The Department of Telecommunications (DoT) has issued a new directive requiring all major messaging platforms to remain continuously linked to an active SIM card. The move aims to strengthen telecom cybersecurity and curb rising cases of fraud carried out through app-based communication services.
New mandatory SIM-binding requirement
Under the order, messaging apps that identify or verify users through mobile numbers must ensure that the device running the service contains the corresponding SIM. Apps such as WhatsApp, Telegram and Arattai will no longer function on devices without the linked active SIM, a measure designed to prevent account misuse and remote hijacking.
Rationale behind the policy
The DoT cited increasing instances in which messaging services were accessed without the underlying SIM being present in the device. This loophole was reportedly exploited from abroad for cyber-fraud operations, posing a significant risk to the telecom network. The new rule seeks to eliminate this vulnerability by making SIM presence compulsory for continuous usage.
Compliance and timelines for platforms
App providers must enforce uninterrupted SIM-linkage and introduce periodic forced logouts for web versions. These desktop interfaces must require re-linking within six hours through QR-based authentication. Companies have 90 days to implement the technical changes and 120 days to submit formal compliance reports to the DoT.
Facts
- The mandate is issued under the Telecommunications Act, 2023 and Telecom Cyber Security Rules, 2024.
- Web versions of messaging apps must auto-logout and require re-linking within six hours.
- SIM-binding aims to curb cyber-fraud involving app accounts accessed from outside India.
- Compliance must be implemented within 90 days and reported within 120 days.
Broader cybersecurity context
The directive follows the Telecommunication Cybersecurity Amendment Rules, 2025, which recommended stricter mobile number verification across platforms. The DoT states that the new measures will enhance the integrity of India’s digital communication ecosystem and ensure safer user authentication across app-based services.