New Telecommunication Cybersecurity Amendment Rules 2025 aims to curb cyber fraud by binding apps to device SIM cards
Major Changes to Popular Messaging Apps
India’s Department of Telecommunications has unveiled strict new cybersecurity regulations that will fundamentally change how messaging apps operate across the country. Under the Telecommunication Cybersecurity Amendment Rules 2025, popular platforms including WhatsApp, Telegram, Signal, Snapchat, ShareChat, JioChat, Arattai, and Josh will now require users to maintain an active SIM card in their device to access their services.
The new mandate introduces a continuous SIM-to-device binding requirement, marking the first time app-based communication platforms have been brought under a regulatory framework similar to telecom services.
What Exactly Changes?
Mobile Applications
Users will no longer be able to access messaging apps if their SIM card is removed from their device. Unlike the previous system where apps continued functioning after initial SIM verification, the new rules require that a SIM card remain active and present at all times for the app to operate.
Web Access
Significant changes are also coming to web-based access. WhatsApp Web and similar platforms will automatically log out users every six hours. After this period, users must log in again by scanning a QR code from their mobile phone linked to an active SIM card. This two-factor approach aims to prevent unauthorized access and reduce account takeovers.
Why These Changes?
The Indian government has attributed the new rules to rising cybercrime rates and the exploitation of messaging apps by fraudsters. According to telecommunications officials, criminals have been removing original SIM cards and using fake numbers, VPNs, and fake accounts to commit cyber fraud and online crimes.
The continuous SIM-binding requirement is designed to create an unbreakable link between a user’s identity and their messaging app account, making it significantly harder for scammers to operate undetected across multiple jurisdictions.
Timeline for Implementation
Companies have been given a 90-day window to implement the continuous SIM-to-device binding across all their platforms. Compliance reports must be submitted within 120 days of the rule’s issuance. This aggressive timeline underscores the government’s commitment to rapid implementation of these cybersecurity measures.
Mixed Industry Reaction
The new rules have received divided responses from cybersecurity experts and the telecom industry. While some cybersecurity professionals acknowledge the initiative’s anti-fraud intent, they point out potential limitations. Critics argue that determined scammers could still obtain new SIM cards using forged or borrowed identification, potentially circumventing the new protections.
However, telecom industry representatives have largely supported the move, believing the rules could strengthen cybersecurity frameworks and increase user accountability on messaging platforms.
Impact on Users
The changes will have direct implications for how Indians use messaging apps daily. Users who frequently switch devices or travel internationally may face challenges. Those accustomed to using WhatsApp Web for extended periods will need to adjust to the new six-hour logout requirement.
The government’s approach marks a significant shift in how digital communication services are regulated in India, positioning SIM-based verification as a cornerstone of cybersecurity policy.
Looking Ahead
As companies work to comply with the 90-day deadline, messaging app users across India should prepare for these changes. Industry observers will be closely watching how these new regulations affect user experience, security outcomes, and whether they effectively reduce cyber fraud incidents across the country.
Leave a Reply