In a significant escalation of its regulatory oversight of digital communications, the Indian Ministry of Electronics and Information Technology (MeitY) has issued formal notices to major encrypted messaging platforms Telegram and Signal. The regulatory inquiries, dispatched on Thursday, July 2, 2026, demand detailed information regarding the platforms’ "username" features—mechanisms designed to allow users to communicate without disclosing their registered phone numbers.
This move follows closely on the heels of a similar notice sent to Meta-owned WhatsApp on Wednesday, July 1, 2026. While WhatsApp has not yet fully deployed username-based communication globally, the platform has begun accepting user reservations for unique usernames, signaling a broader industry shift toward phone-number-free messaging.
The coordinated government action has reignited a fierce national debate on the balance between national security, law enforcement tracing capabilities, and the constitutional right to privacy. Digital rights organizations have quickly condemned the government’s notices, describing them as an unauthorized expansion of executive power aimed at dismantling core privacy protections.
Chronology of the Regulatory Escalation
The current regulatory friction is the climax of a series of rapid developments involving state surveillance, academic integrity, and legal battles over the control of digital platforms in India.
2026 Timeline of Key Events:
┌──────────────────────────────────────────────────────────────────────────┐
│ Late June 2026: Telegram temporarily banned nationwide over NEET paper │
│ leak apprehensions (backdated PDF files controversy). │
└────────────────────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────────────────────┐
│ late June 2026: Telegram challenges ban in Delhi High Court. Court │
│ rules ban "proportionate"; ban lifted post-NEET exam completion. │
└────────────────────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────────────────────┐
│ July 1, 2026: MeitY issues a formal notice to Meta-owned WhatsApp │
│ targeting its nascent username reservation feature. │
└────────────────────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────────────────────┐
│ July 2, 2026: MeitY expands inquiry, issuing notices to Telegram and │
│ Signal regarding their established username functionalities. │
└────────────────────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────────────────────┐
│ July 3, 2026: Digital rights groups (e.g., IFF) issue statements │
│ condemning the notices as an "unconstitutional dragnet." │
└──────────────────────────────────────────────────────────────────────────┘
The Telegram Ban and the NEET Controversy
The immediate precursor to MeitY’s latest inquiry was a week-long, nationwide ban imposed on Telegram in late June 2026. The Ministry blocked access to the app after law enforcement agencies raised concerns that backdated PDF files circulating on the platform could mislead the public into believing that the question papers for the National Eligibility cum Entrance Test (NEET)—a highly competitive and sensitive national medical entrance exam—had been leaked prior to the test.
Telegram mounted a swift legal challenge against the ban in the Delhi High Court, characterizing the government’s sweeping blockade as a "mistake" and an overreach that disrupted millions of legitimate users. However, the High Court sided with the Union government, holding that the temporary ban was a "proportionate response" given the potential for widespread public disorder and panic surrounding national exams. The ban was eventually lifted immediately after the NEET exam was successfully conducted.
The July 2026 Notices
Within days of lifting the Telegram ban, MeitY pivoted from emergency blocking measures to structural regulatory demands:
July 1, 2026: WhatsApp received a notice questioning its upcoming username reservation feature. Although WhatsApp operates primarily on phone-number-based directories, its move toward usernames represents a major shift in Meta’s metadata-sharing architecture.
July 2, 2026: Similar notices were served to Telegram and Signal. Unlike WhatsApp, both Telegram and Signal have fully functional username features integrated into their live global applications, allowing users to conceal their phone numbers from search directories and chat participants.
Technical Analysis: Usernames vs. Phone Numbers
To understand the government’s scrutiny, it is essential to analyze the technical distinction between phone-number-based registration and username-based discovery, and how this impacts both user privacy and state surveillance.
Feature / Metric
Phone-Number-Based System
Username-Based System (Signal / Telegram)
Identity Verification
Tied to a physical SIM card, requiring government-mandated KYC (Know Your Customer) verification in India.
Created arbitrarily by the user; does not require unique physical hardware verification beyond the initial account setup.
Anonymity Level
Low. Anyone who messages a user or views their profile can see their phone number, linking their digital identity to a real-world identity.
High. Users can communicate, join groups, and share files without revealing the underlying phone number to peers.
Law Enforcement Traceability
High. Police can subpoena telecom providers to identify the owner of a specific phone number.
Low. If the platform does not log IP addresses or link usernames to searchable phone directories, tracing becomes difficult.
Susceptibility to Harassment
High. Exposure of a phone number can lead to direct calls, location tracking via telecom towers, and external doxxing.
Low. Users can block usernames or change them easily without changing their physical SIM card or phone number.
Architectural Differences Among the Targeted Platforms
The three platforms targeted by MeitY employ fundamentally different cryptographic and data-storage architectures, which changes how they interact with governmental demands:
1. Signal Messenger
Signal is widely considered the gold standard for secure communication. It operates on an end-to-end encrypted (E2EE) protocol that covers messages, voice calls, and metadata. In early 2024, Signal introduced usernames specifically to address its primary privacy vulnerability: the requirement that users share their personal phone numbers to connect.
Signal’s username feature is strictly a display option. The username is not a login ID, and Signal does not maintain a searchable directory of usernames. This zero-knowledge architecture means Signal itself cannot easily link a username to a phone number or physical identity, making compliance with tracing orders technically unfeasible without rewriting its core code.
2. Telegram
Telegram operates primarily as a cloud-based messenger. Unlike Signal, standard chats on Telegram are not end-to-end encrypted by default; they are encrypted in transit and stored on Telegram’s cloud servers (E2EE is restricted to its "Secret Chats" feature).
Telegram has supported public usernames for years, even launching an external blockchain-based marketplace (Fragment) to auction premium usernames. Because Telegram retains cloud backups of messages and user directories, it possesses significantly more data that could theoretically be handed over to authorities, though the platform has historically resisted government data requests.
3. WhatsApp
WhatsApp uses the Signal protocol to provide default end-to-end encryption for all chats. However, unlike Signal, WhatsApp retains significant metadata (such as contact lists, communication frequency, and interaction times) and links accounts directly to phone numbers.
The introduction of a username feature on WhatsApp would allow users to shield their phone numbers from group members and new contacts, but Meta would still retain the underlying phone-to-username mapping, making it easier for Meta to comply with government traceability requests than it would be for Signal.
Official Responses and Corporate Stances
As of late Thursday evening, July 2, 2026, the targeted platforms had not released formal public statements regarding the MeitY notices:
Telegram: Representatives were contacted for comment outside of normal business hours in the United Arab Emirates, where the company is headquartered, and did not immediately respond.
Signal: Known for its uncompromising stance on user privacy, Signal’s press office did not immediately comment. In the past, Signal’s leadership has asserted they would rather exit a national market than compromise the cryptographic integrity of their platform.
Meta (WhatsApp): Meta declined to comment immediately on the July 1 notice, though sources close to the company indicate they are reviewing the legal basis of the government’s queries regarding username reservations.
Despite the pending notices, the username features on both Telegram and Signal remained fully operational and accessible to Indian users throughout the week.
Legal and Policy Implications
The government’s inquiry has drawn sharp criticism from legal experts and digital rights organizations, who argue that the regulatory push lacks statutory backing and constitutes an unconstitutional overreach.
The Internet Freedom Foundation’s Critique
The Internet Freedom Foundation (IFF), a Delhi-based digital rights advocacy group, issued a strongly worded statement characterizing the notices as an "unconstitutional dragnet over privacy features."
The IFF argued that the executive branch is attempting to restrict lawful technology features without the explicit authorization of Parliament:
"The executive is restraining lawful features, and with them the private communication those features protect, without the authority of law. We agree there can be regulatory authority for such features, however, it requires a clear articulation of policy intent that is rooted in legislation. This simply does not exist at present. No provision of the IT Act permits it."
The Conflict with the Information Technology Act
Under India’s existing legal framework, primarily governed by the Information Technology Act, 2000, and the IT Rules of 2021, the government has the power to order the blocking of information under Section 69A for reasons of national security, public order, or sovereignty.
However, legal scholars point out that these provisions do not explicitly grant MeitY the authority to dictate the product design, feature sets, or architectural privacy choices of global software applications.
The government’s pressure is widely seen as an attempt to enforce the controversial "traceability mandate" (Rule 4(2) of the 2021 IT Rules), which requires significant social media intermediaries to identify the "first originator" of a message. Platforms have resisted this mandate, arguing that breaking encryption or maintaining detailed identification databases to trace originators fundamentally destroys user privacy.
Implications for High-Risk Individuals
The IFF expressed particular concern over the notice sent to Signal, highlighting the platform’s role as a lifeline for vulnerable communities, investigative journalists, political dissidents, and whistleblowers:
"Signal keeps almost no data on user accounts and activity, has refused to build the searchable directory an identification order would need, and is the tool journalists, activists, and many at-risk people and their contacts rely on, so a notice aimed at it strikes straight at protected speech."
If the Indian government mandates that platforms must link usernames to searchable databases or ban the feature entirely, it could force a standoff. This could result in platforms like Signal withdrawing from the Indian market, leaving citizens without access to secure, surveillance-resistant communication tools.