In a move to improve India’s cybersecurity, the Centre has rolled out new rules under the Telecommunication Cybersecurity Amendment Rules, 2025, that place messaging platforms under tighter scrutiny. The directive will mean that the companion web services, such as WhatsApp Web, will be automatically logged out every six hours to ensure SIM binding
Using WhatsApp without an active SIM card might soon become impossible. As part of a broader push to strengthen India’s
cybersecurity and prevent digital fraud, the government is rolling out new rules that place messaging platforms like WhatsApp under tighter scrutiny.
The Telecommunication Cybersecurity Amendment Rules, 2025, notified by the Department of Telecommunications (DoT), make it mandatory for every
WhatsApp account to remain linked to a functioning SIM card at all times.
The directive will also mean that the companion web services, such as WhatsApp Web, will not be available uninterrupted to users, as they will be automatically logged out every six hours.
But why has this rule been introduced? And what does WhatsApp have to do with it? Here’s a closer look.
What is the new rule?
The government is using the powers granted under the Telecommunication Cybersecurity Amendment Rules, 2025, notified in October, to bring messaging apps under a tighter regulatory framework.
These rules introduce a new category called the Telecommunication Identifier User Entity (TIUE), which covers any platform, other than telecom operators, that uses identifiers like mobile numbers to verify users.
Under these rules, platforms such as WhatsApp, Telegram, Signal, Arattai, Snapchat, Sharechat, Jiochat, and Josh have reportedly received directions from the DoT.
They must now ensure that, within 90 days, their services remain “continuously” linked to the SIM card used during registration. Users should not be able to access the app if that SIM isn’t physically active in the device. This process is known technically as SIM binding.
Because of this, linked services such as WhatsApp Web will now “be logged out periodically,” and the rules set a maximum limit of six hours. Companies must also submit a compliance report to the DoT within four months.
Why is this directive issued?
The government says the new system will make it easier to track fraudulent messages and prevent misuse.
The Cellular Operators Association of India (COAI) explained that currently, “the binding process between a subscriber’s app-based communication service and their SIM card occurs only once during installation, after which the app continues to function independently.”
“This creates opportunities for misuse,” the COAI said, noting that continuous SIM verification could help block these gaps.
Officials also believe the rules will help curb international cybercrime. Fraudsters often take advantage of inactive or foreign SIM cards to run phishing scams or financial fraud targeting users in India.
The DoT expressed concern over not being able to identify scammers who rely on apps like WhatsApp. In its notice to communication platforms, the DoT wrote that “… it has come to the notice of Central Government that some of the app based communication services that are utilising mobile number for identification of its customers… allow users to consume their services without availability of the underlying SIM within the device… posing challenge to telecom cyber security as it is being misused from outside the country to commit cyber-frauds.”
How will it impact users?
When the telecom cybersecurity rules were first floated earlier this year, the telecom sector broadly agreed that SIM binding was necessary. But now that the directives are formal, some industry representatives have raised concerns about how they may affect everyday users.
One senior executive told The Indian Express that the new rule could create hurdles for people who travel abroad and switch to local SIM cards.
“So far, when you use a new SIM card abroad, you can continue using services like WhatsApp without any additional registration. Now with these directives, that would no longer be possible,” the person said.
Another industry representative pointed out that forcing frequent logouts on services like WhatsApp Web could interrupt work routines, especially in office environments.
“Many people use services like WhatsApp on their computers when they’re at work. Some also have to use them without their phones around in some instances. There will now be a lot of added friction in that use case,” the executive said.
There are also doubts about how effective the rule will really be. A common industry argument is that many fraudsters use SIM cards bought through illegal channels, often using forged or stolen identity documents, which means SIM binding might not stop them. Experts also note that despite strict verification systems in banking and UPI apps, financial fraud hasn’t gone away.
For WhatsApp’s more than 500 million users in India, the rule could make the app slightly less seamless but potentially safer.
With input from agencies
End of Article