The Centre recently passed directions asking social media platforms such as WhatsApp, Telegram, Signal to enforce SIM binding, and automatic logout from web-based chats every six hours.
According to the Department of Telecommunications (DoT), SIM binding is intended to enhance cybersecurity and reduce fraud linked to anonymous or non-traceable accounts. The government believes the measure will improve accountability, combat scams, impersonation, and curb misuse of telecommunication identifiers. The Cellular Operators Association of India (COAI), which represents major telecom operators such as Reliance Jio, Airtel, and Vodafone Idea, has backed the government’s mandate stating that continuous SIM linkage is crucial for ensuring accountability, national security and helping to trace cross-border cyber fraud and scams.
What is SIM binding?
SIM binding is a process which allows a messaging app to function in the smartphone when the latter contains the original subscriber identity module (SIM) card used during sign-up. If the original SIM is removed, replaced or inactive from smartphone, the social media messaging app will not function.
This direction comes a year after the Centre notified Telecommunications (Telecom Cyber Security) Rules, 2024, in November 2024, which mandates telecom service providers to report security incidents within 24 hours and implement comprehensive cyber security measures such as appointing Chief Telecommunication Security Officer responsible to oversee compliance with the new rules. It empowers the government to collect traffic data and other non-content data from the telecom providers to enhance cyber security measures.
What the government says
The order will be in effect from February 2026. The DoT in its order said that SIMs registered outside the smartphone, where social media platforms are registered, were being misused from outside India to commit cyber frauds.
The government alleges that cyber criminals log into apps using old or inactive SIM cards, and as there is no record of actual location of the phone because of the absence of SIM card inside the device, it is very hard to track and trace criminals.
Technical challenges
While the DoT has issued the order and COAI has welcomed it, experts have raised doubts about the technical feasibility of implementing SIM-binding. For one, operating software like iOS and Android don’t allow SIM-binding to protect the user from the potential threat of spyware and malware. Even banking apps cannot have true SIM-app binding. When an app is installed on a device, it triggers an OTP message. Only banking apps have the features of automatically reading the message, while social media platforms have to manually enter the OTP details. This procedure is as per the GSMA Mobile Connect and Third Generation Partnership Project (3GPP) global standards and all the countries follow this standard procedure.
According to telecom expert Parag Kar, the DoT needs to work with telecom operators as they have details such IMSI, ICCID, MSISDN of the SIM. The operators should authenticate the SIM authorisation after an app is installed on the device.
Digital rights concerns
Digital-rights groups and legal experts argue that forcibly binding identity to SIM-based verification erodes user privacy and could facilitate surveillance. They warn that anonymity — essential for journalists, whistle-blowers and vulnerable communities — may be compromised. There are also concerns about usability.
Multi-device access — tablets, second phones, laptops — becomes restrictive. International travellers, eSIM users and professionals who shift between devices may face repeated login interruptions. Business adoption of WhatsApp/Telegram-based workflows could also suffer. Several OTT platforms have reportedly expressed dissatisfaction with both the implementation timeline and lack of prior stakeholder consultation.
According to a recent LocalCircle survey, five out of 10 consumers are not in support of SIM binding because it will cause disruption and inconvenience to them and 4 in 10 consumers surveyed use messaging and calling apps on multiple devices without a SIM card.
Meanwhile, the Broadband India Forum has said the directions raise significant questions of jurisdiction, consumer impact and risk, creating obligations that extend far beyond the mandate of the Telecom Act or the purpose of the Telecom Cyber Security Rules.
