The Indian government has rolled out a sweeping directive set to impact millions of users across popular messaging platforms like WhatsApp, Telegram, Signal, Snapchat, ShareChat, JioChat, Arattai, and Josh. Under the new rules from the Department of Telecommunications (DoT), these apps will soon require an active SIM card in a user’s device to access their services.
The directive falls under India’s newly introduced Telecommunication Cybersecurity Amendment Rules, 2025, marking the first instance of subjecting app-based communication platforms to regulations similar to those governing telecom services.
Under the new rule, these apps, officially classified as Telecommunication Identifier User Entities (TIUEs), must ensure SIM cards remain continuously linked to their services within 90 days. For users who log in via a web browser, the DoT has made another big change: platforms will need to log users out every six hours and require reauthentication via a QR code. The government claims this will make it harder for criminals to exploit apps remotely, as every session must now be tied to an active, verified SIM.
The DoT says the new rule will close a loophole in messaging apps, which currently verify a user’s mobile number only once at installation. Apps continue working even if the SIM is removed, allowing cybercriminals, often abroad, to misuse services undetected. Persistent SIM binding will improve traceability, helping reduce spam, fraud, and financial scams. Similar safeguards already exist in banking, UPI, and proposed SEBI regulations for trading accounts.
Experts are divided on SIM binding. While it could curb fraud by linking users to devices, scammers may bypass it with fake or borrowed IDs. Telecom officials argue mobile numbers remain India’s most reliable digital ID. The challenge for platforms like WhatsApp and Telegram will be enforcing it without disrupting user experience or privacy.
