SIM binding mandatory for online messaging platforms: Dept of Telecom

“…it has come to the notice of Central Government that some of the app based communication services that are utilising mobile number for identification of its customers… allow users to consume their services without availability of the underlying SIM within the device… posing challenge to telecom cyber security as it is being misused from outside the country to commit cyber-frauds,” the DoT learnt to have said in its notice to communication companies such as WhatsApp, Telegram, Signal, Arattai, Snapchat, Sharechat, Jiochat, and Josh.

These platforms must now ensure that within 90 days, their services are “continuously” linked to the SIM card used to register with them. They must also disallow access if the SIM is not there in the device. In technical terms, this is called SIM binding. Associated web services of these platforms (like WhatsApp Web) “shall be logged out periodically” — not later than 6 hours.

The Centre is drawing powers from the Telecommunication Cybersecurity Amendment Rules, 2025, that were notified in October, to introduce the concept of Telecommunication Identifier User Entity (TIUE) under the scope of telecom regulations. As per the rules, a

TIUE (who is not a licensee like telecom operators) uses telecommunication identifiers — such as mobile numbers — to identify its users. Platforms will have to send to the DoT a compliance report within the next four months

What is SIM binding, how it affects users

A senior industry executive said that these directions could pose a challenge to users who travel abroad and frequently use SIM cards from those countries to access communication services. “So far, when you use a new SIM card abroad, you can continue using services like WhatsApp without any additional registration. Now with these directives, that would no longer be possible,” they said.

Another person said the directive to log out from companion web instances of the messaging platforms every 6 hours could disrupt workflows, especially in professional setups. “Many people use services like WhatsApp on their computers when they’re at work. Some also have to use them without their phones around in some instances. There will now be a lot of added friction in that use case,” this executive said.

There are also some questions around how effective these directives could be, since many people who use such services to carry out frauds and scams use SIM cards procured through illegal means, such as using forged, or mule identity cards.

However, when the telecom cybersecurity rules were proposed earlier this year, the telecom industry had supported the need for SIM binding.

“Presently, the binding process between a subscriber’s app-based communication services and their mobile SIM card occurs only once during the initial installation and verification phase, after which the application continues to function independently on the device even if the SIM card is later removed, replaced or deactivated,” the Cellular Operators Association of India (COAI), which represents all three private telcos, had said in a statement at the time.