EXPLANATORY STATEMENT

Approved by the Australian Communications and Media Authority

Telecommunications Act 1997

Telecommunications (SMS Sender ID Register) Industry Standard 2025

Authority

The Australian Communications and Media Authority (the ACMA) has made the Telecommunications (SMS Sender ID Register) Industry Standard 2025 (the Standard) under subsection 125AA(1) of the Telecommunications Act 1997 (the Act) and in accordance with sections 5, 6, 7 and 8 of the Telecommunications (SMS Sender ID Register Industry Standard) Direction 2025 (the Direction).

The Minister for Communications (the Minister) has the power under subsection 125AA(4) of the Act to direct the ACMA, in writing, to:

1.     determine a standard under subsection 125AA(1) of the Act that:
   1.             applies to participants in a specified section of the telecommunications industry; and
   2.             deals with one or more specified matters relating to the telecommunications activities of those participants; and
2.     do so within a specified period.

The Direction was given to the ACMA by the Minister under subsection 125AA(4) of the Act and commenced on 6 March 2025. The Direction was amended by:

        the Telecommunications (SMS Sender ID Register Industry Standard) Amendment Direction (No.1) 2025, which was made on 30 June 2025 and commenced on 3 July 2025; and

        the Telecommunications (SMS Sender ID Register Industry Standard) Amendment Direction (No.2) 2025, which was made on 30 September 2025 and commenced on 3 October 2025,

which extended the date by which the Standard must be determined until 7 October 2025. Subsection 5(1) of the Direction requires the ACMA to determine an industry standard under subsection 125AA(1) of the Act that sets out: 

        the roles and responsibilities of carriers, carriage service providers and, if the ACMA considers it necessary, electronic messaging service providers in relation to their telecommunications activities in connection with the operation and administration of the SMS Sender ID Register (the Register); and

        how communications using sender identifications registered and not registered in the Register will be handled by carriers, carriage service providers and electronic messaging service providers.

In accordance with paragraph 5(2)(a) of the Direction, the Standard was determined by 7 October 2025. In accordance with paragraph 5(2)(b) of the Direction, the Standard will commence in full at the earliest practicable opportunity and no later than 1 July 2026, with sections 1-8, subsection 15(2) and Parts 4 and 6 commencing on 15 October 2025; sections 9-14, Part 7 and Schedule 1 commencing on 30 November 2025; and Part 3 (except subsection 15(2)), and Part 5 commencing on 1 July 2026. The staggered commencement allows for telecommunications providers to prepare for the implementation of the obligations in the Standard.

The Standard meets the objectives set out in section 7 of the Direction and the content requirements in section 8 of the Direction. It also covers several matters referred to in section 9 of the Direction.

Purpose and operation of the instrument

Background

Short messaging services (SMS) and multimedia messaging services (MMS) are key communications channels used by scammers to reach Australians. In 2024, 77,365 SMS scams were reported to Scamwatch, with reported losses of over $14 million.[1] Many SMS scams include some form of impersonation, where scammers use sophisticated tactics to convince their victims they are from a legitimate entity. One common tactic is to send SMS messages with sender identifications that imitate well-known brands and government agencies.

The Government enacted the Telecommunications Amendment (SMS Sender ID Register) Act 2024 which provides for the ACMA to establish and maintain the Register. The purpose of the Register, once established, is to reduce the prevalence and impact of scams delivered via SMS or MMS which impersonate well-known entities through the illegitimate use of sender identifications (the alphanumeric headers in SMS/MMS; for example, ‘ATO’ and ‘NAB’). When established, the Register will hold the registered sender identifications of approved entities.

On 3 December 2024, the Government announced registration of sender identifications would be mandatory. Under the requirements in the Standard, this means that messages sent with unregistered sender identifications after the Register commences will be disrupted (that is, the unregistered sender identification will be replaced with ‘Unverified’). The Standard sets out administrative and operational obligations for the telecommunications industry to give effect to mandatory registration of sender identifications.  

Purpose

The Standard has been made to fulfil the requirements of the Direction. The Standard imposes obligations on telecommunications providers (carriers, carriage service providers and electronic messaging service providers, including SMS aggregators) to confirm details about sender identification messages before sending, transiting, or terminating them, as applicable to the role of the provider. It also places obligations on telecommunications providers relating to tracing and reporting of scam messages.

The Standard seeks to ensure that messages sent with sender identifications are protected from being impersonated by scammers. It thereby targets a specific subset of phone scams, where SMS/MMS with alphanumeric sender IDs are used to impersonate well-known entities.

Operation

Part 1 of the Standard sets out information about the commencement, purpose and application of the Standard. The Standard applies to the following sections of the telecommunications industry: carriage service providers, carriers, and electronic messaging service providers. Part 1 also includes the definitions for terms used within the Standard.

Part 2 sets out requirements for telecommunications providers to apply to the ACMA for approval to participate in the Register, and to provide information to entities and publish information about the Register. It also contains requirements relating to registration of sender identifications and a requirement not to mislead in relation to the number of providers that entities can use to send sender identification messages.

Part 3 sets out requirements for non-participating telecommunications providers, and all participating telecommunication providers relating to the sending, transiting, and terminating of sender identification messages.

Part 4 requires participating telecommunications providers to implement policies and procedures to achieve compliance with the Standard and to handle complaints relating to the provider’s compliance with the Standard.

Part 5 requires participating telecommunications providers to complete traceback reporting for scam messages and report information relating to the use of sender identifications to the ACMA on a quarterly basis.

Part 6 requires participating telecommunications providers to keep secure and accurate records demonstrating compliance with the Standard, take all reasonable steps to ensure robust system security in relation to sender identification messaging and Register interactions, and maintain privacy protections.

Part 7 requires carriage service providers that provide public mobile telecommunications services to regularly provide information to end-users or account holders of their services about how sender identification messages are dealt with under the Standard, including specific notification obligations about the Register’s commencement date.

Schedule 1 contains information about the Register that a participating telecommunications provider that is an originating telecommunications provider must provide to customers.  All originating telecommunications providers are required to publish the information in Schedule 1 on their website.

A provision-by-provision description of the Standard is set out in the notes at Attachment A.

The Standard is a legislative instrument for the purposes of the Legislation Act 2003 (the LA) and is disallowable.

If a standard is contravened, the ACMA may take a range of enforcement actions, including:

        issue a formal warning

        give a remedial direction

        accept an enforceable undertaking

        give an infringement notice

        seek an injunction in the Federal Court to compel the person to act or refrain from acting in a particular way

        seek civil penalties via Federal Court proceedings (up to $50,000 for a person and $250,000 for a body corporate per contravention).

The legislative authority for the ACMA to seek civil penalties for non-compliance with a standard is in subsection 128(3) of the Act, which allows a Court to impose civil penalties for a breach of an industry standard.  The maximum civil penalty that may be imposed by the Court is set out in the relevant subsections of section 570 of the Act.

Section 570 in Part 31 of the Act relates to pecuniary penalties for contraventions of civil penalty provisions.  Subsection 570(1) provides that “if the Federal Court is satisfied that a person has contravened a civil penalty provision, the Court may order the person to pay to the Commonwealth such pecuniary penalty, in respect of each contravention, as the Court determines to be appropriate”.

Relevantly, paragraph 570(3)(b) provides that “the pecuniary penalty payable under subsection (1) by a body corporate is not to exceed: … (b) in any other case - $250,000 for each contravention”.  In the context of the Standard, the contraventions referred to in paragraphs 570(3)(a)-(ac) are not relevant and consequently, paragraph (b) will apply.

Subsection 570(4) relates to the pecuniary penalty payable under subsection (1) by a person other than a body corporate.  It provides that the pecuniary penalty payable by a natural person is not to exceed $50,000.

Documents incorporated by reference

The Standard incorporates or refers to the following Acts and legislative instruments (including by the adoption of definitions):

1.        A New Tax System (Australian Business Number) Act 1999.
2.        Acts Interpretation Act 1901.
3.        Business Names Registration Act 2011.
4.        Corporations Act 2001.
5.        Identity Verification Services Act 2023.
6.        Legislation Act 2003.
7.        Privacy Act 1988.
8.        Superannuation Industry (Supervision) Act 1993.
9.        Telecommunications Act 1997.
10.    Telecommunications Numbering Plan 2025.
11.    Telecommunications (SMS Sender ID Register Industry Standard) Direction 2025.
12.    Trade Marks Act 1995.

The Acts and legislative instruments listed above are available free of charge on the Federal Register of Legislation at www.legislation.gov.au.

The Acts and legislative instruments listed above are incorporated as in force from time to time in accordance with section 10 of the Acts Interpretation Act 1901, subsection 13(1) of the LA and section 589 of the Act.

Consultation

Before the Standard was made, the ACMA was satisfied that consultation was undertaken to the extent appropriate and reasonably practicable, in accordance with section 17 of the LA and subsection 125AA(3), and sections 132, 133, 134 and 135 of the Act.

The ACMA consulted with the Australian Competition and Consumer Commission; the Telecommunications Industry Ombudsman; the Office of the Australian Information Commissioner; bodies that represent the section of the telecommunications industry to which the Standard applies, Australian Telecommunications Alliance and the Australian Mobile Telecommunications Association; and consumer bodies—the Australian Communications Consumer Action Network, CHOICE - Consumers' Federation of Australia and IDCARE.

First consultation

Starting on 27 March 2025, the ACMA undertook public consultation which included publishing a consultation paper and a draft of the Standard on the ACMA’s website for 30 days—see: https://www.acma.gov.au/consultations/2025-03/proposed-rules-and-operation-sms-sender-id-register.

On 28 March 2025, the ACMA published a notice in The Australian newspaper stating that the ACMA has prepared a draft Standard, advising that a copy of the draft Standard could be accessed at the ACMA’s offices or via the ACMA’s website and inviting interested persons to give written comments by 28 April 2025.

The ACMA informed key stakeholders of the publication of the documents and invited comment on the draft Standard and on the issues set out in the accompanying consultation paper. In addition, the ACMA undertook further targeted consultation with relevant stakeholders.

The consultation paper sought comment on several key issues included in the draft Standard as well as inviting general comments about the operation of the Register. The ACMA received 41 submissions from a range of stakeholders, including the telecommunications industry, entities, consumer advocacy groups and government agencies. The ACMA considered all relevant issues raised during the consultation process and made revisions to the draft Standard, including providing mechanisms to enable international entities and entities without an Australian Business Number (ABN) to participate in the Register.

Second consultation

Starting on 14 July 2025, the ACMA undertook a second public consultation which included publishing a consultation paper and a revised draft of the Standard on the ACMA’s website for 30 days—see: https://www.acma.gov.au/consultations/2025-07/proposed-changes-sms-sender-id-register.

On 16 July 2025, the ACMA published a notice in The Australian newspaper stating that the ACMA has prepared a draft Standard, advising that a copy of the draft Standard could be accessed via the ACMA’s website and inviting interested persons to give written comments by 13 August 2025.

The ACMA informed key stakeholders of the publication of the documents and invited comment on the draft Standard and on the issues set out in the accompanying consultation paper. In addition, the ACMA undertook further targeted consultation with relevant stakeholders.

The July 2025 consultation paper sought comment on several new proposals included in the draft Standard following feedback received by the ACMA for the March 2025 public consultation. The ACMA received 40 submissions from a range of stakeholders, including the telecommunications industry, entities, consumer advocacy groups and government agencies. The ACMA considered all relevant issues raised in response to the consultation process and updated the Standard to:

• enable entities without an ABN (domestic or international) to register sender identifications through a certified telecommunications provider – a participating telecommunications provider that has been certified by the ACMA to deal with entities without an ABN (non-ABN entities) – or an international telecommunications service provider that has partnered with a certified telecommunications provider;
• broaden the scope of the Standard to apply to all Australian providers that send, transit or terminate sender ID messages. This involved adding electronic messaging service providers so that they can participate in the register directly, or indirectly by arranging for another participating telecommunications provider to act on their behalf. International telecommunications providers can indirectly participate in the register by partnering with a participating telecommunications provider (for ABN entities), or a certified telecommunications provider (for non-ABN entities);
• revise the approach to establishing a valid use case to make sure that a sender identification has a clear and verifiable connection:
  • for an ABN entity – to the entity’s registered business name, company name, trademark or domain name. Where domain names are used to establish a valid use case, there must be evidence that the domain name is being used for an active and legitimate website or email account;
  • for a non ABN-entity – to the entity’s trademark or its name on an official register or record in the country in which the entity is based.
• use the term ‘Unverified’ when over-stamping sender identifications that are not registered, rather than using the term ‘Likely SCAM’ as originally proposed.

There were concerns raised during the consultation process about the complexity of the Register processes and the implementation timeframes. There were also suggestions made about how to improve the Register processes. Further changes were made to the Standard and the ACMA will publish guidance to assist telecommunications providers and entities.

Statement of compatibility with human rights

Subsection 9(1) of the Human Rights (Parliamentary Scrutiny) Act 2011 requires the rule-maker in relation to a legislative instrument to which section 42 (disallowance) of the LA applies to cause a statement of compatibility with human rights to be prepared in respect of that legislative instrument.

The statement of compatibility with human rights set out in Attachment B has been prepared to meet that requirement.

Attachment A

Notes to the Telecommunications (SMS Sender ID Register) Industry Standard 2025

Part 1–Preliminary

Section 1 Name

This section provides for the instrument to be cited as the Telecommunications (SMS Sender ID Register) Industry Standard 2025.

Section 2 Commencement

This section provides for:

• sections 1-8, subsection 15(2), Part 4 and Part 6 of the Standard to commence on 15 October 2025;
• sections 9-14, Part 7 and Schedule 1 of the Standard to commence on 30 November 2025;
• Part 3, (except subsection 15(2)), and Part 5 of the Standard to commence on 1 July 2026.

Section 3 Authority

This section identifies that subsection 125AA(1) of the Telecommunications Act 1997 (the Act) authorises the making of the Standard.

Section 4 Application of industry standard

Subsection 4(1) provides, for the purposes of subsection 125AA(1) of the Act, that the Standard:

• applies to the following sections of the telecommunications industry:
  • carriers;
  • carriage service providers;
  • electronic messaging service providers; and
• gives effect to the objectives set out in section 7 of the Telecommunications (SMS Sender ID Register Industry Standard) Direction 2025.

For the purposes of the Standard, a telecommunications provider is defined to be a carrier, a carriage service provider, or an electronic messaging service provider.

The intent of having the Standard apply to all of these telecommunications providers is to capture all providers involved in the supply of SMS/MMS messaging, from the originating telecommunications provider who has a direct relationship with an entity who is sending messages, to the terminating provider who terminates (delivers) the sender identification message to the message recipient.

Under the Standard, a telecommunications provider’s obligations may vary, overlap or change depending on the provider’s function in a given messaging scenario. For example, a provider may act as:

• an originating telecommunications provider, who agrees to send sender identification messages on behalf of customers, its international partners or EMSP partners;
• a transiting telecommunications provider, who connects with other telecommunications providers to transit sender identification messages between two telecommunications providers over a telecommunications network;
• a terminating telecommunications provider, who is responsible for delivering sender identification messages to message recipients who are connected to a public mobile telecommunications service owned or controlled by the carrier.

The Standard places obligations on providers involved in sending, transiting or terminating SMS/MMS messages which are defined to be messages sent on a public mobile telecommunications service. The Standard does not apply to private networks that do not supply or are not involved in supplying SMS/MMS to the public.

Subsection (2) provides that the Standard does not apply to a carrier or a carriage service provider in its capacity as a statutory infrastructure provider (SIP). SIPs provide the infrastructure which other telecommunication providers utilise to provide services and do not have visibility of the traffic carried over that infrastructure. 

Subsection (3) provides that an electronic messaging service provider may comply with the obligations in the Standard either by fulfilling the obligations itself or by arranging for another participating telecommunications provider to fulfill the obligations on its behalf.  This recognises that there are a range of electronic messaging service providers, some of which predominantly or only provide messaging services to the public and may directly participate under the Standard, while there are others that offer messaging services as an "add-on" to their core service which will have the option of participating by making arrangements with a participating telecommunications provider.

Electronic messaging service providers in most circumstances will be the originating telecommunications provider who agrees to send messages on behalf of an entity, including:

• software as a service providers;
• customer relationship management platform providers;
• communications platform as a service providers.

Electronic messaging service providers usually have relationships with SMS aggregators (who are also captured by the Standard), who will arrange to originate messages on telecommunications networks for electronic messaging service providers.

Electronic messaging service providers must apply to the ACMA for approval under section 7 irrespective of which option they choose.

Subsection 13(5) provides that an electronic messaging service provider can be an EMSP partner and arrange for a participating telecommunications provider to fulfill its obligations under the Standard.

Section 5 Definitions

This section defines key terms used throughout the Standard.

A number of other expressions used in the Standard are defined in the Act or in the Acts Interpretation Act 1901.

Section 6 References to other instruments

This section provides that in the Standard, unless the contrary intention appears:

• a reference to any other legislative instrument is a reference to that other legislative instrument as in force from time to time; and
• a reference to any other kind of instrument is a reference to that other instrument as in force or existing from time to time.

Part 2–Requirements relating to the Register

Section 7 Application for approval

This section provides that a telecommunications provider that sends, transits or terminates messages which include a sender identification must apply to the ACMA under section 484F of the Act for approval to participate in the Register. The obligations in the Standard apply to Australian telecommunications providers, but international telecommunications providers can indirectly participate in the register by partnering with participating or certified telecommunications providers.

The note to section 7 states that entities that are approved by the ACMA under section 484F of the Act may apply to the ACMA for a sender identification to be registered under section 484G of the Act.

Telecommunications providers that have been approved by the ACMA will be able to participate in the Register by applying to register sender identifications for themselves or on behalf of entities.

Section 8 Application to be a certified telecommunications provider

Section 8 provides that a participating telecommunications provider seeking to make an application for registration of a sender identification, and originate messages, on behalf of a non-ABN entity must apply to the ACMA for approval to be a certified telecommunications provider. 

The process for applying to be a certified telecommunications provider will be set out in a determination made under Part 484L of the Act.

Certified telecommunications providers are a subset of participating telecommunications providers and are subject to rules that apply to participating telecommunications providers.

The purpose of this provision is to provide a means for international entities, and Australian entities that do not have an ABN, to participate in the Register, which will be facilitated via certified telecommunications providers. As they will have the relationship with a non-ABN entity in relation to the sending of sender identification messages on behalf of the entity, certified telecommunications providers will be originating telecommunications providers.

Section 9 Requirements to provide information to entities

Subsection 9(1) provides that a participating telecommunications provider that is an originating telecommunications provider must contact existing customers (entities with existing sender identification messaging arrangements with the originating telecommunications provider) before 1 July 2026 to:

• provide information in writing about the Register as set out in Schedule 1. This includes information about registration requirements, and the consequences of not registering their sender identifications; and
• offer to make an application for registration of sender identifications on behalf of the customer.

Section 9 comes into effect on 30 November 2025, so providers must contact their customers between 30 November and 30 June 2026. However, a participating telecommunications provider that is an originating telecommunications provider may choose to start contacting its customers prior to 30 November 2025.

Subsections 9(2) and (3) provide that a participating telecommunications provider that is an originating telecommunications provider must also provide information about the Register and offer to make an application for registration if the originating telecommunications provider is asked, and for the purposes of subsection 9(2) it agrees, to send sender identification messages for:

• a prospective customer for which it does not currently send sender identification messages; or
• a new sender identification for an existing customer for which it sends sender identification messages.

Telecommunications providers are best placed to directly engage with entities with whom they have existing contractual relationships or entities seeking new messaging arrangements, to share information about the Register and use of sender identifications. The purpose of these provisions is to efficiently reach all existing and new users of sender identifications, to make sure they are aware of the Register, how to register sender identifications, and the consequences if they do not register sender identifications.  

Subsection 9(4) provides that the requirements in paragraphs (1)(b), (2)(e) and (3)(d) do not apply where the customer is an entity that does not have an ABN, unless the provider is a certified telecommunications provider.  This subsection reflects the fact that only certified telecommunications providers are permitted to register sender identifications on behalf of non-ABN entities.

Section 10 Requirement to publish information

Section 10 provides that all originating telecommunications providers must make available on their website the information about the Register and registration requirements set out in Schedule 1.

Section 10 comes into effect on 30 November 2025 and applies to all originating telecommunications providers, even those that haven't yet been approved to participate.

The purpose of this provision is to make information about the Register readily available to entities that have, or seek to have, messaging arrangements that use sender identifications.

Section 11 Requirements relating to the registration of sender identifications on behalf of an ABN entity

Sections 11 to 13 facilitate the registration process for entities while ensuring robust verification. The purpose of these requirements is to prevent the registration of generic, spoofed, misleading, or deceptive sender identifications.

Subsections 11(1) to (5) set out the requirements for a participating telecommunications provider that is an originating telecommunications provider.

Subsection 11(1) provides that, where an entity with an ABN (an ABN entity) requests registration of a sender identification and the provider agrees to send messages for the entity, the provider must make the application for registration of that sender identification.

Subsection 11(2) requires that, when an ABN entity asks the provider to make an application for registration of a sender identification on its behalf, before making the application, the provider must ask whether the entity is acting as an associate for another entity.

An entity associate is defined in section 5 to be an entity who is authorised by another entity to send sender identification messages using that other entity’s registered sender identification. For example:

• a marketing agency that has been engaged by a retail entity to send messages on behalf of the retail entity, will be an entity associate;
• a sports club that is authorised to send messages using a sender identification that is owned by a sports league will be an entity associate.

Detailed instructions to support the entity associate process will be published by the ACMA.

Subsection 11(3) provides that, if an ABN entity is acting as an entity associate and it has asked the provider to make an application for registration of a sender identification and the provider agrees to send messages on behalf of that entity associate (under subsection 11(1)), the provider must:

• make an application for the entity associate to participate in the Register under section 484F of the Act; and
• confirm with the other entity that the entity associate is authorised by that other entity to send sender identifications messages which include the other entity’s sender identification.   

Paragraph 11(3)(c) provides that the provider must, subject to paragraph (b), make an application for registration of the sender identification, if it is not already registered. 

Subsection 11(4) provides that, before the provider makes an application for registration of a sender identification for an ABN entity, the provider must establish that the ABN entity has a valid use case for that sender identification. To establish that the ABN entity has a valid use case for the sender identification, the provider must check there is a sender identification match to the entity’s registered or active:

• business name in the Business Names Register, and the status of the business name is ‘registered’; or
• company name as registered in the Australian Business Register, and the status of the ABN of the entity is ‘active’; or
• trade mark in the Register of Trade Marks or an equivalent international register, and the status of the trademark is ‘registered’; or
• registered domain name in the whois.auda.org.au database, which is the public directory for Australian domain names (the .au domain) provided by the .au Domain Administration (auDA).  

In relation to a domain name match, the provider must also confirm, at the time the valid use case is being confirmed, that the domain name is an address that can be used:

• for a website that can be accessed via the internet and which the provider believes on reasonable grounds is a legitimate website; or
• for an email account to which the provider has sent an email and does not receive a bounce back notification.

As specified in subsection 5(2), a sender identification is considered to match if, for an ABN entity, it is the same as; is a contraction or abbreviation of; or is an acronym/initialism of the entity’s registered business name, company name, trade mark or registered domain name. A sender identification can include information in addition to the name match, such as the location of the entity or purpose of the message. For example, the Australian Communications and Media Authority could demonstrate it has a valid use case for ‘ACMA’, ‘ACMA-Sydney’, ‘ACMA-Alert’.

Subsection 11(5) provides that a sender identification match under subsection 11(4) is not required where a government agency that is an ABN entity requests registration of a sender identification related to an emergency, a matter of public health, safety or security and the government agency has provided evidence to the provider to satisfy the provider of the reason why the entity intends to use the sender identification rather than a sender identification that includes its registered business name, company name, trade mark, or domain name, as relevant.

Subsections 11(6) and (7) set out requirements for a certified telecommunications provider.

Subsection 11(6) provides that if an ABN entity requests a certified telecommunications provider to register a sender identification on its behalf and the provider sends or agrees to send messages for that entity, subject to subsection (7), the provider must apply to register the sender identification.

Subsection 11(7) provides that if the provider applies pursuant to subsection 11(6) to register a sender identification on behalf of an ABN entity, it must first comply with the requirements in subsections 12(4) and (5) as if the ABN entity were a non-ABN entity.

The main reason for a participating telecommunications provider to seek approval as a certified telecommunications provider is so it can register and send sender identification messages on behalf of entities without an ABN, however, certified telecommunications providers can also register sender identifications for entities with an ABN. There are 2 options if an entity with an ABN applies to register a sender identification in the Register via a certified telecommunications provider:

Option 1: The certified telecommunications provider applies on behalf of an ABN entity as a participating telecommunications provider – Section 11 of the Standard applies.

Option 2: The certified telecommunications provider applies on behalf of an ABN entity as a certified telecommunications provider – Section 12 of the Standard applies.

Before the ACMA accepts a registration application from entities with an ABN, unless they have elected to register through option 2 above, the Register system will:

• verify the legitimacy of the entity by cross-referencing its ABN with the Australian Business Register (ABR); and
• require the applicant to complete an Australian identity check; and
• confirm that the applicant is authorised to act on behalf of the entity by checking that they are listed on the ABR or on ACMA Assist as an authorised contact for that entity.

If the entity does not confirm, via the Register system, the registration application made by the telecommunications provider, or fails any part of the verification process, the registration will not proceed. Section 12 of the Standard sets out equivalent checks for entities without an ABN, however, the entity in that case will not interact directly with the Register system.

Entities with an ABN may prefer Option 2 because they will not need to access the Register system (which cannot be accessed without ABR checks and Australian identity checks). This means:

• the entity’s participation does not need to be reliant on its ABR records being up to date and including current/accessible contacts (depending on the mechanism/s a certified telecommunications provider uses to verify an entity and its authorised representatives); and
• entity employees that do not have Australian IDs can represent the entity for the purposes of the register through a certified telecommunications provider (for example, where an entity with an ABN has offices and staff offshore).

Section 12 Requirements relating to the registration of sender identifications on behalf of a non-ABN entity

Subsection 12(1) provides that if a non-ABN entity requests a certified telecommunications provider to make an application for registration of a sender identification and the provider sends or agrees to send sender identification messages for the entity, the provider must apply to register the sender identification on behalf of the entity.

Subsection 12(2) requires that, when a non-ABN entity requests a certified telecommunications provider to make an application for registration of a sender identification on its behalf, before making the application, the provider must ask whether the entity is acting as an associate for another entity.

An entity associate is defined in section 5 to be an entity who is authorised by another entity to send sender identification messages using that other entity’s registered sender identification. For example:

• a marketing agency that has been engaged by a retail entity to send messages on behalf of the retail entity, will be an entity associate;
• a sports club that is authorised to send messages using a sender identification that is owned by a sports league will be an entity associate.

Detailed instructions to support the entity associate process will be published by the ACMA.

Subsection 12(3) has the effect that, if a non-ABN entity is acting as an entity associate and it has requested an originating participating telecommunications provider to make an application for  registration of a sender identification and the provider agrees to send messages on behalf of that entity associate (under subsection 12(1)), the provider must:

• make an application for  registration for the entity associate to participate in the Register under section 484F of the Act; and
• confirm with the other entity that the entity associate is authorised by that other entity to send sender identifications messages which include the other entity’s registered sender identification.

Paragraph 12(3)(c) provides that, subject to paragraph (b), the provider must make an application for  registration of the sender identification, if it is not already registered. 

Subsection 12(4) provides that before making an application to the ACMA to register a sender identification on behalf of a non-ABN entity, a certified telecommunications provider must:

• confirm the identity of the requesting person by using an identity verification service; and
• confirm the requesting person is authorised to act for the entity; and
• confirm that the entity has been officially recognised or certified by a governing body, regulatory authority or accreditation organisation in the country in which the entity is based; and
• establish that the non-ABN entity has a valid use case for the sender identification, by confirming a sender identification match for the entity by using a trade mark register or an official register or record in the country in which the entity is based.

The valid use case criteria for non-ABN entities allow for use of a broader range of official records, recognising that international business registration practices may vary from those in Australia. Domain names have not been provided as a valid use case option for non-ABN entities due to concerns about whether this method may be more open to exploitation by scammers.

Subsection 12(5) provides that a sender identification match under subsection 12(4) is not required where a government agency that is a non-ABN entity requests registration of a sender identification related to an emergency, a matter of public health, safety or security and the government agency has provided evidence to the certified telecommunications provider to satisfy the provider of the reason why the entity intends to use the sender identification rather than a sender identification that includes its trade mark or name on an official register or record, as relevant.

Subsection 12(6) provides that a certified telecommunications provider must ensure that the contact details in the Register for a non-ABN entity, on whose behalf the provider had made an application to register a sender identification, are kept up to date. It is important that these details are current so the ACMA can send notifications relating to the registration of a sender identification in the Register to the non-ABN entity.

Section 13 Requirements relating to the registration of sender identifications for an international partner or an EMSP partner

Section 13 sets out the requirements on participating telecommunications providers in relation to registration of sender identifications for international partners.

Subsection 13(1) provides that if an international partner requests:

• a certified telecommunications provider to apply to register a sender identification, for the partner on behalf of a non-ABN entity or an ABN entity; or
• a participating telecommunications provider that is an originating telecommunications provider (but is not a certified telecommunications provider) to register a sender identification, for the partner, on behalf of an ABN entity; and

the provider sends or agrees to send sender identification messages for that international partner, the provider is required to make an application for registration of the sender identification for the partner on behalf of the ABN entity.

Subsection 13(2) provides that before submitting an application to the ACMA to register a sender identification for an international partner on behalf of a non-ABN entity or an ABN entity, a certified telecommunications provider must have a written contractual arrangement in place with the international partner. The agreement must be in force for as long as the partner is involved in the sending of sender identification messages and it must require the international partner to perform the confirmations at paragraphs 12(4)(a), (b) and (c).

This subsection does not apply to an application made to the ACMA (under subparagraph 13(1)(a)(ii)) by a participating telecommunications provider for the registration of a sender identification on behalf of an international partner for an ABN entity, as in that scenario, the checks will be undertaken by the ACMA via the Register system, using an Australian identity verification service and the Australian Business Register.

Subsection 13(3) provides that before submitting an application to the ACMA to register a sender identification on behalf of an international partner, a participating telecommunications provider (whether certified or otherwise originating) must have written contractual arrangements in place with the international partner. The agreement must be in force for as long as the partner is involved in the sending of sender identification messages and must require the international partner to establish that the sender identification owner has a valid use case for the sender identification:

• where the sender identification owner is a non-ABN entity – by confirming that there is a sender identification match for the entity by using one of the confirmation methods mentioned in paragraph 12(4)(d); or
• where the sender identification owner is an ABN entity – by confirming that there is a sender identification match for the entity by using one of the confirmation methods mentioned in subsection 11(4).

These requirements ensure that sender identifications registered through international telecommunication providers meet equivalent verification standards as those registered through Australian telecommunications providers, while recognising that other countries may not have the same types of records and registers as Australia.

Subsection 13(4) provides that the requirements in subsections (2) and (3) do not apply where the provider has entered into a written contractual arrangement to undertake the actions in subsections (2) and (3) on behalf of the international partner.

Subsection 13(5) provides that a provider who has partnered with an EMSP partner must fulfill the obligations under this industry standard as agreed with the EMSP partner.

Subsection 13(6) provides that within 24 hours of a certified telecommunications partner receiving an ACMA decision notice about:

• a registration application made by a certified telecommunications provider on behalf of an international partner; or
• an ACMA notice relating to a registered sender identification; or
• a request from an international partner to remove a registered sender identification;

the provider must provide a copy of the notice to the international partner or action the request, as appropriate.

Section 14 Requirement not to mislead

Section 14 provides that a participating telecommunications provider must not claim that an entity can only arrange to send sender identifications messages via the participating telecommunications provider that applied to register that sender identification.

The note to this section states that a sender identification can be confirmed for use with more than one participating telecommunications provider.

The purpose of this provision is to prevent participating telecommunications providers from attempting to restrict the number of providers that entities can use to send sender identification messages.

Part 3–Requirements relating to sending sender identification messages

The provisions in Part 3 prevent the sending of unregistered sender identifications by ensuring that only participating telecommunications providers can send, transit or terminate sender identification messages. They also set out when participating telecommunications providers must block or disrupt sender identification messages. The effect of these rules is that:

• Sender identification messages sent, transited and terminated by participating Australian telecommunications providers will be delivered without disruption if the sender identification is registered, and they will be disrupted if the sender identification is not registered.
• Sender identification messages sent by Australian telecommunication providers who are not participating in the register (and are therefore in breach of section 15 of the Standard) will be blocked, irrespective of whether the sender identification is registered.
• Sender identification messages sent by international telecommunications service providers will be disrupted, unless:
  • the provider is an international partner to a certified telecommunications provider; and
  • the international partner sends the messages to the certified telecommunications provider; and
  • the sender identification is registered via the certified telecommunications provider. 

“Disrupted” is defined in the Standard to mean the sender identification included in the message will be replaced by a participating telecommunications provider with a new sender identification of “Unverified”.

There is also a provision to prevent telecommunications providers providing false or misleading information about their association with the Register.

The provisions in this Part do not compel participating telecommunications providers to send, transit, or terminate sender identification messages with registered sender identifications. For example, a provider may have reason to believe that a sender identification message is a scam communication, even if it has a registered sender identification, in which case it might decide not to send, transit or terminate the message.

Sections 15 to 18 are intended to:

• prevent scammers from impersonating register participants and attempting to send messages using registered sender identifications;
• block sender identification messages from non-participating telecommunications providers;
• disrupt sender identification messages where the sender identification is not registered;
• enhance public confidence that undisrupted sender identification messages received are legitimate;
• establish timeframes for terminating telecommunications providers to update sender identification data.

Section 15 Requirement on telecommunication providers

Subsection 15(1) provides that a telecommunications provider that is not a participating telecommunications provider must not send, transit or terminate sender identification messages.

Subsection 15(2) provides that a telecommunications provider that is not a participating telecommunications provider must not misrepresent themselves as a participating telecommunications provider or as a certified telecommunications provider.

Section 16 Requirements on originating telecommunications providers

Section 16 sets out obligations on participating telecommunication providers that are originating telecommunications providers.

Subsections 16(2) to (7) set out what the provider must do before enabling a customer’s account (with that provider) to send messages that include a sender identification. Subsections 16(8) to (10) set out what the provider must do before sending sender identification messages on behalf of the customer. Section 16 ensures that originating telecommunications provider can only:

• enable customers to send sender identification messages; and
• send sender identification messages;

after confirming certain information. These requirements prevent scammers from trying to send sender identification messages using registered sender identifications.    

Subsection 16(2) provides that, before enabling a customer’s account to send messages using a sender identification, the provider must confirm that the sender identification is registered on the Register for that entity.

Subsection 16(3) provides that if the sender identification to be included in the message is not registered for that entity, the provider is required to disrupt the message. The note to subsection (3) notes that a message with a sender identification message that has been disrupted (i.e. over-stamped with the word “Unverified”), can be sent by the provider.

Subsection 16(4) provides that if the provider has confirmed that the sender identification is registered under subsection (2), then the provider must confirm that:

• the provider is authorised in the Register by that entity to send messages that include that sender identification; and
• the person who has requested the provider to enable the customer’s account to send a sender identification message is authorised by the entity.

The note to subsection 16(4) confirms that multiple participating telecommunications providers can send messages that include the same sender identification, provided the provider has been authorised by the entity.

Subsection 16(5) provides that the provider must not enable the customer’s account to send messages using a registered sender identification unless the provider has confirmed the matters in subsection 16(4). This is to ensure that the provider sending the messages, and the representative requesting the messages to be sent, have been authorised by the entity that registered the sender identification.  

Subsection 16(6) provides that if the provider receives a notification from the ACMA that the provider is no longer authorised to send messages for a particular sender identification, it must disable the customer’s account for the sender identification and immediately cease sending messages for that entity which include that sender identification. The note to subsection 16(6) states that a notification may include where the sender identification has been deregistered or the entity has revoked the provider’s authority.

Subsection 16(7) provides that once the customer’s account to send sender identification messages with that provider is enabled, the provider must ensure that only authorised representatives of that entity can access the account. This provision protects against scammers trying to access and exploit an existing account.

Subsection 16(8) provides that subject to subsection (9), the provider must only send a message with a sender identification to participating telecommunications providers.

Subsection 16(9) provides that if the provider receives a sender identification message from its EMSP partner or its international partner, as relevant, the provider may send the message to a participating telecommunications provider that is:

• a transiting telecommunications provider; or
• a terminating telecommunications provider; 

even though partners are not direct Register participants.

For example, if an international entity sends messages that include a sender identification it registered through an international partner, those messages will be delivered to the Australian message recipient without disruption, so long as all required checks (in section 16, 17 and 18, as relevant) are conducted and the messages are sent as follows:

International entity → international partner of certified telecommunications provider A → certified telecommunications provider A→ participating transiting telecommunications provider → participating terminating telecommunications provider → message recipient.

Subsection 16(10) provides that if the provider who receives a sender identification message from its EMSP partner or its international partner under subsection 16(9) is also the terminating provider for that sender identification message, the provider may terminate the message.

Section 17 Requirements on transiting telecommunications providers

Section 17 sets out obligations on participating telecommunications providers that are transiting telecommunications providers.

Subsection 17(2) provides that, subject to subsections (3) and (4), the provider must not transit sender identification messages unless:

• the telecommunications provider from which the message is received; and
• the telecommunications provider to which the message is sent;

are participating telecommunications providers.

Transiting telecommunications providers are not required to check if a sender identification is registered on the Register. 

Subsection 17(3) states that subsection 17(2) does not apply where a sender identification message is sent to a mobile number of a carriage service that is an international mobile roaming service.

The note to subsection 17(3) explains that subsection 17(3) will apply where an individual is using an international mobile roaming service, with a mobile number that was issued in Australia. In this scenario, the transiting telecommunications provider is the mobile network operator of the network to which the Australian service is connected. When an Australian service is roaming internationally, the Australian mobile network operator will transit the call to the international network on which the customer is roaming, and the call will be terminated (delivered) by an international provider in that country.

Subsection 17(4) provides that despite subsection 17(2), a transiting telecommunications provider is permitted to transit a sender identification message from an international telecommunications service provider (a non-participating provider) if they disrupt the message. This ensures that sender identification messages sent by non-participating international providers on behalf of international entities will be disrupted rather than blocked, so that Australians will continue to receive SMS/MMS messages from international entities who have not registered their sender identifications.

Section 18 Requirements on terminating telecommunications providers

Section 18 sets out obligations on participating telecommunications providers that are terminating telecommunications providers in relation to the termination of sender identification messages.

Section 18 provides that the provider must:

• Subject to subsection 16(10) and subsection 18(7), only terminate a sender identification message that originates from a participating telecommunications provider (subsection 18(2));
• Before terminating a sender identification message, confirm by checking the register data that the sender identification included in the message is registered no more than 24 hours before terminating the message (subsections 18(3) and (5));
• Subject to subsection 18(6), disrupt a sender identification message if the sender identification included in the message is not registered in the Register (subsection 18(4)).

Subsection 18(6) provides that the provider is not required to disrupt the messages under subsection 16(4) if the sender identification included in the message is “Unverified”. This exception recognises that the provider will receive messages that have already been disrupted by a participating provider who is an originating provider (under subsection 16(3), or transiting provider (under subsection 17(4)).

Subsection 18(7) provides that despite subsection 18(2), the provider is permitted to terminate a sender identification message from an international telecommunications service provider message if the provider has disrupted the message. This ensures that sender identification messages sent by non-participating international telecommunication providers on behalf of international entities will be disrupted rather than blocked, so that Australians will continue to receive SMS/MMS messages from international entities who have not registered their sender identifications.

Part 4–Requirements relating to policies and procedures

Section 19 Providers must implement policies and procedures

Section 19 provides that a participating telecommunications provider must implement policies and procedures to achieve compliance with the Standard.

Section 20 Providers must implement complaint handling policies and procedures 

Section 20 provides that a participating telecommunications provider must implement policies and procedures to deal with, record and resolve complaints from entities relating to the application of the Standard.

The note to section 20 states, by way of example, that the types of complaints might include a complaint by an entity that a sender identification has not been registered as it requested or a complaint by an entity that the telecommunications provider did not provide information about registration as required by section 9.

Part 5–Reporting requirements

Section 21 Traceback reporting 

Subsections 21(1) and 21(2) provide that a participating telecommunications provider must:

• report to the ACMA about scam messages that they have identified that are messages sent using registered sender identifications; and
• if the provider is not the originating telecommunications provider – conduct traceback for those scam messages to identify the originating telecommunications provider. Each participating provider (who is not an originating provider) that receives a traceback request must conduct the same traceback actions as outlined above, until the originating telecommunications provider is identified.  

Subsection 21(3) provides that a report to the ACMA required under subsections (1) and (2) must be in writing and include the following information about the scam messages:

• the sender identification used; and
• the total number of recipients of the scam message; and
• information about the content of the scam message; and
• if the provider preparing the report is the originating telecommunications provider of the scam message – that the provider is the originating telecommunications provider for the scam message, and the identity of the entity which registered the sender ID, or on whose behalf the sender ID was registered; or
• if the provider is not the originating telecommunications provider of the scam message – the identity of the telecommunications provider who sent the reporting provider the scam message and if relevant, the identity of the international partner on whose behalf the message was sent.

• A report must be made to the ACMA as soon as practicable and in any event no later than 2 business days from the date on which the provider became aware of the scam message under subsection 21

Mandatory reporting will assist the ACMA to monitor the effectiveness of the Register and enforce compliance. This information will enable the ACMA to investigate and potentially remove sender identifications from the Register that are used to send scam communications, revoke approval of non-compliant entities and remove non-compliant participating telecommunications providers from the Register, and take other enforcement action as appropriate.

Section 22 Quarterly reporting 

This section requires that, within 20 business days after the end of each quarter, participating telecommunications providers must prepare a written report of information relevant to the Register and provide that report to the ACMA. Information to be reported depends on the roles and responsibilities of a participating telecommunications provider. Column 1 of the table in section 22 indicates which participating telecommunications providers must report and Column 2 of the table in section 22 indicates the information participating telecommunications providers must report to the ACMA on a quarterly basis.

Item 1 of the table in section 22 provides that originating telecommunications providers, transiting telecommunications providers and terminating telecommunications providers must report the number and type of complaints the telecommunications provider has received from other telecommunications providers, entities and message recipients relating to the Register.

Item 2 of the table in section 22 provides that originating telecommunications providers must report on the total number of sender identification messages:

• sent by the originating telecommunications provider with sender identification registered in the Register; and
• using unregistered sender identifications that the provider disrupted.

Item 3 of the table in section 22 provides that transiting telecommunications providers and terminating telecommunications providers must report the identity of any telecommunications providers that are not participating telecommunications providers that have attempted to send sender identification messages.

Item 4 of the table in section 22 provides that terminating telecommunications providers must report on the number of sender identification messages:

• received from participating telecommunications providers; and
• using unregistered sender identifications that the provider disrupted.

Item 5 of the table in section 22 provides that transiting telecommunications providers must report the number of sender identification messages sent by international telecommunications service providers that the provider disrupted.

Item 6 of the table in section 22 provides that certified telecommunications providers must report the number of requests from international partners to register sender identifications from non-ABN entities (under subsection 12(1)) where the provider did not proceed with the application because the provider was unable to confirm or establish one or more verification requirements under subsection 12(4).

Part 6–System security, record keeping and privacy

Section 23 Requirement to keep records 

Subsection 23(1) provides that a telecommunications provider must keep records to demonstrate compliance with the Standard.

Subsection 23(2) provides that where a telecommunications provider keeps records, it must take reasonable steps to protect the information from misuse, interference and loss, unauthorised access, modification or disclosure and make sure the information is destroyed or otherwise disposed of in a secure manner where it is no longer required under the Standard or any other applicable laws.

Section 24 Record retention 

Section 24 provides that a telecommunications provider must keep records that are required under subsection 23(1) for 2 years from the date the record is created and make records available to the ACMA within 5 business days after receiving a written request from the ACMA.

Section 25 System security

Section 25 provides that a participating telecommunications provider must take reasonable steps to make sure its systems and processes relating to the sending of sender identification messages and for interacting with the Register are secure and must promptly notify the ACMA of any breach and steps taken to rectify the breach.

Section 26 Privacy

Section 26 provides that a participating telecommunications provider must follow applicable privacy obligations (in circumstances where the Privacy Act 1988 does not apply) when handling personal information in connection with the Register.

The note to section 26 states that where a provider is subject to the Privacy Act 1988, Australian Privacy Principle 6 in Schedule 1 to that Act will apply to the use or disclosure of personal information it collects in connection with this Standard.

Part 7—Notification to message recipients

Section 27 Requirements on carriage service providers

Section 27 applies to carriage service providers that supply public mobile telecommunications services and outlines their obligations to send notifications about how sender identification messages are dealt with under this Standard.

Subsections 27(2) and (3) require carriage service providers to provide, for each public mobile telecommunications service they supply under contract, regular notifications about how messages using registered and unregistered sender identifications will be dealt with under the Standard.

This information must be:

• published on the provider’s website from 30 November 2025; and
• provided to the end user or the account holder for the service (via SMS, mobile application, email, or other direct communication):
  • when a contract is entered into or renewed; and
  • at least once every quarter, starting from 1 October 2026.

Subsections 27(4) and (5) require carriage service providers to provide one-off notifications, for each public mobile telecommunications service they supply under contract, advising:

• how messages using both registered and unregistered sender identifications will be dealt with under the Standard; and
• that the register commences/commenced on 1 July 2026.

These notifications must be provided to the end user or the account holder for the service (via SMS, mobile application, email, or other direct communication) between:

• 18-20 June 2026; and
• 28-30 June 2026; and
• 8-10 July 2026.

The purpose of this section is to increase consumer awareness and education about the Register, before and after the register commences. The carriage service provider can choose how it provides this information, recognising that the end user and account holder may not be the same person. Notifications by email are more likely to reach account holders, while notifications by SMS are more likely to reach end users.

Schedule 1 – Information to be provided to customers

Schedule 1 sets out the information about the Register and registration process that a participating telecommunications provider must provide to an entity under paragraphs 9(1)(a), 9(2)(d) and 9(3)(c).  Under section 10, an originating telecommunications provider is also required to publish this information on its website. This schedule is intended to make sure that a participating telecommunications provider gives its customers sufficient information, before the commencement of the Register, to help customers understand:

• the objective of the Register;
• how they can register sender identifications;
• what the registration process involves;
• the consequences of not registering a sender identification.

Originating telecommunications providers must provide the following information to their customers:

• Part 24B of the Act provides for the establishment of the Register (paragraph (a));
• That from 1 July 2026, if a sender identification message is sent which includes an unregistered sender identification, the sender identification message will be labelled as ‘Unverified’ (paragraph (b));
• That if the entity wishes to send sender identification messages, it must register its sender identification and confirm a participating telecommunications provider or providers to send sender identification messages (paragraph (c));
• That the following types of entities can participate in the Register:

• an individual;
• a body corporate;
• a corporation sole;
• a body politic;
• a government entity (within the meaning of the A New Tax System (Australian Business Number) Act 1999);
• a partnership;
• any other unincorporated association or body of persons;
• a trust;
• a superannuation fund (within the meaning of the Superannuation Industry (Supervision) Act 1993) (paragraph (d));

• That to register a sender identification, the entity must demonstrate that it has a valid use case for the sender identification (paragraph (e));
• That entities can register through an originating telecommunications provider and that a list of all participating providers will be available on the ACMA’s website (paragraph (f)).

Entities with an ABN

• That if the entity has an ABN, it can ask any participating telecommunications provider that is an originating telecommunications provider to make an application for registration of a sender identification on its behalf. That the requirements to obtain approval to make an application to register a sender identification are:
  • the person making the request must be listed as an authorised contact for the entity on the Australian Business Register, or be authorised by that person; and
  • the person making the request must pass an identification check; and
  • the person making the request must agree to the Register terms of use (paragraph (g));

The note at paragraph (g) states that these requirements will be implemented through a determination made under section 484L of the Telecommunications Act 1997. It is expected that this determination will commence by the end of October 2025.

• That once an originating telecommunications provider has made an application for the registration of a sender identification on behalf of an entity, the person making the request will receive instructions from the Register about how to access the Register (paragraph (h));
• That once the entity is approved by the ACMA, the entity will be able to confirm the registration of the sender identification (paragraph (i));

The note at paragraph (i) states that the requirements in paragraphs (h) and (i) will be implemented through a determination made under section 484L of the Telecommunications Act 1997. It is expected that this determination will commence by the end of October 2025.

• Any cost for registering a sender identification, including any ongoing annual charge (paragraph (j));
• That once the sender identification is registered, the entity can authorise, via the register, other participating telecommunications providers to originate messages using that sender identification (paragraph (k));
• That entities with an ABN can also register through a certified telecommunications provider (see paragraphs (m) and (n)) (paragraph (l)).

Entities without an ABN

• That entities without an ABN can only make an application to register a sender identification through an originating telecommunications provider that is a certified telecommunications provider or a partner of a certified telecommunications provider. The provider is required to conduct verification checks similar to those outlined in paragraph (g) (paragraph (m));
• That entities without an ABN that register through a certified telecommunications provider will not be able to gain access to the Register (paragraph (n)).

Attachment B

Statement of compatibility with human rights

Prepared by the Australian Communications and Media Authority under subsection 9(1) of the Human Rights (Parliamentary Scrutiny) Act 2011

Telecommunications (SMS Sender ID Register) Industry Standard 2025

Overview of the instrument

The Telecommunications (SMS Sender ID Register) Industry Standard 2025 (the Standard) has been made under subsection 125AA(1) of the Telecommunications Act 1997. It is drafted to meet the requirements and objectives in sections 5, 6, 7 and 8 of the Telecommunications (SMS Sender ID Register Industry Standard) Direction 2025. In broad terms, those requirements and objectives are to put in place the operational and administrative requirements for implementation of the Register, which seeks to prevent SMS impersonation scams.

The Standard imposes obligations on carriers, carriage service providers and electronic messaging service providers to confirm details about sender identification messages before sending, transiting, or terminating them. It also places obligations on telecommunications providers to trace and report on scam messages.

Human Rights Implications

The ACMA has assessed whether the Standard is compatible with human rights, being the rights and freedoms recognised or declared by the international instruments listed in subsection 3(1) of the Human Rights (Parliamentary Scrutiny) Act 2011 as they apply to Australia.

Having considered the likely impact of the Standard and the nature of the applicable rights and freedoms, the ACMA has formed the view that the Standard engages the following rights and freedoms:

• the right to privacy and reputation prohibiting interference with privacy and attacks on reputation contained in Article 17 of the of the International Covenant on Civil and Political Rights (the ICCPR);
• the right to freedom of expression contained in paragraph 2 of Article 19 of the ICCPR.

Specific articles and the manner in which the Standard engages them are presented below.

Right to freedom of expression

Article 19(2) of the ICCPR protects freedom of expression, including the right to seek, receive and impart information and ideas of all kinds, through any medium, including written and oral communication, media and broadcasting. Falling within the scope of this right, is a person’s ability to receive media such as SMS messages through an individual’s mobile telephone service.

The Standard deliberately limits the right to freedom of expression of scammers using sender identifications which impersonate legitimate entities to send scam SMS/MMS messages to individuals. However, any such limitation achieves a legitimate purpose by reducing the potential harms that scams can cause. The restrictions are partly provided for by law, given a large proportion of scam messages perpetrate fraud and/or identity theft.

Requiring persons who use sender identifications to have their identity verified and sender identification registered is a basic and crucial way to minimise the risk of telecommunications networks being used in, or in relation to, the commission of offences. It also assists relevant agencies to identify and apprehend persons who do use, or attempt to use, telecommunications networks and facilities in, or in relation to, the commission of offences. The Standard is, in this respect, a reasonable, necessary and proportionate restriction on the freedom of expression.

The Standard also engages the right to freedom of expression, in so far as that right includes the right of end users and the public more generally to receive information relating to the Register and sender identification messages. 

Section 10 of the Standard imposes a requirement on a telecommunications provider to make information available on its website. Section 27 of the Standard imposes requirements on carriage service providers that provide public mobile telecommunications services to send notifications about how sender identification messages are dealt with under the Standard.

The information made available under these provisions is intended to increase the awareness of end users of mobile services (and entities who send messages that include a sender identification) in relation to the existence of the Register, how it will operate and when changes will occur in relation to sender identification messages.  Accordingly, the ACMA considers that these provisions in the Standard promote and enhance the right to freedom of expression.

Right to privacy and reputation

Article 17 of the ICCPR prohibits arbitrary or unlawful interference with an individual’s privacy, and attacks on reputation. Non-arbitrary interference, and some limitations provided by law, are permissible. In order for limitations to be deemed non-arbitrary, there must be a legitimate objective, and it must be reasonable, necessary and proportionate.

Scams, including those delivered by SMS, can compromise a person’s personal and financial information, leading, in many cases, to identity theft and corresponding financial loss. In addition to compromising an individual’s privacy, identity theft can also compromise the reputation of individuals.

The reputation of legitimate entities and their brands can also be damaged by the impersonation of these entities by scammers through the illegitimate mimicking of the entities’ legitimate sender identifications with the intention of undertaking scam activity.

The Standard is aimed at reducing SMS/MMS scam activity and will enhance the rights to privacy and reputation of the individuals who receive the messages and are at risk of fraud, identity theft and impersonation. Likewise, the Standard will reduce the reputational damage suffered by legitimate entities who would otherwise be at risk of being impersonated by scammers sending SMS with the purpose of undertaking scam activity.

The Standard will result in the ACMA collecting some personal information about individuals in connection with application for access to the Register and applications for sender identifications to be entered in the Register. Part 6 of the Standard incorporates a number of safeguards across the registration and record retention process, including requirements that align with Australian privacy law. The Standard aims to protect against unauthorised and unintended data disclosure by requiring carriers and carriage service providers to protect, secure and retain records that demonstrate compliance and to dispose of those records in a secure manner when no longer required. As an additional privacy safeguard, participating telecommunications service providers must follow applicable privacy obligations (in circumstances where the Privacy Act 1988 does not apply) when handling personal information in connection with the Register.

These safeguards, together with the other restrictions on the handling of personal information described above, indicate that the Standard is reasonable, necessary and proportionate to the objectives of protecting Australians from the harms of scam activity.

Conclusion

The Standard is compatible with the human rights and freedoms recognised or declared in the international instruments listed in section 3 of the Human Rights (Parliamentary Scrutiny) Act 2011.   To the extent that the measures in the Standard may limit human rights, those limitations are reasonable, necessary and proportionate to achieving the legitimate policy objective of protecting Australian consumers and legitimate businesses and entities from the harmful impacts of impersonation scams.

[1] Australian Competition and Consumer Commission, ‘Scam Statistics’, Scamwatch (2024).