Image used for representation purpose only.
| Photo Credit: Reuters
The Union government passed directions on Friday (November 28, 2025) requiring services like WhatsApp to only work if users have the SIM card used to sign up for the service in their device, and to log out web-based chat sessions every six hours. The order, sent directly to messaging platforms like WhatsApp, Telegram and Signal, represents a major enlargement of the Department of Telecommunications (DoT)’s exercised jurisdiction, building on groundwork laid by a set of contentious cybersecurity guidelines notified this year.
Government officials have expressed frustration over their inability to track cyber fraudsters who use apps like WhatsApp, which currently only require users to validate their mobile number once, before being able to use the service on a range of devices. “SIM binding,” as the directions put it, would force WhatsApp and other messaging platforms to stop working if the SIM is taken out, and presumably aid in the traceability of cyber frauds operating on WhatsApp — by, in return, adding possible friction to other users. The directions were first reported by tech policy news site MediaNama.
SIMs used outside the phone where WhatsApp has been registered, the DoT said in its order, were “being misused from outside the country to commit cyber-frauds”. The order is in effect from February 2026. The DoT and WhatsApp did not have an immediate response to a query by The Hindu sent outside normal working hours. An industry source called the instructions “problematic” and that no feasibility study or consultation was held before these directions were issued, and that it was unclear if these measures would resist circumvention by fraudsters.
The DoT, which typically oversees telcos, has rarely waded beyond “carriage,” or the means of transmission, into the “content” layer of the internet, where apps like WhatsApp arguably operate, with the notable exception of website blocking. One official said that such divisions had to be constantly “rethought” in light of the “convergence” that the internet and telecom ecosystems have seen in recent years.
Throughout this year, the groundwork for instructions like this to messaging platforms was laid: the DoT notified amendments to its 2024 Cyber Security Rules, which defined the concept of “Telecommunication Identifier User Entities,” or TIUEs. This term could be applied to any firm which uses mobile numbers to identify users, from e-commerce platforms to messaging apps.
The Internet and Mobile Association of India, which represents Meta and other digital firms, said in a filing to the DoT this year that the amended rules not only represented a “clear overreach of the delegated legislative power under the [2023] Act, but will also have broad implications for digital businesses across fintech, e-commerce, mobility, social media, and essentially any service that relies on telecom identifiers”.
The telecom industry has repeatedly called on the DoT to act in this direction, ruling that strict anti-spam regulations that are routinely issued for them do not curb frauds perpetrated on platforms like WhatsApp.
Published – November 29, 2025 09:50 pm IST
