According to the Times of India, the Ministry of Telecommunications of India has ordered that the “SIM card binding” policy be enforced within 90 days on instant communication platforms such as WhatsApp, Telegram, Signal and Snapchat. If the user removes the SIM card used for registration, the above application will not run properly. The directive will enter into force in February 2026 and will require that web pages for such applications be automatically cancelled every six hours, requiring users to re-enter the site through a 2-dimensional code.
Government officials in India indicated that the measure was aimed at combating cyber-frauders who made use of loopholes in existing systems. The existing system allows applications to continue after the SIM card has been removed, replaced or disabled. The Government of India is of the view that it is this loophole that is used by criminals abroad to commit networks and identity fraud. The SIM card binding requires the application to verify continuously whether the registered SIM card is active and in the current device. According to the current policy, instant communication applications only validate a user phone number once on initial landing, and when this is completed, the application can run independently even if the SIM card is removed or replaced.
Such platforms are classified as telecommunication identifier user entities (TIUE) under the new Indian Telecommunication Network Security Amendment Rules 2025. This classification represents a significant extension of jurisdiction, from traditional telecommunications operators to any service that uses a mobile phone number for user identification. The Indian Association of Mobile Operators, representing private telecommunications companies, supported the need for SIM card binding, arguing that the current one-time certification would result in abuse. Although the directive was intended to curb telecommunications fraud, it may cause many inconveniences to legitimate users. Users travelling abroad and using local SIM cards will not be able to continue using services such as the WhatsApp and will have to re-register. Users who rely on tablets or use instant communication applications on multiple devices may face continuous interruptions. The requirement of re-entry every six hours is bound to disrupt the user ‘ s workflow, especially given the specific work environment, and mobile phones are often not available when staff land on the WhitsApp at the end of the computer. Currently, India has more than 500 million users in the WhatsApp alone, and the implementation of this directive requires a major redesign of services to conform to India-specific regulations.
Industry indicated that the directive was “problematic” and that no feasibility studies or consultations had been conducted prior to the issuance of the directive. Critics questioned the effectiveness of SIM card attachments to deter fraud, as many outlaws had begun to use them to obtain SIM cards by forging or stealing identity documents. The Indian Internet and Mobile Association, representing Meta and other digital companies, described the revised rules as “manifestly ultra vires”, with wide implications for digital operations such as financial technology, e-commerce, mobile travel and social media.