SIM binding rule splits tech firms and telecom companies down the middle

Days after the department of telecommunications (DoT) directed communication apps such as WhatsApp, Telegram and Signal to bar users without active SIM cards from accessing their services, tech companies and industry bodies including the Internet and Mobile Association of India (IAMAI) and the Broadband India Forum (BIF) have pushed back against the move.

Telecom operators, however, have welcomed the ‘SIM binding’ rule, terming it a “necessary security measure”. The government’s own justification for mandating SIM binding is that it would curb cyber fraud.

Currently, apps such as WhatsApp allow users to continue accessing their services even if they remove the SIM card from their device. This, the government argues, makes it easier for people both inside and outside the country to use these apps for fraud.

The tech industry bodies, which represent big tech companies and startups, have asked DoT to reconsider its mandate for continuous SIM binding in smartphones, saying this would have an adverse impact on many micro, small and medium enterprises (MSMEs).

An IAMAI statement on Tuesday read, “Mandatory periodic logouts would interrupt ongoing conversations, delay responses, and disrupt daily business workflows. Moreover, the directions might also pose challenges to the use of such applications during international travel, use of dual SIMs, or secondary devices such as laptops.” As for preventing cyber fraud, IAMAI said “there is limited evidence that SIM-binding or mandatory logouts would meaningfully reduce” such fraud.

The industry body, which represents more than 750 Indian and multinational firms, in a letter dated 8 December to communications minister Jyotiraditya Scindia urged DoT to reconsider and withdraw the directions for continuous SIM-binding. IAMAI argued that the domestic fraud clusters could remain largely unaffected, since scammers frequently obtain SIM cards using fake or borrowed IDs, use them briefly, and discard them.

SIM binding raises hackles

In a letter dated 28 November, DoT had asked the companies that own the messaging apps WhatsApp, Telegram, Signal, Arattai, Snapchat, Sharechat, Jiochat, and Josh to ensure that their services remained linked to users’ SIM cards and phone numbers. This means a user without an active SIM card in their phone should not be able to use these apps.

Companies must also ensure that users are automatically logged out of the web versions of these apps every six hours, and can only log back in by re-linking their device using a QR code, it said. The DoT issued these directions under the Telecommunications (Telecom Cyber Security) Rules, 2024, which were amended in October 2025. Companies have been given until 28 February 2026 to comply with the directions. They also have to submit compliance reports to the DoT within 120 days from when the directions were issued.

IAMAI’s concerns mirror those of India Broadband Forum, which represents companies such as WhatsApp, Google and Meta. On 1 December, DoT said it had held several discussions with major app-based communication platforms on the importance and feasibility of SIM binding. “Mandatory SIM binding, already standard in banking/UPI systems, will now extend to communication apps to counter phishing, digital arrest, impersonation and investment scams,” it said.

The next day, the Broadband India Forum issued a statement that read, “It is disappointing that directions of such far-reaching operational impact have been issued with such short implementation timelines, without any form of public consultation or user-impact assessment,” it said.

BIF argued that the Telecommunications Act did not authorise the regulation of OTT communication platforms, nor provide the legislative basis to impose telecom-style operational mandates on them. “Yet, under the guise of the Telecom Cyber Security Amendment Rules and without any public consultation, the present SIM-binding directions extend precisely such obligations, that too on a select set of applications,” it said.

The two tech industry bodies also raised companies’ concerns about the difficulty in implementing the directions owing to technical challenges such as operating system-level restrictions (particularly in iOS), as well as dual-SIM and eSIM complexities.

Telcos welcome the move

Meanwhile, telecom operators, represented by the Cellular Operators Association of India (COAI), said tech companies were overstating their concerns and welcomed the SIM-binding rules. “SIM binding is a layered defence, strengthening one of the most common and easily exploited vulnerabilities in digital communication. SIM binding closes important and critical loopholes and is a step in the right direction in the current environment,” COAI said in a statement last week.

Telecom operators also argued that the narrative that SIM binding would inconvenience users — particularly overseas travellers — wasn’t borne out by the facts. “SIM binding is already a standard feature in widely used digital authentication systems such as UPI and payment applications, where the SIM only needs to be present and active in the device and does not require active mobile data,” COAI said. It added that the security benefits gained from automatically logging users out of the web versions of these apps every six hours would far outweigh any inconvenience to users.

“SIM binding does not disrupt enterprise messaging, CRM (customer relationship management) systems, APIs or business workflows. It operates purely at the user-account level, ensuring that each account is tied to a verified SIM,” COAI argued, adding that concerns around privacy were also misplaced.