The DoT ordered messaging platforms to enforce SIM-binding
This move, effective February 2026, also mandates that web/desktop sessions must be logged out at least every six hours
The government's goal is to curb cyber fraud and restore traceability of phone numbers used in scams
The Department of Telecommunications has directed major messaging platforms, including WhatsApp, Telegram and Signal, to ensure that user accounts remain continuously linked to the active SIM in the device on which they were registered.
The order also mandates periodic logouts for web and desktop sessions. The move is aimed at curbing the rise in cyber fraud but is likely to disrupt how millions of users and thousands of small businesses rely on these apps.
The directions, issued on 28 November, give app providers 90 days to make the required technical changes. They also require web and desktop sessions to be logged out at least every six hours, with users having to re-link their accounts through QR codes.
1 December 2025
Get the latest issue of Outlook Business
Platforms classified as Telecommunication Identifier User Entities (TIUEs) must submit compliance reports within the stipulated timeframe, and failure to comply could attract penalties, the government said.
WhatsApp & Small Merchants
India is WhatsApp’s largest market, with hundreds of millions of users and rapidly growing adoption of WhatsApp Business for commerce and customer service. Industry observers warn that forcing accounts to stay tied to a SIM and logging web sessions out every few hours will disrupt the workflows of small shops and customer-support teams that rely on keeping WhatsApp Web or desktop clients persistently connected.
Trade groups and digital-rights organisations quickly criticised the move as technically impractical and potentially harmful to user privacy and legitimate commerce. The Broadband India Forum urged the government to hold consultations, saying the rules raise “serious questions of technical feasibility” and risk widespread service disruption. Civil-liberties groups have signalled plans to challenge aspects of the order in court if necessary.
Government Rationale
Authorities say the measure aims to restore traceability of phone numbers used in phishing, investment scams and other digital frauds. The government has repeatedly warned of a steep rise in cybercrime losses; official figures cited in 2024 put monetary losses in the tens of thousands of crores and show millions of incidents reported on national portals. The DoT framed the SIM-binding step as part of broader telecom cybersecurity norms.
Technical options include requiring periodic device “liveness” checks, issuing enterprise carve-outs for large API users, or extending session timeouts for verified business accounts, all of which companies say would require significant engineering changes and could create uneven user experiences. Platforms may pursue a mix of compliance, negotiation with regulators and legal challenges. Some expect targeted exemptions or phased implementation after industry-government talks.
