The Department of Telecommunications (DoT) in India has issued a new directive mandating that popular Over-The-Top (OTT) communication apps, including WhatsApp, Telegram, and Signal, must implement “continuous SIM-binding” for their user accounts. This means that these messaging services will only function if the device contains the active SIM card linked to the user’s profile.
The directive, sent to major platforms, including those operated by Meta and Snap Inc., is framed as a crucial cybersecurity measure designed to curb the rampant rise of digital fraud and high-volume, automated scams in the country. By ensuring traceability and accountability, the government hopes to close the anonymity gaps often exploited by fraudsters. Furthermore, the rule also mandates that companion web versions of these apps (like WhatsApp Web) must require users to re-link their accounts every six hours.
However, the move has ignited significant concerns across the tech industry and among digital rights advocates, who view it as a significant instance of regulatory overreach by the DoT. Experts note that the regulation of online messaging apps has traditionally fallen under the jurisdiction of the Ministry of Electronics and Information Technology (MeitY). The DoT’s use of the recently enacted Telecommunications Act, 2023, to impose operational restrictions on these apps suggests an expansive interpretation of its regulatory power.
One of the most immediate concerns is the potential impact on user experience and liability. Continuous SIM-binding would complicate access for users who legitimately use messaging platforms across multiple devices, such as in professional settings. More critically, legal experts warn that the mandate could create a “significant risk for presumption” that the SIM card holder is liable for any fraudulent activity on their account, shifting the burden onto the user.
While telecom operators have welcomed the directive as a vital, first-in-the-world measure to enhance cyber security, industry groups representing the OTT platforms are urging the DoT to pause implementation. They have called for formal public consultation and the formation of a technical working group to explore less intrusive and more technically feasible solutions. The core debate revolves around finding a balance between strengthening security against digital fraud and preventing an unnecessary intrusion into the functioning of digital services and user privacy.
