Image is for representational purposes only. | Photo credit: Reuters
The Union government on Friday (Nov 28, 2025) issued guidelines requiring services like WhatsApp to work only if users have the SIM card used to log in to the service in their device and to log out of web chats every six hours. The order, sent directly to messaging platforms such as WhatsApp, Telegram and Signal, represents a significant expansion of the Department of Telecom’s (DoT) enforcement jurisdiction, building on the foundations laid by a set of controversial cyber security guidelines announced this year.
Government officials have expressed frustration at their inability to track cyber fraudsters who use apps like WhatsApp, which currently require users to verify their mobile number only once before they can use the service on a range of devices. “Tethering the SIM,” as the guidelines say, would force WhatsApp and other messaging platforms to stop working if the SIM is removed, and would likely aid in the traceability of cyber fraud operating on WhatsApp — in turn adding potential friction to other users. The guidelines were first reported by tech policy news site MediaNama.
SIM cards used outside the phone where WhatsApp was registered, the DoT said in its order, “were misused from abroad to commit cyber fraud”. The regulation is effective from February 2026. The DoT and WhatsApp did not have an immediate response to a query sent to The Hindu outside normal business hours. An industry source described the guidelines as “problematic” and that there was no feasibility study or consultation before the guidelines were issued, and that it was unclear whether the measures would withstand circumvention by fraudsters.
The DoT, which usually oversees telecoms, has rarely gotten behind the “carriage” or means of transmission into the “content” layer of the Internet, where apps like WhatsApp presumably operate, with the notable exception of website blocking. One official said that such divisions need to be constantly “rethought” in light of the “convergence” that the Internet and telecommunications ecosystems have seen in recent years.
Over the course of this year, the groundwork was laid for guidelines like this for messaging platforms: The DoT announced changes to its 2024 Cyber Security Rules, which defined the concept of “Telecommunications Identifier User Entities” or TIUEs. The term can be used for any business that uses mobile numbers to identify users, from e-commerce platforms to messaging apps.
The Internet and Mobile Association of India, which represents Meta and other digital firms, said in a filing to the DoT this year that the amended rules not only represent “a clear overreach of the delegated legislative authority under the (2023) Act, but will also have broad implications for digital businesses across fintech, e-commerce, mobility, social media and essentially any service that relies on telecom identifiers.”
The telecom industry has repeatedly called on the DoT to act in this regard, ruling that the strict anti-spam regulations normally issued for them do not curb fraud on platforms like WhatsApp.
Published – 29 Nov 2025 21:50 IST
