India Mandates SIM Card Verification for Messaging Apps

India's Department of Telecommunications has issued a directive mandating that messaging apps like WhatsApp and Telegram must enforce SIM card verification. This new regulation requires that user accounts remain linked to the SIM card used during registration, a process referred to as SIM binding.

According to the Times of India, the apps have 90 days to implement these changes, which include logging out web-based sessions every six hours if the original SIM card is not present in the device. This means users who frequently switch devices or travel may find themselves unable to access their accounts unless they have the correct SIM card.

The directive specifically targets platforms like WhatsApp, Telegram, Signal, and others, aiming to combat rising instances of cyber fraud which have been linked to the misuse of these platforms. The government has expressed concerns that allowing access without the verified SIM card poses significant cybersecurity risks, especially as many of these frauds are reportedly committed from outside India.

In a statement, the Department of Telecommunications noted that the existing setup, which only requires SIM verification during initial registration, allows users to continue using the app even after removing or deactivating their SIM card.

This poses a challenge for telecom cybersecurity, prompting the new regulations under the Telecommunication Cybersecurity Amendment Rules of 2025. This amendment emphasizes the need for continuous linkages between user accounts and SIM cards to enhance accountability.

With WhatsApp having over 500 million users in India, the impact of this regulation could be significant, particularly for those who use multiple devices or prefer accessing services via web applications.

Users who rely on WhatsApp Web for professional communication may face disruptions as they will be required to log back in every six hours, potentially affecting workflow and productivity. Critics have raised concerns about the practicality of these measures, citing that they seem to disproportionately affect users who might need to use their accounts on various devices, especially in a mobile-first country like India.

The new regulations also highlight the increasing pressure on messaging platforms to ensure user security and accountability, reflecting a broader trend toward stricter digital governance. Notably, the changes come as part of a larger governmental effort to tighten cybersecurity measures across the telecommunications sector, which has been under scrutiny amid rising cyber threats.

As messaging apps scramble to comply with these new rules, the potential for increased user frustration and operational challenges looms large. This regulatory shift underscores the delicate balance between user privacy, operational flexibility, and the pressing need for enhanced security in the digital communications landscape.