- The Centre is reviewing WhatsApp and Telegram's replies on username-based messaging features
- The government aims to apply uniform regulations across all messaging platforms
- Concerns include impersonation, phishing, and digital arrest scams linked to username use
The Centre is examining responses submitted by WhatsApp and Telegram to notices issued over their username-based messaging features, with officials indicating that any regulatory framework would apply uniformly across platforms.
Speaking on the sidelines of the launch of a cybersecurity report on Monday, Electronics and Information Technology Secretary S Krishnan said the ministry had received WhatsApp's response over the weekend and was reviewing it before deciding on the next course of action.
"The reply was received last week. We are examining the response and action, if any, will be taken after that examination," Krishnan said.
The Ministry of Electronics and Information Technology (MeitY) had earlier issued notices to WhatsApp, Telegram and Signal after raising concerns that username-based messaging - which allows users to communicate without revealing phone numbers - could make impersonation, phishing, identity theft and "digital arrest" scams easier.
In an earlier statement, a WhatsApp spokesperson said that it is primarily a private messaging app that people use to connect with friends and family.
Usernames, the spokesperson said, is the app's latest step to make WhatsApp even more private.
"Usernames do not replace your phone number on WhatsApp - you will need your phone number to register and use the service. Usernames is an additional privacy feature that enables you to connect with someone on WhatsApp without giving away your phone number," the spokesperson had said.
"Usernames is rolling out slowly and will only be available globally later this year. This is a moment where people can start reserving their usernames. We're taking our time to get it right and listen to feedback," the spokesperson had added.
While Telegram has long offered username-based messaging, WhatsApp is yet to roll out the feature in India.
The government sought details of the safeguards built into these systems before deciding its next steps.
Senior government officials added the Centre is working towards common standards for username-based messaging across platforms instead of regulating individual services differently.
"The standards and rules will be for everyone on usernames," a senior official said, indicating that any future regulatory framework would apply uniformly across messaging services.
The comments came as the government outlined its broader cybersecurity priorities amid growing concerns over AI-enabled attacks and increasingly sophisticated cybercrime.
Calling cybersecurity one of the biggest challenges arising from rapid digitisation, Krishnan said technological advances had expanded both opportunities and vulnerabilities.
"Cybersecurity is one of the most important concerns digitisation has brought to the fore. We have to prepare and protect ourselves against cybersecurity risks, including those that have implications for national security. Artificial Intelligence itself has the scope to create malicious attacks. We need to create resilient features and there is no option but to build domestic capacity," he said.
Krishnan also underscored the need for an evolving regulatory framework.
"The minister had earlier indicated that striking the right regulatory balance in a rapidly changing technological environment is a challenge," he said, referring to the proposed cybersecurity policy that is being worked on to address emerging threats while keeping pace with technological change.
On institutional preparedness, Krishnan said India already has multiple agencies handling different aspects of cyber incidents, including the National Cyber Coordination Centre (NCCC), the Indian Computer Emergency Response Team (CERT-In) and the Ministry of Home Affairs, with responsibilities divided across sectors and states. Effective information sharing between government agencies and private companies, he said, would be critical to strengthening cyber resilience.
"As digital ecosystems become increasingly interconnected, the ability to respond will be the real test," Director General of CERT-In Sanjay Bahl said.
He noted that while attackers are increasingly using Artificial Intelligence to launch sophisticated cyberattacks, defenders are also deploying AI to detect and respond to threats.
The scrutiny of username-based messaging comes against the backdrop of a surge in cyber fraud, particularly "digital arrest" scams in which fraudsters impersonate law enforcement agencies or government officials to extort money from victims. Government officials believe username-based identities could make it easier for bad actors to create deceptive profiles if adequate safeguards are not built into the platforms.
Messaging companies, however, maintain that such features enhance user privacy by allowing people to communicate without sharing their personal phone numbers.
The Centre is expected to take a decision on the matter after examining the responses submitted by the platforms.
Track Latest News Live on NDTV.com and get news updates from India and around the world