With Centre's new SIM-binding rules, how long can you run WhatsApp on web?
The notification, issued on November 28, 2025, has come into force with immediate effect.
The Centre’s new SIM-binding rules will now determine how long you can stay logged in to WhatsApp Web and other web platforms of messaging apps like Telegram, Signal, Arattai and Snapchat. The apps themselves cannot run unless the active SIM linked to the user’s mobile number is physically present in the device.
This step has been introduced to reduce cybersecurity risks.
The Department of Telecommunications (DoT) notification lists the following app-based communication services in India: WhatsApp, Telegram, Signal, Arattai, Snapchat, Sharechat, Jiochat, Josh.
'No later than 6 hours'
As part of the new mandate, the notification by the DoT: “From 90 days of issue of these instructions, ensure that the web service instance of the Mobile App, if provided, shall be logged out periodically (not later than 6 hours) and allow the facility to the user to re-link the device using QR code.”
It was issued on November 28, 2025, and has taken effect immediately.
It also requires apps to stay tied to the phone number’s physical SIM at all times: “From 90 days of issue of these instructions, ensure that the App based Communication Services is continuously linked to the SIM card (associated with Mobile Number used for identification of customers/users or for provisioning or delivery of services) installed in the device, making it impossible to use the app without that specific, active SIM,” it added.
Also Read | No WhatsApp without active SIM: Centre issues new rules to prevent cyber crimes
Why news measures are being enforced?
The DoT said the issue arises when App Based Communication Services run on devices without the required Subscriber Identity Module, which creates telecom cyber security risks.
According to the department, this gap is being exploited from outside India to carry out cyber frauds.
It added that the matter had been discussed with major service providers for months, and the growing seriousness of the threat made it necessary to issue these directions to prevent misuse of telecom identifiers and protect the security and integrity of the telecom ecosystem.
What are the measures ensuring compliance?
The Department of Telecommunications has instructed all TIUEs that use mobile numbers to identify users or deliver services to comply with the new rules.
These platforms must submit their compliance reports to the DoT within 120 days of the directions being issued. Any failure to comply will invite action under the Telecommunications Act, 2023, the Telecom Cyber Security Rules, 2024 (as amended), and other applicable laws.
