NEW DELHI — The days of using WhatsApp or Telegram on a phone without its original SIM card are numbered. In a sweeping move to crack down on cyber fraud, the Department of Telecommunications (DoT) has issued a strict directive: No active SIM, no messaging app.
This new rule, part of the Telecommunication Cybersecurity Amendment Rules, 2025, targets a massive loophole used by scammers—the ability to operate accounts using virtual numbers or SIM cards that have long been discarded.
The Core Mandate: “SIM Binding”
For years, the setup was simple: put in a SIM, get an OTP, and your WhatsApp account is live. You could then remove the SIM, throw it away, or even leave the country, and the app would keep working on Wi-Fi.
This convenience has now become a security nightmare. Scammers sitting outside India have been using local numbers to orchestrate “digital arrests” and financial fraud without any physical trace.
To stop this, the DoT has ordered all “Telecommunication Identifier User Entities” (TIUEs)—which includes WhatsApp, Telegram, Signal, and Snapchat—to enforce “SIM Binding.”
- The New Reality: The app must continuously verify that the SIM card used for registration is physically present in the device. If you remove the SIM, the app stops working.
The 6-Hour Web Logout Rule
The crackdown doesn’t stop at mobile phones. The desktop experience is about to get much more rigorous.
Under the new norms, web versions of these apps (like WhatsApp Web) cannot stay logged in indefinitely. The government has mandated a periodic auto-logout every six hours.
This means if you use WhatsApp on your office laptop, you will likely need to scan a QR code to re-authenticate twice a day. While this adds friction for users, officials argue it is necessary to prevent unauthorized access to unattended sessions, a common vector for data theft.
The Timeline: 90 Days to Comply
The clock is already ticking. The DoT issued these directions on November 28, 2025, giving tech giants a 90-day window to re-engineer their systems. This implies that by February 2026, the new architecture must be live.
Companies must also submit a full compliance report within 120 days. Failure to adhere to these norms could attract severe penalties under the Telecommunications Act, 2023.
Impact on the Common User
While the move is hailed as a masterstroke against cybercrime, it brings significant changes for regular users:
- International Travelers: You can no longer simply swap your Indian SIM for a local travel SIM and keep using your Indian WhatsApp number seamlessly. The app may require the Indian SIM to remain active in the slot.
- Secondary Devices: Users who run accounts on Wi-Fi-only tablets or secondary phones without the primary SIM may face disruptions unless apps develop a new “linked device” protocol that satisfies the DoT.
Summary
The government’s message is clear: The anonymity of the digital space is being dismantled to protect the financial safety of citizens. While it spells the end for “ghost numbers” used by fraudsters, it also marks the beginning of a slightly more complex, verification-heavy digital life for everyone else.
