The Department of Telecommunications (DoT) has issued a sweeping directive under the Telecommunication Cybersecurity Amendment Rules, 2025 that will re-define how people use messaging apps such as WhatsApp, Telegram, Signal, Snapchat, and several others. The primary requirement: these services must now remain continuously linked to a valid SIM card in the device. Access without that SIM will no longer be permitted.
These rules are part of the newly updated 2025 cybersecurity framework. The DoT says the move aims to reduce online scams, fraud, impersonation and fake‑identity abuse that have been rising sharply across digital platforms. By tethering communication services strictly to active SIM‑linked devices, the government intends to restore accountability to digital interactions.
WhatsApp and Others Must Follow Telecom‑Style Security Rules
Under the new directive, WhatsApp — along with platforms such as Telegram, Signal, Snapchat, as well as other apps named in the DoT notification — have been classified as Telecommunication Identifier User Entities (TIUEs). This classification brings them under regulatory obligations that were until now reserved for telecom providers.
The requirement is straightforward yet strict. From the end of a 90‑day compliance window, each app must ensure that the SIM card associated with the registered mobile number remains physically present and active in the device. If the SIM is removed, replaced or deactivated, the app must suspend access immediately.
Six‑Hour Auto Logout for Web Sessions
The new framework also addresses use of these apps via web or desktop clients. Under the directive, any web‑based session must be automatically logged out at least every six hours. To regain access, the user must re‑authenticate — typically by scanning a QR code with the mobile app, which must itself be SIM‑linked and active. This aims to prevent misuse via unattended or compromised devices, which have often been used to perpetuate fraud or impersonation.
What Is Driving the Change
The DoT’s decision is rooted in findings that many app‑based communication services currently allow account continuity even when the underlying SIM card is removed. This loophole, the government says, has been exploited by scammers — often operating from abroad — to carry out phishing, fake‑call scams, impersonation and other forms of cybercrime while remaining hard to trace.
By enforcing SIM‑device binding and periodic session re‑authentication, the government aims to ensure that every message, call, or login can potentially be traced back to a verified mobile identity, making anonymous misuse significantly harder. The regulator believes this will strengthen the integrity and security of India’s telecom and digital communication ecosystem.
Implications for Users
If your SIM is not active or inserted in your device, you may lose access to these messaging services. This affects people who use Wi‑Fi–only tablets, older phones without SIMs, or rely on a secondary device for messaging. Multi‑device users will find that the flexibility to switch devices at will is gone — the original SIM must remain present.
Additionally, users relying on web or desktop versions — such as professionals using WhatsApp Web during work — will face automatic logouts every six hours, requiring repeated logins. For many, this could mean a shift in usage habits and possibly reduced convenience.
What Happens Next
Platforms covered under the DoT directive now have 90 days — until late February 2026 — to implement continuous SIM‑to‑device binding and periodic logout functionality for web clients. They must also submit compliance reports to DoT within 120 days. Failure to adhere could invite regulatory actions under the Telecommunications Act, 2023 and related cybersecurity laws.
For users, this means adapting to stricter login protocols. Convenience — such as using WhatsApp without a SIM, switching devices often, or keeping web sessions open throughout the day — will give way to a more controlled, SIM‑linked access paradigm. The government believes this tradeoff is necessary to enhance digital security and accountability across the country.
Department of Telecommunications, (DoT) has issued a sweeping directive under the Telecommunication Cybersecurity Amendment Rules, 2025 that will re-define how people use messaging apps such as WhatsApp, Telegram, Signal, Snapchat, and several others. The primary requirement: these services must now remain continuously linked to a valid SIM card in the device. Access without that SIM will no longer be permitted.