In a sweeping move that could reshape how millions of Indians use popular messaging platforms, the Union government has directed apps such as WhatsApp, Telegram, Signal, Snapchat, ShareChat, JioChat, Arattai and Josh to ensure their services cannot be accessed unless users have an active SIM card in their device. The directive, issued under the Telecommunication Cybersecurity Amendment Rules, 2025, marks the first time that app-based communication platforms have been brought firmly under a telecom-style regulatory framework.
As per the directions, these apps, now classified as telecommunication identifier user entities (TIUEs), must ensure that each user remains continuously linked to an active SIM within 90 days and maintain that binding thereafter. For web users, the government has mandated an additional security layer that requires automatic logout every six hours, forcing a fresh login via a QR code.
According to the official release, the new verification model is designed to close a longstanding loophole that allows communication apps to continue functioning even after a SIM card is removed, deactivated or replaced.
The Cellular Operators Association of India (COAI) had previously warned that this behaviour enables cybercriminals—including overseas groups—to misuse messaging platforms without leaving behind telecom records such as location logs or call metadata.
Since many scams continue through these apps even after the associated SIM cards are no longer valid, authorities say mandatory SIM binding will re-establish a reliable link between a user, their number and their device. COAI believes the new system could help curb spam, fraud calls, phishing attempts and financial scams exploiting anonymous or unverifiable identities.
Experts, however, remain divided over the efficacy of the measure. Cybersecurity professionals cited in media reports argue that the move may only partially solve the problem, as fraudsters can still obtain SIM cards using forged or borrowed identification documents.
Telecom industry representatives counter that mobile numbers remain India’s strongest digital identity and that enhanced authentication is necessary as communication platforms become central to financial transactions, customer communication and service delivery.
Other sectors, such as banking and UPI payments, already rely on strict SIM verification to prevent unauthorised access, and the Securities and Exchange Board of India (SEBI) has proposed linking SIM data to trading accounts as part of broader fraud-prevention measures.
The latest directive comes soon after the Union ministry of communications issued an official clarification on amendments to the Telecommunication Cyber Security (TCS) Rules, 2024, updated on 22 October 2025. The amendments address critical vulnerabilities emerging from the deep integration of telecom identifiers into banking, e-commerce and governance systems.
The revised framework introduces a mobile number validation platform designed to verify whether a mobile number genuinely belongs to the person claiming it, reducing the risk of mule accounts and identity fraud. It also mandates IMEI scrubbing for resale and refurbished devices to prevent the circulation of stolen, cloned, or blacklisted phones, a growing concern in India’s rapidly expanding second-hand device market.
Further, the rules formalise obligations for TIUEs, requiring them to share telecom-identifier data with the government under regulated conditions to strengthen traceability and accountability in telecom-linked cybercrimes. The ministry clarified that despite an inadvertent re-publication error in the gazette, the original TCS Amendment Rules notified under GSR771(E) remain fully valid and enforceable.
The regulatory tightening comes at a time when India’s mobile subscriber base continues to grow steadily, reaching 1,171.87mn (million) at the end of October 2025, up from 1,170.44mn a month earlier, according to fresh data from the ministry.
While urban mobile subscriptions dipped slightly from 640.17mn to 639.99mn during the period, rural subscriptions rose from 530.27mn to 531.88mn, recording a monthly growth rate of 0.30%.
Officials believe that with India’s mobile connectivity expanding deeper into rural regions, securing communication platforms has become essential to protecting users and reinforcing digital trust.
With the new rules, India has signalled a decisive shift towards a more regulated, identity-linked model for digital communication, one that could have a significant impact on user behaviour, platform design and the broader cybersecurity landscape.
Messaging apps operating in the country will now have to redesign their systems to meet the government’s security expectations as the push for stronger accountability gathers momentum.
