In October 2025, Ofcom published a landmark consultation proposing mandatory rules to combat mobile messaging scams across the UK. Unlike previous voluntary measures, these rules will become binding General Conditions — legal obligations that every mobile operator and SMS aggregator must meet. The consultation closed on 28 January 2026, with Ofcom expected to publish its final decision in summer 2026.
For legitimate businesses that rely on SMS for customer communication, this is unequivocally good news. Tighter regulation means fewer scam messages competing for your customers' attention, higher trust in the SMS channel, and better deliverability for compliant senders.
Why Ofcom Is Acting Now
The scale of SMS fraud in the UK has reached a point where voluntary measures are no longer sufficient:
- 50% of UK mobile users received a suspicious text message in a single six-month period (November 2024 to February 2025)
- 100 million suspicious messages are reported to operators annually via the 7726 reporting service
- UK mobile providers currently block approximately 600 million scam messages per year — but fraudsters continue to find new routes
Ofcom's response is to move from guidance to enforcement. The proposed rules establish a regulatory floor — a minimum standard that every provider must meet, with consequences for those that fall short.
What the New Rules Require
The consultation sets out two categories of obligation: rules for person-to-person messaging and rules for business (A2P) messaging. For businesses using SMS through a provider like Faretext, the A2P rules are the ones that matter most.
Know Your Customer (KYC) checks
Every SMS aggregator and provider must conduct rigorous upfront identity verification on every business customer before allowing them to send messages. This goes beyond a simple registration form — providers must verify that the business is legitimate, that the named contacts are real, and that the intended use of SMS is lawful.
Know Your Traffic (KYT) monitoring
Providers must implement ongoing traffic monitoring to detect suspicious patterns — sudden spikes in volume, messages to unusual number ranges, or content that matches known scam templates. This is not a one-off check at onboarding; it is continuous surveillance of messaging activity.
Sender ID verification
Alphanumeric sender IDs (the name that appears instead of a phone number, such as "YourBank" or "RoyalMail") must be verified against the business's actual identity. Providers must prevent fake sender IDs from being used and maintain registries of approved sender names. Generic identifiers like "Customer Service" will face additional scrutiny.
Malicious content blocking
Providers must detect and block messages containing malicious weblinks and phone numbers in transit — before they reach the recipient. This requires real-time content scanning against known threat databases.
Incident management
When fraud is detected, providers must have formal incident management processes to identify and remove the offending sender, report the activity to networks and regulators, and prevent repeat offences.
PAYG volume limits
For person-to-person messaging, Ofcom proposes volume limits on pay-as-you-go SIM cards to prevent scammers from buying cheap SIMs and blasting thousands of messages before discarding them.
What This Means for Your Business
If you're a legitimate business sending SMS in the UK, these rules should not cause alarm — they should give you confidence. Here is what changes practically:
- Your provider will verify your identity more thoroughly. Expect to provide business registration details, named contacts, and a description of your intended SMS use. If your provider already does this, nothing changes.
- Your messaging patterns will be monitored. Sudden, unexplained spikes in volume or messages to unusual destinations may trigger reviews. Consistent, predictable messaging from a verified account will pass without issue.
- Your sender ID must match your business. If you use an alphanumeric sender ID, ensure it is registered with your provider and accurately reflects your brand name.
- Your messages must not contain suspicious content. Avoid shortened URLs from unfamiliar services, requests for personal information, and urgency language that mimics scam patterns.
How Faretext Keeps You Compliant
Faretext has operated to these standards long before Ofcom proposed making them mandatory. Our compliance infrastructure is designed to protect both our customers and their recipients:
Identity verification at onboarding
Every Faretext customer undergoes identity verification before sending their first message. We verify your business registration, confirm named contacts, and review your intended messaging use case. This is our standard process — not a new requirement we are scrambling to implement.
Continuous traffic monitoring
Our platform monitors messaging patterns in real time. If an account shows unusual activity — unexpected volume spikes, messages to atypical number ranges, or content anomalies — our compliance team investigates before messages are sent, not after complaints are received.
Registered sender IDs
We register your alphanumeric sender ID with UK mobile networks on your behalf, ensuring your messages are delivered under a verified identity. This protects your brand from impersonation and ensures your messages are not caught by sender ID filters. Learn more about our approach on our fraud prevention page.
Direct carrier connections
Faretext uses direct Tier 1 carrier connections to all UK mobile networks. Your messages take the most reliable, compliant route to delivery — not grey routes or offshore aggregators that may not meet Ofcom's new standards. This means higher deliverability and lower risk of your messages being filtered.
Content guidance
Our team provides guidance on message content to help you avoid triggering network-level filters. We advise on sender ID best practice, opt-out wording, URL formatting, and content structure — all aligned with the regulatory direction Ofcom is setting.
Governance and accountability
Our published governance policies set out our commitments to responsible messaging. We maintain formal incident management processes and work proactively with networks and regulators to combat fraud.
Why Tighter Regulation Benefits Legitimate Senders
Every scam message that reaches a consumer erodes trust in SMS as a channel. When recipients become suspicious of text messages, they are less likely to engage with legitimate business communications — your appointment reminders, delivery notifications, and marketing offers.
By raising the compliance bar, Ofcom's new rules will:
- Reduce scam volumes — fewer fraudulent messages means less noise competing with your communications
- Increase consumer trust — recipients will be more confident that the messages they receive are genuine
- Improve deliverability — as networks block more fraudulent traffic, legitimate messages face fewer filtering false positives
- Level the playing field — providers that previously cut corners on verification will be held to the same standards as responsible operators
Preparing for Summer 2026
Ofcom's final decision is expected in summer 2026. Businesses should use this window to review their SMS setup:
- Check your provider's compliance credentials. Ask whether they conduct KYC checks, monitor traffic, and register sender IDs with networks. If they cannot answer clearly, consider switching to a provider that can.
- Review your sender ID. Ensure it accurately reflects your business name and is consistently used across all campaigns.
- Audit your message content. Remove shortened URLs from unfamiliar services, ensure opt-out instructions are present in marketing messages, and avoid language patterns associated with scams.
- Document your consent basis. Whether you rely on explicit opt-in or the soft opt-in exemption under PECR, ensure you can demonstrate how each recipient consented to receive your messages.
If you are already sending through Faretext, you are ahead of these requirements. Our SMS API, Oello platform, and email-to-SMS gateway all operate under the same compliance framework — verified senders, monitored traffic, direct carrier routes. Connect with us to discuss how we can support your messaging compliance.
Frequently Asked Questions
When do Ofcom's new anti-scam rules take effect?
Ofcom's consultation closed on 28 January 2026. The final decision and binding rules are expected to be published in summer 2026, with an implementation period following for providers to meet the new obligations.
Do these rules apply to my business or just to SMS providers?
The mandatory obligations fall on mobile operators and SMS aggregators (providers like Faretext). However, businesses will experience the effects through stricter onboarding checks, sender ID verification requirements, and traffic monitoring by their provider.
Will my existing SMS campaigns be affected?
If you are sending through a compliant provider with a verified sender ID, consistent messaging patterns, and proper consent, your campaigns should not be disrupted. The rules are designed to catch fraudulent senders, not legitimate businesses.
What happens if my SMS provider does not meet the new rules?
Providers that fail to comply with Ofcom's General Conditions face regulatory enforcement action, which can include fines and restrictions on their ability to operate. If your provider cannot demonstrate compliance, your messages may face deliverability issues as networks tighten their filtering.
How do I report a scam text message?
Forward suspicious text messages to 7726 (which spells SPAM on a phone keypad). This alerts your mobile operator, who can investigate and block the sender. You can also report scams to Action Fraud at actionfraud.police.uk.
Sources: Ofcom — New Rules to Protect People and Businesses Against Mobile Messaging Scams, MEF — The UK's Messaging Firewall
