In a significant regulatory move, the Department of Telecommunications (DoT) has issued a 90-day ultimatum to popular messaging platforms, including WhatsApp, Telegram, Signal, and Snapchat. They must implement a "SIM binding" requirement that will prevent these apps from functioning if the original registered SIM card is removed from the device. This directive is set to become effective from February 2026.
What is SIM Binding and How Will It Work?
Currently, messaging apps verify a user's mobile number only once during the initial registration. After this single check, the application continues to work independently, even if the SIM card is taken out, replaced, or deactivated. The new SIM binding rule will change this fundamentally.
Under the new system, apps will be required to continuously verify that the registered SIM card remains active and physically inserted in the device. This move is part of the newly introduced Telecommunication Cybersecurity Amendment Rules 2025. Under these rules, messaging platforms have been classified as Telecommunication Identifier User Entities (TIUEs), significantly expanding the DoT's regulatory oversight beyond traditional telecom operators to any service using mobile numbers for identification.
Officials state the measure specifically targets cyber fraudsters who exploit the current system. Criminals, including those operating from outside India, often use this loophole to commit impersonation scams and other cyber frauds after obtaining activated SIM cards.
Potential Impact on Users and Industry Pushback
While aimed at enhancing security, the directive could create substantial friction for legitimate users. Travelers who switch to local SIM cards abroad may find their Indian messaging apps inaccessible. Users who rely on multiple devices like tablets or frequently use web versions could face constant disruptions.
A key provision mandates that web versions of these apps must log users out every six hours, requiring fresh authentication via QR code. This could disrupt workflows in professional settings where employees use WhatsApp Web on computers without their phones nearby.
The industry has raised serious concerns. The Internet and Mobile Association of India (IAMAI), which represents Meta and other digital firms, has called the amended rules a "clear overreach" with broad implications for digital businesses across fintech, e-commerce, and social media. Industry sources label the instructions as "problematic," noting a lack of prior feasibility study or consultation. Critics also question the efficacy, arguing that many fraudsters already use SIMs obtained with forged documents.
The Road to Compliance and Broader Implications
Messaging platforms now have until early 2026 to comply. For an app like WhatsApp, which boasts over 500 million users in India, implementing this change will require significant re-engineering to meet regulations unique to the Indian market.
The Cellular Operators Association of India (COAI) has supported the need for SIM binding, stating that the current one-time verification creates opportunities for misuse. This move marks a pivotal shift in how digital communication services are regulated in India, bringing them firmly under telecom jurisdiction.
The coming months will see intense discussions between the government and tech companies as the deadline for this transformative cybersecurity rule approaches.
