-1764439559573.webp)
In a seminal directive, the Department of Telecommunications has instructed major messaging platforms-Whatsapp, Telegram, Signal, Snapchat, ShareChat, JioChat, Arattai, and Josh-that these will have to remain irrevocably connected to an active SIM card on users' devices under the Telecommunication Cybersecurity Amendment Rules, 2025. Imposed with immediate effect but allowing a compliance window of up to 90 days, the rule categorizes these apps as Telecommunication Identifier User Entities (TIUEs) and subjects them to verification in a manner similar to telecom companies to fight fraud, spam, and cybercrimes.
What does the mandate require?
-
Continuous SIM Binding: Applications should validate and continue the association between the customer's registered phone number, SIM card, and device. If the SIM is removed, deactivated, or inactive, the application should not function until re-validated.
-
Restrictions on Web Versions: Apps should log users out automatically every 6 hours for web access/desktop; users will then have to go through QR code re-scanning via the mobile app to confirm the presence of the SIM.
-
Timeline: Platforms to make the changes within 90 days and report their compliance to DoT within 120 days. Non-compliance could result in service restrictions.
-
Affected Apps: WhatsApp, Telegram, Signal, Snapchat, ShareChat, JioChat, Arattai, Josh—covering most popular OTT communication services in India. The current practice is that apps work indefinitely post-initial verification, even without an active SIM.
Why This Change? Official Rationale and Context
-
Fraud Prevention: Cybercriminals take advantage of SIM-independent access in order to conduct scams using spoofed numbers, financial fraud, and spamming. COAI explains that this creates traceability gaps since fraudsters continue using apps post-SIM swap.
-
Telecom Cybersecurity: Aligned OTT applications with the standards of banking/UPI, for example; therefore, treating mobile numbers as the digital ID of India to make them more accountable.
-
Background: This follows recommendations by the COAI and prior DoT actions like tightening business SIM KYC. Recent surges in fraud, such as electricity KYC scams via WhatsApp, prompted the move.
Impact on Users and Platforms
| Stakeholder | Key Changes and Implications |
| Individual Users | No app access without active SIM; frequent web logouts; dual-SIM users may need primary SIM active. Travelers/inactive SIM holders affected. |
| Messaging Apps | Technical overhauls for real-time SIM checks; potential user friction but improved security cred. Global apps like WhatsApp may challenge via courts. |
| Businesses/Enterprises | Bulk comms (e.g., marketing) face stricter tracing; aligns with SEBI's trading SIM mandates. |
| Cybersecurity | Reduces anonymous fraud but critics note scammers can still use forged SIMs; privacy concerns over constant tracking. |
DoT's SIM-linking mandate represents a proactive cybersecurity push, closing fraud loopholes in India's 1.2B + mobile ecosystem while mirroring financial sector rigor. Users face minor inconveniences for enhanced protection, but platforms must innovate to minimize disruption. Monitor official DoT/COAI updates as implementation unfolds.
-1764336700323.jpg)
-1764326560008.jpg)
Comments
All Comments (0)
Join the conversation