Dec 02, 2025Ravie LakshmananRegulatory Compliance / On-line Security
India’s Division of Telecommunications (DoT) has issued instructions to app-based communication service suppliers to make sure that the platforms can’t be used with out an lively SIM card linked to the person’s cellular quantity.
To that finish, messaging apps like WhatsApp, Telegram, Snapchat, Arattai, Sharechat, Josh, JioChat, and Sign that use an Indian cellular quantity for uniquely figuring out their customers, in different phrases, a telecommunication identifier person entity (TIUE), to adjust to the directive inside 90 days.
The modification to the Telecommunications (Telecom Cyber Safety) Guidelines, 2024, is seen as an try to fight the misuse of telecommunication identifiers for phishing, scams, and cyber fraud, and guarantee telecom cybersecurity. The DoT mentioned the SIM‑binding instructions are essential to shut a safety hole that unhealthy actors are exploiting to conduct cross‑border fraud.
“Accounts on prompt messaging and calling apps proceed to work even after the related SIM is eliminated, deactivated, or moved overseas, enabling nameless scams, distant ‘digital arrest’ frauds and authorities‑impersonation calls utilizing Indian numbers,” the DoT mentioned in a press release issued Monday.
“Lengthy‑lived net/desktop periods let fraudsters management victims’ accounts from distant areas with no need the unique gadget or SIM, which complicates tracing and takedown. A session can at the moment be authenticated as soon as on a tool in India after which proceed to function from overseas, letting criminals run scams utilizing Indian numbers with none recent verification.”
The newly issued directive mandates that –
App Based mostly Communication Providers are repeatedly linked to the SIM card put in within the gadget and make it not possible to make use of the app with out that lively SIM
The online service occasion of the messaging platform is periodically logged out each six hours after which giving the customers to re-link their gadget through a QR code if obligatory
In forcing periodic re‑authentication, the Indian authorities mentioned the change reduces the scope for account takeover assaults, distant management misuse, and mule account operations. What’s extra, the repeated re-linking introduces extra friction within the course of, necessitating that the menace actors show they’re in management many times.
The DoT additionally famous that these restrictions be certain that each lively account on the messaging app and its net periods is tied to a Know Your Buyer (KYC)‑verified SIM, thereby permitting authorities to hint numbers which can be utilized in phishing, funding, digital arrest, and mortgage scams.
It is value noting that the SIM-binding and automated session logout guidelines are already relevant to banking and prompt fee apps that use India’s Unified Funds Interface (UPI) system. The newest instructions prolong this coverage to additionally cowl messaging apps. WhatsApp and Sign didn’t reply to requests for remark.
The event comes days after the DoT mentioned a Cellular Quantity Validation (MNV) platform could be established to curb the surge in mule accounts and identification fraud stemming from unverified linkages of cellular numbers with monetary and digital companies. Based on the modification, such a request on the MNV platform may be positioned by both a TIUE or a authorities company.
“This mechanism allows service suppliers to validate, by way of a decentralized and privacy-compliant platform, whether or not a cellular quantity used for a service genuinely belongs to the individual whose credentials are on report – thereby enhancing belief in digital transactions,” it mentioned.
