In September, Puch AI made news for an audacious move. It rolled out an AI chatbot on WhatsApp after buying India’s most expensive mobile number: 9090909090. This wasn’t a gimmick. Almost every single internet user in India uses WhatsApp, and it’s easier to reach them on it than get them to instal your chatbot app. It’s also why a large part of India’s startup and SME ecosystem uses messaging apps for automating purchase, sending transaction messages that include tickets and QR codes, and provide customer support on WhatsApp.
Amove by GoI is about to end this. Last week, DoT directed messaging applications like WhatsApp and Telegram to enforce SIM-binding. This means that for these services to work, they have to work from a device that has a linked SIM card present.
All virtual CRM (customerrelationship management) software used by startups and SMEs to integrate with WhatsApp or Telegram rely on server-side architecture. There’s no scope for inserting SIMs. SIMbinding, on the other hand, relies on the coupling of apps, SIMs and devices. This means that millions of businesses will no longer be able to use messaging services to service their customers.
Apart from this, regular users won’t be able to use messaging on tablets without a SIM card, or the same account on multiple devices. Every six hours, they’ll get logged out of web and desktop versions of messaging apps, which many working professionals use for remote work, and to transfer files and communicate with colleagues.
People travelling abroad won’t be able to use WhatsApp or Telegram with a local SIM, unless their phones support dualSIM usage. Many people who move abroad for studies or work switch to a local SIM, but continue using their Indian WhatsApp account, retaining the same chats and groups for continuity, even if their number changes. This won’t be possible because their WhatsApp account won’t work without their old Indian SIM physically present.
In countries like the US, where dualSIM phones are hard to find, and devices are carrier-locked, this would be simply unworkable. This is an enormous forced cost for ordinary people and businesses. It also gives telcos a free hand to increase roaming prices. Which may explain why they lobbied for this move in the first place.
SIM-binding won’t prevent scams using smuggled SIMs either. Scammers can still take Indian SIM cards outside India and use it over WiFi, because they use physical SIM boxes and GSM gateways. Frauds perpetuated by other means like SMS, VoIP caller ID spoofing, username-only accounts, online-only messaging services, email, fake apps or phishing sites, including fake customer care websites, are not impacted by this. Most fraud in India succeeds because of social engineering and leaked personal data, not because scammers lack SIM-binding.
After SIM-binding, any SIM replacement, even with the same phone number, will trigger creation of a new messaging account number. A stolen phone will also become a single-point of failure for the user. It can give the thief access to the user’s messaging accounts even if the stolen device is locked.
From a privacy standpoint, forcing apps like WhatsApp and Telegram to constantly verify physical presence of a SIM means they must repeatedly check SIM identifiers, device identifiers and network status, creating a far richer stream of metadata than users currently generate. Do we really want these apps getting more data about us? SIM-binding effectively hardwires your messaging identity to your telecom identity.
So, this new directive makes ordinary users’ lives harder, makes businesses less efficient, and turns WhatsApp and Telegram into a brittle, SIMdependent system that collapses the moment SIM is lost or inactive — while impact on frauds is minimal.
This directive is also built on a weak legal foundation. When Telecommunications Bill 2023 was passed, the thentelecom minister Ashwini Vaishnaw had told this paper that internet companies are out of the ambit of the law, and will be regulated by the IT ministry. Yet, earlier this year, the telecom ministry passed a regulation that stated that a company that uses mobile numbers as identifiers is now a ‘telecommunication identifier user entity’ and regulated under the Telecom Act.
The mobile number, not email address, is the primary identifier for most online services in India. This brings all internet companies — including fintech apps, ecommerce services, gig economy apps, online streaming services and dating apps — under telecom regulation. It’s like saying that if a retail shop stores customer email addresses in its CRM as a customer identifier, it comes under internet regulation. This is a jurisdiction grab, and it makes Digital India subservient to the telecom ecosystem.
Once the regulation was notified, DoT rushed out the SIM-binding directive with no public consultation, relying primarily on inputs from a vested interest — telecom lobby group Cellular Operators Association of India (COAI). That absence shows.
The regulation illustrates that the ministry simply doesn’t grasp how millions actually use these services. It not only doesn’t have a legal basis for regulating online services, it also doesn’t deserve to.
The writer is founder, MediaNama.
Amove by GoI is about to end this. Last week, DoT directed messaging applications like WhatsApp and Telegram to enforce SIM-binding. This means that for these services to work, they have to work from a device that has a linked SIM card present.
All virtual CRM (customerrelationship management) software used by startups and SMEs to integrate with WhatsApp or Telegram rely on server-side architecture. There’s no scope for inserting SIMs. SIMbinding, on the other hand, relies on the coupling of apps, SIMs and devices. This means that millions of businesses will no longer be able to use messaging services to service their customers.
Apart from this, regular users won’t be able to use messaging on tablets without a SIM card, or the same account on multiple devices. Every six hours, they’ll get logged out of web and desktop versions of messaging apps, which many working professionals use for remote work, and to transfer files and communicate with colleagues.
People travelling abroad won’t be able to use WhatsApp or Telegram with a local SIM, unless their phones support dualSIM usage. Many people who move abroad for studies or work switch to a local SIM, but continue using their Indian WhatsApp account, retaining the same chats and groups for continuity, even if their number changes. This won’t be possible because their WhatsApp account won’t work without their old Indian SIM physically present.
In countries like the US, where dualSIM phones are hard to find, and devices are carrier-locked, this would be simply unworkable. This is an enormous forced cost for ordinary people and businesses. It also gives telcos a free hand to increase roaming prices. Which may explain why they lobbied for this move in the first place.
SIM-binding won’t prevent scams using smuggled SIMs either. Scammers can still take Indian SIM cards outside India and use it over WiFi, because they use physical SIM boxes and GSM gateways. Frauds perpetuated by other means like SMS, VoIP caller ID spoofing, username-only accounts, online-only messaging services, email, fake apps or phishing sites, including fake customer care websites, are not impacted by this. Most fraud in India succeeds because of social engineering and leaked personal data, not because scammers lack SIM-binding.
After SIM-binding, any SIM replacement, even with the same phone number, will trigger creation of a new messaging account number. A stolen phone will also become a single-point of failure for the user. It can give the thief access to the user’s messaging accounts even if the stolen device is locked.
From a privacy standpoint, forcing apps like WhatsApp and Telegram to constantly verify physical presence of a SIM means they must repeatedly check SIM identifiers, device identifiers and network status, creating a far richer stream of metadata than users currently generate. Do we really want these apps getting more data about us? SIM-binding effectively hardwires your messaging identity to your telecom identity.
So, this new directive makes ordinary users’ lives harder, makes businesses less efficient, and turns WhatsApp and Telegram into a brittle, SIMdependent system that collapses the moment SIM is lost or inactive — while impact on frauds is minimal.
This directive is also built on a weak legal foundation. When Telecommunications Bill 2023 was passed, the thentelecom minister Ashwini Vaishnaw had told this paper that internet companies are out of the ambit of the law, and will be regulated by the IT ministry. Yet, earlier this year, the telecom ministry passed a regulation that stated that a company that uses mobile numbers as identifiers is now a ‘telecommunication identifier user entity’ and regulated under the Telecom Act.
The mobile number, not email address, is the primary identifier for most online services in India. This brings all internet companies — including fintech apps, ecommerce services, gig economy apps, online streaming services and dating apps — under telecom regulation. It’s like saying that if a retail shop stores customer email addresses in its CRM as a customer identifier, it comes under internet regulation. This is a jurisdiction grab, and it makes Digital India subservient to the telecom ecosystem.
Once the regulation was notified, DoT rushed out the SIM-binding directive with no public consultation, relying primarily on inputs from a vested interest — telecom lobby group Cellular Operators Association of India (COAI). That absence shows.
The regulation illustrates that the ministry simply doesn’t grasp how millions actually use these services. It not only doesn’t have a legal basis for regulating online services, it also doesn’t deserve to.
The writer is founder, MediaNama.
Nikhil Pahwa
The writer is founder, Medianama