India’s new SIM-binding rule for WhatsApp and other apps. Here’s what you should know

India has mandated active SIM linkage for messaging apps such as WhatsApp, Telegram and Signal, citing rising digital fraud. While telecom operators have welcomed the move for enhancing traceability, major tech firms have urged the government to pause implementation and review legal concerns

New Delhi: India has mandated an active SIM linkage for messaging apps like WhatsApp, Telegram, and Signal to work on a device in the coming days, with the government asserting that “SIM binding” is essential to plug security gaps that cybercriminals exploit to perpetrate large-scale, often cross-border, digital fraud.

The move has, however, polarised stakeholders, with mobile operators under COAI supporting the directive, while digital platforms under the Broadband India Forum (BIF) have raised “serious concerns” about overreach and urged the government to pause implementation timelines.

---

Here is a snapshot of what the directive says and how various players have reacted:

DoT’s November 28 directive

Messaging platforms must ensure, within 90 days, that their services work only if an active SIM is present in the user’s device. Also, within 90 days, any web version of the app must automatically log users out at least once every six hours; users can then re-link the device using a QR code.

All players offering app-based communication services in India have been asked to submit compliance reports to the Telecom Department within 120 days of the directive. The department has warned that failure to comply will attract action under the Telecommunications Act, 2023, the Telecom Cyber Security Rules and other applicable laws.

At present, app-based communication services link to a subscriber’s mobile SIM card only during installation and verification. These applications continue to function even if the SIM is removed, replaced or deactivated.

Messaging apps affected

The directive impacts users of apps such as WhatsApp, Telegram, Signal, Arattai, Snapchat, ShareChat, JioChat, and Josh in India.

Government’s rationale for ‘SIM binding.’

The government says an active SIM requirement is “essential” to plug a security vulnerability that cybercriminals use to conduct large-scale, often cross-border, digital fraud.

With cyber-fraud losses crossing Rs 22,800 crore in 2024 alone, continuous SIM linkage and periodic logout will ensure that every active account and web session is tied to a live, KYC-verified SIM—restoring traceability of numbers used in phishing, investment, digital arrest, and loan scams.

The Centre has clarified that the direction does not affect cases where the SIM is present in the handset, and the user is on roaming.

What telcos say

Industry body COAI — whose members include Reliance Jio, Bharti Airtel, and Vodafone Idea — says the directive will bolster national security and safeguard citizens.

It argues that continuous linkage ensures accountability and traceability for any activity undertaken using the SIM card and its associated communication app. It will close “long-persistent gaps that have enabled anonymity and misuse”, COAI has said, pledging support for seamless implementation.

Concerns flagged by BIF

Broadband India Forum (BIF), which represents major technology firms like Meta and Google, says the directions raise significant questions around jurisdiction, consumer impact, and risk, creating obligations that extend beyond the mandate of the Telecom Act or the purpose of the Telecom Cyber Security Rules.

BIF has urged the Centre to pause implementation timelines and hold stakeholder consultations on the SIM-binding requirement.