The government has introduced strict new “SIM-binding” rules that will fundamentally change how people access internet messaging apps like WhatsApp, Telegram, Signal, Snapchat, ShareChat, JioChat, Arattai and others. Under directions issued by the Department of Telecommunications (DoT) as part of the Telecommunication Cybersecurity Amendment Rules, 2025, users will no longer be allowed to use these apps unless the active SIM card originally linked to the account remains inside the device.​

What the new SIM-binding rule actually does

The DoT has told all “app-based communication services” operating in India that they must redesign their apps so that:

• Continuous SIM presence is mandatory: The app must regularly check whether the SIM used at registration is still present and active in the phone. If the SIM is removed, replaced, or deactivated, the app must automatically stop working until the correct SIM is inserted again.​
• No access without an active SIM: Within 90 days, it should become technically impossible to keep using these messaging apps purely over Wi‑Fi or on devices without the original SIM, a major change from today’s behaviour, where verification is done once via OTP and the app keeps working even after the SIM is taken out.​

In addition, the rules impose a second big requirement affecting desktop use:

Web and desktop logouts every six hours: Web versions such as WhatsApp Web must automatically log users out at least once every six hours. To continue, users will need to scan a QR code or re‑authenticate from the phone app, re-establishing the SIM-device link each time.​

Which apps are covered

The order applies to essentially all OTT (over-the-top) communication and messaging platforms that use mobile numbers for identification, including WhatsApp, Telegram, Signal, Snapchat, ShareChat, JioChat, Josh, Arattai, and others​. These services have been directed to implement continuous SIM binding within 90 days of the notification and to submit a compliance report to the government within 120 days. Non-compliance could invite action under the Telecommunications Act, 2023 and the amended Telecom Cyber Security Rules.​

Why the government is doing this

The DoT says the change is meant to plug a serious security gap in how messaging apps currently work:

• One-time binding only: Today, most apps verify a phone number once, typically via SMS OTP, after which the app keeps working even if the SIM is removed, the number is deactivated, or the user travels abroad and swaps to a foreign SIM.​
• Loophole for fraud: Authorities argue this allows criminals to:

— Hijack or keep using accounts tied to Indian numbers from outside India.

— Spoof identities, bypass KYC-linked SIM safeguards and conduct scams using accounts that appear to be tied to verified Indian subscribers.​

According to the government's rationale:

• Some platforms “allow services to continue even when the user’s SIM card is removed, enabling fraudulent usage of Indian mobile numbers from foreign locations without valid authentication,” which they say poses a challenge to telecom cybersecurity.​
• Continuous SIM binding and tighter web-session control are supposed to improve traceability and make it harder to operate anonymous or long-lived fraudulent accounts.​

What this means for everyday users

Once implemented, the new rules will change several common usage patterns:

No more “SIM-free” WhatsApp or Telegram on old phones

Many people in India currently:

• Register WhatsApp or Telegram on a number, then remove the SIM and keep using the app over Wi‑Fi.
• Use a now-inactive or rarely-used number in a spare phone purely for messaging.

Under SIM binding, this will no longer work. If the original SIM is not physically present and active in the device, the app must lock access until it’s reinserted.​

Stricter use of dual-SIM and travel scenarios

• If you swap out your primary Indian SIM while travelling abroad but continue using messaging apps on Wi‑Fi or with only a foreign SIM, the apps will be required to stop functioning for that account.​
• Users may need to keep their registered SIM in the phone at all times or re-register when changing numbers—something that could be inconvenient for frequent travellers, dual-SIM users and those juggling multiple lines.

More friction on desktop and web versions

• WhatsApp Web and similar clients that today stay logged in for days or weeks will now auto‑logout at least every six hours.​
• This means users in offices or shared environments will need to periodically rescan a QR code or re-authenticate from the phone, increasing friction but theoretically reducing long-lived hijacked sessions.