India’s Department of Telecommunications has imposed new rules requiring messaging apps such as WhatsApp, Telegram, Signal, and Snapchat to enforce continuous SIM card verification for users to access their services. Under the Telecommunication Cybersecurity Amendment Rules, 2025, platforms must bind app usage to the active SIM card registered at account setup, with 90 days for implementation and 120 days to report compliance.
This policy transforms how users interact with these apps. If the registered SIM card is removed or deactivated, the app will cease to function. Moreover, web access to these platforms must include automatic logout every six hours, with QR code re-authentication through the mobile device required to continue usage. This ensures that using these apps without a specific active SIM card becomes impossible.
The move addresses a significant security gap where current systems verify mobile numbers only initially, allowing apps to operate even if the SIM card is changed or disabled. The Cellular Operators Association of India, representing major telecom firms like Reliance Jio and Bharti Airtel, advocated for these rules citing exploitation by cybercriminals who use SIM switching to evade detection, contributing to substantial cyber fraud losses estimated at 1,000 crore rupees monthly in early 2025.
While industries such as finance already implement strict SIM binding for UPI and banking apps, experts debate the new policy’s effectiveness against fraud, citing the possibility of scammers obtaining new SIM cards fraudulently. Nonetheless, telecom representatives argue the mandate strengthens mobile numbers as India’s primary digital identity and will boost cybersecurity accountability. Major messaging platforms have yet to comment publicly on how they will implement these new compliance measures.
