Ofcom, the UK’s communications regulator, has recently published a critical consultation, “Combatting Mobile Messaging Scams,” proposing mandatory new rules and guidance for mobile providers and business messaging aggregators operating in the UK. This consultation is not just a UK issue; it signals a clear global trend towards stringent identity verification, creating an emulation risk for regulators worldwide.

The Mobile Ecosystem Forum (MEF) is preparing a unified industry response, and we need your expert input.

Why Now? The Drive for Standardisation 

The consultation, published on 29 October 2025, is driven by the significant financial and emotional harm inflicted on UK citizens and businesses by mass-scale scam messages. Scammers exploit the mobile channel due to its mass reach and perceived trustworthiness, using it as a critical entry point for sophisticated, multi-channel fraud campaigns.

The Ofcom consultation proposes a comprehensive move toward standardising identity verification and liability across the UK mobile messaging ecosystem.”

While the mobile sector has already developed advanced anti-fraud capabilities, Ofcom’s position is that the industry must ensure a consistently high standard of protection across the entire market. The aim of these mandatory rules is to address gaps where voluntary best practices are insufficient, thereby eliminating the competitive advantage enjoyed by non-compliant actors who might route high-risk traffic.

The regulatory process is underway, and members should note the crucial deadlines:

• Ofcom Consultation Publication Date: 29 October 2025
• Ofcom Formal Submission Deadline: 28 January 2026
• Expected Final Decision Publication: Summer 2026

Core Proposals: A New Compliance Paradigm 

The consultation targets both Person-to-Person (P2P) and Application-to-Person (A2P) traffic. For MEF members, the most resource-intensive changes relate to A2P, effectively imposing compliance standards traditionally reserved for financial institutions.

Key Proposals for Industry Obligations: 

This framework establishes a formal transfer of operational liability toward the application layer (Aggregators and CPaaS platforms), requiring them to build robust compliance and incident management protocols.

Strategic Impact across the Mobile Ecosystem 

The proposals will introduce asymmetric impacts across the various segments of the MEF membership, creating significant cost burdens but also new market opportunities related to trust and security.

Impact on Mobile Network Operators (MNOs) 

MNOs face immediate challenges related to capital expenditure for infrastructure upgrades, particularly for the advanced network intelligence required to track and enforce the PAYG volume limits and implement near-instantaneous P2P blocking.

Opportunity: MNOs who effectively implement these stringent measures can position themselves as premium, high-trust routing providers, potentially justifying premium pricing for verified A2P routes and offsetting high capital costs.

Impact on Aggregators and CPaaS Providers 

Aggregators and CPaaS platforms face the highest operational costs. Operationalising mandatory KYC (Know Your Business, or KYB) and KYT requires substantial resources, including staffing compliance teams and integrating specialised identity verification data into onboarding workflows.

The high barrier to entry and the escalating cost of compliance are expected to act as a consolidation driver within the market. Smaller providers lacking the resources to build robust KYC/KYT infrastructure will struggle to compete, favouring larger MEF members who have already developed mature compliance capabilities, similar to the market shift observed following the introduction of the US A2P 10DLC system.

Impact on Brands and Enterprises (Message Senders) 

Brands will experience an increase in administrative burden. They will be required to undergo rigorous identity verification and registration processes mandated by their CPaaS provider, which may introduce friction.

Benefit: The mandatory verification of Sender IDs substantially increases customer confidence in legitimate messages. This enhancement of channel trust and security is expected to lead to higher customer engagement and conversion rates, justifying the administrative costs incurred by legitimate brands.

Impact on Anti-Fraud and Security Vendors 

This consultation represents a significant expansion of the addressable market for anti-fraud vendors. The mandate for advanced technical requirements—specifically contextual analysis tools for Sender ID corroboration and proactive KYT monitoring platforms—requires solutions beyond simple signature detection. The market will now demand sophisticated platforms capable of integrating KYC verification data with real-time traffic analysis.

Global Context: The Risk of Emulation 

Ofcom’s proposal is a key moment in a global trend where regulators are moving away from reactive blocking models toward proactive identity verification systems. This is demonstrated most prominently by the US A2P 10DLC regime, which mandates registration and enforces content and conduct restrictions.

The UK’s comprehensive approach, which combines MNO and Aggregator responsibilities with stringent identity and traffic verification, provides a formidable blueprint for other jurisdictions. This creates an immediate emulation risk for global MEF members, even those who do not currently operate in the UK.

If the UK model proves successful in significantly curbing scams, it is highly probable that this framework will be adopted or adapted by regulators across the European Union, APAC, and other territories. Furthermore, successful intervention in the UK will displace criminal syndicates to less-regulated markets, elevating the risk profile for MEF members operating in vulnerable jurisdictions. Proactive engagement with the UK framework now allows global members to influence a structure that may soon be applied to their own operations.