The Department of Telecommunications (DoT) in India has directed messaging platforms to implement SIM binding to enhance security.
Regulatory Changes
The DoT requires messaging apps like WhatsApp, Telegram, and Signal to enforce SIM binding. Platforms must ensure accounts cannot function without an active SIM connected to the user's mobile number, complying within 90 days.
To prevent account misuse, the regulation extends practices from banking and UPI apps. Active sessions need periodic re-authentication, aligning web instances with KYC-verified SIMs.
Main Objectives
- Reduce telecommunication identifier misuse for phishing and fraud.
- Address long-lived web/desktop sessions enabling remote control of accounts.
- Ensure regular logout and re-linking of devices using QR codes.
- Establish a Mobile Number Validation platform for verifying mobile number ownership.
Implementation and Impact
These rules aim to close security gaps, requiring messaging platforms to apply automatic logout and device re-authentication. While WhatsApp and Signal have not commented, compliance will enhance security for Indian users, making accounts traceable and reducing fraud risks.
