Government Mandates Active SIM Link for Messaging Apps in India

In a significant move to bolster telecom cybersecurity, the Indian government has made it mandatory for messaging apps such as WhatsApp, Signal, Telegram, and others to remain continuously linked to an active SIM card. This directive, issued by the Department of Telecommunications (DoT) on November 28, requires all app-based communication service providers operating in India to comply within 120 days.

The new policy aims to curb the misuse of messaging platforms that identify users via mobile numbers but allow service access without the associated SIM card being present in the device. According to the DoT, such loopholes have been exploited from abroad to carry out cyber frauds, posing a serious challenge to national telecom cybersecurity.

Key Provisions of the Directive

The instructions—issued under the powers granted by the Telecommunications Act, 2023, and Telecom Cyber Security Rules—apply to all Telecommunication Identifier User Entities (TIUEs) that use mobile numbers for user identification or service delivery in India. The following requirements have been outlined:

·       SIM Link Requirement: Within 90 days, apps must ensure that their services remain continuously linked to the SIM card associated with the mobile number used for registration or access. The app must not function without the active SIM installed in the user’s device.

·       Web Version Restrictions: Any web-based instance of the app must automatically log out users at least once every six hours. Re-access will require users to re-link their device via QR code authentication.

·       Compliance Timeline: All providers must submit compliance reports to the DoT within 120 days of the directive’s issuance.

Failure to comply will result in action under the Telecommunications Act and other relevant laws.

Impacted Platforms

This directive will significantly affect how Indian users interact with popular messaging platforms, including:

·       WhatsApp

·       Telegram

·       Signal

·       Arattai

·       Snapchat

·       ShareChat

·       JioChat

·       Josh

The DoT highlighted that allowing users to access app-based communication services without an active SIM poses a major cybersecurity risk. “This feature is being misused from outside the country to commit cyber frauds,” the department noted, emphasizing the need to safeguard the integrity and security of India’s telecom ecosystem.

While the directive covers domestic usage, ambiguity remains regarding international numbers. The policy does not explicitly state whether users registering with foreign numbers—potentially used by fraudsters—are subject to the same constraints. This unaddressed loophole could leave room for continued misuse, particularly in cross-border cybercrime scenarios.

The directive takes effect immediately and will remain in force unless amended or withdrawn by the DoT. Service providers are now under pressure to make technical changes to ensure full compliance within the stipulated time frame.