- Operators must set limits on pay‑as‑you‑go SIM card volumes, block known scam numbers and suspend malicious messages in transit as part of the person‑to‑person messaging regime.
- For business‑messaging streams, firms and aggregators will face stronger due‑diligence obligations, traffic monitoring and protection against fake sender identities.
What happened: Ofcom sets out new rules to curb scam messages
Ofcom has published a consultation outlining proposed rules for mobile providers to better prevent execution of scam messages via both person‑to‑person (P2P) and application‑to‑person (A2P) services. The regulator cites survey data showing that 50% of UK mobile users reported receiving a suspicious message between November 2024 and February 2025. In the 12 months to April 2025, approximately 100 million suspicious messages were reported to operators using the 7726 reporting service.
Under the proposals, mobile network operators must for P2P messaging adopt volume caps on pay‑as‑you‑go SIM cards, systematically block numbers linked to scam activity, and install real‑time controls to intercept malicious sender IDs, links and numbers. For business‑messaging streams, aggregators must perform “know your business” checks on senders, review traffic patterns for anomalies, enforce proper alphanumeric sender ID validation and block suspect messages in transit.
The public consultation closes on 28 January 2026, with a final decision expected next summer, followed by a transitional period before full enforcement begins.
Also Read: US tightens chip exports to Huawei and SMIC
Also Read: Alibaba agrees to pay $433.5M to settle security fraud class action
Why it’s important
Messaging scams have grown into a mass nuisance and financial risk across the UK telecoms sector. By holding mobile providers directly accountable for managing message flows, the regulator seeks to shift the burden of defence upstream rather than relying solely on consumers to report and block scams themselves. Network operators effectively become frontline defenders of trust in the mobile channel.
Moreover, this regulatory move reflects a broader global trend of treating telecom messages as a critical attack vector, not just voice calls. With mobile messaging increasingly used for two‑factor authentication, banking alerts and critical services, tightening regulation helps protect infrastructure and digital‑economy trust. The move also signals to business messaging platforms that they cannot continue as unchecked bulk-message conduits for fraud.
If fully adopted, the rules could reduce the volume of scam messages reaching users, improve network integrity, and restore confidence in mobile services as safe channels for consumers and businesses alike.
