India began enforcing a sweeping mandate today requiring users of messaging apps, including WhatsApp, Telegram and Signal, to link their accounts to active SIM cards, a move the government says is critical to curbing escalating cyber fraud. The latest rules, issued by the Department of Telecommunications (DoT) under the Telecom Cyber Security (TCS) Rules, 2024, fundamentally alter how millions of Indians use these platforms.
Under the new framework, messaging apps will cease to function if the registered SIM card is removed from a user’s primary device. Re-activation requires re-inserting the SIM and undergoing a verification process. The directive, a first of its kind globally, impacts not only international messaging giants but also domestic platforms like ShareChat, and JioChat.
The most immediate change for users will be the restriction on multi-device functionality. Previously, accounts could remain active on desktop computers or tablets even with the primary smartphone offline. Now, services like WhatsApp Web will automatically log users out every six hours, requiring re-authentication via a QR code scan using the primary smartphone with the active, registered SIM card. This frequent verification is intended to disrupt prolonged, potentially compromised web sessions.
The government’s decision follows a dramatic increase in financial losses due to cybercrime. Official data indicates that cyber fraud resulted in damages exceeding 22,800 Crore Rupees (approximately 2.5 billion Euros) in 2024 alone. Authorities have identified a key vulnerability: fraudsters activating accounts with Indian SIM cards, then removing them to operate the accounts from other continents and countries, effectively masking their location and identity.
Communications Minister Jyotiraditya Scindia has emphasized that the SIM-binding rule is a proportionate response to protect citizens, stating that national security cannot be compromised. The DoT introduced the SIM binding rules in November 2025, setting a deadline of March 1, 2026, for implementation.
The mandate has faced legal challenges. The Broadband India Forum (BIF), an industry body representing companies including Meta and Google, has filed a legal challenge, arguing the directive is “unconstitutional” and exceeds the government’s legal authority. The BIF contends that telecom laws should apply to telecom operators, not to Over-the-Top (OTT) services like messaging platforms. Despite these objections and requests for extensions, the government has proceeded with the implementation.
Privacy advocates and technology experts have raised concerns about increased surveillance and practical difficulties for legitimate users who frequently switch between devices. Some companies are reportedly testing updates, with beta versions of WhatsApp including new prompts related to SIM card presence.
India’s move establishes it as a nation with exceptionally stringent operating requirements for messaging services. The long-term effects on user behavior and the digital communications landscape remain uncertain. While the government anticipates a significant reduction in cybercrime, the legal challenges from the technology sector are likely to continue, reigniting the debate between security, privacy, and user convenience in one of the world’s largest digital markets.
