Government Issues 90-Day Compliance Notice to Messaging Apps Over SIM-Based Restrictions

The Department of Telecommunications has instructed major messaging platforms to implement strict security changes within the next 90 days. The new directive requires apps to enforce “SIM binding” — a system-level update designed to prevent misuse of messaging accounts linked to telecom identifiers.

The government states that the move is part of a broader effort to curb cyber fraud, impersonation, and international digital scams facilitated through mobile-number-based loopholes.

What the New SIM Binding Rule Requires

Under the updated framework, messaging apps must continuously confirm that the original SIM card used during registration remains inserted and active in the device. At present, apps validate a mobile number only once during initial setup, after which services continue functioning normally even if the SIM is removed, swapped, or deactivated.

The revised policy mandates that apps cease operating if users remove the linked SIM card. The rule is slated to take effect from February 2026 as part of the government’s expanded telecom cybersecurity governance.

Additionally, web-based versions of these apps must log users out every six hours, requiring fresh authentication using QR-based verification.

The industry body, Cellular Operators Association of India has voiced support for tighter SIM-level verification, saying that stronger binding mechanisms may help telecom-powered digital services reduce fraudulent activity.

Why the Government is Making This Change

Officials argue that cyber criminals — many operating beyond India’s borders — exploit the current one-time verification model to maintain anonymous accounts even after original SIM access is lost. The government believes that forcing SIM-level validation will make impersonation and account misuse more difficult for bad actors conducting digital fraud remotely.

Impact on Everyday Users

While aimed at reducing cybercrime, the new rules could create operational challenges for verified users, especially those who frequently change SIMs or travel internationally.

• Travelers using local international SIMs may have to re-register their accounts upon swapping numbers.

• Users operating messaging apps across tablets, laptops, or secondary devices could face repeated service interruptions.

• Professionals depending on continuous web access may encounter workflow disruptions due to frequent mandatory logouts.

The compliance requirement is particularly significant for WhatsApp, which serves an estimated 500+ million users in India and would require deep platform restructuring to adopt a SIM-integrated authentication model unique to India.

Industry Raises Concerns Over Feasibility

Multiple digital firms have questioned the directive, citing lack of prior consultation or feasibility assessment. Industry voices warn that SIM binding may not fully prevent cyber fraud, since many existing scammers use telecom identifiers obtained through forged or stolen identity documents.

Critics and industry associations have also raised jurisdictional concerns, saying the new classification of apps as telecom identifier usage platforms expands oversight too far into digital business operations.

The association, Internet and Mobile Association of India has expressed strong reservations, calling the rules an extension of telecom authority into sectors including fintech, mobility services, social networking, and digital commerce.

Next Steps for Messaging Platforms

Messaging platforms now have until early 2026 to comply or risk potential regulatory action from government authorities. Companies are expected to accelerate engineering and authentication-system evaluations to meet the 90-day compliance deadline.

The DoT maintains that the rule is a necessary cybersecurity safeguard, while the industry continues to urge a more balanced and globally interoperable approach that protects users without compromising usability or innovation.