New Delhi: The Centre has issued directions that would ensure app-based communication services, the likes of WhatsApp, Signal, Telegram, and others, are continuously linked to a user's active SIM card.

All players providing app-based communication services in India have been asked to submit compliance reports to the Department of Telecommunications (DoT) within 120 days from issue of the directions.

The department warned that failure to comply with norms will attract action under the Telecommunications Act, 2023, the Telecom Cyber Security Rules, and other applicable laws.

The directive would impact how users access services of messaging apps, including WhatsApp, Telegram, Signal, Arattai, Snapchat, Sharechat, Jiochat, Josh, in India.

The Centre's latest directive means that these messaging services would only work if the SIM is present and active in the user's device.

Issuing the direction on November 28, the telecom department said it has come to the notice of the central government that some of the app-based communication services that are utilising mobile number for identification of its customers/users or for provisioning or delivery of services, allows users to consume their services without availability of the underlying SIM within the device in which the said platform or app is running.

"...and this feature is posing challenge to telecom cyber security as it is being misused from outside the country to commit cyber-frauds," it said.

The DoT asserted it has become necessary to issue directions to providers of app-based communication services to prevent the misuse of telecommunication identifiers and to "safeguard the integrity and security of the telecom ecosystem".

"The Department of Telecommunications, in exercise of the powers conferred upon it under the Rules, hereby directs TIUEs (Telecommunication Identifier User Entity) providing App Based Communication Services utilising mobile number for identification of customers/users or for provisioning or delivery of services in India, to...from 90 days of issue of these instructions, ensure that the App based Communication Services is continuously linked to the SIM card (associated with Mobile Number used for identification of customers/users or for provisioning or delivery of services) installed in the device, making it impossible to use the app without that specific, active SIM," the directive said.

Within 90 days, any web version of the app must automatically log users out at least once every six hours. Users can then sign in again by re-linking the device using a QR code.

"From 90 days of issue of these instructions, ensure that the web service instance of the Mobile App, if provided, shall be logged out periodically (not later than 6 hours) and allow the facility to the user to re-link the device using QR code," it added.

The directions come into force immediately and will remain in force until amended or withdrawn by the DoT, it added.