Govt makes SIM-linking mandatory for chat apps
The DoT directive follows internal findings that some apps allow users to continue using their accounts even after removing the SIM card
The government has directed major app-based communication services, including WhatsApp, Telegram, Signal, Arattai, Snapchat, Sharechat, Jiochat and Josh, to ensure their apps cannot be used unless the device contains the active SIM card linked to the user’s mobile number. The industry, however, has pushed back, calling the move rushed and poorly designed.
An executive at a major messaging platform, which received the SIM-binding directive late Friday night, told HT on condition of anonymity that the order amounts to an “overreach” by the government. The executive said the Centre had earlier made it clear that the Department of Telecommunications (DoT) has no authority over OTT services (messaging apps fall under OTT communication services), which is why they were kept out of the Telecommunications Act. The executive questioned whether the new directive crosses that line.
Although OTT apps were excluded from telecom licensing under the 2023 Act, they were brought under cyber-security oversight through the Telecom Cybersecurity Rules, which created a new category called Telecommunication Identifier User Entities (TIUEs). This allows the government to issue directions to platforms that use mobile numbers for identification, even though they remain outside traditional telecom regulation. In July 2025, the Internet and Mobile Association of India (IAMAI), which represents Meta, WhatsApp and other major digital firms, had already opposed the creation of the TIUE category. In its submission to DoT, IAMAI warned that this would impose telecom-like compliance costs on digital businesses, amount to “regulatory overreach”, and could lead to sudden user deactivations and service disruptions.
With DoT’s latest directive, the biggest change for users is that messaging apps will no longer work independently of the SIM linked to the registered mobile number. The second change affects users who access these services on a web browser. Web sessions such as WhatsApp Web must now log out automatically every six hours, after which users will need to re-link their device via a QR code.
“The impact on users has not been taken into account. In a basic scenario like people travelling abroad, they stay in touch with people back home through these messaging platforms. How would this impact a person with an e-SIM or dual SIM? In many tier-2 and tier-3 towns, families often share a single handset and rotate multiple SIM cards on it,” said another executive associated with a US-based messaging app.
Responding to this concern, telecom secretary Neeraj Mittal told HT that “we have 90 days to sort out any issues.”
This executive also argued that the six-hour logout rule would be impractical for work-related use, noting that people typically have 8-9 hour workdays and stay signed in across laptops, tablets and other devices, which would force them to log in repeatedly through the day.
The DoT directive, issued on November 28 under the Telecom Cyber Security Rules, follows internal findings that some apps allow users to continue using their accounts even after removing the SIM card. The directive, seen by HT and authenticated by the secretary, says this loophole has been “misused from outside the country to commit cyber-frauds”.
In a clarification to HT on Sunday, the DoT said that the matter had been under discussion with service providers “for the last few months.” However, one executive cited above said no consultation was held with messaging platforms, which are directly affected by the order.
DoT’s direction states that these steps are necessary “to prevent the misuse of telecommunication identifiers and to safeguard the integrity and security of the telecom ecosystem.” According to DoT officials, criminals often misuse accounts that stay active without the original SIM, through VoIP numbers or long-term logged-in sessions, because it makes them hard to trace. The government believes that making apps work only with the linked SIM will help close this loophole.
“For instance, a number bought in Madhya Pradesh might be used in Cambodia to commit a digital-arrest scam, which mainly happens on messaging platforms like WhatsApp. This directive is aimed at tackling exactly these kinds of misuse,” said a DoT official on condition of anonymity.
The Cellular Operators Association of India (COAI), which represents major telecom operators including Jio, Airtel and Vodafone Idea, had backed this approach in an August 2025 statement. It had warned that if a device without the original SIM is used for illegal activity, there is no way to trace it, thus creating hurdles in tackling spam, cyber fraud and national security threats. “Presently, the binding process between a subscriber’s app-based communication services and their mobile SIM card occurs only once during the initial installation… even if the SIM card is later removed, replaced or deactivated,” the industry body had said. On the latest directive, COAI said they will issue a detailed statement soon.
Under the order, all TIUEs must ensure their apps remain continuously linked to the SIM inserted in the device within 90 days. Apps offering web-based logins must also enforce automatic logout every six hours and allow users to re-link via QR code. Companies must submit compliance reports within 120 days, failing which action may follow under the Telecommunications Act and the Cybersecurity Rules.
HT’s request for comment from WhatsApp, Telegram, Signal, Arattai, Snapchat, Sharechat, Jiochat and Josh remained unanswered.
The Indian government has mandated that major messaging apps, including WhatsApp and Telegram, must link their services to the active SIM card of the user’s mobile number, a move criticized by the industry as an overreach and poorly planned. This directive aims to combat cyber fraud but raises concerns about user accessibility and compliance. The Telecommunications Cybersecurity Rules now govern these apps, despite their exclusion from traditional telecom regulations.