Cellular Operators Association of India (COAI) has released statement on ‘SIM-Binding a necessary security measure and will not disrupt user convenience/privacy.’ According to director general, COAI, “COAI has welcomed the recent government of India (GoI) order on SIM-binding – keeping in mind the national and Citizens’ interests. However, there are some misconceptions being circulated regarding SIM-binding requirements for App based communication services. We would like to opine on these misplaced narratives in the following paragraphs:

  • The narrative that SIM-binding will inconvenience users — particularly overseas travelers — is not borne by facts. SIM-binding is already a standard feature in widely used digital authentication systems such as UPI and payment applications, where the SIM only needs to be present and active in the device and does not require active mobile data. The same model can be seamlessly applied to app-based communication, with no disruption to users abroad who can continue using their services through Wi-Fi or a foreign SIM while keeping their Indian SIM in a secondary slot.
  • Some concerns have also risen that SIM-binding may inconvenience international travelers, particularly those using single-SIM devices. It is important to clarify that this is a deliberate and essential security safeguard, to prevent misuse from outside (and within) India and to stop untraceable frauds and scams while restricting international subterfuges intended to defraud Indian subscribers or cause security harm to the country. This ensures that our communication channels are not exploited freely from outside India by fraudsters or non-state actors, who pose a grave threat to national security and citizen safety.
  • Moreover, the subscriber will not be denied communication app facilities, as the prevailing rules of that country in this respect will apply – but the Indian recipient will have his communication app bound to the Indian SIM, thus enhancing security of the individual and the nation.
  • The requirement for time-bound reauthentication, such as a six-hour logout cycle, aligns with best practices for identity-sensitive digital services like fintech. High-value systems — including banking portals, DigiLocker, Aadhaar and virtual private networks (VPNs) — enforce far stricter session expiry norms. Smartphones remain logged in through cryptographic anchoring, while laptops and browsers — being multi-user and higher-risk — undergo periodic authentication to ensure accountable access. At the same time, the laptop/tablet user will generally be in possession of his mobile phone carrying the SIM and reauthentication every 6 hours would not pose a challenge, but the security benefits will far outweigh any perceived inconvenience to the laptop/tablet user.
  • Critics have also overstated concerns about the value of this GoI order for enhancing security. SIM-binding is a layered defence, strengthening one of the most common and easily exploited vulnerabilities in digital communication. SIM-binding closes important and critical loopholes and is a step in the right direction in the current environment.
  • Concerns about privacy are similarly misplaced. SIM-binding does not require any expanded data collection by App based communication services and does not create new metadata categories. It simply ensures that the SIM linked to a user’s identity is present during periodic authentication events, mirroring the widely accepted UPI model. This enhances security without intruding on user privacy.
  • Finally, SIM-binding does not disrupt enterprise messaging, CRM systems, APIs or business workflows. It operates purely at the user account level, ensuring that each account is tied to a verified SIM. These enterprise solutions can continue to operate as long as the underlying user accounts — whether customer-facing or automated business numbers — are associated with valid, verified SIMs.

There has been a crying need that the users’ app based communication services are identifiable at all times without violating existing rules on privacy and data, and yet providing traceability and linkage to the TSPs’ SIM without degrading the offerings of the communication apps. This is all that has been done by this recent GoI order, which is aimed at protecting the user against frauds and scams, and the country against anti-national elements and it is a welcome step.

COAI is of the considered view that SIM-binding is a balanced, privacy-respecting security measure that reinforces digital trust and enhances user protection against Spams and Frauds, without compromising convenience or business operations. SIM-binding is not just a panacea to strengthen national security but also an idea that is long overdue.”