Continuous SIM binding becomes mandatory for WhatsApp, Signal, Telegram

Srinagar, Dec 2: India’s digital communication ecosystem is set for its most significant regulatory overhaul in years, with the Department of Telecommunications (DoT) issuing new directions to popular messaging platforms—including WhatsApp, Telegram, Signal, Snapchat, ShareChat, JioChat, Josh, Arattai and others—that will fundamentally reshape how users access these services across devices.

The changes stem from the Telecommunication Cybersecurity Amendment Rules, 2025, which introduce a new category called the Telecommunication Identifier User Entity (TIUE). Any platform that uses a mobile number as the primary identifier for user registration now falls under this framework and must comply with stricter cybersecurity protocols.

At the centre of the new mandate is compulsory SIM binding. Messaging services will be required to ensure that a user’s account stays continuously linked to the SIM card used during registration. If the SIM is removed from the device, the app must automatically stop functioning. This is a major shift from the current model, in which apps authenticate users only once through an OTP and then remain accessible even if the SIM is removed.

To enforce the change, platforms will have to verify the device’s IMSI—the unique identifier stored on the SIM card—and deny access if the registered SIM is not physically present. This will require global platforms such as WhatsApp to redesign parts of their architecture specifically for India, marking one of the most intrusive compliance requirements imposed on messaging apps so far.

Companion services such as WhatsApp Web and Telegram Web will also undergo major changes. Under the new rules, web sessions must be automatically logged out every six hours unless the primary device—and its SIM—remains online. For millions of users who keep these web interfaces open throughout the workday, this will significantly alter how they use messaging services on desktops and laptops.

Government officials say the move is aimed squarely at combating cyber-fraud. Criminals often operate from abroad while using Indian numbers obtained through VoIP, cloned SIMs or illegal procurement networks. Because messaging apps currently do not check whether the SIM is active in the device, law enforcement struggles to trace offenders. The DoT argues that tying messaging accounts to a physical SIM will enhance traceability and prevent misuse by fraud rings operating outside India, claiming the rules will strengthen the country’s cyber-defence ecosystem.

Telecom operators such as Jio, Airtel and Vodafone Idea have largely backed the new measures, saying they bring messaging platforms closer to the regulatory scrutiny that telecom companies already face. For years, operators have demanded a level playing field, arguing that messaging apps provide communication services without bearing similar compliance burdens.

Messaging platforms have been given 90 days to implement SIM binding and four months to submit compliance reports to the government. Over the coming weeks, companies are expected to seek clarifications or request additional time for implementation, citing the technical complexity and potential privacy concerns. Some may even explore legal options, questioning whether aspects of the rules align with constitutional principles of proportionality and user privacy.

The coming months will determine whether the rules usher in a new era of secure digital communication—or spark a prolonged regulatory standoff between the government and global tech giants.