Key Takeaways
- WhatsApp, Telegram, and Signal will require an active SIM card in the device to function.
- Web versions of these apps will log out automatically every 6 hours.
- The new rules aim to curb cyber fraud originating from outside India.
- Non-compliant apps face legal action under the Telecommunications Act, 2023.
The Indian government has mandated that messaging apps like WhatsApp, Telegram, and Signal cannot run on a device without its active SIM card physically present. This new SIM-binding rule, effective immediately from November 28, 2025, fundamentally changes how millions use these popular services.
Users can no longer use WhatsApp on a phone with a different SIM card inserted or switch devices freely. Web and desktop versions will see far more frequent logouts, requiring re-authentication via QR code at least every six hours.
Addressing the Security Challenge
The Department of Telecommunications (DoT) identified a critical vulnerability. The government notification states, “It has come to the notice of Central Government that some of the App Based Communication Services… allows users to consume their services without availability of the underlying Subscriber Identity Module (SIM)… and this feature is posing challenge.”
This feature was being exploited for cross-border cybercrime, prompting the urgent directive.
What the New SIM-Binding Rules Mandate
Under the updated Telecom Cyber Security Rules, apps using mobile numbers for user identification (called Telecommunication Identifier User Entities or TIUEs) must:
- Continuous SIM Linkage: Within 90 days, ensure the messaging app is permanently linked to the active SIM in the device.
- Frequent Web Logouts: Web service instances must log out users periodically (within 6 hours) and allow re-linking via QR code.
- Compliance Reports: Submit compliance reports to the DoT within 120 days.
These directions are effective immediately and remain until modified or withdrawn. Non-compliance will lead to action under the Telecommunications Act, 2023, and other laws.
Government’s Rationale Behind the Move
The DoT clarified the security imperative: “Subscriber Identity Module (SIM) within the device… is posing challenge to telecom cyber security as it is being misused from outside the country to commit cyber-frauds.”
After months of discussion with service providers, the government deemed these measures “necessary… to prevent the misuse of telecommunication identifiers and to safeguard the integrity and security of the telecom ecosystem.”
