The Internet and Mobile Association of India (IAMAI), while flagging concerns over the Department of Telecommunications’ (DoT) recent SIM-binding directions said that rules go beyond the scope of the Telecommunications Act, 2023 and could severely disrupt digital communication services across the country.
In a letter to the Union Minister of Communications, Jyotiraditya Scindia, reviewed by Fe, the industry body said that over-the-top (OTT) app-based communication services are not covered under the Telecommunications Act and continue to be governed by the Information Technology Act, 2000. IAMAI added that while earlier drafts of the telecom law had proposed regulating OTT services, these provisions were eventually dropped in the final legislation passed by Parliament.
IAMAI’s statement
“OTT services are not within the scope of the Telecommunications Act, 2023. While the Draft Indian Telecommunication Bill, 2022 released in September 2022 for public consultations listed ‘over-the-top (OTT) communication services’ under the definition of telecommunication services, the Telecommunications Act, 2023 eventually notified omitted such references to OTT services,” IAMAI said.
The industry association representing companies like Google, Netflix, Amazon, Meta, Sony Liv also said that mandatory SIM-binding would adversely impact many business owners and MSMEs.
“Mandatory periodic logouts would interrupt ongoing conversations, delay responses, and disrupt daily business workflows. Moreover, the Directions might also pose challenges to the use of such applications during international travel, use of dual SIMs, or secondary devices such as laptops,” IAMAI said.
DoT orders
The directions, issued by DoT on November 28 under the Telecommunications (Telecom Cyber Security) Rules, 2024 mandates continuous SIM-binding for platforms operated by certain app-based communication services in India and require users to log out of web and desktop versions of such applications every six hours.
IAMAI further argued that there is limited evidence to suggest that SIM-binding or compulsory logouts would meaningfully reduce instances of cyber fraud. It said that domestic fraud networks often operate using SIM cards obtained through fake or borrowed identities, which are used briefly and discarded making such regulatory measures ineffective against organised fraud.
“There is limited evidence that SIM-binding or mandatory logouts would meaningfully reduce cyber-fraud. Domestic fraud clusters might remain largely unaffected, since scammers commonly obtained SIMs using fake or borrowed IDs, used them briefly, and discarded them,” the association said.
The industry body also said that there are technical and practical challenges in implementing continuous SIM verification, particularly on devices with dual SIMs, e-SIMs or secondary devices such as laptops. According to IAMAI, operating system-level privacy and security restrictions may prevent apps from reliably verifying SIM status, potentially resulting in false lockouts and service disruptions for users.
However, another industry body, Cellular Operators Association of India (COAI) representing private telecom operators such as Reliance Jio and Bharti Airtel welcomed the move saying that SIM-binding is a privacy-respecting security measure that reinforces digital trust and enhances user protection against spams and frauds.
Given the concerns, IAMAI has urged DoT to reconsider the mandate for continuous SIM-binding. It has also proposed the formation of a technical working group comprising government representatives, industry stakeholders and technical experts to develop coordinated, industry-wide solutions to tackle cybercrime more effectively.
