India Orders SIM-Linked Identity for All Messaging Apps
New DoT directive mandates SIM-to-device binding, six-hour reauthentication cycles and compliance reports as OTT services are brought under telecom-grade controls.
Topics
News
- Nexus Closes Eighth Fund at $700 Million for Early-Stage Bets in India and US
- Amazon to Pump $12.7 Billion into India’s AI and Cloud Expansion
- Anthropic Debuts Interviewer Tool to Understand How People Really Use AI
- IPL Tops Google’s Search List for 2025 as AI Breaks Into India’s Top 10
- TeamLease Names Suparna Mitra MD & CEO in Leadership Overhaul
- Apple Loses Top UI Designer as Alan Dye Joins Meta
India’s telecom regulator has ordered all major messaging apps to link user accounts to the original SIM card, giving services 90 days to comply or shut access on devices without the registered SIM.
The Department of Telecommunications (DoT) issued the directive on Friday, 28 November, applying it to WhatsApp, Telegram, Signal, Arattai, Snapchat, ShareChat, JioChat, Josh and other over-the-top communication platforms.
The rule means an app must operate only on the device that holds the SIM used at registration, and will be required to stop functioning if that SIM is removed or replaced.
Companion desktop or web sessions are also subject to stricter controls.
DoT has ordered that all such log-ins be automatically terminated at least every six hours, with users required to re-authenticate through a QR scan.
The platforms, now categorized as Telecommunication Identifier User Entities (TIUEs), must submit compliance reports within 120 days.
Officials said the directive is intended to prevent misuse of telecom identifiers, devices and networks, and to strengthen traceability across digital communication channels.
Recent amendments to telecom cybersecurity rules already signalled stricter oversight of OTT communication platforms, but the new order adds mandatory SIM-locking, periodic logouts and reporting requirements.
An official in cyber security and forensic intelligence associated with the government, speaking on condition of anonymity, said the rules reflect the government’s intent to apply telecom-grade identity controls to OTT services. “Compliance isn’t optional. Platforms must meet the timelines set out in the directive or face action under the Telecom Act and Cyber Security Rules.”
Telecom operators, represented by the Cellular Operators Association of India (COAI), have publicly backed the move.
The industry body said binding app accounts to verified SIMs would curb spam, impersonation attempts and financial fraud, which often exploit anonymous or unverified communication channels.
COAI Director General S.P. Kochhar said operators have taken several steps in recent years to reduce spam across SMS and calls, and that applying similar enforcement standards on messaging apps would maximize consumer protection.
He also said COAI has asked DoT to consult the Reserve Bank of India on verification rules and to retain SMS-based one-time passwords as the primary mode for authenticating financial transactions, citing traceability and security.
