Digital Identity at a Crossroads: Government Scrutiny Intensifies Over WhatsApp and Telegram’s Username Features

digital-identity-at-a-crossroads-government-scrutiny-intensifies-over-whatsapp-and-telegrams-username-features

In a significant regulatory development, the Indian Ministry of Electronics and Information Technology (MeitY) has intensified its oversight of major messaging platforms regarding their shift toward username-based communication. Both Meta-owned WhatsApp and the encrypted messaging service Telegram have now submitted their formal responses to the government following notices issued over their proposed "username" features.

The central government’s intervention marks a pivotal moment in the ongoing debate between user privacy—often championed by big tech—and national security imperatives, specifically the traceability required to combat the country’s burgeoning cybercrime landscape.

The Core of the Conflict: Anonymity vs. Accountability

The crux of the government’s concern lies in the proposed move to allow users to interact via unique handles—prefixed by the ‘@’ symbol—rather than relying solely on mobile phone numbers. While WhatsApp and Telegram tout this as a landmark privacy upgrade, the Indian government views it as a potential "blind spot" for law enforcement.

The Ministry has explicitly raised concerns that enabling communication without the visibility of phone numbers could create an environment where cybercriminals, impersonators, and fraudsters operate with increased impunity. Officials have highlighted that the current linkage between accounts and phone numbers serves as a vital anchor for verifying identities and tracking malicious actors in cases of phishing, financial fraud, and the increasingly prevalent "digital arrest" scams.

As a "Significant Social Media Intermediary" (SSMI), WhatsApp is legally bound by stringent due diligence obligations under the Information Technology (IT) Act and associated rules. The government’s notice to Meta was a stern reminder that any product feature that potentially degrades the ability of law enforcement to investigate criminal activity could be viewed as a violation of these regulatory frameworks.

A Chronology of the Regulatory Standoff

The situation has unfolded rapidly over the past fortnight, highlighting a clear friction between global product rollouts and localized compliance requirements.

  • Late June: Meta announced a phased global rollout of its username feature, framing it as the most significant identity overhaul in the platform’s history. The company argued that this would curb phone number harvesting and protect users from SIM-swap attacks.
  • Early July: Sensing the implications for national security, MeitY issued a formal notice to Meta, demanding a detailed explanation of the feature. The government directed the tech giant to pause the rollout in India until extensive consultations could be completed to the satisfaction of the authorities.
  • July 9 Deadline: Initially given three days to respond, WhatsApp requested an extension, which was granted by the Ministry. During this period, WhatsApp provided assurances that the feature would remain dormant in the Indian market while discussions with the government proceeded.
  • July 10-11: Following the submission of its response, WhatsApp’s reply began undergoing a formal, high-level examination by Ministry officials. Shortly thereafter, news emerged that Telegram had also filed its formal response to the Ministry, confirming that the regulatory net has widened beyond just one platform.
  • Ongoing: IT Secretary S. Krishnan confirmed that the government is actively analyzing these submissions. While the government is currently focused on the username issue, it has also signaled a readiness to examine other technological innovations, such as Meta’s "Muse Image" AI tool, should formal complaints regarding compliance arise.

WhatsApp’s Rationale: Privacy as a Product Pillar

WhatsApp has consistently maintained that the username feature is a response to evolving user needs for privacy. In its public communications, the company has emphasized that phone numbers are currently exposed in various contexts—such as large community groups, business interactions, and public forums—which leaves users vulnerable to harassment and unwanted contact.

By introducing usernames, Meta intends to provide users with a "digital shield." Their proposal includes specific safeguards, such as:

  1. Reserved Handles: Ensuring public figures, government entities, and verified brands have their usernames protected to prevent impersonation.
  2. Lookalike Blocking: Algorithms designed to prevent the creation of accounts with handles that mimic legitimate users or entities.
  3. Mandatory Phone Linking: Clarifying that despite the introduction of handles, users will still be required to register their accounts using a legitimate phone number, maintaining a foundational layer of identity verification for the platform.

Meta’s stance is that these measures, combined with end-to-end encryption, will elevate user safety rather than diminish it, by minimizing the public exposure of personal identifiers.

The Government’s Perspective: The Growing Shadow of Cybercrime

The Indian government’s skepticism is rooted in hard data. With cybercrime losses in the country reported at approximately ₹22,495 crore in 2025, the pressure on the Ministry to ensure platforms remain "traceable" is immense.

The government’s objection is two-fold:

  • The Ease of Impersonation: While Meta claims to have safeguards, the government fears that sophisticated scammers will find ways to exploit the handle system to trick victims into believing they are communicating with trusted entities, such as banks or law enforcement agencies.
  • Traceability Hurdles: In the current system, a phone number acts as a "hard" identifier. If an individual is defrauded, the phone number is the primary lead for investigators. If that identifier is abstracted behind a mutable username, the government argues that the time-sensitive nature of cyber-fraud investigations could be severely compromised.

The Ministry’s stance is that social media intermediaries cannot unilaterally implement features that fundamentally alter the landscape of digital accountability without prior state approval.

Wider Implications: Signal, Telegram, and the AI Frontier

The scrutiny has not been limited to Meta. By issuing notices to Telegram and Signal, the government is signaling that this is a policy-level stance rather than a targeted strike against one company.

Telegram, known for its focus on group-based communication and privacy, faces similar hurdles. Its business model relies heavily on anonymous, username-based interactions, which makes it a unique challenge for regulators. Signal, which has long prided itself on minimal data collection, may find the government’s request for "safeguards" fundamentally at odds with its architecture, which is designed to avoid storing user data altogether.

Furthermore, the government’s interest in Meta’s "Muse Image" AI feature indicates that the regulatory gaze is widening. As AI-powered image generation becomes more accessible, the potential for deepfakes and misinformation has become a top-tier concern for the IT Ministry. The government is effectively placing Big Tech on notice: innovation in India must align with India’s legal framework, particularly regarding the prevention of harm.

Looking Ahead: The Path to Resolution

As MeitY continues its examination of the replies from WhatsApp and Telegram, the industry is watching closely. Several potential outcomes are possible:

  1. Modified Rollout: The government may mandate that the username feature be made "optional" and require that phone numbers remain visible by default, or that the "handle" system only be used for specific, low-risk interactions.
  2. Increased Transparency Requirements: The government could demand that platforms provide a faster, more streamlined "Law Enforcement Access" portal, where usernames can be instantly mapped to real-world identities upon the receipt of a valid legal order.
  3. Strict Compliance Deadlines: The government may set a timeline for the companies to prove the efficacy of their anti-impersonation algorithms before allowing a wider release.

For now, the status quo remains: the platforms have been effectively "frozen" from deploying these features in India. The outcome of these discussions will set a significant precedent for how global technology firms negotiate their product roadmaps in one of the world’s largest and most complex digital markets.

The government’s message is clear: while privacy is a fundamental right, it does not exist in a vacuum. It must be balanced against the responsibility of platforms to ensure their services do not become conduits for the next generation of digital crime. As the Ministry finishes its review, the tech industry awaits a decision that will shape the future of digital identity in India.