Using WhatsApp without an active SIM card may soon become impossible in India, as the government prepares to roll out stricter cybersecurity rules aimed at tackling online fraud and digital impersonation. Under the upcoming Telecommunication Cybersecurity Amendment Rules, 2025, issued by the Department of Telecommunications (DoT), WhatsApp and other messaging platforms will be required to ensure that a user’s account remains continuously linked to an active SIM card.

The proposal arrives at a time when India is witnessing a surge in phishing attacks, spam scams, and impersonation frauds. By binding messaging apps to live SIM cards, the government hopes to limit the ease with which cybercriminals operate anonymously or exploit dormant numbers.

Under the new mandate, platforms such as WhatsApp, Telegram, Signal, and Snapchat will be given 90 days to fully comply. A key element of the rule involves automatic logouts every six hours on WhatsApp Web. Users accessing the platform through a browser will need to re-authenticate by scanning a QR code, a move intended to minimise risks from unattended or compromised browser sessions.

What the New Regulation Means

The amendment classifies WhatsApp as a Telecommunication Identifier User Entity (TIUE), a new regulatory category designed to extend oversight to digital communication platforms. This classification brings WhatsApp under a telecom-style compliance structure, particularly around subscriber verification and cybersecurity protocols.

Central to the rule is mandatory SIM binding. The app must continuously check whether the SIM linked to a WhatsApp account is active and physically present in the registered device. If a user removes, replaces, or deactivates the SIM, the app will cease to function.

Explaining the intent behind the rule, the Cellular Operators Association of India (COAI) told MediaNama, “The binding process between a subscriber’s app-based communication service and their SIM card occurs only once during installation, after which the app continues to function independently.” The association added, “This creates opportunities for misuse,” arguing that ongoing verification would shut down a major loophole often exploited by scammers.

Officials believe this measure will also curb international fraud, where attackers frequently misuse inactive or foreign SIM cards to target Indian users through phishing links or financial scam attempts.

What It Means for Users

With over 500 million users in India, WhatsApp could see a mixed response to the policy. On one hand, stronger verification might boost safety. On the other, users who rely on Wi-Fi-only tablets, secondary devices, or frequent SIM swapping may face disruptions. The requirement for the SIM to remain inside the primary device could affect how many Indians currently use the app across multiple platforms.

Security experts remain divided. Some argue that SIM binding may improve traceability, while others point out that scammers can still acquire new SIM cards using forged or borrowed documents—making the security impact limited. Critics also highlight that even highly regulated banking and UPI apps continue to witness fraud despite strict identity checks.

Concerns have also been raised about inaccuracies in India’s telecom subscriber database. Despite upgrades like video KYC and facial recognition introduced in 2023, identity fraud has not shown significant decline.

Even so, industry bodies have supported the DoT’s decision. The COAI told MediaNama that the mobile number is still India’s “most updated and monitored identity,” adding that the government aims to “take more advantage of this national resource” to enhance user accountability and digital safety.

WhatsApp now has 90 days to implement the changes. If the rules go into effect as planned, users may soon discover that staying connected on WhatsApp depends not just on a good internet connection, but on keeping their SIM card active—and logging back in more often.