Open navigation
Search
Search
All Expertise
Explore our breadth of expertise.
International Desks
Helping you access overseas markets with support from our country and region-specific experts.
Sectors View all
Practice Areas View all
Offices
Discover the scope of our presence in the jurisdiction.
Global Reach
Learn about our capabilities beyond borders.
CMS United Kingdom
All Insights
Leverage our expert analysis, intelligence and thought leadership for your strategic advantage.
Personalised updates
Receive tailored insights and intelligence that apply directly to your business.
Topics in Focus View all
Insights by type
CMS Spotlight: join our events and webinars!
CMS News
Stay up to date with our growth, evolution and our many successes.
CMS Press Office
Contact us
For all general enquiries.
About CMS
CMS Careers

Select your region

International Europe Africa Asia-Pacific The Americas Middle East
Legal Update

Ofcom consultation on new rules to combat mobile messaging scams

12 Feb 2026 United Kingdom 4 min read

Key contacts

Ofcom opened a consultation on proposed new rules and guidance to combat mobile messaging scams. The proposals apply to mobile messaging services (e.g. SMS and MMS) regulated under the Communications Act and form part of Ofcom’s wider regulatory duties to strengthen protections for consumers and businesses against fraudulent and malicious messages.

Scam messaging remains a major source of fraud and consumer harm in the UK. Ofcom reports that around half of UK mobile users received a suspicious message between November 2024 and February 2025, while mobile operators collectively received over 100 million scam message reports in the year to April 2025. These scams result in millions of pounds in losses each year. Despite industry measures that blocked hundreds of millions of messages annually, Ofcom concluded that voluntary efforts alone are insufficient to address the scale and sophistication of the threat.

The proposed framework introduces binding obligations on mobile network operators, messaging aggregators, and other providers involved in transmitting mobile messages. Ofcom has identified that current approaches to tackling person-to-person (P2P) and application-to-person (A2P) scam messages vary widely between providers, partly due to the flexibility allowed under existing General Conditions (GCs) and the absence of specific requirements on how providers must identify and prevent scam messages. The proposed GCs aim to close regulatory gaps, standardise industry practices, and ensure robust controls are applied consistently across both P2P and A2P messaging channels

Under the proposals, Ofcom would introduce new GCs requiring mobile operators and aggregators to prevent scam messages from being sent or received. These measures are designed to block fraudulent activity and stop scammers from accessing networks in the first place.

For P2P messaging, proposed requirements for mobile operators include:

  • Volume limits for pay-as-you-go SIMs to restrict large-scale scam activity and block further messages once volume limits are reached.
  • Systems to receive and act on scam reports from customers or third parties, including blocking numbers and messages identified as being used in scams.
  • Detection and blocking of scam messages in transit, based on indicators such as malicious URLs, IDs, and abnormal traffic patterns (e.g. high volumes from newly activated SIMs).

For A2P messaging, proposed requirements for mobile operators and aggregators include:

  • Mandatory ‘Know Your Customer’ checks when onboarding business messaging providers and aggregators.
  • Verification and tighter control of alphanumeric sender IDs, including maintaining a policy on protected brand IDs (e.g. preventing ‘Ofcom’ being imitated as ‘0fcom’), generic IDs (e.g. ‘Customer Service’), and special characters.
  • Ongoing ‘Know Your Traffic’ checks to monitor volume patterns and unusual sender ID or number use.
  • Incident management processes to block senders identified as responsible for scam activity.
  • Detection and blocking of scam messages in transit by identifying malicious URLs and numbers.

Ofcom also considered a mandatory, centralised sender ID registry to make it harder for criminals to use fake alphanumeric IDs. On balance, it decided the approach would be too burdensome for businesses and aggregators, given the significant upfront and ongoing costs of registration and maintenance.

Ofcom’s impact assessment recognises that the proposals may require investment in new technical and compliance capabilities, and potentially additional staff/staff time. While this may be the case, Ofcom considers the measures proportionate and necessary to protect consumers and preserve confidence in digital communications.

The consultation sought views on the proportionality of the proposals, implementation timelines, and how obligations should apply across the messaging value chain. Ofcom aims to publish its final decision in summer 2026. Mobile operators, messaging aggregators, and other affected providers were invited to submit responses by 28 January 2026.

The full consultation document is available here.

More insights
Cyber TMT - Technology, Media & Telecommunications Communications Consumer Products Consumer Protection Defence

Explore more

Expert Guide International

Data protection and cybersecurity laws in the United Kingdom

38 min read
Event United Kingdom

IP Insights webinar series 2026

28 Apr 2026
Publication United Kingdom

Cyber risk management for senior leadership teams

02 Oct 2025 1 min read
Back to top Back to top
Warning: Fraudulent emails and messages
Find out more.
Law-Now, RegZone, LEXplicite and Blogtt have moved to CMS.law. LawNow have moved to CMS.law. LEXplicite have moved to CMS.law. Blogtt have moved to CMS.law.
Learn more Learn more Learn more
If you want to use third party tools, please enable personalisation cookies as part of your cookie preferences. You can change this setting at any time via the button below or in our Cookie Notice.