No WhatsApp Use without an Active SIM Card as Centre Rolls Out New Cybercrime Prevention Policy
Synopsis:
The Indian government mandates WhatsApp accounts to remain tied to active SIM cards to strengthen cybersecurity. Although this action is intended to lessen online fraud, its efficacy and user-friendliness have drawn criticism.
It may soon be impossible to use WhatsApp without a SIM card. WhatsApp and other messaging apps are at the center of the new regulations that the Indian government is implementing to strengthen its cybersecurity framework. The Telecommunication Cybersecurity Amendment Rules, 2025, announced by the Department of Telecommunications (DoT), demand that every WhatsApp account stay linked to an active SIM card at all times. The action attempts to reduce online fraud, impersonation, and spam that have been rising dramatically across digital platforms.
WhatsApp and similar apps will have ninety days to comply with these laws. The new framework also provides a rule for automatic logouts on web versions of the app after six hours, after which users must re-authenticate via QR code. Officials believe these changes will make it difficult for fraudsters to operate anonymously or misuse inactive SIM cards to swindle customers.
What is the new rule?
WhatsApp is now categorized as a Telecommunication Identifier User Entity (TIUE), a newly established category under Indian telecom legislation that expands regulatory control beyond conventional cell providers, in accordance with the new direction. This means WhatsApp must now follow a set of cybersecurity and verification responsibilities, comparable to those of telecom firms.
Mandatory SIM binding is at the core of the regulation. In practice, this means the app must regularly check that the associated SIM card remains active and plugged into the device. If the SIM is removed, replaced, or disabled, WhatsApp will stop functioning.
The DoT has asked WhatsApp and other messaging providers like Telegram, Signal, and Snapchat to install this mechanism within three months. The restriction is additionally applicable to the web version of WhatsApp, which will now log users out instantly every 6 hours to avoid security concerns from unattended browser sessions. Users will need to scan a QR code again to regain access.
According to the administration, these steps will facilitate the identification of fake communications. “The binding procedure between a subscriber’s app-based communication service and their SIM card occurs only once throughout installation, after which the app remains to run independently,” the Cellular Operators Association of India (COAI) said in a statement to MediaNama. “This creates opportunities for misuse,” it noted, suggesting that persistent SIM verification will shut this loophole.
Officials also think the measures would help combat foreign scams, since fraudsters frequently use inactive or disconnected SIMs from outside to conduct financial fraud or phishing attacks in India.
How does it affect WhatsApp users in India?
For WhatsApp’s more than 500 million users in India, the new limitations could make the software slightly less convenient but perhaps more secure. Due to WhatsApp’s requirement that the SIM card be physically present in the phone associated with the account, users who rely on Wi-Fi-only tablets or often switch devices may experience difficulties.
While some cybersecurity professionals suggest the measure could help assure better traceability, others are not convinced. Critics contend that since fraudsters can still obtain fresh SIM cards using fictitious or borrowed IDs, SIM binding alone is insufficient to prevent scams. Additionally, they note that financial fraud persists despite the existence of comparable authentication procedures for banking and UPI apps.
The accuracy of India’s telecom subscriber database, which serves as the foundation for the verification procedure, is another issue. Experts observe that identity fraud incidents have not substantially decreased despite the introduction of a facial recognition system and video KYC in 2023.
However, industry associations have stood by the new directive. The COAI told MediaNama that the cellphone number maintains India’s “most updated and monitored identity,” adding that the government’s objective is to “squeeze more juice out of this national resource” to strengthen cybersecurity and user responsibility.
For now, WhatsApp has 90 days to make the modifications. If deployed as intended, users could soon discover that their WhatsApp account works only as long as their SIM does, and remaining connected might come with a few extra logins along the way.
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blogs, he also writes for brands including Craw Security, Bytecode Security, and NASSCOM.
Read More:
About Author
English