Last Updated:
Failure to comply could lead to severe action under the Telecommunications Act, 2023, and other relevant laws
The core objective is to eliminate a critical loophole often exploited by cybercriminals: the ability of an app to continue functioning even if the SIM card initially used for registration is removed, deactivated, or no longer physically present in the device. Representational image
The Indian government has introduced a significant new directive that is set to fundamentally change how millions of users access and utilise popular messaging applications, including WhatsApp, Telegram, Signal, Snapchat, and local platforms like JioChat and Arattai. Issued by the Department of Telecommunications (DoT) under the new Telecommunication Cybersecurity Amendment Rules, 2025, the directive mandates that all app-based communication services must remain continuously linked to a user’s active SIM card in their device.
This move effectively places these apps—officially categorised as Telecommunication Identifier User Entities (TIUEs)—under a regulatory framework akin to that of traditional telecom operators for the first time. The core objective is to eliminate a critical loophole often exploited by cybercriminals: the ability of an app to continue functioning even if the SIM card initially used for registration is removed, deactivated, or no longer physically present in the device. The DoT argues that this persistent “SIM binding” is essential for safeguarding the integrity and security of the telecom ecosystem and preventing sophisticated cyber-frauds and financial scams, many of which originate from outside the country.
The directive carries a strict compliance timeline: TIUEs have been instructed to ensure this continuous linkage to the associated SIM card within 90 days of the directive’s issuance. Failure to comply could lead to severe action under the Telecommunications Act, 2023, and other relevant laws.
Beyond the mobile application itself, the new rules introduce a critical change for users of web browser versions of these services (such as WhatsApp Web). To maintain traceability, the platforms will now be required to automatically log users out at least once every six hours. Re-authentication will then be mandatory, typically requiring the user to re-link the device via a QR code, ensuring that every session is tied back to the verified, active mobile number.
While industry bodies like the Cellular Operators Association of India (COAI) have supported the move, asserting that linking the app usage to a verified mobile number will enhance accountability and traceability, the directive raises operational and privacy questions for end-users. For many, it will mean losing the current convenience of uninterrupted use, particularly on web browsers. Nevertheless, the government views the mobile number as India’s most reliable digital identifier, mirroring similar SIM-verification safeguards already established for critical financial applications, such as UPI and banking services.
Pathikrit Sen Gupta is a Senior Associate Editor with News18.com and likes to cut a long story short. He writes sporadically on Politics, Sports, Global Affairs, Space, Entertainment, And Food. He trawls X via …Read More
Pathikrit Sen Gupta is a Senior Associate Editor with News18.com and likes to cut a long story short. He writes sporadically on Politics, Sports, Global Affairs, Space, Entertainment, And Food. He trawls X via … Read More
November 30, 2025, 02:03 IST
Read More
