The length of time you can remain signed into WhatsApp Web and other online messaging applications like Telegram, Signal, Arattai, and Snapchat will now be determined by the Center’s new SIM-binding regulations. The active SIM card associated with the user’s mobile number must be physically present in the device for the apps to function. WhatsApp, Telegram, Signal, Arattai, Snapchat, Sharechat, Jiochat, and Josh are among the app-based communication services available in India, according to a Department of Telecommunications (DoT) statement.
“From 90 days of issue of these instructions, ensure that the web service instance of the Mobile App, if provided, shall be logged out periodically (not later than 6 hours) and allow the facility to the user to re-link the device using QR code,” the DoT announced as part of the new mandate. It was issued on November 28, 2025, and it went into effect right away.
Additionally, it stipulates that apps must always be connected to the physical SIM card associated with the phone number: “From 90 days of issue of these instructions, ensure that the App based Communication Services is continuously linked to the SIM card (associated with Mobile Number used for identification of customers/users or for provisioning or delivery of services) installed in the device, making it impossible to use the app without that specific, active SIM.”
According to the DoT, the problem occurs when App Based Communication Services operate on devices that lack the necessary Subscriber Identity Module, posing a risk to telecom cyber security. The department claims that this vulnerability is being used by people outside of India to commit cybercrimes. In order to avoid misuse of telecom identifiers and safeguard the security and integrity of the telecom ecosystem, it also stated that the problem has been discussed with major service providers for months and that these directives were required due to the growing gravity of the danger.
All TIUEs that utilise mobile numbers to identify users or provide services have been instructed by the Department of Telecommunications to adhere to the new regulations. After the directives are issued, these platforms have 120 days to submit their compliance reports to the DoT. The Telecommunications Act of 2023, the Telecom Cyber Security Rules of 2024 (as modified), and other relevant legislation shall be applied to any noncompliance.
