NEW DELHI: The government on Wednesday issued a notice to Meta-owned WhatsApp, directing the company not to roll out its proposed username feature until consultations on the issue are completed “to the satisfaction of the Government”. It has also asked the company to furnish a detailed explanation of the feature, supported by relevant documents, within three days.The move comes amid growing concerns within the government over the potential risks of impersonation, spoofing, phishing and financial fraud associated with the proposed feature, which would allow users to communicate without sharing their phone numbers.According to sources, the government is closely monitoring WhatsApp’s plans and examining the legal implications of the feature. Officials said authorities are also exploring available legal options, including measures to restrict or block the feature if it is found to pose significant risks.In its notice to WhatsApp India Operations’ Chief Compliance Officer, the government expressed concern that the feature could materially increase instances of online fraud, phishing, digital arrest scams and impersonation attacks.“It is felt that the feature may materially increase the incidence of online fraud, phishing, digital arrest scams and impersonation attacks, by enabling bad actors to solicit and message victims,” the notice stated.The government further warned that the feature could facilitate identity spoofing and impersonation of individuals, public authorities, financial institutions and government agencies.“Furthermore, this feature may facilitate impersonation and identity spoofing, including impersonation of individuals, public authorities, financial institutions, and government agencies, by permitting the adoption of usernames closely resembling those of genuine persons or institutions,” the notice said.The notice cited various provisions of the Information Technology Act and the Information Technology Rules, 2021, including Section 79 relating to intermediary due diligence obligations, Rules 3 and 4 governing intermediary responsibilities and lawful identification of message originators, and Sections 66C and 66D dealing with identity theft and cheating by impersonation using computer resources.It also referred to intermediary liability under Section 79(3)(a) of the IT Act for aiding, abetting or inducing unlawful acts.“In this regard, you are directed to furnish a detailed explanation, supported by relevant documents, on this new feature, within three days of its receipt,” the notice said.The government also reminded Meta that WhatsApp, as a significant social media intermediary, is bound by due diligence obligations under the Information Technology Act and related rules.The development follows mounting concerns raised by cybersecurity experts, legal professionals, startup founders and users, who fear that moving from phone number-based identities to platform-managed usernames could weaken an important layer of accountability and lead to a rise in impersonation and online fraud.
WhatsApp defended the proposed feature
Responding to the government’s concerns, WhatsApp defended the proposed feature and said it has built multiple safeguards to prevent abuse.A WhatsApp spokesperson said the username feature is still under development and will be introduced gradually later this year. “We’ve announced the option for people to reserve their preferred username on WhatsApp. The ability to use a username is not yet live and will roll out slowly later this year. To protect against impersonation, we’ve held the highest-profile names, think public figures, government entities, celebrities, verified Meta accounts, so they can only ever be claimed by their legitimate owners and lookalike derivatives of known names are held as well,” the spokesperson said..“Users still require a phone number to use WhatsApp and we’ve built multiple layers of defense against scams into usernames: Other users need to know the exact username to message you, we will limit how many new people an account can contact, block repeated attempts to guess someone’s username key, and have systems to detect and remove activity showing common impersonation and abuse patterns,” it said.“When the feature becomes available and someone sends you a message for the first time via your username, we will show you if they’re a new account, if they’re your contact, if you have groups in common, and if they’re based in a different country, so you can decide whether to respond,” the company added.WhatsApp has said the username feature is intended to enhance user privacy, particularly in group chats and interactions with new contacts, by eliminating the need to share phone numbers. The company has already begun allowing early reservations of usernames, although it has not announced a timeline for the global rollout.However, the proposal has sparked widespread concern. Several users reported that variations of their names had already been reserved during the early testing phase. MobiKwik CEO Bipin Preet Singh said that multiple variations of his name had already been taken.Cybersecurity experts have also warned that lookalike usernames could become a major avenue for impersonation and financial scams unless robust verification and anti-abuse mechanisms are put in place.Faisal Kawoosa, chief analyst and founder of Techarc, said phone numbers provide a degree of inherent verification that usernames cannot guarantee. “While celebrity names have been reserved, it’s still easy to impersonate, and we have seen how verified accounts have worked on X. Fraudsters can easily use some variations which commoners won’t be able to catch easily,” Kawoosa said. He warned that public trust in WhatsApp as a secure communication platform could decline if adequate safeguards are not introduced.Several experts have also warned that the feature could weaken identity verification mechanisms. They have suggested that WhatsApp should internally map usernames to the underlying phone numbers and introduce robust identity verification systems to prevent misuse.Several Indian startup founders and public figures have also expressed concerns on social media over the potential misuse of the feature, warning that lookalike usernames could become a major avenue for impersonation and scams if not adequately safeguarded.


