|
India’s Department of Telecommunications (DoT) has issued a sweeping new directive mandating SIM-binding for all app-based communication services, including WhatsApp, Telegram, Signal, Snapchat, ShareChat, JioChat, Josh and Arattai, as part of a broader push to curb telecom-related cybercrime and identity fraud. The order, dated November 28, 2025, has been issued under the Telecommunications (Telecom Cyber Security) Rules, 2024, and explicitly aims to prevent the “misuse of telecommunication identifiers, equipment, networks or services”. What the order mandates The directive requires all Telecom Identifier Using Entities (TIUEs) offering app-based communication services in India to link each user account with a verifiable SIM number used at the time of registration. Apps must verify that: The SIM used to sign up belongs to the same user operating the application. If a user switches to a new SIM, the app must re-verify the identity and update the binding. No communication service may continue for users whose SIM binding fails or remains unverified. Apps must store and maintain a secure audit trail of all verification attempts.
The order also mandates a strict logout protocol Apps must automatically log out a user within six hours if the SIM card linked to that account becomes inactive, is disconnected, or otherwise invalid. This six-hour shutdown rule is intended to prevent services from being accessed through dormant or deactivated numbers, but it also means users who change or lose their mobile number may find themselves abruptly signed out unless they update their credentials in time. The DoT has also instructed TIUEs to establish automated, real-time mechanisms for SIM–account mapping and to maintain logs demonstrating compliance. What changes for messaging and social apps For the first time, India is requiring apps to validate the telecom identifier (SIM) associated with a user account. This brings messaging platforms under a compliance framework similar to telecom operators, making anonymous or SIM-mismatched accounts impossible to operate. This effectively means: Users cannot activate or maintain accounts using numbers that are inactive, invalid or not registered in their name. Apps cannot allow communication if SIM ownership changes without fresh verification. Anyone using multiple SIMs across multiple devices will be prompted to authenticate each change. The directive will impact onboarding, number changes and account portability across apps. Users should expect: Mandatory SIM verification the next time they log in, reinstall or change devices/SIMs. Possible temporary service interruption if SIM details cannot be validated in real time. Increased scrutiny during number changes — apps may block accounts until verification is completed. Greater traceability — using someone else’s SIM for private messaging accounts will no longer be possible. Consumers, however, may also benefit from: Reduced impersonation and fraud incidents. Lower risk of accounts being taken over using illegal SIM swaps. Higher accountability for spam, scams and misuse of social/messaging apps. Compliance timeline All TIUEs providing app-based communication services must submit full compliance reports to the DoT within 120 days of the order’s issuance. Failure to comply will invite penalties under the Telecommunications Act, 2023, the Telecom Cyber Security Rules, 2024, and other applicable laws. The order comes into force immediately. Continue Reading (Edited by : Amrita) First Published: Nov 30, 2025 11:05 AM IST Check out our in-depth Market Coverage, Business News & get real-time Stock Market Updates on CNBC-TV18. Also, Watch our channels CNBC-TV18, CNBC Awaaz and CNBC Bajar Live on-the-go! (责任编辑:) |