No WhatsApp Without SIM Soon; What The New DoT Rules Mean For Users
WhatsApp users in India may soon be required to keep their accounts linked to an active SIM card at all times, as part of a new cybersecurity framework announced by the Department of Telecommunications (DoT). The government has revised regulations under the Telecommunication Cybersecurity Amendment Rules, 2025, with the intention of curbing rising incidents of online fraud, impersonation and misuse of inactive numbers across digital platforms. Messaging services such as WhatsApp, Telegram, Signal and Snapchat have been given 90 days to implement the changes.
The core requirement is mandatory SIM binding: the app must verify that the SIM used during registration remains active and inserted in the device. If the SIM card is removed, replaced or deactivated, the app will stop functioning. Officials argue that the existing system allows communication to continue even if the SIM is no longer in use, creating opportunities for fraudulent activity.
The DoT maintains that persistent SIM verification will close loopholes that fraudsters exploit, particularly in cases where inactive or disconnected foreign SIM cards are used to target Indian users. Industry bodies such as the Cellular Operators Association of India (COAI) have said that mobile numbers remain the “most monitored identity” in the country and can play a stronger role in ensuring accountability.
While some cybersecurity experts say the rules may improve traceability, others believe determined fraudsters could still acquire new SIM cards using falsified documents. Concerns have also been raised regarding the accuracy of telecom subscriber databases, despite verification mechanisms introduced in recent years.
With the 90-day compliance window now active, WhatsApp users may soon notice stricter login requirements and enhanced verification prompts as the platform aligns itself with the revised cybersecurity mandate.
Mandatory SIM Binding for Messaging Apps
Under the new framework, WhatsApp has been classified as a Telecommunication Identifier User Entity (TIUE), a category that extends regulatory oversight to app-based communication services. This classification places WhatsApp under obligations similar to telecom operators, including continuous verification of an active SIM.The core requirement is mandatory SIM binding: the app must verify that the SIM used during registration remains active and inserted in the device. If the SIM card is removed, replaced or deactivated, the app will stop functioning. Officials argue that the existing system allows communication to continue even if the SIM is no longer in use, creating opportunities for fraudulent activity.
Web Version to Auto-Logout Every Six Hours
In addition to SIM binding, the rules introduce automated logout for the web version of WhatsApp. Sessions will now expire every six hours, requiring users to re-authenticate using a QR code. Authorities believe this measure will prevent misuse of unattended browser sessions and reduce exposure to phishing attempts.The DoT maintains that persistent SIM verification will close loopholes that fraudsters exploit, particularly in cases where inactive or disconnected foreign SIM cards are used to target Indian users. Industry bodies such as the Cellular Operators Association of India (COAI) have said that mobile numbers remain the “most monitored identity” in the country and can play a stronger role in ensuring accountability.
Impact on Everyday Users
For WhatsApp’s vast user base in India, the changes may introduce some inconvenience. Those who use the app solely through Wi-Fi devices or frequently switch handsets may experience interruptions, as the linked SIM must remain physically present.While some cybersecurity experts say the rules may improve traceability, others believe determined fraudsters could still acquire new SIM cards using falsified documents. Concerns have also been raised regarding the accuracy of telecom subscriber databases, despite verification mechanisms introduced in recent years.
With the 90-day compliance window now active, WhatsApp users may soon notice stricter login requirements and enhanced verification prompts as the platform aligns itself with the revised cybersecurity mandate.
Next Story