All the apps that people use to communicate online are about to undergo a major change. Last month, the Department of Telecommunications (DoT) gave messaging platforms like WhatsApp, Telegram, Signal, and Snapchat 90 days to implement SIM-binding. The directive was issued to major app-based communication services, to implement SIM binding to prevent cyber-frauds.
What is Sim-Binding?
SIM binding is a security mechanism that links the digital identity of a user or application access to the SIM card present in their mobile device. It ensures that an app or service will only function when the specific SIM card used during registration is present in the device and in active status.
What’s the new rule?
Currently, some apps allow users to operate without the SIM linked to their Indian mobile number, which is being exploited for cross-border digital scams. Under the new rules, apps must remain continuously linked to the SIM, log out web instances every six hours, and allow re-linking via QR code. The department in a press release, stated that implementation must be completed within 90 days, with reports submitted in 120 days.
This rule, which will come into effect in February 2026, also stipulates that the web versions of these apps will automatically log out every six hours, and users will need to scan a new QR code to access them again. Opinions differ among the country’s telecom industry and technology companies on why this change is being made. Let’s explore what each party is saying and their arguments.
COAI vs BIF
The Cellular Operators Association of India (COAI) has welcomed the government’s directive mandating SIM-binding for app-based communication services, asserting that the move is a necessary security safeguard that will not compromise user convenience or privacy.These include companies like Reliance Jio, Airtel, and Vodafone-Idea. COAI believes that SIM-binding will create an unbreakable link between the user, mobile number, and device. This could significantly help prevent spam, fraudulent calls, and online fraud.
The association also clarified some of the misconceptions circulated regarding SIM-binding requirements for App based communication services .It emphasised that SIM-binding is already widely used across digital authentication systems such as UPI and payments applications. According to COAI, the mechanism only requires the SIM to be present and active in the device not necessarily connected to mobile data making it practical even for international travellers.
On the other hand, the Broadband India Forum (BIF) is calling this rule “problematic.” Its members include Meta, Google, and several other tech companies. They have alleged that the government issued such a broad directive without detailed consultation or study. Critics question whether SIM-binding will truly prevent fraud when fraudsters use SIM cards obtained under fake or stolen identities.
Some FAQs about Sim-binding and the new rule
What is COAI’s stance on SIM-binding for users abroad or with single-SIM devices?
COAI has dismissed concerns, stating that keeping the Indian SIM in a secondary slot allows seamless use of communication apps over Wi-Fi or with a local SIM card.
Why is SIM-binding considered essential according to COAI?
According to the association, SIM-binding is important to prevent misuse of communication platforms by fraudsters or non-state actors operating from outside India. It ensures traceability and limits opportunities for unverified or untraceable accounts.
Does SIM-binding violate user privacy or require additional data collection
COAI has clarified that SIM-binding does not expand data collection or create new metadata categories. It only ensures the SIM linked to the user’s identity is present during periodic authentication, similar to the UPI model.
Why is the six-hour reauthentication required for laptops and tablets?
Time-bound logins are common in identity-sensitive systems such as banking platforms, DigiLocker, and VPNs. Periodic authentication ensures accountable access for devices that are multi-user and higher-risk.
Will SIM-binding affect enterprise messaging systems, APIs, or business tools?
SIM-binding applies only at the user account level, ensuring each account corresponds to a verified SIM without affecting backend business processes.
