New SIM Binding Regulations: How WhatsApp, Signal, and Telegram Will Change for Indian Users

A new directive will soon mandate users to access messaging applications like WhatsApp exclusively with their registered SIM card.

The Centre is implementing changes to the functioning of WhatsApp, Signal, and Telegram. A recent directive from the Department of Telecommunications (DoT) will require users to access these messaging platforms only with their registered SIM card. This regulation will also impact companion services such as WhatsApp Web, which will automatically log users out every six hours.

The key modifications include requiring messaging apps to continuously verify that the SIM used for account registration remains active in the user's device. If the SIM is removed, substituted, or deactivated, the application will cease functioning. Web versions like WhatsApp Web will automatically terminate sessions every six hours, requiring users to re-authenticate via QR code. These changes must be implemented within a 90-day timeframe, with compliance reports submitted to the DoT within four months.

This directive applies to various messaging applications including WhatsApp, Signal, Telegram, Arattai, Snapchat, Sharechat, JioChat, and Josh. For India's over 500 million WhatsApp users, this could reduce convenience. Those who frequently switch devices, use Wi-Fi-only tablets, or depend on multi-device logins will experience the most significant impact.

The government states this initiative aims to reduce digital fraud. According to the DoT: "...it has come to the notice of Central Government that some app-based communication services utilizing mobile numbers for customer identification allow users to access services without the underlying SIM in the device...posing challenges to telecom cyber security as it's being misused from outside the country to commit cyber-frauds."

Currently, apps verify numbers using one-time passwords (OTPs). The new regulations will require verification of the International Mobile Subscriber Identity (IMSI) stored on SIM cards. IMSI is a unique identifier for each mobile subscriber globally.

The Cellular Operators Association of India (COAI) explained: "The binding process between a subscriber's app-based communication service and their SIM card occurs only once during installation, after which the app functions independently. This creates misuse opportunities. Persistent SIM verification will close this loophole."

SIM binding verifies that the registered SIM card remains active in your device. If the SIM is removed, replaced, or deactivated, the messaging app will stop working. For web users, the most significant change is that WhatsApp Web will automatically log out every six hours, requiring users to re-scan QR codes to continue using the service.