India Just Told WhatsApp, Telegram and Signal to Explain Usernames — Or Face Consequences

Smartphone showing a username privacy feature beside Telegram, Signal, and WhatsApp icons with an Indian government notice in the background.


In the space of 48 hours, the Indian government sent notices to three of the world's most popular messaging platforms over the same feature. The question being asked is simple. The answer they're demanding is anything but.

On July 1st, 2026, the Ministry of Electronics and Information Technology directed Meta to pause WhatsApp's username rollout in India immediately, pending government consultations. The next day — July 2nd — MeitY sent notices to Telegram and Signal over their existing username features. Three platforms, three notices, two days. This isn't a routine regulatory check. This is the Indian government drawing a line in the sand over a specific capability that every major messaging platform has either already deployed or is in the process of deploying — and making clear that deploying it without their approval has consequences.

Here's everything that's happened, what the government is actually asking, and why this matters beyond a bureaucratic back-and-forth between ministries and tech companies.


What Triggered This — And Why WhatsApp Went First

WhatsApp's username feature — which we covered in detail here recently — lets users create a handle like @yourname that others can use to find and message them without knowing their phone number. WhatsApp announced the feature and opened username reservations, with the messaging functionality itself described as rolling out gradually over the coming months.

MeitY's response was swift and blunt. On July 1st, the ministry sent a formal directive to Meta asking WhatsApp to halt the feature rollout until consultations with the government are completed "to the satisfaction of the Government" — language that doesn't give Meta a clear endpoint to work toward, since "satisfaction" is a subjective bar that the government itself sets. Meta was also asked to explain why action should not be initiated against WhatsApp under the IT Act and its associated rules — the kind of language that signals the government is considering enforcement options, not just seeking clarification.

Officials outlined their specific concerns: that usernames could "materially increase" online fraud, phishing attacks, digital arrest scams, and impersonation by enabling bad actors to contact victims without revealing their real phone number or identity. The Department of Telecommunications' SIM-binding mandate — which requires messaging accounts in India to be tied to a physical SIM card registered in a real person's name — sits at the centre of this concern. If a username replaces a phone number as the contact point, the traceable link between a conversation and a registered identity becomes harder to follow.


Then Telegram and Signal Got the Same Letter

Twenty-four hours after the WhatsApp directive, MeitY turned its attention to Telegram and Signal — both of which already have active, working username features that have been live for years. Telegram has offered usernames since 2013. Signal introduced them in 2022. Neither platform has faced regulatory challenge over this feature in India until now.

The notice to Telegram was particularly pointed. According to a government source cited by PTI, MeitY specifically asked Telegram to justify "why the platform should be allowed to continue offering the username feature" — language that frames the existing feature as something requiring ongoing justification rather than something already permitted. That's a meaningful framing difference from asking how the feature is being made safe. It's asking whether it should exist at all.

Both Telegram and Signal were given three days to submit responses explaining the safeguards in place to protect users against impersonation, fraud, and other misuse linked to usernames. As of July 3rd, neither platform had publicly responded, and spokespersons for both offered no immediate comment when approached by journalists.

The situation for Telegram carries additional weight given its recent history in India. The platform was subject to a week-long ban that ended on June 22nd, 2026 — just eleven days before this notice arrived — after the government held it responsible for failing to curb the circulation of leaked NEET exam papers and other fraudulent content linked to India's medical entrance examination. Telegram is operating in India right now against that specific backdrop of regulatory friction, which gives the username notice a different quality than a routine compliance query.


The Domestic Platform That Didn't Wait to Be Asked

One detail in this story that's gotten less attention than it deserves: Zoho-backed homegrown messaging platform Arattai announced it would disable its username-based account feature voluntarily to comply with the government's regulatory direction, without waiting to receive a formal notice. Sridhar Vembu, Zoho's prominent founder, made the announcement on X.

That's a significant contrast with the approach of the international platforms. Where WhatsApp, Telegram, and Signal have each received formal government notices and are working through compliance timelines, an Indian company pre-emptively removed the feature the moment the government's position became clear. Whether that reflects a different risk calculation, a different relationship with regulators, or simply a different corporate culture around compliance is open to interpretation — but the contrast is notable.


What the Government Is Actually Worried About

The official concern is cybercrime — specifically the kinds of scams that have been rising sharply in India over the past two years. Digital arrest scams, where fraudsters impersonate law enforcement or government officials and convince victims they're under investigation, have become a major problem. Phishing campaigns impersonating banks, government departments, and prominent individuals have become more sophisticated. And increasingly, these attacks don't rely on technical exploits — they rely on social engineering, convincing a real person through a combination of authority, fear, and urgency to hand over money or sensitive information voluntarily.

The government's argument is that phone numbers provide a traceable anchor. When a fraud occurs, investigators can go to the telecom operator, get the SIM registration details, and potentially identify the perpetrator or the network behind the attack. That chain of accountability depends on phone numbers being visible and linked to verified identities. Usernames, in the government's framing, cut that chain — they allow someone to contact victims without ever revealing a phone number that can be traced.

This is the same logic behind the DoT's SIM-binding mandate, which requires messaging accounts to be tied to physical SIM cards. Usernames don't technically violate SIM binding — the account still has a registered phone number underneath. But they create a layer of separation between the person initiating contact and any traceable identity information visible to the recipient or to an investigator examining the conversation.


What the Platforms Are Saying in Response

WhatsApp has been the most vocal in its response, publishing a detailed FAQ document outlining how its username system works and the safeguards built into it. The company has been explicit about several design decisions: usernames are optional, meaning no one is forced to use them. The feature is not searchable by the general public — someone can only find you by username if they already know your exact handle, which is fundamentally different from a public directory where strangers can browse profiles. Public figures, government agencies, and verified accounts have their usernames reserved so nobody else can register them. Lookalike usernames — handles designed to impersonate well-known accounts — are blocked at the platform level.

WhatsApp also confirmed that when someone messages you using a username for the first time, the app will display the sender's country of origin and a prominent warning that this is a first-time contact — giving the recipient contextual information to assess the message before engaging. The Username Key feature, which requires a four-digit code alongside the username before someone can message you, adds a further layer of friction specifically designed to limit cold-contact scenarios.

Telegram and Signal have not yet offered public responses to the notices as of the time of writing. Both platforms have historically been resistant to regulatory pressure on privacy and encryption grounds — Signal's entire brand identity is built around minimal data collection and maximum user privacy, which makes compliance with traceability requirements philosophically challenging for the company regardless of the regulatory jurisdiction making the request.


The Broader Question This Raises

There's a tension at the centre of this regulatory action that's worth naming directly rather than glossing over. The Indian government's position is that usernames increase fraud risk by reducing the traceability of bad actors. The platforms' position — at least implicitly, and explicitly in WhatsApp's case — is that phone number visibility primarily protects bad actors' ability to harvest contact information, while usernames protect legitimate users from being reached by spammers, stalkers, and criminals who buy or scrape phone number lists.

Both of those things are simultaneously true, which is what makes this a genuinely difficult regulatory question rather than a straightforward case of government overreach or platform recklessness. Phone numbers as the universal identifier for messaging contacts have real costs for privacy and personal safety that the current system imposes on every user by default. Usernames as an alternative carry real costs for traceability that law enforcement legitimately relies on to investigate fraud. There isn't a design that resolves both of those concerns completely — every choice involves a trade-off.

The government's position, as stated through official channels, is that the current cybercrime environment in India makes the traceability trade-off unacceptable. MeitY's language around "materially increasing" fraud risk reflects a judgment that the harm from reduced traceability outweighs the benefit to privacy — and that this judgment belongs to the government rather than to the platforms making product decisions for their users.


What Happens Next

The three-day response window for Telegram and Signal expired on July 5th, 2026. What happens after that depends entirely on what both platforms submitted — if they submitted anything — and how MeitY evaluates those responses. The options range from the government accepting the platforms' safeguards as adequate and allowing the features to continue, to demanding specific modifications as a condition of continued operation, to more aggressive enforcement action if the responses are judged insufficient.

For WhatsApp, the situation is slightly different since the feature hasn't fully launched yet — the pause is on a rollout rather than on an existing capability. The three-day window for Meta's response also ran to approximately July 4th or 5th. WhatsApp's detailed FAQ publication suggests Meta is taking a cooperative approach — providing extensive information about safeguards rather than challenging the government's authority to request the pause.

The Arattai situation is the precedent that may matter most for how other platforms calibrate their response. A domestic platform removing a feature voluntarily before being formally required to is a signal to regulators that compliance is achievable — and potentially a signal to international platforms that the government expects the same level of responsiveness, regardless of where a company's headquarters sits.

India has over 500 million WhatsApp users, making it the platform's largest market by a considerable margin. Telegram has hundreds of millions of users globally with a significant India presence. Signal's user base in India, while smaller, includes a technically sophisticated demographic that values its privacy commitments. The regulatory decisions made in the coming weeks will have real consequences for how hundreds of millions of people in India can use these platforms — and potentially set a precedent that other governments watch closely.


Also read: Aadhaar email updates made free UIDAI

Popular posts from this blog

iPhone 17 Price Hike Rumors: Here's Why Prices Could Go Up

Don't Ignore This Green Camera Icon on Android — It Could Reveal Hidden App Activity

ChatGPT Image Generation Failed— Here's What's Happening and What Actually Works