Popular messaging platforms including WhatsApp, Telegram, Signal, Snapchat, ShareChat, JioChat, Arattai and Josh were formally directed by India's Department of Telecommunications (DoT) on 28 November to ensure that their services operate only when the registered Subscriber Identity Module (SIM) card is present in the user's mobile phone.
The companies were given 90 days to comply with the order, a deadline that ends on 28 February, with a compliance report to be submitted within 120 days. As a result, the new requirement is set to come into force from 1 March.
The rule, issued by the Department of Telecommunications (DoT) under the Telecom Cyber Security (TCS) Rules, 2024 as amended, was formally directed to major app-based communication services last year. It requires that these apps remain continuously linked to the active Subscriber Identity Module (SIM) used to register the account.
Under the new framework, messaging applications will only function if the registered SIM card is present and active in the device. If the SIM is removed, swapped or deactivated, the apps must stop operating on that device until the correct SIM is re-inserted and authenticated.
The rules also mandate that web and desktop sessions of apps such as WhatsApp Web and Telegram Web will be automatically logged out every six hours, requiring fresh authentication, often via QR code scanning from the phone with the active SIM.
Officials say the objective of the SIM-binding requirement is to curb rising cyber frauds, including SIM-swap scams and impersonation attacks, by ensuring stronger identity verification and traceability. Communications Minister Jyotiraditya Scindia has reaffirmed that the deadline will not be extended and emphasised the importance of the measure for digital security.
Industry bodies representing messaging platforms have raised concerns about potential inconvenience for users, including those who use multiple devices or travel frequently. However, the government maintains that the rules are necessary to protect users and strengthen India's overall cybersecurity infrastructure.
