"This notice repeats the move for a single feature and goes further, because it names one company, sets a three-day clock, and bars the launch until MeitY is satisfied," the Internet Freedom Foundation said in response to a government order.
The Ministry of Electronics and Information Technology's three‑day demand
India's Ministry of Electronics and Information Technology (MeitY) on July 1 asked WhatsApp to explain why it should not face regulatory action and ordered the Meta‑owned platform to halt the global rollout of a new usernames feature until the government approves it. The department gave WhatsApp just three days to respond to the letter and explicitly asked the company to pause the usernames rollout.
MeitY grounded its concerns in India's Information Technology Act 2000 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021. The department said allowing first contact without displaying a phone number "may increase cybercrimes," citing specific worries that the change could facilitate phishing, digital arrest scams and impersonation of public authorities, financial institutions, or government departments.
How WhatsApp says usernames will work and the protections it has built
WhatsApp unveiled the usernames feature on June 29, saying users will be able to reserve usernames and use them in place of phone numbers when the feature launches later this year. The company told reporters that the option responds to users who "want to chat with others without exposing their personal phone number" — for example, classmates, neighbors, professional contacts or sports‑team group chats.
WhatsApp's public description of the feature lists several safety controls it says are in place: usernames are not yet live and will "roll out slowly later this year"; when a username is used to message someone for the first time the app will indicate whether the sender is a new account, is in the recipient's contacts, shares groups in common, or is based in a different country. WhatsApp added that users will still require a phone number to use the service.
Additional measures named by WhatsApp include reserving high‑profile usernames for legitimate organizations and individuals, blocking attempts to register lookalike derivatives, limiting how many new people an account can contact, blocking repeated attempts to guess someone's username key, and deploying systems to detect and remove activity showing "common impersonation and abuse patterns."
The Internet Freedom Foundation's objection and a recent regulatory precedent
The Internet Freedom Foundation (IFF) published a copy of MeitY's letter and urged that the department lacks a clear legal basis to halt WhatsApp's usernames rollout. The IFF argued that neither the IT Act nor the 2021 intermediary rules are applicable to the move as invoked by MeitY and described the order as an example of attempted regulatory overreach.
The IFF also drew a parallel to a March 2024 advisory in which MeitY sought to prevent AI companies from rolling out models to the public before securing government approval. According to the IFF, that advisory was publicly criticized and within a fortnight MeitY withdrew it and "dropped the permission requirement," a history the group cites in arguing the current notice is excessive.
Scale, existing abuse patterns, and a related messaging platform incident
WhatsApp says more than 3 billion users rely on its platform, and separate estimates cited by reporters place India as its largest market with more than 850 million users. The company — and security commentators cited in the reporting — acknowledge that WhatsApp has been used by cybercriminals for fraud, including impersonation of public figures, authorities and family members to carry out financially motivated attacks.
The reporting also notes that Telegram, another messaging platform that allows public usernames, is frequented by scammers. India temporarily banned Telegram in June amid fears that exam questions were being shared ahead of the NEET‑UG medical entrance exam. According to the account, the exam was reworked and rescheduled after being canceled in May when genuine questions were found circulating on the platform.
What this means for policymakers, security teams, and users
- Policymakers and regulators: MeitY's invocation of the IT Act 2000 and the 2021 intermediary rules signals a willingness to use existing statutory frameworks to press tech companies on product rollouts; the department has demanded an immediate response and a halt until it is satisfied.
- Technologists and security teams: The controls WhatsApp lists — limits on who a new account can contact, lookalike blocking, and detection of impersonation patterns — are the mechanisms the company says it will use to reduce abuse; those systems will be the practical test of whether usernames increase phishing or impersonation risks.
- End users in India: WhatsApp maintains users will still need a phone number to use the service, but MeitY's order reflects official concern that allowing an initial point of contact without showing a phone number could change how scams are conducted and detected.
The dispute sets a clear near‑term friction point: MeitY has given WhatsApp a three‑day window to justify the usernames rollout and ordered the company not to launch the feature until the government approves it, while WhatsApp says usernames are not yet live and plans a gradual global rollout later this year with several built‑in protections. Which side prevails — regulatory pause or incremental product deployment under new safety controls — will hinge on WhatsApp's response to MeitY and whether the department accepts the company's technical mitigations.




