New Delhi, February 27 – The Broadband India Forum (BIF), a group representing major tech firms like Meta, Google, and others, has raised concerns about the legal validity of the government's mandate requiring SIM binding, citing a legal opinion that deems the directive "ultra vires" and "unconstitutional."
In a letter dated February 23 to the Department of Telecom (DoT) Secretary Amit Agrawal, BIF highlighted the legal opinion, which concluded that the Telecom (Cyber Security) Amendment Rules, 2025, and recent directives regarding "SIM binding" exceed the authority granted by the 2023 Telecommunications Act.
The issue concerns a directive issued by the central government in November, requiring app-based communication services like WhatsApp, Signal, Telegram, and others to continuously link to a user's active SIM card.
Union Telecom Minister Jyotiraditya Scindia, earlier this week, clarified that the decision on SIM-binding rules would not change, stating that national security issues require no compromise.
BIF stated in its letter to the DoT: "We respectfully submit that while the intended objective of these amended rules and respective directions is well understood and appreciated, any such regulatory intervention must adhere to the principles of due process and proportionality and must be within the statutory ambit of the governing legislation, that is, The Telecommunication Act, 2023."
The industry body said that a senior counsel's opinion concluded that the amendment rules and consequential directions are "ultra vires the parent legislation and are also unconstitutional."
It further stated that, according to the legal opinion, introducing and regulating Telecommunication Identifier User Entity (TIUEs), which are unauthorized entities, materially alters the class of persons subject to telecom regulation and extends the scope of the Act through delegated legislation (Amendment Rules).
"Specifically, permitting TIUEs to 'use' telecommunication identifiers misinterprets the objective of the Act, which confines lawful allocation and use of such identifiers to authorized entities only," it said.
According to the opinion, the amendment rules and consequential directions also create regulatory convergence without statutory harmonization, BIF said.
This also conflicts with an existing and robust parallel legal regime, including the Information Technology Act, sectoral financial regulations, and the Digital Personal Data Protection Act, it argued.
Extending telecom rule-making to digital platforms through delegated legislation risks duplication, jurisdictional conflict, and inconsistent compliance burdens across sectors, the BIF letter said, summarizing the crux of the legal opinion.
"Taken cumulatively, the Amendment Rules and the Directions represent an impermissible enlargement of delegated authority under the Telecom Act and a departure from the authorisation-centric architecture of the Act," the letter read.
Concerns relating to digital identity governance and platform authentication, however legitimate in objective, must be addressed within appropriate statutory frameworks and through express legislative mandate, rather than by expanding telecom law beyond its enacted domain through subordinate instruments, it said.
BIF highlighted that the legal opinion also states that an application-level reference (use) to a mobile number by a TIUE is derivative and does not fall under the purview of telecom services as envisaged by the Act. It, therefore, does not constitute statutory 'use' of a telecommunication identifier within the meaning of the sections of the Telecom Act.
"It is respectfully submitted that issues mentioned in the opinion pertain not to the objective of combating cybercrime, which remains paramount, but to the legal architecture through which such measures are operationalised," BIF said, adding that where far-reaching technological, economic and public impact are concerned, it is in the collective interest of all stakeholders that the framework is anchored in the parent statute and insulated from avoidable legal uncertainty.
BIF emphasised it is committed to constructive engagement with the DoT and to supporting measures that effectively address digital fraud within a constitutionally and statutorily sound framework.
The government's directive would change how users access the services of messaging apps, including WhatsApp, Telegram, Signal, Arattai, Snapchat, Sharechat, Jiochat, and Josh, in India. The directive means that these messaging services would only work if the SIM is present and active in the user's device.
Issuing the direction on November 28, the telecom department said it has come to the notice of the government that some of the app-based communication services that are utilising mobile number for identification of its customers/users or for provisioning or delivery of services allow users to consume their services without availability of the underlying SIM within the device in which the said platform or app is running.
"...and this feature is posing a challenge to telecom cyber security as it is being misused from outside the country to commit cyber-frauds," it had said.
The DoT asserted that it has become necessary to issue directions to providers of app-based communication services to prevent the misuse of telecommunication identifiers and to "safeguard the integrity and security of the telecom ecosystem".