marketing teams, and the investigation and remediation procedure for UCC complaints filed by subscribers.
The legal framework governing the Do Not Call Compliance Policy (India) in India draws on several key statutes and regulatory bodies. Under Indian law, the Indian Contract Act 1872 governs contractual obligations, with Section 10 setting essential requirements for valid agreements. The Companies Act 2013 regulates corporate entities through the Registrar of Companies (ROC) and Ministry of Corporate Affairs (MCA). The Industrial Disputes Act 1947 and state labour commissioners govern employment disputes. The Information Technology Act 2000 and IT (Reasonable Security Practices) Rules 2011 protect personal data. The Income Tax Act 1961 and Goods and Services Tax Act 2017 govern tax obligations through the Central Board of Direct Taxes (CBDT) and GST Council. Parties executing a Do Not Call Compliance Policy (India) in India should confirm the document reflects current law, including any amendments enacted since the original drafting date. The Indian Contract Act, 1872 sets the foundational requirements.
When Do You Need a Do Not Call Compliance Policy (India)?
A Do Not Call Compliance Policy is needed by every Indian business that sends commercial SMS messages, makes promotional phone calls, or conducts telemarketing campaigns.
Banks, NBFCs, insurance companies, real estate developers, educational institutions, healthcare providers, and retail brands are among the most active users of commercial communications in India, and all face TRAI enforcement risk if they do not have formal DNC compliance procedures.
E-commerce businesses that send transactional messages (order confirmations, OTPs, delivery notifications) must comply with DLT registration requirements — even though transactional messages are not UCCs, they must originate from registered Sender IDs and registered templates.
Call centres, BPO companies, and telemarketing agencies acting on behalf of clients must have DNC compliance procedures as part of their service delivery — clients will increasingly require compliance evidence before entrusting their customer communication campaigns.
Businesses that use third-party marketing automation platforms (SMS gateways, marketing clouds) must confirm that these platforms are DLT-compliant and are scrubbing against the NDNC Registry on the business's behalf — and should document this in a DNC Compliance Policy.
Any business that has received UCC complaints from subscribers through TRAI's DND App, or that has had Sender IDs suspended by TSPs for non-compliance, should immediately formalise its DNC Compliance Policy and remediate its commercial communications practices.
Parties in India should prepare a Do Not Call Compliance Policy (India) proactively rather than waiting for a dispute to arise. Courts interpret agreements based on the written terms rather than oral representations. Under Indian law, the Indian Contract Act 1872 governs contractual obligations, with Section 10 setting essential requirements for valid agreements. The Companies Act 2013 regulates corporate entities through the Registrar of Companies (ROC) and Ministry of Corporate Affairs (MCA). The Industrial Disputes Act 1947 and state labour commissioners govern employment disputes. The Information Technology Act 2000 and IT (Reasonable Security Practices) Rules 2011 protect personal data. The Income Tax Act 1961 and Goods and Services Tax Act 2017 govern tax obligations through the Central Board of Direct Taxes (CBDT) and GST Council. Where the transaction involves regulated activities, prior approval from the relevant authority may be required before execution.
What to Include in Your Do Not Call Compliance Policy (India)
A thorough Do Not Call Compliance Policy for an Indian business should contain the following essential elements.
Regulatory Framework: Reference to the TRAI Act 1997, Indian Telegraph Act 1885, TCCCPR 2018, and DPDPA 2023 as the applicable regulatory framework.
DLT Registration: Details of the organisation's DLT registration (Principle Entity ID, registered TSPs, registered Sender IDs, and registered Message Templates), and the procedure for registering new Sender IDs and templates for new campaigns.
NDNC Scrubbing Procedure: Mandatory scrubbing of all calling and messaging lists against the NDNC Registry before each campaign; frequency of scrubbing (at least every 7 days for active campaigns); and the procedure for removing opted-out numbers from internal databases.
Consent Management: Procedure for obtaining, recording, storing, and processing subscriber consents for promotional communications, including the DPDPA 2023 requirements for specific, affirmative opt-in consent.
Category Compliance: Mapping of the organisation's commercial communications to the permitted TRAI categories (banking/insurance, real estate, education, etc.) and confirming that communications are only sent to subscribers who have consented to the relevant category.
Call Centre/Telemarketing Guidelines: Script and conduct standards for outbound telemarketing calls — identification of the caller, the company, and the purpose of the call; mandatory offer to add the subscriber to a do-not-call list; and maximum call frequency limits.
UCC Complaint Handling: Procedure for receiving and responding to UCC complaints submitted by subscribers through TRAI's DND App or the grievance portal — including internal investigation and corrective action.
Employee Training: Mandatory DNC compliance training for sales, marketing, and customer service teams, and disciplinary consequences for non-compliance.
Policy Review: Annual review of the policy, with updates for TRAI regulatory changes.
Additional compliance elements for a Do Not Call Compliance Policy (India) used in India include: Under Indian law, the Indian Contract Act 1872 governs contractual obligations, with Section 10 setting essential requirements for valid agreements. The Companies Act 2013 regulates corporate entities through the Registrar of Companies (ROC) and Ministry of Corporate Affairs (MCA). The Industrial Disputes Act 1947 and state labour commissioners govern employment disputes. The Information Technology Act 2000 and IT (Reasonable Security Practices) Rules 2011 protect personal data. The Income Tax Act 1961 and Goods and Services Tax Act 2017 govern tax obligations through the Central Board of Direct Taxes (CBDT) and GST Council. Forms-legal.com provides this template as a starting point for India-compliant documentation.
Cite this page
Reference this free template in an article, syllabus, or research note:
Forms Legal. (2026). Do Not Call Compliance Policy (India) (India) [Legal document template]. Forms Legal. https://forms-legal.com/india/business/policies/do-not-call-compliance-policy-india
"Do Not Call Compliance Policy (India) (India)." Forms Legal, 2026, https://forms-legal.com/india/business/policies/do-not-call-compliance-policy-india.
@misc{formslegal-do-not-call-compliance-policy-india,
author = {{Forms Legal}},
title = {Do Not Call Compliance Policy (India) (India)},
year = {2026},
howpublished = {\url{https://forms-legal.com/india/business/policies/do-not-call-compliance-policy-india}},
note = {Free legal document template. Based on Indian Contract Act, 1872}
}Also available for these jurisdictions:
Frequently Asked Questions
India's Do Not Call (DNC) regulatory framework is governed primarily by the Telecom Regulatory Authority of India (TRAI) under the TRAI Act 1997 and the Indian Telegraph Act 1885. The current operative regulations are the Telecom Commercial Communications Customer Preference Regulations 2018 (TCCCPR 2018), which replaced the earlier Telecom Unsolicited Commercial Communications Regulations 2007 (TUCC Regulations 2007). The TCCCPR 2018 introduced a blockchain-based Distributed Ledger Technology (DLT) platform for the registration and management of commercial communications — a global first for telecommunications regulation. Under the DLT system, all entities (called 'Principle Entities' or PEs) that send commercial SMS messages or voice calls through telecom service providers (TSPs) must register on the DLT platform. This includes businesses, political parties, NGOs, and any other organisation that initiates commercial communications to subscribers. The National Do Not Call (NDNC) Registry, maintained by TRAI, allows mobile and telephone subscribers to register their preference not to receive unsolicited commercial communications (UCCs). Subscribers can register a preference to: (a) fully block all commercial communications (Full Block — category 0); or (b) receive commercial communications only in selected categories (Partial Block — categories 1-7: banking/insurance/finance, real estate, education, health, consumer goods, communication/broadcasting/entertainment, IT, and tourism/hospitality).
DLT (Distributed Ledger Technology) registration under the TRAI TCCCPR 2018 is mandatory for all businesses — called 'Principle Entities' (PEs) — that initiate commercial SMS messages or promotional voice calls in India. Since 2021, TSPs (telecom service providers including Jio, Airtel, Vi/Vodafone Idea, and BSNL) block all commercial messages that do not originate from DLT-registered entities, registered Sender IDs, and registered Message Templates. The DLT platform is operated by TSPs — each major TSP maintains its own DLT platform (Jio: DLT portal, Airtel: DLT portal, TRAI: centralised DLT at trai.gov.in). A PE must register on the DLT platform of each TSP through whose network it sends messages, or register on a single platform that has inter-connectivity with other TSPs. The DLT registration process involves: (a) Entity Registration — submitting the business's PAN, GST number, registered address, and business category; (b) Sender ID Registration — registering the alphanumeric header that will appear as the sender of SMS messages (e.g., 'HDFC-BANK' for HDFC Bank, 'AMZNIN' for Amazon India); (c) Message Template Registration — registering the content templates for each type of message to be sent, with placeholders for variable elements (e.g., 'Dear [Customer Name], your OTP is [XXXXXX]. Valid for 10 minutes.'). Messages must exactly match registered templates (allowing for variable values in designated placeholders). Messages that deviate from registered templates are blocked by the TSP's filtering system.
Consent management for telemarketing and commercial communications in India is governed by the TRAI TCCCPR 2018 and, increasingly, the Digital Personal Data Protection Act 2023 (DPDPA 2023). The two frameworks have overlapping but distinct consent requirements. Under the TCCCPR 2018:
Express Consent for Promotional Communications: A business may contact a subscriber who is registered on the NDNC (National Do Not Call) Registry only if the subscriber has given explicit consent to receive communications from that specific category of sender (e.g., banking, insurance, real estate). This consent must be obtained through TRAI-approved channels: (a) a web form on the business's website; (b) an SMS reply from the subscriber; (c) an IVR (Interactive Voice Response) system; or (d) a physical form signed by the subscriber. Consent records must be maintained for a period specified in the regulations. Consent Registration on DLT: The TCCCPR 2018 requires that subscriber consent records be uploaded to and maintained on the DLT platform. This enables TRAI and TSPs to verify consent when a subscriber raises a UCC complaint — the PE must be able to demonstrate valid, registered consent. Consent Duration and Withdrawal: Consent under TCCCPR 2018 is valid for a period specified in the regulations (currently 3 years, unless revoked earlier). Subscribers have the right to withdraw consent at any time, and the PE must process withdrawal requests and update the DLT platform within 24 hours of receiving a withdrawal request.
A Do Not Call Compliance Policy (India) does not legally require a lawyer in India, and individuals and businesses may draft and execute the document independently. The Indian Contract Act, 1872 does not mandate legal representation for the creation or signing of this type of document. However, seeking independent legal advice from a qualified India lawyer is recommended for transactions involving substantial financial value, complex regulatory requirements, or cross-border elements where multiple legal jurisdictions may apply. A lawyer can verify that the document complies with all applicable statutory requirements, identify potential risks specific to the transaction, and confirm that the terms adequately protect the interests of all parties involved. The Supreme Court of India has jurisdiction over disputes arising from this type of document, and Registrar of Companies (ROC) may impose additional compliance obligations depending on the nature of the underlying transaction. Professional legal review is particularly advisable where the document will be submitted to government agencies or used as evidence in legal proceedings.
A Do Not Call Compliance Policy (India) does not legally require a lawyer in India, though legal advice is recommended. Under Indian law, the Indian Contract Act 1872 governs agreements. The Companies Act 2013 and Registrar of Companies (ROC) regulate corporate documents. The Information Technology Act 2000 governs electronic contracts and data protection. The Consumer Protection Act 2019 provides consumer rights. The Income Tax Act 1961 requires tax compliance. Forms-legal.com provides this template as a starting point — always review with a qualified Indian advocate for significant transactions. Under India law, Indian Contract Act, 1872, parties should seek independent legal advice from a qualified lawyer to confirm compliance with all applicable requirements. Under Indian law, the Indian Contract Act 1872 governs contractual obligations, with Section 10 setting essential requirements for valid agreements. The Companies Act 2013 regulates corporate entities through the Registrar of Companies (ROC) and Ministry of Corporate Affairs (MCA). Forms-legal.com provides this template as a starting point for India-compliant documentation.
This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer
Found an error? Let us knowRelated Documents
You may also find these documents useful:
E-Commerce Terms and Conditions (India)
Comprehensive E-Commerce Terms and Conditions compliant with the Consumer Protection (E-Commerce) Rules 2020, IT Act 2000, Consumer Protection Act 2019, and DPDP Act 2023. Covers product listings, cancellations, returns, grievance redressal, and seller obligations for Indian e-commerce platforms.
Social Media Policy (India)
A comprehensive Social Media Policy for Indian businesses compliant with the Information Technology Act 2000, IT (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021, and Digital Personal Data Protection Act 2023. Governs employee personal and professional social media use.
AI Acceptable Use Policy (India)
An AI Acceptable Use Policy for Indian businesses compliant with the IT Act 2000, Digital Personal Data Protection Act 2023, and MEITY AI governance guidelines. Governs employee use of generative AI tools, data handling obligations, IP considerations, and prohibited use cases.