The Department of Telecommunications (DoT) has issued a new directive requiring popular messaging and app-based communication platforms to remain continuously linked to the active SIM card in a user’s device. The move, aimed at tackling rising cyber fraud and improving traceability, gives OTT communication apps a 90-day deadline to comply. Non-compliance could attract penal action under existing telecom cybersecurity rules.
The mandate closes a loophole that allowed apps such as WhatsApp and Telegram to continue working even after a SIM was removed, replaced or deactivated. This gap, authorities say, has been widely exploited for anonymous misuse and fraud. Under the new rule, communication apps must maintain continuous binding with the mobile number used at registration.
Industry body COAI has strongly supported the government’s decision, calling it a major step toward strengthening national security. Lt Gen Dr SP Kochhar, Director General, COAI said the industry welcomes the measure: “COAI welcomes and commends the Department of Telecommunications (DoT) for taking a landmark step towards bolstering National Security and safeguarding our citizens, by mandating SIM-binding for devices for App based Communication Services. In its recent directive, the DoT has called for SIM binding to prevent the misuse of telecommunication identifiers or telecommunication equipment or telecommunication network or telecommunication services to further reinforce telecom cyber security. This mandate requires that the App based Communication Services must remain continuously linked to the SIM card, which is associated with the Mobile Number used for identification of customers/users or for provisioning or delivery of services. Such continuous linkage ensures complete accountability and traceability for any activity undertaken by the SIM card and its associated Communication App, thereby closing long-persistent gaps that have enabled anonymity and misuse.”
He added: “COAI congratulates the Department of Communications, Government of India on introducing this first in the world regulatory measure, wherein App based Communication Services have been directed to be bound with the SIM for safety and consistency measures. COAI has been strongly advocating to bind communication apps with Mobile SIMs for strengthening national security and cyber fraud prevention and believe that this is a much-needed initiative in ensuring consumer trust, accountability, traceability and further alignment with evolving regulatory frameworks. At present, app-based communication services link to a subscriber’s mobile SIM card only once during initial installation and verification. Thereafter, these applications continue to function even if the SIM is removed, replaced or deactivated – creating significant scope for fraud. The new directive mandates that all relevant communication apps ensure continuous linkage between the application and the SIM/phone number used for registration, thereby creating a more accountable digital environment by curbing anonymous misuse and protecting users in the online space.”
He further stated that COAI firmly believes that this mechanism will significantly reduce spam and fraudulent communications perpetrated through these platforms and help mitigate financial frauds: “Telecom operators stand fully committed to supporting seamless implementation of this directive. Telecom operators have already instituted a very wide spectrum of initiatives to curb spam and fraudulent communication on SMS’s and calls. COAI urges DoT to recommend similar adherence of measures on App based Communication Services too, so as to ensure maximum possible mitigation of risks for subscribers across all communication channels. Moreover, COAI urges DoT to engage with the Reserve Bank of India (RBI) to ensure that for all financial transactions, the primary factor of authentication should mandatorily be through SMS OTP, which continues to remain the most secure, operator verified channel with guaranteed traceability. Strengthening this requirement will create a consistent and secure authentication framework across the financial ecosystem, further reducing the risk of fraud and reinforcing consumer trust.”
