New Delhi: The Union government approached Telegram for corrective action “at least 35 times since October 2024” before the messaging platform was blocked ahead of the NEET-UG re-examination, according to the order that is part of the Centre’s affidavit filed in the Delhi High Court.
The 18 June order, signed by Ministry of Electronics and Information Technology (MeitY) secretary S.Krishnan, was issued days before the re-examination scheduled 21 June. ThePrint has a copy of the affidavit.
On Friday, the high court dismissed Telegram’s challenge to the temporary blocking, saying that the measure was the “least restrictive available and met the test of proportionality.”
The Centre’s trigger was the NEET-UG examination held 3 May, which was cancelled nine days later after an investigation found that many questions matched a guess paper that had been circulated, much of it through Telegram channels in Rajasthan.
More than 2.2 million candidates had appeared in the NEET-UG exam, a nationwide entrance test conducted for admission in undergraduate medical programmes.
On 21 May, the National Testing Agency (NTA) wrote a ‘confidential’ letter to MeitY in which its director general Abhishek Singh flagged 17 Telegram channels, bots and groups operating under a ‘Re-NEET 2026’ banner with a combined reach of about 1.46 lakh accounts.
The NTA is responsible for the entire process involving the NEET-UG exam.
The letter had a handwritten note, “Urgent action on this is needed. Pl take it up at once.”
The agency urged the MeitY to summon Telegram’s representatives. The ministry was suggested to direct the Dubai-headquartered platform in writing to deploy keyword and pattern-based detection for terms such as ‘NEET paper leak,’ require it to publish a grievance officer’s contact details with a 24-hour response commitment, and seek a written compliance plan within seven days.
Targeted blocking of the listed channels was sought as an immediate relief, the letter shows.
A block on the entire platform was listed as the sixth and last recommendation, to be considered “in the event that Telegram fails to demonstrate measurable, time-bound compliance,” and only “as a final escalation and after due process.”
Telegram’s failure to detect channels with names that openly advertised fraud was “a policy choice by the platform rather than a technical limitation,” according to the NTA letter.
Subsequently, MeitY joint secretary Ajit Kumar held a meeting 3 June with Telegram. Officials from MeitY’s Section 69A Cell, the Cyber Laws division and the NTA attended, along with three Telegram representatives—nodal officers Major L.R.Rathore and Rohini Dahiya, and grievance officer Abhimanyu Yadav.
The Telegram team, according to the minutes of the meeting, “stated that action was taken against all reported channels but since the issue was more subjective unlike objective issues (like CSEAM and pornographic content) the platform had limitations in detecting the content, proactively.”
The minutes record that the platform said it had been “acting on every list of channels circulating the papers” for the past one and a half months, and that the “’anonymity’ concept was being misused by bad actors.”
But officials said that Telegram “did not catch operating channels even if a simple search with ‘NEET leaked paper’ was conducted,” the minutes state.
For the past four years, they said, “Telegram has been stating that their search feature is limited and that Telegram is working on it.” Telegram was then asked to block at the device (IMEI) level or using a hash system, to which the platform’s team said it “did not have the technological identifiers to do so.”
A second letter by the NTA dated 15 June, was sent along with a report from the Indian Cybercrime Coordination Centre (I4C) to the MeitY.
The ministry then issued an interim blocking direction under Rule 9 the next day. Telegram filed a written reply 17 June and appeared the same day before the Review Committee chaired by the Cabinet Secretary.
Before the Committee, Telegram argued that invoking emergency powers under Rule 9 was unwarranted given weeks of engagement, that a platform-wide block was disproportionate, that specific channels should have been targeted, and that “Section 69A (of the Information Technology Act) does not authorise the blocking of a platform in its entirety.”
The Committee, however, rejected the contentions. It said the government pursued corrective measures “at least 35 times since October 2024,” but that the emergency “arose not from first discovery of the issue, but from the escalation and persistence of the identified threat in the immediate run-up to the examination.”
It found that channel-specific takedowns had been “repeatedly found ineffective and inadequate” because offending entities reappeared through “mirror channels, backup channels, reserve channels and successor entities.”
The real-time segregation of lawful from unlawful content, it added, was “practically unfeasible,” making a comprehensive block “the only viable mechanism of last resort.”
The order also cited two enforcement actions. The Rajasthan Police Special Operations Group had recovered fraudulent examination material and documented Telegram-based circulation networks.
On the eve of the interim direction, the Ahmedabad City Cyber Crime Branch arrested members of an inter-state gang running eight Telegram channels, with about Rs 1.5 crore routed through fraudulent bank accounts and around 1,000 mobile numbers contacted in a single month.
The order quoted a 16 June public post made by Telegram founder Pavel Durov on X related to the NEET exam.
Over the past few weeks, we removed hundreds of channels sharing leaked exam materials and related scams in India.
We’re also making the “edited” label more visible to prevent backdating scams.
Telegram is a force for good. Banning it — even temporarily — is a mistake.
— Pavel Durov (@durov) June 16, 2026
The Committee said the post “directly corroborates the scale and organised character of the misuse documented” by the NTA. It said Durov’s announcement of a change to the message-editing feature confirmed that “the existing design was a deliberate policy choice by the platform rather than a technical necessity.”
On the question of legality, the committee held that Telegram’s software, databases and servers constitute “computer resources” under the IT Act, bringing the blocking of access to them within Section 69A. It confirmed the interim direction with immediate effect.
Also Read: India’s Telegram ban: What CEO Pavel Durov said on Reliance, Meta & Modi govt’s move
I4C’s Telegram report
The I4C report sent with the 15 June letter formed a substantial part of the government’s case. The 35-page report, dated 10 June and prepared under the Ministry of Home Affairs, described Telegram as having “become the new dark web, linking threat actors,” and documented its use across categories of cybercrime beyond examination fraud.
The report set out year-wise complaints involving Telegram on the National Cyber Crime Reporting Portal: 75,688 complaints involving Rs 1,359 crore in 2023; 2,48,324 complaints and Rs 1,940 crore in 2024; and 2,75,840 complaints and Rs 3,086 crore in 2025. For 2026 up to May, it recorded 88,713 complaints and Rs 748 crore. It attributed these amounts to investment fraud, e-commerce scams, romance scams, “digital arrest” fraud, credit card fraud and sextortion.
The report said each Telegram account is linked to a phone number in the backend that users can conceal, “making it challenging to uncover the true identity behind a Telegram account.” It said criminals used virtual or disposable numbers to register accounts anonymously.
On money laundering, the report said closed Telegram groups were used to buy and sell mule and rented bank accounts, with funds often converted into cryptocurrency such as USDT.
It named channels including CloudPay_8888, bankrentalteam and xenopay_indian_bank_account_rent, and said “channels remain active, with new ones being continuously created.”
The report described Telegram being used as a command-and-control platform for malicious banking applications, and for what it called Malware-as-a-Service.
The anti-cybercrime coordination centre named a channel called ‘BYPASS GOOGLE PLAY’ promoting tools to evade Google Play Protect, a channel called ‘Null Binder’ distributing malware disguised as a payment app, and a channel called ‘Cyber Fox’ sharing modules to bypass integrity checks used by banking and UPI apps.
A bot called ‘Multi X Osint Bot’ served citizens’ personal data, including mobile numbers and Aadhaar details, on demand, the report mentioned.
Hacker groups including ‘Eagle Cyber Crew’ and ‘LulzSec Indonesia’ coordinated attacks on Indian websites through Telegram, it said.
On child sexual abuse material, the report noted that Telegram does not participate in the NCMEC Cyber Tipline initiative used by other electronic service providers. It said that of 1,17,758 complaints under the women-and-children category recorded on the portal between January and May 2026, 1,556 were directly linked to Telegram.
Criminals operating from scam compounds in South East Asia used Telegram to coordinate operations, the report said, giving an example of “cyber slavery” jobs in Cambodia through Telegram channels.
On examination leaks, the report identified channels including ‘NEET PAPER LEAKED,’ ‘Re-NEET Exam Paper 2026’ and ‘Paper Leaked NEET,’ along with handles claiming access to NEET, CBSE and 2027 NEET papers.
What Telegram told court
In a writ petition, Telegram said it had cooperated with the government throughout and acted on every request, in some cases within an hour. It called the block “mechanical, arbitrary, overbroad, disproportionate, and in complete disregard to the principles of natural justice.”
The blocking, it contended, was done without the hearing the rules normally require. The order was passed “without granting a hearing under Rule 8 of the 2009 Rules,” the petition said, by “unfairly and inappropriately invoking the emergency cases provisions under Rule 9 thereof.”
Blocking the whole application to address a fraction of content, it argued, was “a disproportionate burden and overbroad restriction on the fundamental rights to speech and expression of 150 million Indian users.”
Citing the Supreme Court’s ruling in Anuradha Bhasin v Union of India, the petition said the burden was on the government to show why less restrictive measures would not work, and that “no such justification has been offered.”
Less intrusive options were available, it said, “in the form of take down order of any offending post on the Channel (as opposed to the Channel/group as a whole), which the Petitioner No. 1 (i.e., Telegram) has readily and repeatedly complied with.”
(Edited by Tony Rai)
Also Read: Centre makes ‘Frankenstein’ jab at Telegram, HC questions govt on rights of users in app ban hearing