India’s New SIM Binding Rule 2025 requires messaging apps like WhatsApp, Telegram, and Signal to stay linked to an active SIM card, with mandatory re-verification every 90 days and 6-hour logout cycles for web logins. The rule aims to boost cybersecurity, traceability, and reduce online fraud.
The Indian government has rolled out a major regulatory shift that could dramatically change how millions of people use their favourite messaging apps — including WhatsApp, Telegram, Signal, Snapchat, ShareChat, JioChat, Arattai, and Josh.
Under the latest Telecommunications Cybersecurity (Amendment) Rules, 2025, the Department of Telecommunications (DoT) has issued a strict order:
No messaging app will work unless users have an active SIM card inserted and continuously linked to the app.
This is the first time India has extended telecom style regulations directly to app-based communication platforms, officially naming them Telecommunications Identifier User Entities (TIUEs).
Let’s break down what exactly will change — and why.
Table of Contents
What the New Sim Binding Rule Mean for Users
Under the government’s new directive, messaging apps must follow two core requirements:
1. Mandatory SIM–App Binding Within 90 Days
Apps must ensure that a user’s active SIM card stays continuously tied to their account.
Earlier, once users verified their number during initial setup, apps kept working even if the SIM was removed, expired, or deactivated.
Now, platforms must confirm this linkage every 90 days, failing which the account could be restricted or logged out.
2. Web Logins Will Expire Every 6 Hours
If you use WhatsApp Web or Telegram Web, expect a big change.
The DoT now requires:
- Mandatory logout every 6 hours
- Reauthentication via QR code each time
The intention is simple: make remote misuse extremely difficult by ensuring every session is tied to an active, verified SIM in a real device.
Why Did the Government Introduce This Rule?
According to the DoT, the biggest issue lies in how communication apps currently verify users.
Today, apps like WhatsApp or Telegram verify your mobile number only once during installation. After that, they function without depending on whether:
The SIM is still in the device
The SIM has been replaced
The SIM has been deactivated
The user is in India or outside
This creates a loophole for cybercriminals.
How Criminals Exploit This Loophole
According to MediaNama, the Cellular Operators Association of India (COAI) explained:
“The binding process between a subscriber’s app-based communication services and their SIM card occurs only once during installation, after which the application continues to function independently.”
This makes it hard for authorities to track:
Call or message origins
Device locations
Carrier-level logs
Fraudulent communication trails
Many scammers operating from outside India rely on this gap to run fraud operations even after SIM deactivation. Persistent SIM binding, COAI says, will establish a continuous traceability link between:
User
Phone number
Device
This could significantly reduce:
Spam messaging
Identity spoofing
Remote scam operations
UPI or financial frauds on messaging platforms
Other Industries Already Use Similar Security
Sectors like banking and stock trading have enforced SIM-based verification for years:
UPI and banking apps won’t work without the registered SIM.
SEBI has recommended SIM-linking and even facial verification for trading accounts.
DoT believes messaging apps should follow the same security standards, given how widely they’re used for business and financial communication today.
What Are Experts Saying About the New Rule?
The move has sparked mixed reactions in the cybersecurity community.
Arguments For the Rule
Experts who support the directive say:
It improves traceability
Harder for scammers to operate remotely
Links every account to a verified identity
Reduces anonymous fraud attempts
Builds accountability across platforms
Telecom representatives argue that in India, mobile numbers are the most trusted digital identifier, so extending this trust to messaging apps makes sense.
Arguments Against the Rule
Some cybersecurity specialists believe the benefits may be limited.
Why?
Because scammers can:
Easily obtain SIM cards using fake documents
Borrow SIMs from unsuspecting individuals
Operate using inexpensive, disposable numbers
So while SIM-binding adds a layer of friction for criminals, it doesn’t fully eliminate fraud.
Another concern is user convenience:
Frequent logouts on web versions
Issues for people who travel and switch SIMs
Problems for users who rely on Wi-Fi-only devices
Multiple-device users facing verification loops
Platforms will now need to redesign their login systems completely.
So, What Should Users Expect Going Forward?
In the coming months, apps will likely roll out updates to comply with DoT guidelines. Expect:
Mandatory SIM verification during login
Periodic re-verification prompts
Web sessions expiring every 6 hours
Restrictions on app usage without an active SIM
Possible two-factor authentication integrations
For everyday users, it may feel like an extra step — but for the government, it’s about tightening cyber-security and cutting down fraud.
Final Thoughts
India’s new Telecommunications Cybersecurity Rules, 2025, mark a huge shift in how messaging platforms will operate. The intention is clear — strengthen security, improve accountability, and curb misuse.
However, the practical impact on user experience, multi-device usage, and privacy concerns will become clearer once apps start rolling out compliance-based updates.
Whether this becomes a major milestone in India’s digital security framework or faces pushback for inconvenience — only time will tell.
Disclaimer: The information in this article is based on details first reported by official sources and publicly available news, including Google News. We have adapted and rewritten the content for clarity, SEO optimization, and reader experience. All trademarks and images belong to their respective owners.
