India’s new cybersecurity rules will soon require WhatsApp users to keep their SIM card active and inserted in their device at all times. The government’s move aims to curb rising online fraud and spam by making messaging platforms more accountable.
Key Takeaways
- WhatsApp must link accounts to active SIM cards continuously
- Web version will auto-logout users every 6 hours
- 90-day deadline for implementation
- Affects 500+ million Indian users
New SIM Binding Rules Explained
The Department of Telecommunications has classified WhatsApp as a Telecommunication Identifier User Entity (TIUE) under the Telecommunication Cybersecurity Amendment Rules, 2025. This brings the messaging giant under similar regulatory oversight as traditional telecom companies.
The core requirement is persistent SIM verification. Unlike the current one-time verification during installation, WhatsApp must now continuously check that the registered SIM remains active and physically present in the device. Removal or deactivation of the SIM will immediately disable WhatsApp functionality.
The rules also mandate automatic logout from WhatsApp Web every six hours, requiring users to re-authenticate via QR code scanning. This addresses security risks from unattended browser sessions.
“The binding process between a subscriber’s app-based communication service and their SIM card occurs only once during installation, after which the app continues to function independently,” the Cellular Operators Association of India (COAI) stated. “This creates opportunities for misuse.”
Impact on Indian Users
For India’s massive WhatsApp user base, the changes mean:
- Wi-Fi-only tablet users may face access issues
- Frequent device switchers will encounter disruptions
- Enhanced security through better traceability
- More frequent authentication requirements
While authorities believe this will help combat international scams and financial fraud, critics question its effectiveness. Cybersecurity experts note that SIM binding alone cannot prevent scams, as criminals can still obtain new SIMs using fake identities.
Concerns also exist about the reliability of India’s telecom subscriber database, which forms the foundation of this verification system. Despite video KYC and facial recognition implementations, identity fraud cases remain significant.
The COAI defends the approach, calling mobile numbers India’s “most updated and monitored identity” and stating the government aims to “squeeze more juice out of this national resource” for cybersecurity.
WhatsApp now has 90 days to implement these changes, potentially transforming how Indians use the popular messaging platform.
