India has long struggled with unsolicited calls and messages, even for users registered under Do Not Disturb (DND). In a major regulatory step, the Telecom Regulatory Authority of India (TRAI) is now testing a system that allows users to clearly see who has their consent to send messages and to withdraw that consent instantly.
This initiative, known as the Digital Consent Acquisition (DCA) pilot, was launched in June 2025 in collaboration with the Reserve Bank of India (RBI). The pilot is expected to conclude by end-January 2026, and it has the potential to fundamentally change how commercial consent operates in India.
Who Is Part of the Pilot
The Digital Consent Acquisition (DCA) pilot brings together key stakeholders from India’s telecom and banking sectors under a government-backed framework aimed at digitizing and standardizing consent for promotional communications.
The pilot involves:
- Nine major telecom service providers
- Eleven leading banks: State Bank of India (SBI), HDFC Bank, ICICI Bank, Axis Bank, Kotak Mahindra Bank, IndusInd Bank, Bank of Maharashtra, Canara Bank, Punjab & Sind Bank, Indian Overseas Bank, and Punjab National Bank (PNB).
Together, these banks represent a balanced mix of public and private sector institutions, covering a large share of India’s banking customers and assets.
As part of the pilot, banks are uploading and validating old “legacy” consent records on the blockchain-based Consent Management Portal. This step directly addresses the long-standing issue of unverified consents and tests whether transparent, large-scale consent management can work in real-world telecom and banking environments, where records span several years and involve high communication volumes.
The Core Problem: Legacy Consents and Spam
Under the Telecom Commercial Communications Customer Preference Regulations (TCCPR), 2018, companies may send promotional messages if user consent exists, even when the user is registered under Do Not Disturb (DND).
The challenge has been the nature of legacy consent records. For years, consent was collected through paper forms, offline declarations, and fragmented internal databases. These records were difficult to verify and could not be centrally audited.
As a result:
- Companies continued to claim valid consent
- Telecom operators lacked the ability to independently verify those claims
- Users had no practical mechanism to review or revoke consent
According to government officials involved in the rollout, re-collecting fresh consent from millions of users was considered operationally unfeasible. This gap allowed unsolicited communications to persist despite existing regulatory safeguards.
How the DCA Pilot Works
Under the pilot, participating users receive an SMS from short code 127000, the only official channel approved for the initiative. The message contains a secure link directing users to their telecom provider’s Consent Management Portal.
Users can log in using only their mobile number and view all legacy consents uploaded by participating banks. From the portal, users can continue, modify, or revoke any consent instantly. No banking or financial information is required.
The system is designed to be simple and fully user-controlled.
One Portal, Centralised Control
Previously, users had to contact each bank individually to opt out of promotional communications, often through customer care channels with uncertain outcomes.
Under the DCA pilot:
- All consents are visible in a single interface.
- Changes take effect immediately.
- The process takes minutes instead of weeks
This centralised approach removes friction and gives users direct control over their consent preferences.
The Technology Behind the System
The DCA pilot is built on blockchain-based Distributed Ledger Technology (DLT).
The technology ensures that:
- Consent records are tamper-proof.
- Banks cannot modify records unilaterally.
- Uploaded legacy consents must be verified
Earlier, companies could claim consent without independent validation. Under the new system, banks are required to take responsibility for the accuracy of the consent records they upload. This shifts accountability from users to senders.
Why This Matters for Consumers
Consent management in India has historically been opaque and one-sided, with limited visibility for users.
The DCA pilot changes this by allowing users to:
- View consent records in real time.
- Revoke consent immediately and permanently.
- Manage multiple consents through a single platform
The initiative offers a practical mechanism for users to reduce unsolicited communications.
What Happens After the Pilot
TRAI will assess the outcomes of the pilot across several parameters, including:
- Technical performance
- User feedback
- Operational challenges
- Readiness for nationwide deployment
If the pilot is successful, the rollout is expected to begin with banks and later expand to other sectors such as insurance, investment and trading firms, and real estate entities.
To support implementation, four dedicated working groups comprising telecom operators, banks, and industry bodies are meeting regularly to address operational challenges, reflecting sustained regulatory oversight.
Guidance for Users
- Trust only messages received from 127000
- Participation in the pilot is voluntary
- Reviewing consent records can reduce unwanted messages
- There are no fees or hidden conditions
The portal is intended solely to improve transparency and restore user choice.
Conclusion
Unsolicited communications have long been treated as an unavoidable part of India’s digital ecosystem. The DCA pilot demonstrates that this assumption can be challenged. By combining regulatory oversight, secure technology, and user control, TRAI is moving toward a system where consent is transparent, verifiable, and enforceable. If implemented nationwide, the framework could significantly improve accountability in commercial communications across sectors.
