New Delhi: The government has disclosed that a national biometric system capable of tracking SIM card issuance across all telecom operators in real time remains at proof-of-concept stage and will not be operational before December 2026.
The revelation came in a status report filed before the Supreme Court on 30 March by the Indian Cybercrime Coordination Centre (I4C) under the Ministry of Home Affairs that was co-signed by Attorney General R. Venkataramani.
The disclosure was made in a suo motu criminal writ petition titled ‘Victims of Digital Arrest Related to Forged Documents’ in which the Supreme Court bench of Chief Justice Surya Kant and Justices Joymalya Bagchi and N.V. Anjaria has been pressing the government since October 2025 to close systemic gaps that have allowed digital arrest fraud to flourish.
According to data presented in Parliament, Indians lost Rs 1,935 crore to such scams in 2024, a 471 percent increase from the previous year, with criminals operating largely from call centres in Southeast Asia, impersonating law enforcement officials over video calls to coerce victims into transferring savings under threat of fabricated arrest.
Also Read: Telecom dept’s limited powers, SIM misuse aid digital arrests—Centre pushes for SIM binding in SC
The problem
India’s telecom rules cap SIM card ownership at nine per individual and one new SIM per day. In practice, these limits are unenforceable. As the Inter Departmental Committee (IDC) was told at its third meeting on 12 March this year, “a cross-network monitoring system is presently not available”.
The IDC is chaired by the Special Secretary (Internal Security), and has members from the Ministry of Electronics and Information Technology, Ministry of External Affairs, Law and Justice, Central Bureau of Investigation (CBI), Department of Financial Services, Department of Telecommunications (DoT), Delhi Police and I4C among others.
Each of the four major telecom service providers (TSPs)—Airtel, Vodafone-Idea, Reliance Jio, and BSNL—can only see SIM cards issued on its own network. A person who has reached the nine-SIM limit with one operator can walk into a store of another operator and obtain more. There is currently no mechanism to stop this.
The Department of Telecommunications (DoT) told the IDC that identifying multiple SIM cards issued to an individual is “currently undertaken on a best-effort basis using demographic and facial information, since Aadhaar numbers cannot be stored under the existing legal framework”. Subscribers can check SIM cards issued in their name through the government’s Sanchar Saathi portal, but the system depends on self-reporting rather than automatic enforcement.
The DoT also disclosed that 44 illegal telecom centres running SIM box operations—devices housing multiple SIM cards that make bulk fraudulent calls appear to be local numbers—were dismantled between April 2024 and October 2025. Enforcement is continuing, but the underlying infrastructure gap remains.
The solution, and why it is taking so long
The proposed fix is the Biometric Identity Verification System (BIVS), a system the DoT says will use facial vectors and demographic parameters stored on a Digital Ledger Technology (DLT) framework to generate a unique digital identity for each subscriber. At the moment a new SIM is being issued, the system would check whether the applicant has already reached the nine-card limit across all operators—not just the one at the counter. The Attorney General told the 12 March IDC meeting the system “must ensure interoperability across all TSPs, so that a subscriber cannot obtain additional SIM cards from different operators after reaching the permissible limit”.
The BIVS is currently in the Proof of Concept (PoC) stage. Implementing it requires the notification of the Telecommunications (User Identification) Rules, 2025, and related Authorization Rules under the Telecommunications Act, 2023. Here is the problem: Sections 3 and 4 of the Telecommunications Act, 2023 — the enabling framework for these rules — have not yet been brought into force. The subordinate legislation required to operationalise the authorisation framework is still being finalised following public consultation and intra-departmental deliberations.
DoT told the IDC and the Supreme Court that three months are needed to notify the rules, and a further six months to implement the technical system — a total of nine months from now, putting the operational deadline at December 2026.
The Supreme Court had originally directed DoT to notify these rules within three weeks of its February 9, 2026 order. DoT’s response, annexed to the status report, said plainly that “it may not be feasible to notify the two rules within the three-week period as directed” and requested a minimum of three months. The IDC chair directed DoT “to review the proposed timeline and explore ways to expedite the notification of rules and deployment of the system, considering the seriousness of the issue”.
What happens in the meantime
While the BIVS is built, the status report outlines a series of interim measures the IDC has directed. TSPs have been told to strengthen compliance mechanisms for Point of Sale (PoS) vendors—the agents who issue SIM cards—within two months, after the committee noted that PoS vendors continue to be reported for bypassing verification norms. TSPs have also been directed to complete the API integration for a dedicated portal giving law enforcement real-time access to PoS data and blacklisted agent records within 10 days. The DoT has been given one month to assess whether suspicious SIM cards can be blocked within 2–3 hours rather than the current practice of up to 24 hours—a change Delhi Police told the IDC was critical, since fraudulent activity typically occurs within the first hours of a SIM’s activation.
On the question of the many SIM cards issued before biometric verification became standard—so-called legacy connections—TSPs have been directed to continue retrospective biometric verification and submit a status report to DoT within three months. The proposed BIVS would also, once operational, enable a second safeguard: requiring confirmation through a subscriber’s primary SIM before any additional SIM cards can be issued in the same name, a mechanism the IDC noted would become feasible only once the system is live.
(Edited By Nardeep Singh Dahiya)
Also Read: Delhi’s ‘Khan Market brothers’ say they were cheated as their eatery account used in cyber fraud