India Tightens Satellite Internet Rules Ahead of Starlink, Kuiper Launches

The Department of Telecommunications (DoT) has laid the groundwork for a total revamp of the security mechanism for satellite-based internet service providers. This was long overdue, considering that players like Starlink and Project Kuiper, from the global big shots of the telecom industry, are knocking on the doors of the Indian market. The DoT thinks the new avatar will better defend national interests.

The new guidelines require all licensees to obtain specific security clearances for each gateway hub in India, with a focus on real-time surveillance, domestic data routing, and operational transparency. Additionally, operators must set up lawful interception systems at key infrastructure points before starting commercial operations. These measures are designed to tighten security controls in an increasingly sensitive digital environment.

Indian Infrastructure Mandate and Geo-Fencing Requirements

The revised regulations make clear that the most fundamental parts of the technology core, monitoring parts, data control parts, and routing parts, must be located within the geographic borders of India. They also leave no doubt that service providers must use geo-fencing to keep the signals within the same borders. Otherwise, you get into a complicated situation, especially if you're trying to put a system near an international land border or coastal region.

Denying or restricting service to certain geographical areas or specific users, especially during emergencies or under government direction, is an operator responsibility. This ensures that national agencies can exercise control over service coverage, even in high-risk areas. The government also wants the NavIC satellite navigation system integrated into the telecom networks by 2029.

Terminal Authentication and Real-Time Tracking Now Compulsory

A notable aspect of the new framework is its emphasis on the registration of user terminals and real-time authentication. All devices, whether fixed or mobile, operating in Indian territory must be authenticated locally before accessing satellite network services. Devices not previously registered, or that were manufactured outside of India, must be verified before being used, even in areas that are supposed to be within satellite network coverage.

Precise tracking of user terminals must be enabled by operators. This requires that the shared data be sufficiently accurate and up-to-date to allow for real-time decision-making by authorities. That, in turn, mandates some rather unforgiving stipulations for mobile units. Updates must go out either every 2.6 kilometers or every minute, whichever comes first, and no update can be missed. This is roughly the same pace at which a human runs.

Data Sovereignty and Technical Compliance Cement Control

The most recent guidelines are quite firm about data sovereignty. All internet traffic originating from satellite services must pass through Indian gateways. And there are strict rules about not decrypting, duplicating, or storing telecom data anywhere outside the country. Making any satellite-to-satellite or terminal-to-terminal in-space peer-to-peer communication is also explicitly prohibited.

Moreover, businesses must show adherence to India's technical standards for non-geostationary satellite networks (NGSO), Earth Stations in Motion (ESIM), and Transportable Earth Stations (TES) before they can launch services. Data centers, DNS services, and remote operations must follow domestic protocols for hosting and access to data. India has made it clear that for satellite communication to be operational within its borders, there are two requirements: operational readiness and regulatory alignment.