The Department of Telecommunications (DoT) in India has introduced a major regulatory overhaul affecting popular messaging apps like WhatsApp, Telegram, Signal, Snapchat, and others by mandating continuous linkage to an active SIM card.

The new Telecommunication Cybersecurity Amendment Rules, 2025, require that these services must verify on an ongoing basis that the SIM card registered with the mobile number associated with the messaging account remains present and active in the user’s device.

This marks the first time app-based communication services in India are subject to telecom-style regulatory obligations, aiming to enhance traceability and strengthen security against cyber fraud.

New Rules and What They Mean for Users

According to the DoT directive issued in late November 2025, app-based communication services, classified as Telecommunication Identifier User Entities (TIUEs), must ensure that their users cannot access their accounts without the corresponding active SIM card installed in their device.

This means if a user removes, changes, or deactivates their SIM card, the app will automatically stop functioning until the SIM is reinserted. For WhatsApp Web and similar desktop or web versions, the government has specified an automatic logout every six hours, after which users must re-authenticate by scanning a QR code.

The department has given these apps a 90-day deadline to comply, after which non-compliance may attract penalties under the Telecommunications Act, 2023.

Reasons Behind the Regulation

The Department of Telecommunications, supported by the Cellular Operators Association of India (COAI), explained that this move is designed to close a significant security loophole currently exploited by cybercriminals. Presently, messaging apps typically authenticate the user’s number only once, during installation or account setup, allowing continuous usage of the app independent of the SIM’s presence.

This “bind-once” method enables misuse, including remote access to accounts without a physical SIM card, increasing risk of fraud, impersonation, and spam activities.

By mandating persistent SIM verification, the government aims to ensure that communication accounts are directly tied to a physical device and verified SIM card at all times. Proponents argue this will improve traceability of online activity, assist law enforcement agencies in combating cybercrime, and safeguard millions of Indian users from fraudulent activities. The COAI endorses this regulatory approach as essential for securing India’s increasingly digital communication ecosystem.

Impact and Industry Response

The new rules represent a paradigm shift for messaging apps, historically known for convenience and multi-device flexibility. WhatsApp users have long enjoyed seamless use across phones, desktops, and web browsers without constant SIM checks. The enforced six-hour logout on WhatsApp Web and the requirement of continuous SIM presence will interrupt this experience, potentially inconveniencing users who rely on multiple devices.

While telecom operators and cybersecurity advocates applaud the move as a necessary step in combating online fraud, some experts and privacy advocates have raised concerns. They argue that forcing frequent re-logins could degrade user experience and might not be entirely effective in thwarting sophisticated fraud schemes. Additionally, there are concerns around potential privacy implications regarding continuous SIM checks and the data collected in this process.

The Logical Indian’s Perspective

The Department of Telecommunications’ new SIM-linking rules are a bold initiative to create a safer and more secure digital communication environment. At The Logical Indian, we recognise the importance of security measures in protecting citizens from digital threats and fraud.

Yet, the implementation must balance these objectives with respect for user convenience and privacy. The challenge lies in enforcing responsible cybersecurity without eroding the usability and freedoms that make messaging apps integral to daily life.

As mobile numbers and devices fuel every digital service – from banking to shopping #DoT is closing the gaps that fraudsters exploit. The updated TCS Rules introduce verified mobile number usage through the MNV platform, ensure clean and safe second-hand devices with #IMEI… pic.twitter.com/CYdbPSyyDZ

— DoT India (@DoT_India) November 28, 2025