India Enforces 90-Day SIM Binding for Popular Messaging Apps

India's Department of Telecommunications (DoT) has introduced a new directive requiring users to bind their subscriber identity module (SIM) to popular messaging applications such as WhatsApp, Telegram, and Snapchat. This regulation, which comes into effect within 90 days, mandates that users will be unable to access these platforms unless their original SIM card is present in the device.

The SIM binding initiative aims to create a reliable link between users and their devices, thereby improving accountability and traceability in digital communications. According to the DoT circular, messaging services will need to log users out every six hours if accessed without the associated SIM, necessitating a re-login via a QR code.

This measure stems from the Telecommunication Cybersecurity Amendment Rules, 2025, which require messaging platforms to access the International Mobile Subscriber Identity (IMSI) stored on the SIM. As a result, global services such as WhatsApp may need to modify their systems to comply with the new regulations for users in India.

The Cellular Operators Association of India (COAI), representing major telecom operators including Reliance Jio, Airtel, and Vodafone Idea, has welcomed the DoT's decision. COAI emphasised that mandatory SIM binding would help mitigate spam, fraudulent calls, and financial scams, which have been exacerbated by the ability of users to operate messaging apps independently of their SIM cards.

Lt General Dr SP Kochhar, Director General of COAI, stated, "COAI congratulates the Department of Telecommunications (DoT) for taking a landmark step towards bolstering National Security and safeguarding our citizens by mandating SIM binding for devices for app-based communication services."

He further elaborated that the new regulations would ensure continuous linkage between the SIM and the applications used for communication. This would address the gaps that have allowed for anonymity and misuse, thereby enhancing cybersecurity in India.

Previously, messaging apps linked to a mobile SIM card only during initial installation, allowing continued access even if the SIM was removed or deactivated. The new rules require that all relevant applications maintain a constant connection with the SIM, creating a more accountable digital space and offering protections against anonymous misuse.

As global agencies alert users to the increasing prevalence of sophisticated spyware and platform fraud, India’s implementation of persistent SIM binding is seen as a crucial step in securing digital communications. In a recent alert, the Cybersecurity and Infrastructure Security Agency (CISA) warned of spyware targeting messaging platform users through malicious links, emphasising the importance of securing mobile communications.

This move comes at a time when reports, such as one from Reuters, highlighted failures by a major social media platform to prevent extensive fraudulent advertisements targeting messaging app users. India’s new SIM binding directive seeks to counter such practices by enforcing accountability and creating a safer digital environment.

Despite some messaging services taking action against spam and fraud, the efficacy of these measures has been questioned, with reports indicating that only a small fraction of ban appeals were successfully addressed.

Moreover, the National Cybercrime Threat Analytics Unit (I4C) has identified scams involving fake advertisements that exploit the linked devices feature of messaging applications. The new SIM binding regulation aims to eliminate such vulnerabilities by ensuring that messaging sessions remain permanently connected to their verified SIM card, thereby preventing account hijacking.

As India takes this significant step towards enhancing cybersecurity, the telecom industry has expressed readiness to assist the government in combating digital fraud and scams. The DoT’s decision marks a pioneering effort to establish a verified identity layer within digital communications, contributing to the broader goal of securing user data and enhancing consumer trust in online platforms.