India’s New SIM Registration Requirement For WhatsApp, Signal, Telegram, and Other Messaging Apps

India’s Department of Telecommunications (DoT) has issued a directive mandating continuous SIM binding for popular messaging apps, requiring an active SIM card in the device for services to function and periodic logouts for web versions.

This measure targets vulnerabilities exploited by cybercriminals in scams totaling over Rs 22,800 crore in 2024.

Affected platforms include WhatsApp, Telegram, Signal, Snapchat, ShareChat, JioChat, Josh, and Arattai, which use mobile numbers as unique identifiers called Telecommunication Identifier User Entities (TIUE).​

Directive Details and Technical Requirements

Issued on November 28, 2025, the directive demands compliance within 90 days, with reports due to the DoT within 120 days, and is enforceable under the Telecommunications Act, 2023, and the Telecom Cyber Security Rules.

Currently, these apps perform one-time verification via OTP sent to the registered MSISDN during signup, allowing continued use even after SIM removal, replacement, or deactivation.

The new rules require persistent SIM-device binding, likely involving periodic IMSI checks or telephony API queries to confirm the original KYC-verified SIM’s presence, preventing operation without it.

Web and desktop sessions must auto-logout every 6 hours, requiring re-authentication via a QR code scan on the primary device with the SIM.

This addresses long-lived sessions exploited abroad, where scammers hijack accounts through social engineering or Meta ads, operating without fresh verification.

Roaming users face no disruption if the SIM remains inserted.

Technically, implementation challenges arise because apps on Android and iOS face restrictions on accessing SIM hardware directly; experts note that actual binding may prove infeasible without deeper OS integration or silent SMS pings, raising privacy concerns.

Security Gains and Industry Divide

The government justifies SIM binding as essential to restore traceability, anchor accounts to live, KYC-verified SIMs, and curb phishing, investment fraud, and digital arrests via VoIP or anonymous sessions.

Cellular Operators Association of India (COAI), representing Jio, Airtel, and Vodafone Idea, praises it for closing anonymity gaps and enhancing national security through full accountability.

Conversely, the Broadband India Forum (BIF), including Meta and Google, flags jurisdictional overreach beyond the scope of the Telecom Act, potential consumer disruptions such as usability issues for dual-SIM or eSIM users, and unconsulted risks.

Critics argue that even banking apps with SIM binding see UPI frauds, questioning efficacy against sophisticated threats.

As enforcement looms in early 2026, platforms must overhaul authentication flows amid debates on security versus convenience.

​