India's Telecommunications Authority has mandated that messaging platforms, including WhatsApp and Telegram, implement SIM binding within 90 days, per the Telecommunication Cybersecurity Amendment Rules 2025. Starting February 2026, apps must verify that the registered SIM remains active, halting functionality if it is removed or deactivated.
Requirements and Challenges
Web versions of these apps will also need to log users out every six hours, requiring re-authentication via QR code. This regulatory move reclassifies these platforms as Telecommunication Identifier User Entities (TIUEs), thus expanding oversight beyond traditional telecom operators.
While the Cellular Operators Association of India supports these measures to combat misuse, industry groups, including the Internet and Mobile Association of India, argue that the regulations could be an overreach. Meta and others question the feasibility of these new rules, citing potential disruptions to users.
Industry Reactions
Critics highlight possible negative impacts on travelers, multi-device users, and professional workflows. They further note that fraudsters frequently exploit forged or stolen IDs to obtain SIM cards, which might not be addressed by these measures alone.
Messaging platforms now face significant technical challenges to comply with the regulations by early 2026 or risk regulatory consequences. This development pressures companies to adapt quickly to avoid potential data security concerns and maintain user trust.
