The Government of India’s Department of Telecommunications (DoT) has issued a directive to app-based messenger services like WhatsApp, Signal, and Telegram, mandating the implementation of SIM binding measures. This new regulation is intended to improve cybersecurity, combat cyber fraud, and prevent the misuse of telecom identifiers originating from outside the country.
The DoT’s notification requires that these messaging apps continuously verify the presence of the registered, active SIM card within the user’s device. If the corresponding SIM card is not found in the smartphone running the app, the messaging service must cease functioning.
Mandatory re-authentication for web apps
The directive also introduces a major change for desktop and web users.
“It has come to the notice of the Central Government that some of the app based communication services that are utilising mobile numbers for identification of their customers or for provisioning or delivery of services allow users to consume their services without availability of the underlying Subscriber Identity Module within the device in which the app based communication service is running, and this feature is posing a challenge,” states the government release.
For services like WhatsApp Web and similar browser-based platforms, the new norms require apps to automatically log out users at frequent intervals, specifically no later than every six hours.
This means users relying on web or desktop clients will be forced to re-authenticate, likely by scanning a QR code or performing a manual login every six hours to maintain an active session.
New norms for addressing cyber fraud concerns
The government stated that the existing feature allowing users to consume services without the required SIM card being present in the device poses a “challenge to telecom cyber security,” as it is being “misused from outside the country to commit cyber frauds.”
The DoT confirmed that discussions with prominent service providers had been ongoing for months and highlighted that the seriousness of the issue required immediate directions to protect the integrity of the telecom ecosystem. Failure to comply with the new norms will result in action being taken under the Telecommunications Act, 2023, and other applicable laws.
