Mint Explainer: Soon, no WhatsApp without a SIM card. What DoT’s new rules mean.
Currently, first-time users of apps such as WhatsApp can only use their services after phone number verification. However, after this verification is complete, users can continue to use these apps even after removing their SIM card.
On Friday the department of telecommunications (DoT) asked companies that own messaging apps such as Whatsapp, Signal, Telegram and others not to allow users without active SIM cards in their phones to use these apps.
Why has the DoT done this now, and what does it mean for the future of these widely used platforms?
What are the new directions?
In a letter dated 28 November, DoT asked the companies that own the messaging apps WhatsApp, Telegram, Signal, Arattai, Snapchat, Sharechat, Jiochat, and Josh to ensure that their services remained linked to users’ SIM cards and phone numbers. This means a user without an active SIM card in their phone should not be able to use these apps.
Companies must also ensure that users are automatically logged out of the web versions of these apps every six hours, and can only log back in by re-linking their device using a QR code. The DoT has issued these directions under the Telecommunications (Telecom Cyber Security) Rules, 2024, which were amended in October 2025.
Why has DoT issued these directions?
Currently, such apps let users continue to access their services even if they remove the SIM card from their device. This, the government argues, makes it easier for people both inside and outside the country to use these apps for cyberfraud. “This feature is posing a challenge to telecom cybersecurity," DoT said in the directions. It has therefore asked these apps to follow the new rules to prevent such misuse and protect the security of the telecom system.
First-time users of apps such as WhatsApp can only use their services after phone number verification – that is, either by receiving a call or message on the number they entered. However, after this verification is complete, users can continue to use these apps for messages and Wi-Fi calls even after removing the SIM card.
“It has become necessary to issue directions to TIUEs (telecommunication identifier user entities) providing such app-based communication services to prevent the misuse of telecommunication identifiers and to safeguard the integrity and security of the telecom ecosystem," DoT said in the directions. A telecommunication identifier is a code, number, or address that uniquely identifies a user or device in a telecom or digital-communication system. These can include the mobile number, SIM information, the International Mobile Equipment Identity (IMEI) number of a phone, the IP address, and so on.
How long do companies have to comply?
The telecom department said the directions would take effect immediately and remain in place until they were amended or withdrawn. However, companies have been given until 28 February 2026 to comply. They also have to submit compliance reports to the DoT within 120 days from when the directions were issued.
Have telecom operators raised this issue with the apps?
In August the Cellular Operators Association of India (COAI), which represents major telecom operators, had said all over-the-top (OTT) communication apps should be required to bind with verified mobile SIM cards at all times to prevent cyberfraud and strengthen national security.
“COAI believes that this will not only help reduce the occurrence of spam and fraud communications significantly over these applications, but also help mitigate financial frauds by acting as a deterrent against misuse of app-based communication platforms, thus bringing relief to both the telecom service providers and the OTT communication platforms," S.P. Kochhar, director general of COAI said in the statement.
How will the order affect tech companies?
The order could bring compliance challenges for these apps as they will have to update their authentication systems, user-validation mechanisms, and possibly their data-handling processes to align with DoT requirements, an industry executive said, adding that the DoT did not hold any consultations before introducing the new rules.
“Whenever the government introduces major changes or new regulations, public consultation is essential. It allows the government to hear all perspectives and understand the practical and legal implications of the new rules," said Dhruv Garg, partner at the Indian Governance and Policy Project, a policy and business advisory firm.
Garg added that automatically logging users out of these apps on desktops or laptops could worsen the user experience. Also, requiring all services to be linked to active SIM cards could spark privacy concerns for users as it would increase the risk of them being profiled or tracked without their consent, he said.
A broader concern that tech firms, represented by the Broadband India Forum (BIF), raised previously was that expanding the scope of the Telecom Act to include non-telecom entities and OTT platforms went against what then communications minister Ashwini Vaishnaw had said in 2023—that these apps were not in the Telecom Act’s ambit and would be governed by the Information Technology Act, 2000 and the ministry of electronics and information technology (MeitY).
While the government has said the new rules aim to curb cybercrime and identity theft, tech companies see it as an attempt to bring them under the Telecom Act through the backdoor.
Satya N. Gupta, former principal advisor at the Telecom Regulatory Authority of India (Trai), said, “Tech firms might raise their voice around the new directions as it is an added compliance for them. The new directions will also become restrictive for them." He added that the new rules should help protect users better and improve national security.
topics
