The Indian government has introduced stricter cybersecurity regulations for all messaging apps like WhatsApp, Telegram, and Signal. To use these apps, an active SIM card with the same number as the account will be required. The app will immediately shut down upon removing the SIM card, and the web version will automatically log out every six hours. The DoT claims this step is necessary to prevent cyber fraud, spam, and fraudulent networks operating from abroad. These rules will come into effect nationwide from February 2026.

WhatsApp will stop working as soon as the SIM is removed.
Under the DoT's Telecommunication Cybersecurity Amendment Rules 2025, WhatsApp, Telegram, Signal, and all chat apps will now be required to remain permanently linked to the SIM card. If a user removes the SIM card from their phone, the app will immediately stop working. This change was made because currently, the apps only verify the number once with an OTP and continue to run for a significant period of time even after the SIM card is removed. The government believes this laxity benefits cybercriminals who conceal their identity by changing SIMs.

Automatic logout on web servers every six hours

The new order also completely changes the rules for web-based logins. Now, the web version of WhatsApp Web, Telegram Web, or any chat service will automatically log out every six hours, and users will be required to log in again using a QR code. Currently, WhatsApp Web logs out only when the primary phone has not been used for 14 days. The government says that untraceable login activity from the web gives cybercriminals the opportunity to commit fraud from outside India, which this new rule will attempt to prevent.

Why did the government introduce the new rule?
DoT and COAI stated that the one-time verification model for messaging apps was creating a significant security gap. Criminals commit fraud by moving numbers registered in India outside the country or using internet calling methods, and remain connected to the app even when the SIM is inactive. This makes it nearly impossible to trace because call records, location, and network data are not linked to the SIM. Persistent SIM-binding will help the government establish a link between the user, number, and device, reducing both fraud and spam.

How effective will SIM-binding be?
Cybersecurity experts believe that this measure may increase traceability to some extent, but it will also have limitations in preventing large-scale fraud. Fraudsters easily obtain new SIMs using fake documents, so bypassing SIM-binding will not be difficult for them. On the other hand, the telecom industry argues that mobile numbers are the most trusted digital identity in India, and strengthening cybersecurity based on this identity is essential. Both sides debate whether this measure will enhance security or simply increase user problems.

Impact on Users

After the new rules come into effect, users will only be able to use their messaging apps if an active SIM is inserted in the phone. This means that WhatsApp or Telegram cannot be used continuously without a SIM in multi-device mode. Removing the SIM card from the phone will force the app to close, requiring the user to log in again. Web users will also be required to re-authenticate every six hours. These changes will most impact those who use WhatsApp on a tablet or secondary device without a SIM card.

Disclaimer: This content has been sourced and edited from TV9. While we have made modifications for clarity and presentation, the original content belongs to its respective authors and website. We do not claim ownership of the content.