Understanding the DoT's New SIM-Binding Rules for Mobile Apps

The Department of Telecommunications' New Directive

In December 2025, the Department of Telecommunications (DoT) announced new regulations targeting major mobile application-based communication services. This directive includes widely used platforms such as WhatsApp, Telegram, Signal, Snapchat, ShareChat, JioChat, Josh, and Arattai.

The primary goal of this initiative is to enforce mandatory SIM (Subscriber Identity Module) binding and periodic logout for web sessions, as outlined in the Telecom Cybersecurity Amendment Rules, 2025. This move aims to safeguard telecom identifiers and mitigate large-scale cyber frauds exploiting Indian mobile numbers.

Key Details of the Announcement

The DoT's directive includes several critical measures for app providers:

• Mandatory Continuous SIM-Linking: Applications must remain continuously linked to the user’s active India-based SIM. Access will be blocked if the SIM is removed or becomes inactive.
• Periodic Web Logout and Re-linking: Web and desktop versions of apps must automatically log out every six hours. Users will need to re-link via QR (Quick Response) codes to prevent misuse of persistent sessions.
• Reporting and Compliance Timeline: Companies are required to implement these measures within 90 days and submit compliance reports to the DoT within 120 days.

Purpose and Significance of the Directive

The DoT's regulations aim to:

• Curb Cross-Border Cyber Frauds: The measures are designed to prevent SIM-less app misuse that can lead to phishing attempts, digital arrests, impersonation, and fraudulent investment schemes from abroad.
• Enhance Traceability and Accountability: By linking every account to a live, KYC-verified number, it becomes easier to detect and act on fraudulent activities.
• Strengthen Public Trust: Implementing uniform, verifiable security measures increases citizen confidence in using app-based communication platforms safely.

Impact on Service Providers

The new regulations will lead to several significant changes for service providers:

• Standardization Across Platforms: Ensures that all major communication apps adhere to uniform cybersecurity requirements.
• Operational Adjustments: Providers will need to update their app architecture and authentication systems. While this may incur additional costs, it ultimately enhances user safety.
• Support for Roaming and Multi-SIM Users: The measures will maintain usability for users with roaming and dual-SIM devices while preventing misuse from unauthorized SIMs.

Frequently Asked Questions (FAQs)

Q1. What is the primary purpose of the DoT's new directive for mobile apps?
Answer: The primary purpose is to enforce mandatory SIM-binding and periodic web logout to enhance cybersecurity and prevent telecom frauds.

Q2. What are the compliance timelines set by the DoT for these new rules?
Answer: Companies must implement the measures within 90 days and submit compliance reports to the DoT within 120 days.

Q3. How will the new rules affect user safety on communication apps?
Answer: The new rules aim to enhance user safety by linking accounts to KYC-verified numbers, making it easier to detect and prevent fraud.

Q4. Will the new regulations support users with multiple SIM cards?
Answer: Yes, the regulations are designed to maintain usability for users with roaming and dual-SIM devices while preventing unauthorized SIM usage.

Q5. What role do QR codes play in the new web logout process?
Answer: QR codes are used for re-linking users to their accounts after automatic logout, preventing misuse of long-lived sessions.

UPSC Practice MCQs

Question 1: What is the main objective of the Telecom Cybersecurity Amendment Rules, 2025?
A) To increase mobile app downloads
B) To enforce SIM-binding and periodic logout
C) To promote social media usage
D) To reduce internet costs
Correct Answer: B

Question 2: How often must web versions of communication apps log out under the new rules?
A) Every 12 hours
B) Every hour
C) Every 6 hours
D) Every day
Correct Answer: C

Question 3: What is required from companies within 90 days of the directive?
A) Increase their user base
B) Implement the new cybersecurity measures
C) Reduce service costs
D) Launch new features
Correct Answer: B

Question 4: What does KYC stand for in the context of these regulations?
A) Know Your Client
B) Keep Your Connections
C) Knowledge of Your Country
D) Know Your Cybersecurity
Correct Answer: A

Question 5: Which of the following is a key requirement for app providers under the new rules?
A) Continuous SIM-linking
B) Free access for all users
C) No logout requirements
D) Unlimited access to data
Correct Answer: A