India's MeitY orders WhatsApp to pause username rollout over fraud fears
The Indian government has directed Meta to pause its WhatsApp username rollout, warning the feature could facilitate impersonation scams and complicate cybercrime investigations.
On July 1, the Ministry of Electronics and Information Technology (MeitY) sent Meta a notice demanding an immediate halt to the rollout of WhatsApp’s new “username” feature in India and a detailed reply within three days. The move thrust a privacy‑centred product into the centre of a growing battle between the world’s biggest messaging platform and regulators worried that the change could turbo‑charge phishing, impersonation scams and “digital arrest” fraud.
WhatsApp, which counts more than 500 million Indian users, announced on June 29 that it would let people connect via unique usernames instead of exchanging phone numbers. The company markets the update as an optional privacy shield for group chats and first‑time contacts, but India’s government says the same tool could become a “virtual guinea pig” for cyber‑criminals.
Media additions
What the notice says
The formal notice, addressed to the Chief Compliance Officer of WhatsApp India Operations, cites the Information Technology Act, 2000 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. It flags Sections 66C and 66D (identity theft and cheating by impersonation) and Section 79(3)(a) (intermediary liability) as possible bases for action if the feature proceeds without adequate safeguards.
According to the notice, the username system could “materially increase the incidence of online fraud, phishing, digital arrest scams and impersonation attacks” by allowing bad actors to contact victims without a visible phone number. It also warns that “the feature may facilitate impersonation and identity spoofing, including impersonation of individuals, public authorities, financial institutions, and government agencies, by permitting the adoption of usernames closely resembling those of genuine persons or institutions.”
"You are also directed not to roll out this feature until the consultation on this point is achieved to the satisfaction of the government."
MeitY notice, via Free Press Journal
WhatsApp’s defence
In a statement to media on Wednesday, WhatsApp said the feature is “entirely optional” and that “most users will choose unique usernames but we’re mindful that some businesses or people might want consistency in how they show up across apps.”
"We built usernames to give our users more private options for how they show up in the app, and it’s entirely optional. Most users will choose unique usernames but we’re mindful that some businesses or people might want consistency in how they show up across apps,"
WhatsApp spokesperson, via SocialSamosa
The company added multiple technical safeguards:
- Reserved “high‑profile” handles for public figures, government entities, celebrities and verified Meta accounts.
- Requirement that a sender’s exact username be known before a message can be delivered.
- Limits on the number of new contacts an account can reach in a given period.
- Automatic blocking of repeated attempts to guess usernames.
- Algorithmic detection of impersonation patterns and rapid removal of abusive accounts.
- In‑app indicators showing whether a first‑time sender is a new account, a contact, a mutual‑group member or from another country.
"To protect against impersonation, we’ve held the highest-profile names, including those of public figures, government entities, celebrities and verified Meta accounts, so they can only be claimed by their legitimate owners. Lookalike versions of known names have also been reserved,"
WhatsApp spokesperson, via Telangana Today
"Other users need to know the exact username to message you. We will limit how many new people an account can contact, block repeated attempts to guess someone’s username key, and have systems to detect and remove activity showing common impersonation and abuse patterns,"
WhatsApp spokesperson, via Telangana Today
Industry and expert alarm bells
Cyber‑law specialist Pawan Duggal warned that new technology rolls out “without adequate safeguards” and reminded officials of the Supreme Court’s Puttaswamy judgment, which enshrines privacy as a fundamental right. He urged Meta to align the feature with the Digital Personal Data Protection (DPDP) Act, 2023.
Startup founders echoed those concerns. Dr Rakesh Bansal, founder of Rakesh Bansal Ventures, said that linking accounts to phone numbers currently helps law enforcement trace scams, and that “usernames could make cybercrime investigations more difficult.” Jasveer Singh, co‑founder of KnotDating, warned that “allowing users to connect through usernames could make it easier for fraudsters to create fake accounts and deceive people.” Vijay Shekhar Sharma, founder‑CEO of Paytm, posted on X that “similar‑sounding usernames may become a tool for impersonation and scams.”
Rajeev Mantri, founder of Navam Capital, framed the rollout as a “colossal data‑harvesting and data‑pooling scheme,” suggesting Meta’s true aim might be to link WhatsApp with Instagram and Facebook to boost ad targeting.
Legal backdrop
India has already taken a hard line on comparable username‑based services. Earlier this year, the government temporarily banned Telegram after it was blamed for facilitating the leak of NEET PG exam papers and for being a conduit for drug‑related advertising. The Telegram episode gave regulators a fresh reference point for why they are uneasy about anonymous handles.
Under the IT Rules, 2021, WhatsApp is classified as a “significant social intermediary” and must observe due‑diligence obligations, including traceability of the “first originator” of a message. The MeitY notice asks Meta to explain why action under these rules “should not be initiated.”
Timeline of key events
- June 29 2026 – Meta announces global rollout of WhatsApp usernames, with India in the phased launch.
- July 1 2026 – MeitY issues a formal notice ordering a pause and demanding a detailed explanation within three days.
- July 2 2026 – Media outlets (SocialSamosa, Telangana Today, Inc42, etc.) publish the notice and WhatsApp’s initial defensive statements.
- Mid‑July 2026 (expected) – Government‑industry consultations on technical safeguards, data‑protection compliance, and possible amendments to the IT Act.
What to watch next
- Meta’s response deadline – The three‑day window ends on July 4. A comprehensive technical brief is expected, covering username reservation policies, anti‑impersonation algorithms, and data‑sharing safeguards.
- Regulatory outcome – If the explanation satisfies MeitY, the feature may resume on a limited pilot. A negative assessment could trigger formal action under Sections 66C/66D or a directive to amend the rollout.
- Impact on businesses – Companies that rely on WhatsApp for customer service, payments and community management must prepare for a potential pause in username availability and possible stricter verification steps.
- Cross‑platform linking – Watch for any separate guidance on whether usernames will be linked to Instagram or Facebook accounts, a point flagged by industry critics as a possible ad‑targeting lever.
- Future litigation – Legal experts suggest that a refusal to comply could lead to a landmark case on the balance between privacy‑enhancing features and the state’s duty to prevent cybercrime.
For now, Indian users will continue to rely on phone numbers as the primary identifier on WhatsApp. The pending consultation will determine whether the promised “optional” username layer can coexist with India’s strict traceability rules and the government’s zero‑tolerance stance on online fraud.