No Active SIM, No WhatsApp? India’s New Security Mandate Raises Concerns

WhatsApp users in India might soon face changes as the government mandates linking accounts to active SIM cards to improve cybersecurity. This requirement aims to reduce online fraud, but it has sparked debates over its effectiveness and convenience for users.

Using WhatsApp without an active SIM card could soon become obsolete. New rules from the Department of Telecommunications (DoT) under the Telecommunication Cybersecurity Rules, 2025, mandate that WhatsApp accounts remain tied to a working SIM card. These measures are aimed at combating the growing issues of online fraud and spam.

New Cybersecurity Rules for Messaging Apps

The DoT has given WhatsApp and similar messaging apps 90 days to adhere to these new regulations. Part of the framework includes logging users out of the web version of the app every six hours, requiring re-authentication through a QR code. This strategy aims to limit the ability of cybercriminals to use inactive SIM cards for scams.

Under this directive, WhatsApp is now classified as a Telecommunication Identifier User Entity (TIUE), a category under Indian telecom law. This classification imposes cybersecurity and verification obligations on WhatsApp similar to those for telecom companies. The core requirement is mandatory SIM binding, which means the app must verify that the SIM card is active and in the device.

Impact on Users and Security Concerns

For over 500 million WhatsApp users in India, these rules may make the app less convenient but more secure. People using Wi-Fi-only tablets or switching devices often could face disruptions, as the SIM must remain in the phone linked to the account.

Critics, however, argue that SIM binding alone won't eliminate scams. Cybercriminals might still acquire new SIM cards with fake IDs. Despite similar verification systems for banking apps, financial fraud continues to be a concern. There are also doubts about the reliability of India's telecom subscriber database, crucial for this verification process.

Industry bodies defend the directive, asserting that the mobile number is India's most monitored identity. The Cellular Operators Association of India (COAI) stated, "The binding process between a subscriber's app-based communication service and their SIM card occurs only once during installation, after which the app continues to function independently," highlighting potential misuse.

Challenges and Outlook

According to officials, the changes will help tackle international scams. Fraudsters often use inactive SIMs from abroad for phishing or financial fraud in India. Persistent SIM verification will aim to close this loophole, enhancing security.

Despite doubts from some cybersecurity experts, the government believes these measures will improve traceability of fraudulent communication. The new rule could affect how users interact with WhatsApp, adding extra steps to stay connected.

WhatsApp has 90 days to implement these changes. If successful, users might need to ensure their SIM card is active for their WhatsApp account to function, possibly requiring more frequent logins.