Cybersecurity is definitely the hour of need, and clearly, the Indian government is trying to install new rules and laws to ensure that’s possible. A new directive by the Department of Telecommunications (DoT) will soon affect the way users can operate apps like WhatsApp, Signal, Telegram and more.
One of the changes could be the binding of a WhatsApp account to a SIM card and the web session logging out every six hours. This is because WhatsApp and other messaging platforms must constantly verify that the SIM card originally used for registration remains active.
The consequence: even if your WhatsApp Web was stable earlier, the new rules if approved, will mandate you re-authenticate every six hours, fundamentally changing how users interact with the service.
What Is This New Rule?
The Government of India’s Department of Telecommunications (DoT) has come out with new rules under the Telecommunication Cybersecurity Amendment Rules, 2025.
Under the new framework, messaging services such as WhatsApp, Telegram, Signal, Arattai, Snapchat, Sharechat, Jiochat, and Josh, and others are now classified as “Telecommunication Identifier User Entities (TIUEs),” meaning they must adhere to telecom-style rules for user verification.
According to a government release, it is stated, “It has come to the notice of the Central Government that some of the app based communication services that are utilising mobile numbers for identification of their customers or for provisioning or delivery of services allow users to consume their services without availability of the underlying Subscriber Identity Module within the device in which the app based communication service is running, and this feature is posing a challenge.”
Read More: How To Protect Yourself From Deepfakes Which Can Steal Your Privacy And Peace
Essentially, the SIM card used to verify your phone number at the time of account creation must remain in the phone for WhatsApp to work. If the SIM is removed, replaced, or deactivated, the apps must stop functioning on that device.
Currently, most such platforms use the process of sending a one-time password (OTP) to the user’s mobile number to verify their identity.
However, under the new directive, they will have to access the IMSI of their SIM cards. IMSI is the International Mobile Subscriber Identity, a unique number present on a SIM card that identifies every mobile subscriber globally.
Beyond just the smartphone app, the ruling also targets companion platforms like WhatsApp Web. The directive mandates that web sessions must automatically log out at least once every six hours, forcing users to re-authenticate — typically via QR code — to continue.
Messaging platforms have been given 90 days to comply with the new norms. In practical terms, this means that unless the regulations are revised, the auto-logout behaviour and SIM verification requirements are now likely to be part of the everyday experience of WhatsApp users in India.
The Cellular Operators Association of India (COAI), which represents all three private telcos, had said in a statement, supporting this said, “Presently, the binding process between a subscriber’s app-based communication services and their mobile SIM card occurs only once during the initial installation and verification phase, after which the application continues to function independently on the device even if the SIM card is later removed, replaced or deactivated.”
Users are a bit sceptical about this and how this might create problems for regular people. One user wrote on X/Twitter that, “Sim binding rule shall be a major disruption for professionals and businesses using web accounts of WhatsApp etc. It won’t eliminate the fraud completely, as Sim Cloning / Sim Spoofing will still work.”
Image Credits: Google Images
Sources: The Economic Times, Mint, The Indian Express
Find the blogger: @chirali_08
This post is tagged under: WhatsApp, WhatsApp web, WhatsApp india, Department of Telecommunications, cybersecurity, cyber fraud, technology, whatsapp news, whatsapp india news
Disclaimer: We do not hold any rights or copyright over any of the images used; these have been taken from Google. In case of credits or removal, the owner may kindly email us.
Other Recommendations:
Meta’s Project Mercury: What Social Media Risks Did It Expose Due To Which It Was Killed?
