The Department of Telecommunications (DoT) has issued a new directive requiring major communication platforms, including WhatsApp, Telegram, and Signal, to implement a process known as SIM binding within the next 90 days. This new directive mandates that these apps must continuously verify the presence of the original, registered SIM card in the user’s device to remain functional.
The move, which also targets platforms like Snapchat, ShareChat, and JioChat, is primarily aimed at closing a critical security loophole currently exploited by cybercriminals operating from outside India.
SIM Binding: Why the Government is enforcing SIM Binding
Currently, users can verify their accounts on popular apps once and continue to use the service indefinitely, even if the linked SIM card is removed, deactivated, or if the user switches entirely to a Wi-Fi connection.
Government authorities and the telecom industry argue that this practice creates a security blind spot. According to the DoT, scammers frequently utilise old or inactive Indian SIM-linked accounts to conduct fraudulent activities, and because the physical SIM is absent from the device, their actual location becomes untraceable. The new SIM binding protocol is intended to ensure continuous linkage to a physical SIM, thus enhancing the traceability of communicators and aiding in the tracking of criminals.
New rules for communication apps
To comply with the DoT’s instructions, communication apps must meet two primary requirements:
1. Continuous SIM presence: The applications must regularly check if the original SIM card associated with the account is inserted in the phone. If the registered SIM is removed, the app is required to automatically cease functioning until the correct SIM is re-inserted.
2. Web access restriction: For web-based versions, such as WhatsApp Web, the government has mandated that users must be automatically logged out of their session every six hours. To log back in, users will be required to scan a QR code using the main app on their mobile device, adding an authentication layer to verify the user and device authenticity.
The affected companies have been given a 90-day window to integrate these changes into their services and must report their full compliance to the government within 120 days.
What will you witness as an everyday user
The new mandate introduces more frequent checks and occasional logouts, making the user experience more reliant on the active SIM. Individuals who use these communication apps on secondary devices that do not hold a SIM card, or those who frequently swap their SIMs between phones, may experience interruptions as part of the authentication procedures.
