Why a new govt directive means your WhatsApp Web could soon log you out every 6 hours

A senior industry executive said that such a level of SIM linkage for communication services does not happen in the same way in other countries. Here is what to know.

What is going to change?

The government is drawing its regulatory powers from the Telecommunication Cybersecurity Amendment Rules, 2025, which were notified in October, and introduced the concept of Telecommunication Identifier User Entity (TIUE) under the scope of telecom regulations. As per the rules, a TIUE is an entity (other than a licensee, like telecom operators) that uses telecommunication identifiers – such as mobile numbers – to identify its users.

The directions are learnt to have been sent to companies like WhatsApp, Telegram, Signal, Arattai, Snapchat, Sharechat, Jiochat, and Josh. These platforms are now required to ensure that, within 90 days, their services are “continuously” linked to the SIM card used to register on them, and not allow access without the SIM in the device. In technical terms, this is called SIM binding. As a result, the various associated web services (like WhatsApp Web) “shall be logged out periodically” – no later than six hours. Platforms will have to send a compliance report to the DoT within the next four months.

Right now, services like WhatsApp verify a user’s identity by sending a one-time password (OTP) to their mobile number. But, to follow the DoT’s directive, they will have to start accessing the IMSI of their SIM cards. IMSI stands for International Mobile Subscriber Identity, and is a unique number that identifies every mobile subscriber globally. It is stored on the SIM card.

For a global platform like WhatsApp, which has billions of users globally – and more than 500 million in India – it would mean re-engineering its service to meet Indian regulations, which are different from other countries.

The government’s rationale for SIM binding

Government officials have expressed frustration over their inability to track cyber fraudsters who use apps like WhatsApp.

“… it has come to the notice of Central Government that some of the app based communication services that are utilising mobile number for identification of its customers… allow users to consume their services without availability of the underlying SIM within the device… posing challenge to telecom cyber security as it is being misused from outside the country to commit cyber-frauds,” the DoT said in its notice to the communication companies.

How industry stakeholders have reacted

When the telecom cybersecurity rules were proposed earlier this year, the telecom industry had supported the need for SIM binding. “Presently, the binding process between a subscriber’s app-based communication services and their mobile SIM card occurs only once during the initial installation and verification phase, after which the application continues to function independently on the device even if the SIM card is later removed, replaced or deactivated,” the Cellular Operators Association of India (COAI), which represents all three private telcos, had said in a statement at the time.

Some representatives of telecom companies have now flagged concerns with the proposal. A senior industry executive said that these directions could pose a challenge to users who travel abroad and frequently use SIM cards from those countries to access communication services. “So far, when you use a new SIM card abroad, you can continue using services like WhatsApp without any additional registration. Now with these directives, that would no longer be possible,” one representative said.

Another executive said that the directive to log out from companion web instances of the messaging platforms every few hours could disrupt workflows, especially in professional setups. “Many people use services like WhatsApp on their computers when they’re at work. Some also have to use them without their phones around in some instances. There will now be a lot of added friction in that use case,” this executive said.

There are also questions around how effective these directives could be, as many people who use such services to carry out fraud and scams use SIM cards procured through illegal means, such as using forged or mule identity cards.