Bharti Airtel Limited
Headquartered in India, Airtel provides mobile, fixed-line broadband, and voice services in India and 16 other countries in South Asia and Africa. With a global user base of over half a billion, it is the second-largest mobile operator in India.
Although Airtel increased its overall score by more than four points, the company slipped one place to 10th this year, as most assessed companies also improved their performance. Over the past few years, Airtel has expanded its business rapidly, forming new partnerships with companies such as IBM, Perplexity, and Starlink to broaden its service offerings. During the same period, Airtel’s Integrated Report showed improved disclosures related to its governance structure overseeing human rights issues and internal security measures.
Two years after India passed its first privacy law, Digital Personal Data Protection Act 2023, the government rolled out new data collection rules in November 2025, formally operationalizing the law. The rules aim to minimize personal data collection by tech companies and strengthen user control over personal data, including consent withdrawal, opt-out options, and access to personal data. The new rules also require user notification in the event of data breaches. However, by the policy cut-off date of this research, Airtel remained weak in user data management disclosures: it did not commit to limiting data collection to what is strictly necessary and only disclosed scant detail about the extent of user control over personal data. The company also shared nothing on how it would handle potential data breaches, including whether and how users would be notified. Telco operators in India are granted an 18-month transition period to comply with the new rules.
Internet shutdowns, particularly those ordered at the state level, remain one of the most persistent institutional challenges facing Indian telecommunications companies. India’s 2023 Telecommunications Act and its companion rules introduced certain clarifications regarding government-imposed shutdowns; however, they largely formalized existing practices without placing meaningful constraints to the use. According to the latest available data, India recorded at least 65 network shutdowns, following 84 shutdowns in 2024, ranking second globally1, just behind Myanmar. Due to the social and economic consequences of such internet disruptions, India’s three largest telecom operators, including Airtel, have filed a letter to the central government, urging to restrain state-level authorities from suspending internet services. Despite these calls, no significant policy shift has been observed so far. Airtel’s policies identified government orders as one of the grounds for potential service disruptions. Although India law requires authorities to publish shutdown orders formally, the company did not proactively disclose shutdown notifications or relevant related data on such orders.
In addition, the Indian government continues to exercise extensive control over internet content. Toward the end of 2025, authorities banned the use of VPN services in four districts of Kashmir, citing “security reasons.” Earlier in the year, the government temporarily2 blocked access to The Wire website, an independent news outlet, following the publication of an article perceived as favorable to Pakistan during heightened India-Pakistan tensions. While telecommunication operators like Airtel play a critical role in enabling or restricting access to online content, the company disclosed almost no information about how it responds to government requests related to internet censorship.
The 2026 RDR Index: Telco Giants Edition covers policies that were active on August 31, 2025. Policies that came into effect after August 31, 2025 were not evaluated for this ranking.
Scores reflect the average score across the services we evaluated, with each service weighted equally.
We rank companies on their governance, and on their policies and practices affecting freedom of expression and privacy.
Airtel demonstrated significantly greater transparency in its governance practices than in its disclosures related to freedom of expression and privacy. The company published a human rights policy (G1) and described a top-down “ESG governance structure” responsible for overseeing human rights-related issues (G2). It also provided employees with training and whistleblower programs on human rights issues (G3). However, these disclosures did not explicitly address freedom of expression. Airtel further reported conducting an annual human rights due diligence process to monitor and assess human rights-related risks, but the company did not clarify whether these assessments cover areas such as enforcement of its own policies, targeted advertising practices, or algorithmic systems, beyond its products and business functions (G4).
Airtel made some progress in this category, rising to tenth place from last in the previous ranking; however, its disclosures regarding policies and practices that affect users’ freedom of expression remained poor overall. The company published rules on content and advertising, outlining the types of content and ads that are not permitted on its platform (F1a, F3a, F1b, F3b). It also disclosed that it allows third parties to target users through advertising, but failed to provide any policy governing the use of targeted ads on its website (F1c, F3c). Moreover, Airtel did not publish any data on content, account, or advertising restrictions implemented to enforce its own policies (F4), nor did it release relevant data on government demands for content or account restrictions (F6). The company also shared very limited information on how it responded to government-ordered internet shutdowns (F10).
Airtel performed weakly in disclosing how it manages user information it collects. The company did not identify what user information it infers (P3b), nor did it provide any information on how long it retains user data (P6). While Airtel allowed users to opt out of targeted advertising, it offered users very limited options to control their own information (P7). Although users could access their data, it appeared users cannot request a copy of their data (P8). The company conducted internal and external security audits (P13) and established a security vulnerability reporting system (P14), but Airtel was yet to disclose its measures for responding to data breaches (P15). In addition, Airtel shared almost no information about how it handles government demands for user information (P10a, P11a).
1 2024 was the first time in six years that India had not been named as the country with the most internet shutdowns.
2 The Wire reported that the block was lifted after they removed the contentious article, although access restoration was inconsistent for some users.