Government Mandates SIM Linking for All Messaging Apps

Government Mandates SIM Linking for All Messaging Apps

Why in News?

The Department of Telecommunication (DoT) has mandated SIM linking for all major messaging apps to enhance user verification and curb digital fraud. Platforms like WhatsApp, Telegram, Signal, Snapchat and others must now bind accounts to the active SIM on each device.

Highlights of DoT Directions on SIM-Linking for Messaging Apps

• On 28 November 2025, the DoT issued formal instructions to all major over-the-top (OTT) messaging platforms operating in India. The order requires these platforms to implement mandatory SIM binding — meaning the app must remain linked to the active SIM card and mobile number originally used for registration. If the SIM is removed, replaced, or becomes inactive, the application must stop working on that device.
• All messaging apps defined as “Telecommunication Identifier User Entities (TIUEs)” must ensure continuous linkage between the user’s SIM–number–device. For apps that offer web or desktop versions (such as web-based login), the DoT mandates periodic automatic logouts — no later than every 6 hours. After logout, the user must re-authenticate via QR code from the mobile app.
• All these new rules are mandatory and must be implemented within 90 days from the date of the directive. Additionally, these apps must submit a compliance report to the DoT within 120 days of receiving the directions.
• The directive applies to major OTT messaging and communication platforms functioning in India. Some of the named apps include: WhatsApp, Telegram, Signal, Snapchat, etc. These cover most major messaging platforms used widely across India.
• Platforms must adopt the technical changes and start enforcing SIM binding. Failure to comply may trigger penal action under the relevant provisions of the Telecommunications Act, 2023 and the Telecom Cyber Security Rules, 2024 (including its 2025 amendment).

Reasons Behind the SIM-linking Mandate

• Improve Traceability: The DoT ordered SIM binding to make user identity traceable. Traceability helps police link an online account to a phone number and a physical device and reduces the time needed to locate suspects. The change supports criminal investigations into scams and violent threats. 
• Cut the Rise in Cyber Fraud: Indian agencies reported a big jump in high value fraud cases in FY 2024 with large sums rose from 6,699 in FY 2023 to 29,082 in FY 2024. National estimates show losses of tens of thousands of crores in 2024. The government seeks to reduce these losses by tying accounts to verified SIMs.
• Align with Telecom Rules: The government updated the Telecom Cyber Security Rules in 2024 and amended them in October 2025. The SIM mandate brings messaging apps under the same compliance regime as telecom carriers. This creates a single security standard for identifiers such as SIM and IMEI. The alignment aims to close regulatory gaps.
• Prevent use of Spoofed Numbers: Misuse occurs when apps stay logged in after the original SIM is removed. Fraudsters exploit this gap. SIM binding forces the app to stop when the SIM is absent. The rule reduces the chance of accounts running on cloned or foreign numbers and complements steps to block fraudulent SIMs and IMEIs. 
• Protect National Security: Messaging apps link to banking and governance functions. A compromise in these apps can threaten payments and public services. The government views SIM binding as a measure to secure payment rails and official communications. The rule fits broader cyber policy moves in 2024–2025 to harden essential digital infrastructure.

How SIM-Linding Works?

• The process begins when the user installs the messaging app and starts registration. The app checks the SIM number, the IMSI code and the IMEI identity of the device. The app sends these identifiers to its verification server. The server confirms that the SIM is active on an Indian mobile network. Soon, the system creates a permanent link between the account and the SIM details.
• After registration, the app creates an encrypted binding token inside the device. The token contains the phone number, the IMSI, the IMEI, and a device hash ID. The app locks this token to the device hardware that cannot move to another device. The server verifies this token each time the user opens the app.
• The app checks if the SIM stored in the token remains inside the device. The operating system sends a SIM status signal to the app at regular intervals. The app reads the SIM serial number and matches it with the original registration data. The check runs silently in the background.
• The app logs out the user when the SIM mismatch occurs. The app removes all active sessions and clears access to chats. The app also sends a mismatch alert to the server. The server locks the account until the user performs fresh verification. The block remains until the original SIM becomes active again.

Significance of SIM Binding for Messaging Apps

• Stronger User Privacy: The government strengthens user privacy by placing clear duties on digital communication platforms under national laws like the Digital Personal Data Protection Act 2023. The rules push services to implement end-to-end safeguards and minimise unnecessary data collection. These steps increase user trust.

• Transparent Data Processing: The rules create more clarity around data processing. India recorded more than 1,100 complaints of misuse of personal data in 2022 according to public reports submitted to regulatory authorities. The new system reduces such incidents by giving users the right to challenge misuse. 

• National Security: The Ministry of Home Affairs recorded more than 22.68 lakh cyber-security alerts in 2024 which showed the rise of digital threats. The new rules along with DPDP allow security agencies to access communication records only under approved legal procedures. The system protects the country from coordinated attacks.

• Digital Rights Preservation: The government protects digital rights by limiting the scope of regulatory powers through statutory boundaries set by Parliament. The Supreme Court upheld the right to privacy as a fundamental right in 2017. The new framework prevents companies from misusing personal data and protects democratic rights.

Challenges of SIM Binding for Messaging Apps

• • Limited Effectiveness: The new requirements create friction for normal users because mandatory SIM-based checks can interrupt daily communication routines. Many app operators argue that the rule will affect genuine users more than criminals because scammers can shift devices or use mule SIMs while ordinary users must go through repeated verification. 
  • Disruption to Legitimate Users: People who use international roaming, dual-SIM phones, eSIM setups, secondary phones, and desktop access during long workdays may face repeated sign-outs that break continuity. Millions of Indians use messaging apps and any unexpected logout will break their workflow. 

• Technical Feasibility: Industry representatives point out that continuous SIM checks do not work the same way on every device because operating systems control how apps can access SIM information. The problem is significant on iOS devices where strict OS policies limit real-time access to the SIM status.