India Orders Messaging Apps to Link Services to SIM Cards in Major Cybersecurity Push

India’s Department of Telecommunications (DoT) has issued a sweeping new directive requiring major communication apps — including WhatsApp, Telegram, Signal and Snapchat — to remain continuously linked to the SIM card used during registration. Officials say the move is aimed at closing long-standing loopholes that have enabled fraud, anonymous calls and other cybercrimes.

The measure, described by the government as a global first, seeks to tighten accountability by ensuring app activity is always tied to a verified mobile number. Under the rules, app-based communication services must stay linked to the active SIM card installed in the device, making it impossible to operate the app if the SIM is removed or deactivated.

Currently, once a user verifies a number during setup, the apps continue functioning even if the SIM is later removed. Authorities say this has made it easier for criminals to operate anonymously, including those engaged in “digital arrest” scams or impersonation calls that appear to originate from Indian numbers.

The DoT said in its announcement that such practices have created “serious gaps in traceability,” allowing fraudsters to use deactivated or foreign SIM cards while retaining access to India-registered messaging accounts.

Under the new mandate, companies must fully implement SIM binding within 90 days and submit final compliance reports within 120 days. Web versions of mobile apps must also log out every six hours unless users re-authenticate using a QR code.

The Cellular Operators Association of India (COAI), representing major telecom companies, welcomed the directive, calling it an essential step toward strengthening digital security. In a statement, the association said the measure ensures “complete accountability and traceability” for any activity linked to a SIM card, reducing opportunities for anonymity and preventing misuse.

COAI leaders praised the DoT for introducing what they called “a first-in-the-world regulatory measure,” noting that continuous SIM linkage could help curb a wide range of online offences. They said the framework is expected to reduce spam, impersonation calls and financial scams that have surged alongside the growth of digital communication platforms.

Telecom operators have signalled full support for the rollout and urged the government to work with the Reserve Bank of India to reinforce security measures in financial transactions. The group suggested making SMS-based one-time passwords the primary method for verification, arguing that carrier-verified messages remain the most reliable and traceable option.

The new rules are expected to trigger major adjustments across the tech sector, with app developers required to redesign authentication systems and adapt to stricter compliance timelines as India pushes for a more secure digital ecosystem.