In a major boost to digital security, the Indian government has issued directives on SIM binding for popular messaging and social platforms such as WhatsApp, Telegram, Snapchat, Signal, ShareChat, JioChat, and Josh, among others. These new rules were enacted as part of the Telecommunication Cybersecurity Amendment Rules, 2025, officially notified by the DoT.

This update introduces an entirely new regulatory category called Telecommunication Identifier User Entity, or TIUE and the platforms that fall under this category must now follow strict cybersecurity obligations. In this blog, we break down everything you should know about these new rules, how they work, and how they will impact everyday users in India.

What is TIUE and why has the government introduced it?

The new addition, according to the revised cybersecurity framework, is the category called the Telecommunication Identifier User Entity. This category will apply to apps and platforms that use a mobile number for account creation or login.

As TIUEs, they would be required to implement a set of cybersecurity rules that would better protect digital communications from fraud and other illegal activities.

The major requirement is the adoption of the MNV Platform, which will help validate whether a user's mobile number is actually attached to the SIM card currently active in a device. This prevents attackers from using cloned, inactive, or foreign SIMs to gain unauthorized access to Indian accounts.

Why Is SIM Binding Being Enforced?

The government has noticed that most of the popular messaging apps allow the user to keep their account logged in even when the SIM card used for its registration is no longer in the phone. While this may be a convenience, it also acts as an invitation to serious cyber risks.

The DoT said foreign-based cyber criminals usually use this loophole to run scams, impersonation, and financial frauds using Indian mobile numbers. With the imposition of real-time SIM linking, the government intends to cut off these vulnerabilities and ensure that accounts remain tied with a valid and active SIM inside the country.

Platforms Received the Official Directive

The DoT has officially sent the cybersecurity directions to several major platforms, including:

• WhatsApp

• Telegram

• Signal

• Arattai

• Snapchat

• ShareChat

• JioChat

• Josh

These apps are now officially recognized as TIUEs, meaning they must comply with the new SIM-binding system within the next 90 days. Failure to comply could lead to penalties or even restrictions on operations in India.

New Rules TIUEs Must Follow Under the 2025 Amendment

The new cybersecurity rules bring in several stringent requirements that will directly impact how users access these platforms. Let's break them down:

1. Compulsory SIM Binding for All Users

Apps should take care to ensure that the mobile number in an account creation process remains consistently associated with the SIM card inside the device.

In case of the SIM card being removed or replaced, the app should detect the change and log out the user automatically.

This is a big change for platforms like Telegram, which to date has allowed users to use the same account across multiple devices with no SIM verification.

2. Auto logout every 6 hours on web or browser-based use

For website or web-app access, such as WhatsApp Web, Telegram Web, Snapchat Web:

• Users must be automatically logged out every six hours.

• The platform must also provide a secure QR-code-based way of relinking accounts, if necessary.

This helps to make sure attackers do not take advantage of long sessions as a security loophole.

3. No More Using One App Account on Multiple Smartphones

The most impactful change for users:

The account will remain active only on the device with the registered SIM. Secondary device linking features may need major changes or removal to comply with this rule.

When Will the New Rule Start?

These directives are set to be fully enforced from February 2026 across all TIUE platforms.

Companies have roughly 90 days to begin compliance from the date they received the official order.

This gives developers time to:

• Build SIM verification systems

• Integrate MNV Platform

• Redesign multi-device login systems

• Implement automatic logout timers

Why Does This Matter for Users?

These rules will greatly enhance cybersecurity but will also change how Indians use messaging platforms:

✔ Less multi-device convenience

Apps like Telegram are known for seamless multi-device syncing. That will now change.

✔ Fewer long-duration web sessions

WhatsApp Web users will have to relink sessions more often.

✔ Stronger protection against fraud

Foreign scammers will find it harder to exploit Indian accounts.

✔ Apps may update login and security flows

Expect major UI and backend updates in 2025.

Will This Affect Privacy?

The government states that SIM-binding improves security without reading messages or accessing user content.

However, privacy experts argue that tying accounts to SIM cards could increase traceability and reduce user anonymity especially on apps like Telegram and Signal.

This is likely to spark public debate in the coming months, as companies implement the new rules.

The SIM-binding directive represents one of the strongest cybersecurity enforcement actions to be taken by India so far.

The government wants all apps such as WhatsApp, Telegram, and Snapchat to link user accounts directly to active SIM cards. Additionally, it wants the platforms to introduce a regular logout policy to protect users against fraud, impersonation, and cyberattacks from overseas.

These changes may affect convenience for everyone, but they are arguably what will finally bring in a more secure digital ecosystem for millions of Indian users. As February 2026 approaches, the platforms will begin to update their systems bit by bit, and users will have to adapt to the tighter regulation of communication.