Broadband India Forum (BIF) has asked the Department of Telecommunications (DoT) to review the recently notified Telecommunications (Telecom Cyber Security) Amendment Rules, 2025, along with the related SIM Binding Directive. The forum has cautioned that the new framework contains legal shortcomings and goes beyond the scope of the Telecommunications Act, 2023.
The SIM binding requirement will come into force from March 1, 2026. Under the directive, applications such as WhatsApp and Signal will function only when the registered SIM card is physically present and active in the device.
According to the legal view cited by BIF, the directive introduces a new category of regulated entities called telecommunication identifier user entities (TIUEs). These are businesses that use telecom identifiers such as mobile numbers, internet protocol addresses or international mobile equipment identity numbers to identify users or deliver services. The category includes a wide range of companies, from banks and fintech platforms such as Paytm to communication applications such as WhatsApp. Under the SIM Binding Directive issued on November 28, 2025, TIUEs are required to comply with government orders to block fraudulent identifiers, meet data protection requirements, participate in mobile number verification, and cooperate with law enforcement agencies.
The forum has argued that the directive is unlawful, stating that unlike licensed telecom operators, TIUEs are not authorised entities under the Telecommunications Act. It added that merely using a mobile number within an application does not amount to telecom usage as defined under the law.
Further, BIF has called for an urgent review of the framework and has urged the government to adopt a more consultative approach to developing an anti-fraud mechanism that is legally robust, operationally clear and capable of building business and public confidence.
