India’s Department of Telecommunications has ordered messaging apps to remain continuously bound to an active, KYC verified SIM card. If the SIM is removed, deactivated or swapped, the app must stop working until reverified. Web and desktop sessions must auto log out every six hours. Platforms have ninety days to comply or face penalties or shutdowns.
This applies to WhatsApp, Telegram, Signal and any service that uses an Indian mobile number as an identifier. India is not nudging platforms. It is forcing messaging to behave like a telecom service.
What India Just Mandated
The rule is simple and brutal. No active SIM, no messaging. Long lived web sessions are banned. Accounts must constantly prove they are tied to a verified number installed on the device. International travel, eSIM swaps and dual SIM setups become failure modes by design.
This is not a narrow anti fraud tweak. It is a structural change that makes the phone number the permanent gatekeeper of communication.
Fraud Is the Cover Story
India says this closes loopholes used by scammers. That is convenient and misleading. Criminals adapt. They always do. What does not adapt is ordinary users who lose access when they travel, change SIMs or try to keep their identity compartmentalised.
The pattern is obvious. UPI first. Mandatory KYC everywhere. Now messaging. Each step is sold as safety. Each step centralises identity with telecoms and the state. Privacy becomes suspicious by default.
What This Actually Breaks
This breaks anonymous messaging. It breaks burner numbers. It breaks desktop workflows. It breaks journalists and activists who rely on separation. It breaks diaspora users and anyone who crosses borders. It turns telecom operators into identity authorities for speech.
Apps that cannot or will not comply face a choice. Build surveillance plumbing or leave India. Signal has already warned that SIM binding collides with end to end encryption models. Users who want messaging without SIM identity are left with one answer.
Session exists because of moves like this. Onion routed. No phone number. No SIM. No central account to choke. When governments make traceability mandatory, alternatives are not a luxury. They are a necessity.
Blackout VPN exists because privacy is a right. Your first name is too much information for us.
Keep learning
FAQ
Which apps are affected by the rule
WhatsApp, Telegram, Signal and any messaging app that uses Indian phone numbers as identifiers.
What happens if the SIM is removed or swapped
The app must stop working until the SIM is reverified.
Does this stop fraud
It centralises identity and traceability. Criminals adapt while ordinary users lose privacy.
What about web and desktop clients
Sessions must auto log out every six hours and require reauthentication from the linked phone.
Is there an alternative that avoids SIM binding
Session does not require phone numbers or SIM cards and avoids telecom identity entirely.