India Mandates SIM Binding for Messaging Apps to Combat Fraud

Millions of users in India are now required to have their SIM card active in their mobile phone to employ messaging applications like WhatsApp, Telegram, and Signal. This new regulation, implemented by the Indian Department of Telecommunications (DoT), marks a significant shift from the previous “verify once” model and sets a global precedent in the fight against digital crime.

Security Over Convenience

The new regulation ends the previous system where accounts could remain active even without a SIM card present in the device. Platforms will now demand to verify, approximately every six hours, that the registered SIM card is physically inserted and active in the user’s primary device. Failure to do so will block access. The Department of Telecommunications (DoT) introduced the SIM binding rules in November 2025 under the Telecom Cyber Security (TCS) Rules, 2024, with a 90-day transition period.

Impact on Web and Desktop Versions

The web and desktop versions of these messaging apps are particularly affected. WhatsApp Web users will now be automatically logged out at least every six hours, requiring them to scan a QR code with their primary mobile phone – containing the same registered SIM card – to log back in. This measure aims to prevent criminals from exploiting long-running web sessions for fraudulent activities.

National Security Concerns Drive the Change

The government’s decision is rooted in a surge of cybercrime. In 2024 alone, India experienced over 22,800 crore rupees (approximately 2.5 billion euros) in financial losses due to digital fraud India Today. Minister Jyotiraditya Scindia has emphasized that national security is paramount and cannot be compromised.

Investigators have identified a pattern where fraudsters use Indian mobile numbers to create accounts and operate from call centers abroad. The lack of SIM card verification made these accounts difficult to trace. The SIM binding rule aims to link every active account to a Know Your Customer (KYC) verified SIM card, significantly reducing anonymity for perpetrators.

Industry Pushback and Concerns

The industry has reacted with criticism, with some arguing the order represents a “legal overreach.” An industry association contends that telecom laws should apply to network operators, not application providers, which are officially categorized as Telecommunication Identifier User Entities (TIUEs) NDTV. Concerns have likewise been raised about the rule’s effectiveness, with critics suggesting determined criminals could still obtain new SIM cards for fraudulent purposes.

Practical challenges for legitimate users, such as international travel or the use of dual SIM/eSIM devices, have also been highlighted. However, the government has remained firm, with the rule coming into effect on March 1, 2026, after the 90-day transition period.

A Globally Watched Experiment

India’s nationwide SIM binding for messaging apps is a unique approach globally. The industry and data protection advocates worldwide will closely monitor whether the security benefits outweigh the reduced user convenience. If successful, this measure could serve as a precedent for other countries facing similar cybercrime challenges.

This marks a new era of digital communication for users in India, prioritizing security over the seamless, device-agnostic experience previously enjoyed.