Telecom Industry Calls for Review of India’s New SIM-Binding Cybersecurity Rules

Mumbai, March 3, 2026 – The Broadband India Forum (BIF), a leading telecom industry association, has urged the Department of Telecommunications (DoT) to revisit the recently implemented cybersecurity amendment rules and SIM-binding directive. Industry experts warn that the regulations, which are set to take effect from March 1, may introduce legal ambiguities and operational challenges that could extend beyond the scope of the Telecommunications Act, 2023, and impose additional obligations on digital platforms.

Understanding the SIM-Binding Directive

The SIM-binding rule requires messaging applications, including popular platforms like WhatsApp and Signal, to operate only when the registered SIM card is physically active in the device. While the government positions this measure as a step to enhance cybersecurity, BIF and other stakeholders argue that it could disrupt the operational model of digital communication services and affect user convenience.

Expanding Regulatory Scope

A legal assessment obtained by BIF highlights that the directive introduces a new classification called Telecommunication Identifier User Entities (TIUEs). This category may cover businesses that use mobile numbers, IP addresses, or device identifiers for user authentication or service delivery, potentially extending to sectors such as banking, fintech, and online communications.

Legal and Compliance Concerns

Industry representatives caution that applying telecom-like regulations to digital platform providers may be legally contentious. Licensed telecom operators have specific rights and obligations under the Telecommunications Act, whereas application service providers traditionally operate outside this framework. BIF stresses that merely using a phone number within an app does not equate to providing telecom services.

The forum also highlighted that inconsistent rules across sectors could increase administrative costs and complicate compliance for digital businesses. Experts warn that unclear regulations may stifle innovation and create legal uncertainty for technology companies operating in India’s expanding digital ecosystem.

Operational Implications for Digital Platforms

Under the new rules, TIUEs must block fraudulent identifiers as directed by authorities, adhere to data protection standards, participate in Mobile Number Verification systems, and cooperate with law enforcement. Industry experts note that implementing these obligations will require detailed technical guidance and operational clarity to avoid disruption.

Analysts emphasize that India’s rapidly growing internet user base makes it a critical market for global technology services. They advocate for comprehensive stakeholder consultation to assess the practical impact of the policy before it is enforced.

Balancing Cybersecurity and Innovation

In its memorandum to the DoT, BIF emphasized the need for transparent rule-making that maintains legal stability while fostering innovation. The association called for collaboration between the government, technology experts, and industry stakeholders to develop an effective anti-fraud framework that safeguards users without undermining business confidence.

Awaiting Government Response

As of now, the DoT has not issued an official response to BIF’s appeal. The industry is closely monitoring whether the government will initiate a review or amendment of the new cybersecurity framework. Observers note that this policy could represent a significant regulatory shift as India’s digital economy continues to grow.