India has over 100 crore smartphone users, and apps like WhatsApp, Telegram, and Signal have become an inseparable part of our lives. However, along with the growth of this technology, cybercrimes have also taken on new forms. Specifically, crimes like ‘Digital Arrest’, online fraud, and crimes using fake identities have increased. This issue has been discussed multiple times in the Supreme Court of India, various High Courts, Parliament, and state assemblies regarding measures to curb it. In this backdrop, the Central Government’s Department of Telecommunications has announced strict new regulations under the newly introduced “Telecommunications (Telecom Cyber Security) Rules, 2024” on November 28th. This article explains in simple terms the flaws in the current system, what ‘SIM Binding’ means, what these new rules are, and how they will affect your daily mobile usage.
How fraudsters misuse Indian mobile numbers :-
Fraudsters—usually sitting outside India—illegally obtain Indian mobile numbers. Using the OTP that comes to these numbers, they create a WhatsApp account. After that, they throw away the SIM or switch it off. But the WhatsApp account stays active. Using this, they call Indian citizens, threaten them and extort money. Since the SIM is not inside any phone, police cannot track the location or identify the criminal. In digital arrest scams, fraudsters make video calls through WhatsApp or Skype and say things like:
- “There are drugs in a parcel booked in your name.” or
- “Your Aadhaar is being used for illegal money transfers.”
They keep the victim under “online custody” and force them to pay money to avoid “arrest”. Many people lose lakhs of rupees this way.
What is SIM Binding?
If you use PhonePe, Google Pay or BHIM, you already know this. These UPI apps work only if the SIM linked to your bank account is inside the phone. The moment you remove the SIM, the UPI app stops working. This is called SIM binding. It is not just a software check—each SIM card has a unique cryptographic code. When you install an app, the app reads this code and links it to its server. So your phone number is not just “a number”; it becomes a digital identity tied to your physical SIM card. This technology is not new—UPI apps and banking apps already use it. Now, the government is extending the same security model to WhatsApp and Telegram too.
Key Highlights of the New Rules :-
The Department of Telecommunications has issued a strict order to OTT messaging apps like WhatsApp and Telegram. Simply put, for these apps to work from now on, your phone must have an active SIM card inside it. ‘SIM Binding’ technology has now been made mandatory for WhatsApp and Telegram; going forward, the SIM card of the number you used to open WhatsApp must be in the phone. If you remove the SIM, WhatsApp will shut down. The government has given companies a 90-day deadline to implement these changes.
According to the government notification, the major changes are as follows :
- SIM must always stay in the phone : After you create a WhatsApp account, you cannot remove the SIM from the phone. Once removed → WhatsApp must stop working. This will stop the old habit of using WhatsApp on Wi-Fi without a SIM.
- Changing SIM may log you out : If you insert a new SIM, WhatsApp may logout automatically and ask you to re-register.
- WhatsApp Web auto logout every 6 hours : If you use WhatsApp Web on your office laptop, it will now logout every 6 hours. You must scan the QR code again to login.
- International travel becomes harder : Usually when people travel abroad, they remove the Indian SIM and insert a local SIM but still use WhatsApp with the Indian number. Now this won’t work. To use WhatsApp abroad: You must keep the Indian SIM in your phone, and Possibly keep international roaming, or Use a dual-SIM phone.
- Prevents frauds from foreign countries : Fraudsters sitting abroad use Indian SIMs for scams and discard the SIM. With SIM binding, WhatsApp cannot run without the SIM, stopping these scams.
- Telecom companies’ responsibilities : The new rules require telecom companies to:
- Implement a cyber-security policy
- Report security incidents within 6 hours
- Submit a detailed report within 24 hours
- Appoint a Chief Security Officer who must be an Indian citizen
- IMEI registration made compulsory : Every phone made in India — and every phone imported to India — must have its IMEI registered before manufacture or import.
- Penalties and compliance : Messaging apps must submit a compliance report within 120 days. If they fail to follow the rules, they may face heavy fines or even suspension under the Telecom Act 2023.
- Central system to verify mobile numbers : Banks or apps should be able to check whether a mobile number given by a user truly belongs to that user. For this, the government will upgrade the Sanchar Saathi platform or create a new central verification system.
- If someone uses a cloned / duplicate IMEI phone, the network must immediately block it.
How will this affect the common man?
This rule might cause some hurdles in our daily lives like :
- Multiple Device Usage : Some people use the same WhatsApp account on both a mobile and a tablet. They used to use WhatsApp on the tablet via Wi-Fi even without a SIM; this might become difficult going forward.
- Foreign Travel : When you go abroad, you remove the Indian SIM and insert that country’s SIM. Then your old WhatsApp number might stop working, which will be a big headache for tourists.
- Office Work : Those using WhatsApp Web on computers in offices will have to login at least 2-3 times a day, which can be irritating.
- SIM Card Safety: From now on, a SIM card is not just a tool for making calls; it is like your ‘Digital Key’. If your SIM card/phone is lost, get it blocked immediately, otherwise both your WhatsApp and bank accounts could be in danger.
Initially, SIM binding and frequent logins might feel annoying. However, these rules are positive steps taken by the government to protect common people from cybercrimes like Digital Arrest, SIM-swap, SIM cloning, WhatsApp sextortion, and WhatsApp/Telegram hijacking/hacking.
Conclusion :-
This is a huge step taking the country’s digital communication towards another level of safety; the government hopes WhatsApp becomes as safe as banking apps. However, it is certain that this will cause some inconvenience to common users; the Cellular Operators Association of India (representing Jio, Airtel, Vodafone) has welcomed this, but the ‘Internet and Mobile Association of India’ representing companies like Google and Meta (owners of Facebook, WhatsApp) has expressed concern over the scope of these rules.
Cyber law experts and digital rights activists have expressed anxiety that these rules might increase government surveillance. In the future, this is likely to cover not just messaging apps but also E-commerce, Fin-tech, and other digital platforms. Implementing this new system requires a massive amount of technical changes and investment. We have to wait and see how messaging apps like WhatsApp and Telegram adapt to this rule in the next 3 months. As citizens, it is our responsibility to cooperate with these safety measures and stay alert