By February 2026, India’s telecom authority is poised to introduce a SIM binding policy that will significantly alter the landscape for messaging applications such as WhatsApp. This new regulation mandates that users continuously verify their registered SIM cards, a move aimed at combating cyber fraud by preventing the use of these applications on deactivated SIMs. Additionally, users accessing web versions of these apps will be automatically logged out after a six-hour period, necessitating a fresh authentication process via QR code.
The Department of Telecommunications has granted messaging platforms like WhatsApp, Telegram, Signal, and Snapchat a 90-day window to implement this “SIM binding” requirement. Under this directive, if users remove the SIM card originally used for registration, these apps will cease to function. Officials assert that this measure is a direct response to cybercriminals who exploit the existing system, which allows apps to remain operational even after SIM cards have been removed, replaced, or deactivated. The government contends that criminals operating from outside India are leveraging this loophole to perpetrate cyber fraud and impersonation scams.
What SIM binding means and how it will work
The concept of SIM binding entails a continuous verification process, ensuring that the registered SIM card remains active and inserted in the device. Currently, messaging apps only require a one-time verification of the user’s mobile number during the initial setup. Once this verification is completed, the application functions independently, even if the SIM card is removed or replaced.
Under the forthcoming Telecommunication Cybersecurity Amendment Rules 2025, these platforms will be classified as Telecommunication Identifier User Entities (TIUEs). This classification signifies a substantial expansion of the Department of Telecommunications’ jurisdiction, extending regulatory oversight beyond traditional telecom operators to encompass any service utilizing mobile numbers for user identification. The Cellular Operators Association of India, representing private telecom companies, has expressed support for the SIM binding initiative, arguing that the current one-time verification process creates opportunities for misuse.
Challenges for travelers and multi-device users
While the directive aims to mitigate fraudulent activities, it may inadvertently create challenges for legitimate users. Travelers abroad who utilize local SIM cards will find it increasingly difficult to maintain access to services like WhatsApp without undergoing additional registration processes. Furthermore, individuals who rely on tablets or utilize messaging apps across multiple devices may experience frequent disruptions.
The requirement for web versions to log users out every six hours could also hinder productivity, particularly in professional environments where employees depend on WhatsApp for communication on computers without their phones nearby. For WhatsApp alone, which boasts over 500 million users in India, adapting to these new regulations will necessitate significant re-engineering of the service to align with the unique demands of the Indian market.
Meta and other firms question the proposal
Industry insiders have labeled the new instructions as “problematic,” highlighting the absence of a feasibility study or prior consultation before the directives were issued. Critics raise concerns about the effectiveness of SIM binding in curbing fraud, given that many scammers already utilize SIM cards acquired through forged or stolen identity documents. The Internet and Mobile Association of India, which represents Meta and other digital enterprises, has described the amended rules as a “clear overreach,” with far-reaching implications for digital businesses spanning fintech, e-commerce, mobility, and social media.
Messaging platforms now face a critical timeline, with early 2026 marking the deadline for compliance with the new requirements, or they risk facing potential regulatory repercussions.
