India’s Department of Telecommunications (DoT) has enforced a new SIM-binding rule starting March 1, 2026. The directive applies to messaging platforms that use mobile numbers for user authentication, including WhatsApp, Telegram, Signal and similar apps.
The order was originally issued on November 28, 2025, giving companies 90 days to comply.
What Is SIM-Binding?
Currently, most messaging apps verify users using a one-time password (OTP) sent to their registered mobile number during sign-up. After verification, the app can continue functioning even if the SIM card is removed or deactivated, particularly in multi-device and web versions.
Under the new SIM-binding rule:
- The messaging app must function only when the registered SIM card is present in the user’s primary mobile device.
- If the registered SIM is removed, swapped, or inactive, the app may stop working until re-verified.
- Web-based services (such as WhatsApp Web or Telegram Web) must automatically log out at least once every six hours.
- Users will need to re-authenticate periodically for web access.
The six-hour auto-logout rule applies only to web sessions, not to the main mobile app, provided the SIM remains active in the device.
Why Has This Rule Been Introduced?
According to DoT, cybercriminals have been exploiting messaging platforms by operating accounts without the original SIM present. In some reported cases, fraudsters used such gaps to carry out phishing, impersonation, and financial scams.
The SIM-binding requirement aims to:
- Ensure every active account is linked to a verified SIM issued under KYC norms.
- Improve traceability of digital communications.
- Reduce misuse of telecom identifiers.
- Strengthen fraud prevention measures.
Officials state that this is part of a broader effort to curb online financial fraud and digital identity misuse.
What Changes for Users?
From March 1 onward:
- Messaging apps must verify that the registered SIM is physically present in the primary device.
- Web and desktop sessions will auto-logout at least every six hours.
- Users who are travelling or roaming will not be affected, as long as the SIM remains active in the phone.
Users who frequently switch devices or remove their SIM cards may experience additional verification prompts.
Industry Response
Reports indicate that some messaging platforms have already begun testing updates to comply with the directive. Beta versions of certain apps reportedly include prompts asking users to confirm that their registered SIM is inserted in the device.
At the same time, an industry body representing major messaging platforms has challenged aspects of the rule in court, arguing that it may exceed regulatory authority. The government maintains that SIM-binding is necessary for cybersecurity and fraud prevention.
What Users Should Do
- Keep your registered SIM active in your primary device.
- Avoid removing or swapping SIM cards unnecessarily.
- Enable two-step verification where available.
- Regularly review linked devices in messaging app settings.