In a move to bolster digital safety and traceability, the Department of Telecommunications (DoT) has issued a directive that redefines how over‑the‑top (OTT) messaging and communication platforms operate in India. Under the newly amended Telecommunications (Telecom Cyber Security) Amendment Rules, 2025, services such as WhatsApp, Telegram, Signal, Arattai, Snapchat, ShareChat, JioChat and Josh are required to implement continuous SIM‑to‑device binding. The directive was issued via a DoT letter dated 28 November 2025.
Under the new rule, the apps must ensure that the mobile number used at registration remains tied to the physical SIM card installed in the device. If the SIM is removed, deactivated or replaced, access to the service must be blocked. The change is scheduled to take effect within a 90‑day compliance window.
Web Sessions to Auto‑Logout Every Six Hours
In addition to SIM binding on mobile devices, the DoT mandate requires periodic logouts for web or desktop versions of these messaging apps. Instance sessions must be terminated at least every six hours. To regain access, users will have to reauthenticate via QR code, effectively tying each session back to a verified SIM‑linked device.
This requirement aims to reduce the risk of unattended or hijacked browser sessions, which security experts have flagged as a vector for fraud, impersonation, spam and unauthorized message delivery.
Apps Reclassified as TIUEs — Telecom‑level Oversight Extended
With this directive, the named messaging platforms have been reclassified as Telecommunication Identifier User Entities (TIUEs). This classification brings them under regulatory obligations similar to traditional telecom operators. Under this framework, mobile numbers and SIMs are treated as critical telecommunication identifiers, and their integrity must be preserved at all times for legal compliance and cyber‑security oversight.
This is a significant shift in regulatory approach for the first time communication services in India are being subject to telecom‑style security and compliance standards.
Closing the Anonymity Loophole and Enhancing Traceability
The DoT’s move comes against a backdrop of growing concern over misuse of messaging apps for fraud, impersonation, spam campaigns and cross‑border cybercrimes. According to government communication, many apps currently allow users to remain logged in even when the linked SIM is removed, replaced, or deactivated — effectively enabling anonymous, hard‑to‑trace use.
By enforcing continuous SIM‑to‑device linkage and periodic session verification, the directive aims to ensure that every communication via these platforms can be traced back to a verified mobile identity. As the DoT noted in its order, this is critical to safeguarding the integrity and security of India’s telecom ecosystem.
The regulatory push follows major concerns raised by the Cellular Operators Association of India (COAI), which, in recent months, had urged the government to bind OTT apps with SIM cards on a persistent basis to prevent fraud and strengthen national security.
Compliance Timeline and Legal Implications
The DoT has mandated a 90‑day window for all impacted platforms to implement the required SIM binding and web‑session logout changes. Subsequently, these platforms must submit detailed compliance reports within 120 days of the directive. Failure to comply could trigger regulatory action under the Telecommunications Act, 2023 and associated cybersecurity laws.
This deadline underscores the urgency of the directive and signals strong regulatory resolve.
Impact on Users, Businesses and OTT Platforms
For users, this change could lead to noticeable inconvenience, particularly for those using Wi‑Fi‑only devices such as tablets without SIM cards, or people who rely on secondary phones and frequently swap devices. Without the registered SIM in the device, the apps will cease to function, effectively restricting access.
Web‑based users, including professionals and businesses that rely on desktop clients or browser sessions, will need to reauthenticate every six hours — potentially affecting continuous workflow and productivity.
On the platform side, OTT providers face substantial technical overhaul. They will need to integrate real‑time SIM presence verification, modify session management for web clients, and ensure cross‑device compliance — all within the 90‑day timeframe. Noncompliance could result in loss of access, legal penalties, and reputational risk.
Nonetheless, regulatory and telecom stakeholders argue that these short‑term inconveniences are outweighed by the long‑term benefits of improved traceability, reduced fraud risk and a safer digital communication ecosystem.
The DoT’s directive represents a watershed moment in India’s attempt to secure the digital communication landscape. By extending telecom‑style regulation to messaging apps, the government is seeking to restore accountability and traceability in a domain that has, until now, operated with limited oversight.
While the transition may be disruptive for some users, the move signals a strong commitment to tackling cyber fraud, impersonation and anonymous misuse — issues that have plagued India’s messaging ecosystem for years. As the 90‑day compliance window unfolds, all eyes will be on the platforms to see how large‑scale changes in architecture and user authentication are implemented.
𝐒𝐭𝐚𝐲 𝐢𝐧𝐟𝐨𝐫𝐦𝐞𝐝 𝐰𝐢𝐭𝐡 𝐨𝐮𝐫 𝐥𝐚𝐭𝐞𝐬𝐭 𝐮𝐩𝐝𝐚𝐭𝐞𝐬 𝐛𝐲 𝐣𝐨𝐢𝐧𝐢𝐧𝐠 𝐭𝐡𝐞 WhatsApp Channel now! 👈📲
𝑭𝒐𝒍𝒍𝒐𝒘 𝑶𝒖𝒓 𝑺𝒐𝒄𝒊𝒂𝒍 𝑴𝒆𝒅𝒊𝒂 𝑷𝒂𝒈𝒆𝐬 👉 Facebook, LinkedIn, Twitter, Instagram
