Using WhatsApp without a SIM card may soon be a thing of the past. The Indian government is tightening its cybersecurity framework, and WhatsApp, along with other messaging apps, is at the center of these new rules. The Telecom Cyber ​​Security Amendment Rules, 2025, issued by the Department of Telecommunications (DoT) requires that every WhatsApp account be linked to an active SIM card at all times. The move aims to curb online fraud, impersonation and spam which are increasing rapidly on digital platforms.

Under these rules, WhatsApp and similar apps will have 90 days to comply. The new framework also introduces a rule for automatic logouts on web versions of the app every six hours, after which users will have to re-authenticate via QR code. Officials believe that these steps will make it harder for cyber criminals to operate anonymously or use deactivated SIM cards to defraud people.

What is the new rule?

According to the new directive, WhatsApp is now classified as a Telecommunication Identifier User Entity (TIUE), a newly created category under Indian telecom law that expands regulatory oversight beyond traditional mobile operators. This means that WhatsApp will now have to comply with a set of cybersecurity and verification obligations similar to that of telecommunications companies.

At the core of the rule is mandatory SIM binding. In practice, this means that the app must constantly verify that the registered SIM card is active and inserted into the device. If the SIM is removed, replaced or deactivated, WhatsApp will stop working.

DoT has directed WhatsApp and other messaging services like Telegram, Signal and Snapchat to implement this system within three months. The rule also applies to the web version of WhatsApp, which will now automatically log users out every six hours to reduce security risks from unattended browser sessions. Users must re-scan a QR code to regain access.

The government says these measures will make it easier to detect fraudulent communications. “The binding process between a customer’s app-based communications service and their SIM card occurs only once during installation, after which the app continues to function independently,” the Cellular Operators Association of India (COAI) said in a statement to MediaNama. “This creates opportunities for abuse,” it said, arguing that frequent SIM verification would close this loophole.

Officials also believe the changes will help tackle international scams, as fraudsters often use deactivated or disconnected SIMs from abroad to carry out phishing attacks or financial fraud in India.

How will this impact WhatsApp users in India?

For WhatsApp’s more than 500 million users in India, the new rules could make the app a little less convenient but potentially more secure. Those who rely on Wi-Fi-only tablets or frequently switch devices may face disruption, as WhatsApp will require the SIM to be physically present in the phone linked to the account.

While some cybersecurity professionals say the move could help ensure better traceability, others disagree. Critics argue that SIM binding alone cannot prevent scams, as cybercriminals can still obtain new SIM cards using fake or borrowed IDs. They also point out that similar verification systems are already in place for banking and UPI apps, yet financial fraud continues to increase.

There are also concerns about the accuracy of India’s telecom customer database, which underpins the verification process. Experts say that even with video KYC and facial recognition systems introduced in 2023, there has not been a significant reduction in identity fraud cases.

However, industry bodies have defended the new directive. COAI told MediaNama that mobile numbers remain India’s “most updated and monitored identity”, adding that the government intends to “squeeze more juice from this national resource” to strengthen cyber security and user accountability.

Currently, WhatsApp has 90 days to make the changes. If implemented as planned, users will soon find that their WhatsApp account only works as long as their SIM works, and may even require a few additional logins along the way to stay connected.