.png){kind=logo}
The Indian government has mandated SIM-based verification for all WhatsApp accounts, which restricts SIM-free or anonymous usage. The updated framework seeks to reinforce digital safety, minimize identity-less messaging, and support stronger regulatory oversight.
The Indian government tightened its cybersecurity framework. WhatsApp and other messaging apps are at the centre of these new rules. The Department of Telecommunications (DoT) has issued new Telecommunication Cybersecurity Amendment Rules that require that every WhatsApp account remain linked to an active SIM card at all times.
The notification reads: “It has come to the notice of Central Government that some of the App Based Communication Services that are utilizing Mobile Number for identification of its customers/users or for provisioning or delivery of services, allows users to consume their services without availability of the underlying Subscriber Identity Module (SIM) within the device in which App Based Communication Services is running and this feature is posing challenge.”
“Subscriber Identity Module (SIM) within the device in which App-Based Communication Services is running, and this feature is posing a challenge to telecom cyber security as it is being misused from outside the country to commit cyber-frauds,” the DoT clarified.
“Discussions on this with prominent service providers were on for the last few months. Given the seriousness of the issue, it had become necessary to issue directions to such App-Based Communication Services to prevent the misuse of telecommunication identifiers and to safeguard the integrity and security of the telecom ecosystem,” the statement added.
The notification, issued on November 28, 2025, has come into force with immediate effect.
People will no longer be able to use apps like WhatsApp, Telegram, or Signal on a device without an active SIM card inside it.
The App-Based Communication Services should be continuously linked to the SIM card installed in the device for 90 days after the issue of the instructions.
Users will be automatically logged out of the browser after 6 hours of logging in. They can also re-link the device using a QR code.
These directions come into effect immediately and will remain active until the DoT changes or withdraws them.
The rules define these apps as Telecommunication Identifier User Entities (TIUE). They must follow all government instructions meant to prevent the misuse of mobile numbers, telecom devices, networks, and services.
The Department of Telecommunications directs all TIUEs that use mobile numbers for identifying users or delivering services to follow new requirements. All such apps must submit compliance reports to the DoT within 120 days from the date these directions are issued.
Non-compliance will lead to action under the Telecommunications Act, 2023, the Telecom Cyber Security Rules, 2024 (as amended), and other applicable laws.
Also Read: How to Transfer WhatsApp to a New Phone Without Losing Chat History
At the heart of the rule is mandatory SIM binding between a subscriber’s app-based communication service and their SIM card. It occurs only once during installation, after which the app continues to function independently.
WhatsApp has more than 500 million users in India. The new rules could make the app more secure. People who rely on Wi-Fi-only tablets and frequently switch devices may face disruptions. WhatsApp will require the SIM to stay physically present in the phone linked to the account.
The move underscores the country’s emphasis on security-first platforms, setting the stage for stricter authentication standards across messaging apps in the future.
