A brand new directive issued by the Division of Telecommunications (DoT) requiring on-line messaging apps resembling WhatsApp, Telegram, and Sign to mandatorily bind SIM playing cards to consumer accounts, has been welcomed by telecom physique COAI as a “landmark step” to stop cyber fraud.
“Such steady linkage ensures full accountability and traceability for any exercise undertaken by the SIM card and its related Communication App, thereby closing long-persistent gaps which have enabled anonymity and misuse,” Lt. Gen. Dr. S.P. Kochhar, director common, Mobile Operators Affiliation of India (COAI), mentioned in a press release on Monday, December 1.
The business physique, which counts Indian telecom majors resembling Bharti Airtel, Reliance Jio, and Vodafone Concept as its members, additional urged the DoT and the Reserve Financial institution of India (RBI) to make sure that all monetary transactions ought to mandatorily be authenticated by way of SMS OTP.
Claiming that telcos have undertaken a number of measures to curb rip-off/spam calls and SMSes, the COAI pushed for the DoT to make sure that app-based communication providers additionally implement “most attainable mitigation of dangers for subscribers throughout all communication channels.”
The DoT has mentioned that the brand new directive is supposed to deal with rising digital fraud within the nation. Whereas telcos have backed the transfer, OTT communication platforms are anticipated to push again in opposition to the brand new necessities – setting the stage for one more business showdown. The Indian Specific has reached out to Meta, Telegram, Sign, and Zoho for remark.
Digital rights advocates and different stakeholders have additionally warned that the SIM-binding mandate might result in erosion of customers’ privateness, create hurdles for individuals travelling overseas, and complicate entry for many who use messaging platforms throughout a number of units, particularly in skilled set-ups.
Why is that this taking place?
At present, apps like WhatsApp confirm a consumer’s id by sending a one-time password (OTP) to their cell quantity or scanning a QR code (within the case of WhatsApp Internet). This permits customers to proceed accessing the platform on units that don’t have a SIM card. Nonetheless, in response to the DoT, this has made it troublesome to trace cyber fraudsters and forestall scams that contain hijacking a consumer’s account.
Story continues beneath this advert
“… it has come to the discover of Central Authorities that a few of the app primarily based communication providers which can be utilising cell quantity for identification of its prospects… permit customers to eat their providers with out availability of the underlying SIM inside the machine… posing problem to telecom cyber safety as it’s being misused from outdoors the nation to commit cyber-frauds,” the DoT mentioned.
What does the directive say?
Drawing its powers from the Telecommunication Cybersecurity Modification Guidelines, 2025, which had been notified in October this 12 months, the DoT has introduced digital service suppliers underneath its oversight by classifying them as telecommunication identifier consumer entities (TIUEs).
A TIUE is outlined as “an individual, apart from a licensee or authorised entity, which makes use of telecommunication identifiers for the identification of its prospects or customers, or for provisioning, or supply of providers.”
In its notices despatched to TIUEs resembling WhatsApp, Telegram, Sign, Arattai, Snapchat, ShareChat, JioChat, and Josh, the telecom division ordered these platforms to make sure, inside the subsequent 90 days, that SIM playing cards stay repeatedly linked to consumer accounts.
Story continues beneath this advert
For companion internet situations, these platforms are required to make sure customers are logged out periodically (not later than 6 hours) and should provide an choice to relink accounts by way of a QR-code-based technique. Platforms can even must ship a compliance report back to the DoT inside the subsequent 4 months.
What’s SIM binding? How efficient is it?
A number of Unified Cost Interface (UPI) apps and banking platforms already implement active-SIM guidelines to stop fraud. Earlier this 12 months, the Securities and Trade Board of India (SEBI) proposed the binding of buying and selling accounts to SIM playing cards together with necessary biometric and facial recognition checks, with the intention to be certain that solely the precise dealer might entry their account.
Nonetheless, consultants have identified that SIM-binding will not be as efficient in curbing digital fraud since scammers can at all times bypass KYC norms and procure SIM playing cards utilizing mule accounts or cast IDs. The directive has additionally drawn criticism as a result of it leaves a number of questions unanswered, resembling what occurs when a consumer upgrades their SIM from 4G to 5G, switches units, or replaces a broken SIM card.