WhatsApp Mandates SIM Binding in India
Starting March 1, WhatsApp requires all Indian accounts to be tied to an active SIM card. The move aims to curb fraud and spam but will impact any business using emulators, shared numbers, or non-SIM-based devices for customer or merchant accounts.
This mandate is an enforcement of the Department of Telecommunications' (DoT) Telecom Cyber Security (TCS) Rules, 2024, issued in November 2025. Communications Minister Jyotiraditya Scindia confirmed there would be no extension to the February 28 compliance deadline, citing national security and the need to combat fraud as primary reasons. The new framework requires WhatsApp to verify that the registered SIM is physically present in the primary device, reportedly performing this check every six hours. If the SIM is removed, replaced, or deactivated, the app will cease to function until the original SIM is re-inserted and verified, a significant shift from the previous "verify-once" model. A major operational change will be for desktop and web users, as the new rules mandate an automatic logout from all linked devices and web sessions every six hours. This will force businesses and professionals who rely on desktop access for customer service and team coordination to constantly re-authenticate by scanning a QR code. The directive has faced resistance from industry groups like the Broadband India Forum (BIF), which counts Meta as a member and argued the rule is disruptive and legally questionable. However, the Cellular Operators Association of India (COAI) has supported the government's move, believing it will enhance traceability and accountability. This policy effectively disrupts common business practices like using a single WhatsApp number on a shared device for customer support or deploying simple bots via a stable WhatsApp Web connection. For companies relying on these "quick hacks," workflows for sales, support, and reminders will likely break. The government's goal is to ensure every active account is linked to a KYC-verified SIM, making it harder for scammers to operate accounts from remote locations using a number authenticated only once. Financial losses from cybercrime in India reportedly exceeded ₹22,800 crore in 2024, providing strong impetus for the crackdown. For businesses seeking continuity, the primary alternative is migrating from device-based solutions to the official WhatsApp Business Cloud API. Since Cloud API accounts are not dependent on a physical phone or SIM card, they are exempt from the SIM-binding rule and the six-hour logout issue, allowing for stable, multi-agent access.
