WhatsApp commits to SIM binding rollout in anti-scam push

WhatsApp has in principle agreed to implement SIM binding, as per a status report placed before the Supreme Court by the Indian Cyber Crime Coordination Centre (I4C). The company said it would adhere to the provisions of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. This includes steps to detect and label artificially generated content, which is frequently used in video calls associated with so-called digital arrest scams.

WhatsApp told the Committee that it expects to complete the full rollout of SIM binding within four to six months, consistent with the Department of Telecommunications circular of November 28, 2025. The company noted that device-based risk detection systems are already operational to prevent repeat misuse, and that blocking device IDs tied to such scams is being actively explored.

The platform further committed to speeding up the rollout of safety features and deepening its cooperation with central authorities. It said it would periodically share typology intelligence and consolidated enforcement data, within the bounds of applicable legal and privacy requirements.

Between January and March this year, WhatsApp removed more than 9,400 accounts in India that were connected to digital arrest scams and impersonation of law enforcement personnel, in coordination with government agencies.

On the matter of data retention, WhatsApp agreed to retain deleted account data for a minimum of 180 days to support law enforcement investigations, as required under Rule 3(1)(h) of the IT Rules, 2021.

The company explained that its enforcement actions went beyond what was specifically flagged by law enforcement. Of around 3,800 accounts identified under Section 79 of the IT Act takedown requests, only 17 had a direct link to digital arrest schemes. Its wider probe, however, uncovered broader networks, leading to the removal of 9,400 accounts in total.

Additionally, WhatsApp told the Committee that the majority of scam operations directed at Indian users are run from centres in Southeast Asia, with Cambodia being a key hub. These operations typically involve clusters of accounts that share identifiable patterns, including common names, repeated media content and coordinated behaviour.