Communication Today, February 27, 2026
CUTS International has released a report based on a comprehensive survey of 4200 respondents, including 3600 consumers and 600 small and medium businesses (SMBs). The study examines the anticipated impact of the recent Department of Telecommunications directive on mandatory SIM-binding and periodic re-authentication requirements for web-based messaging platforms. The directive provides a 90-day implementation window, which is set to conclude on 26 February. Based on primary survey evidence and statistical analysis, it finds that proposed authentication mandates may cause workflow disruption and operational fragility for both consumers and SMBs.
The survey reveals that authentication-related inconvenience is not isolated. To assess authentication-related disruption, the survey examined four common access situations (1) repeated relogins on web versions; (2) OTP requirements when logging in on secondary devices; (3) potential authentication problems when the primary SIM is unavailable; and (4) restrictions arising from shared or family SIMs and devices.
Nearly 80% of respondents reported they may face inconvenience in three or more out of these four access situations, and 49.9% reported potential exposure to all four situations. The survey also finds that this burden is particularly concentrated among working-age users (25–40 years) and middle- and higher-income respondents, who rely heavily on web-based messaging for employment, higher education, coordination, and service delivery. For these users, repeated authentication will not merely cause inconvenience, rather it could interrupt active workflows and require restarting ongoing tasks.
As per the survey, approximately 86% of users said they allow family members to use their phone or SIM for messaging. Survey responses further indicate that in 39% of these cases, the primary SIM holder may physically not be present around users in situations when authentication may be required, increasing the likelihood of access delays or disruptions. These findings suggest that authentication challenges arise from structural usage patterns rather than lack of awareness or preparedness.
Survey data further show that over 25% of respondents who share devices or SIMs belong to lower-middle income households earning below ₹50,000 per month—the largest share across survey income categories—indicating that shared access practices are particularly prevalent among these households. This suggests that strict SIM-binding requirements may disproportionately affect lower-income households where shared access is common, potentially restricting timely access to essential digital services such as healthcare, education, and financial transactions. For many such households, additional authentication barriers may translate into delayed service access, higher compliance effort, and increased vulnerability to digital exclusion.
Around 60% of respondents reported travelling outside India and relying on Wi-Fi or local SIMs to access messaging applications. This shows that access during travel often does not depend on the primary Indian SIM. In such cases, mandatory SIM-binding may create authentication barriers when the linked SIM is inactive, unsupported, or physically inaccessible. Many travellers reported taking steps such as maintaining roaming connectivity or keeping their primary SIM active to avoid access problems, indicating that additional effort may be required to maintain continuity of service.
For SMBs, messaging platforms are not optional tools but core operational infrastructure. 58% reported using web interfaces, 63% said they operate multi-device workflows, and 47% said they depend on API or cloud integrations for messaging. Further, 65% said that they have shared account access among employees. Firms that are highly web- and API-dependent may particularly be exposed to inconvenience. The findings show that these businesses are significantly more likely to anticipate operational disruption under repeated re-authentication requirements.
Analysis shows that SMBs that are highly web- and API-dependent are 18–21 percentage points more likely to anticipate operational disruption compared to less digitally integrated firms. This means that a significantly higher share of digitally dependent businesses expect impact under repeated re-authentication requirements. Importantly, 58–62% of businesses anticipated negative impacts regardless of saying that they are aware of the Directions, indicating that vulnerability may be structural. For many SMBs, repeated session expiry and SIM-binding requirements may create workflow stoppages, delayed responses, automation breakdowns, and increased compliance costs—particularly for e-commerce, platform-based, and digitally integrated enterprises.
While ensuring enhancing digital security is important, the findings suggest that rigid, technology-prescriptive mandates may impose disproportionate friction without demonstrably superior outcomes compared to adaptive, risk-based security mechanisms already deployed by platforms.
CUTS calls for opening structured dialogue with stakeholders—including consumers, small businesses, technical experts, and civil society—before implementing technology-prescriptive mandates. The report also recommends conducting formal Regulatory and Technical Impact Assessments before implementing any such measure.
It further recommends publicly releasing or commissioning independent studies assessing the actual fraud-reduction impact of such measures, and transparently evaluating whether SIM-binding is the most proportionate mechanism to address identified security threats in comparison to available alternatives. Strengthening SIM KYC processes at the point of issuance and adopting risk-based, evidence-driven authentication measures available in the market are also suggested. The report emphasises that ensuring regulatory clarity is important to avoid over-extension of telecom-style mandates into internet services.
This news item can also be viewed at:
https://www.communicationstoday.co.in/