New Delhi: The government has decided to extend the deadline for implementing SIM-binding rules for mobile messaging platforms such as WhatsApp, Telegram and Signal until December 31, following representations made by industry stakeholders, sources said.

Under the proposed framework, messaging services would be accessible on a mobile device only when an active SIM card is present in that device.

Changes to web version log-out rules

The Department of Telecommunications has also revised another key requirement. The earlier rule mandating automatic log-out from web versions of messaging platforms after six hours has now been withdrawn.

Instead, platforms will adopt a system based on risk assessment, with log-outs triggered through AI-driven analysis, according to sources.

Background to earlier directive

The department had originally issued directions on November 28, 2025, asking major app-based communication service providers to ensure that their services remained continuously linked to an active SIM card from February 26, with compliance to be reported by March 28.

“The government has extended the deadline for applicability of SIM-binding rule to December 31 following representation from the industry players,” an official source told Press Trust of India.

Previously, the directive required users to be logged out from web versions of messaging platforms after six hours of inactivity.

Rationale behind SIM-binding rules

The SIM-binding measure was introduced by the department to address security vulnerabilities that cybercriminals have been exploiting for large-scale, and often cross-border, digital fraud.

According to the department, accounts on messaging and calling applications often remain functional even after the linked SIM card has been removed, deactivated or taken abroad. This loophole has enabled anonymous scams, so-called “digital arrest” frauds and impersonation calls using Indian numbers.

Officials have stated that enforcing continuous SIM-device linkage, along with periodic log-outs, would ensure that every active account and web session is tied to a live SIM that has undergone KYC verification. This, they believe, would help restore traceability in cases involving phishing, investment scams, loan fraud and similar offences.

The department also pointed out that long-duration web or desktop sessions allow fraudsters to operate accounts remotely without access to the original device or SIM, making it harder for authorities to trace and shut down such activities.

Industry raises legal concerns

Despite the security rationale, the proposal has faced opposition from industry groups. The Broadband India Forum, which represents major technology companies including Meta and Google, questioned the legal validity of the mandate.

Citing a legal opinion from a senior counsel, the forum argued that the directive could be considered “ultra vires the parent legislation” and “unconstitutional”.

In a letter dated February 23 addressed to DoT Secretary Amit Agrawal, the body stated that the Telecommunications (Telecom Cyber Security) Amendment Rules, 2025, along with the SIM-binding directions, may go beyond the powers granted under the Telecommunications Act of 2023.

Survey flags potential disruptions

Meanwhile, think tank CUTS International released findings from a survey indicating that the proposed rules could disrupt usage for both individuals and businesses.

The report suggested that around 80 per cent of consumers and more than 60 per cent of small and medium enterprises expect operational challenges if SIM-binding is made mandatory.

It further noted that nearly 86 percent of users allow family members to access their phone or SIM for messaging purposes. In about 39 percent of such instances, the primary SIM holder may not be physically present when authentication is required, which could lead to delays or interruptions in access.

With agency inputs