The Indian government is standing firm on its directive for mandatory SIM-linking of messaging applications like WhatsApp, calling it a critical security measure. However, officials indicate a willingness to reconsider the contentious six-hour automatic logout rule for the web versions of these apps, potentially extending the session limit.
Security Imperative Drives SIM Binding Mandate
The Department of Telecommunications (DoT) issued a directive on November 28, mandating continuous SIM-binding for messaging apps. Authorities describe this as a necessary intervention to curb cybercrime and prevent foreign intelligence agencies from extracting information from India without a trace. The move follows alarming statistics showing cyber fraud losses surpassing Rs 22,800 crore in 2024, with some victims driven to suicide.
Government sources are unanimous that the DoT directions are "proportionate measures to prevent misuse of telecom identifiers, ensure traceability & protect citizens' trust in India's digital eco-system." The policy was developed after warnings from the security establishment, including the National Security Council Secretariat (NSCS), which raised the issue in December 2024.
Pushback on Auto-Logout and Legal Authority
A key point of contention has been the rule requiring the web or desktop versions of messaging apps to automatically log out users every six hours, forcing re-authentication via a QR code. Messaging platforms have resisted, arguing that "logging every 6 hours would cause unacceptable inconvenience."
In response, government officials have signaled flexibility. The six-hour limit for web sessions may be revisited and raised to 12 or 18 hours, though not beyond 24 hours. An official defended the principle, stating, "This specifically targets the long session vulnerability used in cross-border scams... Most banking and UPI apps successfully use this auto-logout security feature."
The government has also dismissed objections about its legal authority, arguing that apps like WhatsApp operate on mobile networks run by telecom service providers, who are primary Internet service providers and fall under DoT's purview.
Multi-Agency Effort Behind the Directive
The directive is the result of coordinated efforts across multiple agencies. The Ministry of Home Affairs (MHA) formed a technical sub-group in September 2024 with members from DoT, Delhi Police, MHA, MeitY, Intelligence Bureau (IB), and TRAI. This group recommended binding social media and Over-The-Top (OTT) services to mobile numbers.
Following this, in April 2025, the MHA directed IT intermediaries to implement technical measures, including SIM binding and geo-fencing, for communication apps to mitigate cybercrime threats. Furthermore, the Cellular Operators Association of India (COAI) requested SIM binding implementation in August 2025 to curb cross-border fraud and ensure national security.
Officials also countered the argument that SIM binding would burden international travelers, noting that the same users spend liberally on airline tickets and hotels abroad, making the cost of roaming services from Indian telecom providers a relatively minor concern for security.
