SIM binding is coming to messaging apps; here’s what you must know | EXPLAINER

India’s Department of Telecommunications (DoT) has announced a major new rule aimed at curbing the surge in cyber fraud, directing popular messaging apps – including WhatsApp, Telegram, Snapchat, Signal, ShareChat, Josh, JioChat and others – to implement mandatory SIM binding within the next 90 days. Companion features such as WhatsApp Web will also see changes, with web sessions set to log out automatically every six hours.
According to the government, “SIM binding” is necessary to address security gaps that cybercriminals have been exploiting at scale.
What is SIM binding?
SIM binding means a messaging app will function only when the phone contains the same SIM card that was used at the time of registration. If the original SIM is removed, replaced or becomes inactive, the app will stop working entirely.
The new rules also require automatic logout of all web-based sessions every six hours. After each logout, users must re-link their device by scanning a QR code.
Why is the government enforcing SIM binding?
Authorities say a constantly active, verified SIM is essential to eliminate a major vulnerability used in large-scale digital scams. With cyber-fraud losses crossing Rs 22,800 crore in 2024, the government believes that tying every account and web session to a live, KYC-verified SIM will restore traceability.
Officials say this measure will help tackle crimes such as phishing, investment frauds, digital arrest scams and loan app rackets. The Centre has clarified that users travelling or on roaming will not be affected as long as the SIM remains inside their device.
What does the DoT directive require from apps?
The DoT’s Nov. 28 directive mandates:
- Messaging apps must adopt SIM binding within 90 days.
- Services should be available only when the registered SIM is active in the device.
- Platforms offering app-based communication in India must submit compliance reports within 120 days.
The directive warns that non-compliance may lead to action under the Telecommunications Act, 2023, the Telecom Cyber Security Rules and other applicable laws.
At present, most messaging apps verify the SIM only during installation and continue to work even after the SIM is removed or deactivated. The new rule intends to end this practice.
What are industry bodies saying?
COAI supports the move
Telecom operators under the Cellular Operators Association of India have welcomed the new rule, saying it boosts national security and protects users.
COAI, whose members include Reliance Jio, Bharti Airtel and Vodafone Idea, says continuous SIM linkage “ensures accountability for all activity conducted through a communication app”. The body added that the rules will close long-standing gaps that have enabled anonymity and misuse, and that it is committed to supporting smooth implementation.
BIF flags concerns
The Broadband India Forum, representing technology companies such as Meta and Google, has raised concerns over the directive. The BIF says the rule creates questions around jurisdiction, consumer impact and risk, and imposes obligations that go beyond the Telecom Act and the intended scope of the Telecom Cyber Security Rules.
The forum has urged the government to pause implementation timelines and begin stakeholder consultations on SIM binding.