In a major move to strengthen national cybersecurity and prevent digital fraud, the Department of Telecommunications (DoT), Government of India, has made SIM-binding mandatory for all messaging apps. This includes popular services like WhatsApp, Telegram, and Arattai.
This regulatory decision, announced on November 29, 2025, is part of the Telecommunication Cybersecurity Amendment Rules, 2025. The main goal is to close security loopholes in mobile app identification that cybercriminals exploit.
DoT Mandates SIM-Linking for Messaging Apps: New Telecom Cybersecurity Rules 2025 Explained
Key Requirements of the New SIM-Linking Rule
The DoT directive requires all App-Based Communication Service providers to implement the following mandatory measures:
- Continuous SIM-Binding: The app’s services must be available only when it is actively linked to the specific SIM card installed on the user’s device.3
- Web-Based Session Restriction: Web or desktop versions of the apps must automatically log out users periodically (at least every six hours).4
- Secure Re-login: Re-login to web versions must be done only through QR code scanning which is linked to an active SIM.5
Platforms have been given 90 days to implement all compliance measures and must submit detailed compliance reports within 120 days.6
Why was this Rule Introduced?
The mandate addresses a critical security gap: many messaging platforms allowed services to continue even if the SIM card was removed. This enabled cybercriminals to misuse Indian mobile numbers from foreign locations without proper authentication.
This lack of SIM-dependency has been exploited for:
- Account hijacking and identity spoofing.
- Bypassing verification processes.
- Conducting scams and security breaches.
The new rule aims to curb the fraudulent usage of Indian telecom identifiers by domestic and foreign actors.7
Legal Framework
The mandate is legally supported by:
- Telecommunications Act, 2023
- Telecom Cyber Security Rules, 2024 (Amended)
- Telecommunication Cybersecurity Amendment Rules, 2025
Non-compliance can result in legal action, penalties, or suspension of services under the applicable laws.8
Impact on Users and Platforms
| Entity | Impact |
| Messaging Platforms | Must modify core architecture for real-time SIM authentication; implement secure logout protocols; maintain logs for compliance. |
| Users | Cannot access services without the original, active SIM card in the device; web sessions will auto-logout every six hours, requiring revalidation. |
This move is part of India’s wider vision to secure its digital identity infrastructure and telecom ecosystem against growing cyber fraud linked to spoofed numbers and cloned apps.
Question & Answer
Q1. Which government body mandated mandatory SIM-linking for messaging apps in India?
A) TRAI (Telecom Regulatory Authority of India)
B) RBI (Reserve Bank of India)
C) DoT (Department of Telecommunications)
D) MEITY (Ministry of Electronics and Information Technology)
Answer: C) DoT (Department of Telecommunications)
Explanation: The directive for mandatory SIM-binding was issued by the DoT as part of the new cybersecurity norms.
Q2. What is the maximum time allowed for the web version of a messaging app to remain logged in before mandatory re-login, according to the new DoT rules?
A) 12 hours
B) 24 hours
C) 6 hours
D) 48 hours
Answer: C) 6 hours
Explanation: Apps must log out users every six hours, allowing re-login only through QR code scanning linked to an active SIM.
Q3. The new SIM-linking mandate is primarily aimed at curbing which type of activity?
A) Tax Evasion
B) Telecom Cyber Fraud
C) Illegal International Calls
D) Data Storage Violations
Answer: B) Telecom Cyber Fraud
Explanation: The mandate aims to prevent fraud involving misuse of Indian mobile numbers, often operated from foreign locations.
Q4. Within how many days must messaging platforms implement the new SIM-binding compliance measures?
A) 60 days
B) 120 days
C) 90 days
D) 180 days
Answer: C) 90 days
Explanation: Platforms must comply within 90 days from the announcement date (November 29, 2025).
Q5. Which legal act provides the primary foundation for the new Telecommunication Cybersecurity Amendment Rules, 2025?
A) Information Technology Act, 2000
B) Telecommunications Act, 2023
C) Data Protection Act, 2023
D) Indian Penal Code
Answer: B) Telecommunications Act, 2023
Explanation: The Telecommunications Act, 2023 forms the legal basis for the new Cybersecurity Amendment Rules.
🔗 Other Useful Links:
📌 Latest Government Job Vacancies
📌 Latest Exam Results
📌 Free Mock Tests
.jpg=w704-h396-p-k-no-nu?w=1024&resize=1024,1024&ssl=1 "Meet Matti Makkonen: The Finnish Engineer Known as the Father of SMS")
.jpg=w704-h396-p-k-no-nu?w=1024&resize=1024,1024&ssl=1 "NADA Suspends Manju Bala and Other Athletes in Major Anti-Doping Action")
_11zon.jpg=w704-h396-p-k-no-nu?w=1024&resize=1024,1024&ssl=1 "IMF Projects India’s Economy to Grow at 6.6% in FY 2025-26")
.jpg=w704-h396-p-k-no-nu?w=1024&resize=1024,1024&ssl=1 "President Droupadi Murmu Presents Shilp Guru & National Handicrafts Awards 2023–24")