In a major move to enhance digital security and traceability, the Department of Telecommunications (DoT) has issued a directive making it mandatory for users to have their original SIM card active in the device to access popular messaging platforms. This new rule, part of the Telecommunication Cybersecurity Amendment Rules, 2025, gives users and app providers a 90-day window to comply.
What the New SIM-Binding Mandate Entails
The directive states that within the next 90 days, users will lose access to apps like WhatsApp, Telegram, Signal, Snapchat, ShareChat, JioChat, and Arattai if the SIM card used during registration is not physically present and active in their smartphone or device. This process, known as SIM binding, aims to create a reliable, continuous link between the user, their mobile number, and the device.
Under the revised framework, which introduces the Telecommunication Identifier User Entity requirement, platforms will need access to the International Mobile Subscriber Identity (IMSI) stored on the SIM. This may force global services like WhatsApp and Signal to re-engineer parts of their systems specifically for the Indian market.
A significant technical change requires apps to automatically log users out every six hours when accessed on a device without the registered SIM card. To regain access, users will need to log in again using a QR code verification method, ensuring the legitimate SIM holder is present.
Industry Backing and Security Rationale
The Cellular Operators Association of India (COAI), representing major telecom players like Reliance Jio, Bharti Airtel, and Vodafone Idea, has strongly welcomed the DoT's guidelines. The industry body has long argued that allowing messaging apps to function independently of SIM cards creates a dangerous loophole.
Lt General Dr SP Kochhar, Director General of COAI, stated that this "landmark step" bolsters national security and safeguards citizens. He explained that currently, apps link to a SIM only once during installation. Thereafter, they continue working even if the SIM is removed, replaced, or deactivated, enabling anonymity and misuse.
COAI believes this mandate will "significantly reduce spam, fraudulent communications, and financial scams" by ensuring complete accountability and traceability. They highlight that cybercriminals and anti-national elements, including those operating from outside India, have exploited the old system, making it extremely difficult for authorities to trace fraudulent activities through call records or location data.
Broader Implications and Future Recommendations
The move is seen as a first-in-the-world regulatory measure for app-based communication services. COAI has urged the DoT to recommend similar anti-spam measures for these messaging platforms as those already in place for SMS and calls.
Furthermore, COAI has recommended that the DoT engage with the Reserve Bank of India (RBI) to mandate SMS-based One-Time Passwords (OTP) as the primary factor for authenticating all financial transactions. They advocate for this, citing SMS OTP as the "most secure, operator-verified channel with guaranteed traceability," which would create a consistent security framework across India's financial ecosystem.
The 90-day compliance clock is now ticking for both millions of Indian users and the tech giants behind these apps, marking a pivotal shift towards a more accountable and secure digital communication environment in the country.
