A regulatory shift is beginning to influence how messaging apps function in India, with new checks aimed at linking user accounts more closely to active mobile connections. WhatsApp is now preparing changes that align with these requirements, as part of broader efforts to address cyber security concerns.
WhatsApp is working on adding SIM binding support for users with Indian phone numbers, according to a feature tracker. The Meta-owned platform is taking steps to comply with directions issued by the Department of Telecom under the Telecommunications (Telecom Cyber Security) Rules, 2024. These rules require messaging apps to verify that a user’s SIM card is active and present in the device. A screenshot of the feature under development shows WhatsApp informing users that it must check whether their SIM card is inserted in their smartphone to meet regulatory requirements.
How the SIM binding feature may work
Feature tracker WABetaInfo shared a screenshot of a new popup that reads, “Due to regulatory requirements in India, WhatsApp needs to check that your SIM card is in your device.” The message was spotted in the WhatsApp beta for Android version 2.26.8.6. However, the feature itself is still under development and is not expected to roll out in the near future.
Meta is responding to a directive issued by the DoT in November 2025. The directive mandates SIM-based login verification for messaging apps that allow account sign-ups using phone numbers. This applies to platforms such as Signal and Telegram, along with WhatsApp. Under the rule, access to these apps in India will be allowed only if the registered SIM card is present in the user’s smartphone.
What it means for users and privacy
According to the feature tracker, WhatsApp will periodically renew a user’s session by checking whether the SIM card in the device matches the one used during account registration. This process will apply only to accounts registered with Indian (+91) phone numbers.
If an account fails the SIM binding check, WhatsApp will restrict access “until validation is restored.” Existing chats will remain saved, but messages not received before the failure will be preserved until verification succeeds. The DoT has said the November 2025 directive is intended to curb cyber fraud.
The directive also requires chat platforms to automatically log users out of web or desktop clients every 6 hours, with re-login through QR codes. This feature has not yet appeared in WhatsApp’s development versions, and its rollout timeline remains unclear.
Following the announcement, the Internet Freedom Foundation urged the DoT to withdraw the SIM binding mandate. The group raised concerns about privacy, lobbying by telecom operators, and potential disruptions caused by SIM damage or the need for international packs while travelling.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
