The GSMA officially published RCS Universal Profile 3.1 on July 25, 2025. This builds on the previous major update, UP 3.0 (released in March 2025), which introduced interoperable end‑to‑end encryption (E2EE) via the MLS protocol. MEF CEO Dario Betti discusses what this latest update means for the future of secure, scalable messaging in a rapidly evolving digital landscape.
GSMA’s Universal Profile 3.1 marks a major leap for RCS, introducing high-quality voice messaging via xHE-AAC, improved network reliability, and enhanced security features. With dynamic connectivity and better spam protection, RCS becomes more competitive with OTT apps. While adoption depends on ecosystem rollout, UP 3.1 strengthens RCS as a secure, rich, and business-ready messaging platform.
What is new in the standard?
On June 24, 2025, President Vladimir Putin signed legislation authorising the development of a new state-owned messaging app, designed to replace Western platforms such as WhatsApp and Telegram. The state-owned app should allow access to government services as well: it will integrate identity verification and document signing, reinforcing the Kremlin’s pursuit of “digital sovereignty.”
Anti-Spam features
Improved spam reporting workflows and more secure file transfer protocols are included. UP 3.1 enables the reporting of actual content from a file transfer within spam reports—meaning users and operators can flag both the sender and the attachments themselves as spam or potentially malicious. This deeper reporting capability enables more effective filtering and threat handling by carriers and regulatory systems.
These updates may not be as flashy as high-fidelity voice notes or end-to-end encrypted group chat, but they’re fundamental to a credible messaging system, especially one that aspires to compete with dominant over-the-top (OTT) apps in both consumer and business use cases.
Universal Profile 3.1 marks an important step in RCS evolution. While UP 3.0 delivered crossplatform encryption, 3.1 strengthens media quality, client reliability, and security hygiene, all critical for broader adoption and competitiveness.”
The pace of change is picking up (2 releases in 4 months), but there is more work to be done. The RCS SPAM attacks on P2P channels are increasing and change in vectors, such as the recent focus on multirecipient lists to send SPAM to a higher number of people. The answer to fraudsters needs to be faster still.
Locking Down the Payload: File Transfer Reinforcement
Hand-in-hand with smarter spam controls comes a much-needed reinforcement of RCS’s file transfer mechanisms. UP 3.1 updates the file encryption and validation procedures that underpin RCS media sharing. The new methods ensure that files, whether voice memos, images, or business documents, are cryptographically secured from the moment they leave the sender’s device to the moment they are decrypted by the recipient. This applies not just to peer-to-peer chats but also to group messages and branded business messaging use cases.
The updated protocol (RCC.07 v16.0), part of the Universal Profile 3.1 family, incorporates End-to-End Encryption (E2EE) Subspec 2.0, which standardizes MLS-based cryptographic treatment for large file objects. Combined with runtime metadata validation, this greatly reduces the risk of file-based malware, impersonation attacks, or leakage of sensitive data.
Audio Messaging with xHEAAC Codec
The new standards allow for better voice notes. Unlike earlier versions, clients can now send and receive highquality voice messages, not just decode them. Encoding and decoding support for xHEAAC enables higher-quality, more natural voice notes and audio clips with efficient compression,benefiting both speech and ambient / nonspeech audio use cases.
Improved Connectivity Mechanisms
UP 3.1 introduces new runtime mechanisms allowing RCS clients to move from permanent connections to more dynamic interaction: the network pushes new messages when available, like how WhatsApp or Telegram operate. This helps in lowcoverage or WiFi switching scenarios
Deep-linking
In addition, deeplink capabilities to kick off conversations from external apps or websites are added.
Implications for the Ecosystem
For mobile operators and OEMs, the spam and file transfer upgrades in UP 3.1 offer a clear incentive: reduced support costs, better customer experience, and a higher-quality product offering that can compete more credibly with WhatsApp, Telegram, and Signal.
For regulators and data protection authorities, the improvements signal growing maturity. They show that RCS is not standing still but adapting to meet privacy and security expectations, particularly important as messaging becomes a critical channel for financial services, healthcare, and government communications.
For the business messaging ecosystem, the updates provide confidence. With UP 3.1, RCS is safer not just for consumers but for brands looking to deliver interactive, media-rich customer experiences. The deep-linking opportunities are finally opening important potential to support marketing messages call to actions for RCS.
Conclusion
Universal Profile 3.1 marks an important step in RCS evolution. While UP 3.0 delivered crossplatform encryption, 3.1 strengthens media quality, client reliability, and security hygiene, all critical for broader adoption and competitiveness. Its success now hinges on swift implementation by device vendors, operators, and app developers. If widely adopted, UP 3.1 reshapes RCS into a robust, privacy-centric messaging platform with strong industry relevance, especially in business messaging and operator-led ecosystems.
Universal Profile 3.1 is a testament to the industry’s commitment to the future of rich messaging. This update is fundamental to realising the full potential of RCS, delivering not just richer content but a more secure, reliable, and universally accessible communication channel for businesses and consumers alike.
For more information or to join the Insight Group, please contact the MEF team at info@mobileecosystemforum.com.
