New Delhi— The Centre has issued strict new SIM-binding rules that will directly impact how long users can stay logged in to WhatsApp Web, Telegram, Signal, Arattai, Snapchat and several other messaging platforms. Under the new mandate, these apps cannot function unless the active SIM linked to the user’s mobile number is physically present in the device, marking one of the strongest cybersecurity steps taken by the government in recent years.
The Department of Telecommunications (DoT) said the move aims to curb rising cyber frauds, especially those being conducted from outside India by exploiting loopholes in app-based communication services. According to officials, many frauds occur when these services operate on devices without a Subscriber Identity Module (SIM), posing serious telecom cybersecurity risks. The growing seriousness of the threat prompted months of discussions with major service providers, eventually leading to these binding directions.
To ensure compliance, the DoT has instructed all Telecom Identifier Using Entities (TIUEs) — platforms that identify users via mobile numbers — to fully align with the new norms. Apps must submit compliance reports within 120 days, failing which they could face action under the Telecommunications Act, 2023, the Telecom Cyber Security Rules, 2024, and other applicable laws.
A significant portion of the new rules requires messaging platforms to enforce automatic logouts for web versions. From 90 days after the directives, any web service linked to a mobile app must auto-logout users every six hours, after which users will need to re-link the device through a QR code. The directive, issued on November 28, 2025, has come into immediate effect.
The DoT further instructed that app-based communication services must remain continuously tied to the physical SIM card, making it impossible to use the app if the SIM is removed or inactive. The rule covers platforms such as WhatsApp, Telegram, Signal, Arattai, Snapchat, ShareChat, JioChat and Josh.
The government’s new measures reflect an aggressive push to safeguard telecom identifiers, prevent misuse of communication networks and strengthen India’s cybersecurity ecosystem amid rising digital threats.
