Regulatory Updates
Regional compliance notes for global teams, covering enterprise communications, A2P SMS, real-name registration, data privacy, and sending restrictions.
Spain Tightens Alias Blocking for SMS
For teams sending branded SMS, OTPs, billing alerts, or RCS notifications to Spanish numbers, the key shift is that sender aliases are no longer just a routing setting but a regulated registry and blocking issue. In March 2026, Spain’s CNMC formalized the Alias Register and confirmed that from June 7, 2026, operators must block messages using unregistered aliases, messages sent by non-authorized providers, and messages from foreign entities not registered in Spain, subject to limited roaming exceptions.
Hong Kong SMS sender scheme expands
This matters for SMS operations, product integration, and compliance teams sending OTPs, billing alerts, service messages, and membership notifications to Hong Kong users. Hong Kong’s SMS Sender Registration Scheme is no longer just a public-awareness measure; it is increasingly part of sender authenticity, anti-scam controls, and delivery trust. In May 2026, OFCA refreshed scheme materials and sender lists, signaling continued operationalization. Brands still using unregistered or inconsistent sender IDs should expect lower user trust, higher complaint exposure, and greater scrutiny from carriers and local partners.
Canada Tightens Liability for Outsourced Telemarketing
This matters to marketing, compliance, and vendor-management teams running outbound calls, text-led lead generation, and customer contact into North America because Canadian enforcement is continuing to push liability upstream to the brand and outsourcing chain, not only the frontline sender. In March 2026, the CRTC issued a notice of violation against iTalk Global Communications and highlighted internal do-not-call retention and identification obligations. For cross-border messaging and contact programs, outsourcing no longer functions as a practical compliance shield.
EU DMA Pushes Device Transfer and eSIM Interoperability
This matters for product, compliance, and integration teams running OTT messaging, account alerts, companion apps, and connected-device services in Europe because the DMA is no longer just about chat interoperability. In April and May 2026, the European Commission tied interoperability to concrete implementation milestones covering device transfer, notification access, and eSIM transfer, with some measures scheduled around June 1, 2026. For communications providers, switching friction is becoming a compliance, retention, and technical integration issue at the same time.
Australia Tightens Cross-Border Sender ID Access
For teams sending OTPs, billing alerts, delivery notifications, and customer-service texts into Australia, the key issue is no longer just whether a sender ID is registered. From July 1, 2026, cross-border A2P delivery also depends on whether the offshore messaging chain is connected to an approved Australian participation model. ACMA’s recent guidance makes clear that international brands and message providers must work through certified or participating Australian providers, or branded traffic may be relabeled as 「Unverified」 and lose sender identity at the point of delivery.
Australia SMS Sender ID Downgrade Nears
This matters for SMS operations, product, and compliance teams sending OTPs, billing alerts, delivery updates, and support messages into Australia because the consequence of non-compliance is now operationally concrete. From July 1, 2026, branded SMS sent with an unregistered sender ID will be overwritten as “Unverified” and grouped into a shared thread with other unregistered traffic. ACMA’s May 2026 reminder shows the regime has moved from policy design to implementation, with immediate implications for deliverability, brand recognition, and customer trust.
UK A2P Scam-Control Rules
This matters for SMS operations, compliance, and technical integration teams that send OTPs, billing alerts, delivery notices, or support messages into the UK. Ofcom is moving anti-scam controls from post-incident handling into the A2P messaging stack itself. In 2026, the regulator continued advancing its mobile messaging scam framework, proposing baseline obligations for mobile operators and business messaging aggregators across KYC, sender ID validation, ongoing traffic monitoring, incident handling, and data protection. Ofcom says it plans to publish a final decision in summer 2026, which could reshape onboarding and routing requirements for UK-bound business messaging.
Need compliance guidance?
Contact us for enterprise communication compliance guidance and implementation paths for your target markets.
Get in Touch