Industry Group Challenges DoT's WhatsApp SIM-Binding Directive
The Department of Telecommunications (DoT)’s recent mandate requiring WhatsApp and similar Over-The-Top (OTT) communication platforms to implement “SIM binding” and enforce web-client logouts every six hours has drawn criticism from the Broadband India Forum (BIF). The BIF, an industry body whose members include WhatsApp and its parent company Meta, has voiced concerns over the mandate's potential implications for users and its legal basis.
The DoT's directive aims to curb the fraudulent use of Indian mobile numbers by individuals located abroad who do not physically possess the SIM cards associated with their WhatsApp accounts. This measure is intended to enhance cybersecurity and prevent misuse of communication services. However, the BIF argues that while the intent behind the order is laudable, its implementation raises significant questions.
BIF's Concerns: Jurisdiction, Proportionality, and User Impact
In a statement, the BIF highlighted concerns regarding jurisdiction, proportionality, and the potential impact on consumers. The industry body argues that the DoT’s order risks creating obligations that extend beyond the mandate of the Telecommunications Act, 2023, and the Telecom Cyber Security Rules, 2024. These rules were amended in November, shortly before the SIM-binding order was issued.
“The Telecommunications Act does not authorise the regulation of OTT communication platforms, nor does it provide the legislative basis to impose telecom-style operational mandates upon them,” the BIF stated. The forum points to informal assurances from the Ministry of Communications in 2023, which suggested that the broad definition of “telecommunication” in the Act would not be applied to regulate application-layer services.
The recent amendment to the Telecom Cyber Security Rules introduced the concept of a Telecommunication Identifier User Entity (TIUE), which encompasses any firm using phone numbers to identify its customers. This broad categorization has raised concerns about the potential overreach of regulatory powers.
Potential Impact on Non-Resident Indians and Other Users
The BIF emphasizes that the SIM-binding mandate could disproportionately affect non-resident Indians (NRIs) and other users who rely on Wi-Fi to use their Indian numbers while abroad. The requirement for frequent re-authentication and web-client logouts could disrupt communication for travelers, professionals who need uninterrupted web-client access during work hours, families with multi-SIM setups, and elderly or low-literacy users who may struggle with the re-authentication process.
The forum argues that the mandate imposes a cost on consumers without proper consultation, impact assessment, or consideration of proportionality. This could lead to a degraded user experience for law-abiding citizens.
Call for Consultation and Risk-Based Approach
The BIF is urging the DoT to pause the implementation of the SIM-binding mandate and initiate a formal stakeholder consultation. The forum also suggests the formation of a technical working group comprising OS providers, TIUEs, licensees, and security experts to develop a risk-based and proportionate framework that aligns with constitutional standards of necessity and employs the least intrusive means.
The debate over the DoT's SIM-binding mandate highlights the ongoing tension between the need for enhanced cybersecurity and the potential impact on user convenience and privacy. As the digital landscape evolves, striking a balance between these competing interests will be crucial for fostering innovation and ensuring a positive user experience.
