The Cellular Operators Association of India (COAI), the industry body representing private telecom operators such as Reliance Jio and Bharti Airtel, has said that the recent order on SIM-binding poses no security or privacy concerns. According to COAI, the measure does not require additional data collection by app-based communication services and does not create any new categories of metadata. It simply ensures that the SIM linked to a user’s identity is present during periodic authentication, similar to the widely used UPI system. This, the association said, strengthens security without compromising user privacy.

Addressing fears that SIM-binding may inconvenience users—especially those travelling abroad—COAI said the concern is unfounded. SIM-binding is already a standard feature in digital authentication systems such as UPI and payment apps, where the linked SIM only needs to be present and active in the device, without requiring mobile data. A similar model can be applied to app-based communication services. Users overseas can continue using these apps through Wi-Fi or a foreign SIM, as long as their Indian SIM remains active in a secondary slot.

On concerns related to international travellers, particularly those using single-SIM devices, COAI clarified that the requirement is an intentional and essential security safeguard. It helps prevent misuse from outside—and within—India, and is meant to curb untraceable fraud, scams and international attempts to exploit Indian communication channels. COAI said this measure will help protect both national security and citizen safety.

The association also clarified that subscribers abroad will not be denied access to communication apps. They can continue using these services as permitted by the rules of the country they are in. However, the Indian recipient’s communication app will remain bound to their Indian SIM, thereby enhancing overall security.

COAI further noted that the requirement for time-bound reauthentication, such as a six-hour logout cycle, is consistent with best practices for identity-sensitive digital services. High-value platforms—such as banking portals, DigiLocker, Aadhaar, and VPNs—follow even stricter session-expiry rules. While smartphones remain logged in through cryptographic security, laptops and browsers are considered higher-risk and therefore require periodic authentication. It added that most laptop or tablet users typically have their mobile phone with them, making a six-hour reauthentication manageable, and that the security benefits outweigh any inconvenience.