EXPLANATORY STATEMENT

Approved by the Australian Communications and Media Authority

Telecommunications Act 1997

SMS Sender ID Register (Application, Access and Administration) Determination 2025

Authority

The Australian Communications and Media Authority (the ACMA) has made the SMS Sender ID Register (Application, Access and Administration) Determination 2025 (the Determination) under section 484L of the Telecommunications Act 1997 (the Act).

The ACMA has the power to make a determination or determinations relating to the SMS Sender ID Register (the Register). The Act states that a determination may address a range of operational and procedural matters, including application requirements, registration processes, criteria for sender identification approval, access arrangements, and applicable fees.[1]

Specifically, section 484L of the Act sets out that the ACMA may determine:

        timeframes for registering a sender identification (paragraph 484L(1)(a));

        requirements for applications seeking approval to participate in the Register (paragraph 484L(1)(b));

        requirements for applications to register a sender identification (paragraph 484L(1)(c));

        criteria for accepting applications and sender identifications (paragraphs 484L(1)(d) and (e));

        access provisions and any associated fees (subsections 484L(2) and (3))

        the manner of making entries in the Register (paragraph 484L(4)(a));

        the correction or removal of entries (paragraphs 484L(4)(b) and (c));

        any other matters relating to the administration or operation of the Register (paragraph 484L(4)(d)).

The Determination establishes the framework for applying to register sender identifications, accessing and administering the Register and ensuring sender identifications meet certain requirements before being used by approved entities and telcos. Matters specified in the Determination include:

        how to make an application for approval or to register a sender identification in the Register;

        the application process for telcos that want to be certified telecommunications providers;

        the requirements sender identifications must meet to be approved for registration (e.g. maximum number of characters permitted);

        the requirement for an entity to demonstrate that a sender identification relates to, or is owned by, the entity (a valid use case), to prevent ‘spoofing’ (impersonation) of sender identifications;

        the process for entities to authorise, and remove authorisation for, participating telecommunications providers, international partners or electronic messaging service provider (EMSP) partners to send messages that include a sender identification registered in the Register by or on behalf of the entity;

        who can access the Register and what actions they may perform;

        providing terminating telecommunications providers access to a list of all registered sender identifications via the application programming interface;

        the requirement to comply with terms and conditions.

The Determination forms part of the legislative framework supporting the Register, which is designed to prevent SMS/MMS impersonation scams and enhance consumer protection.

Purpose and operation of the instrument

Background

Short messaging service (SMS) and multimedia messaging service (MMS) are key communications channels used by scammers to reach Australians. In 2024, 77,365 SMS scams were reported to Scamwatch, with reported losses of over $14 million.[2] Many SMS scams include some form of impersonation, where bad actors use sophisticated tactics to convince their victims they are from a legitimate entity. One common tactic is to send SMS messages with sender identifications that imitate well-known brands and government agencies.

The Government enacted the Telecommunications Amendment (SMS Sender ID Register) Act 2024 which provides for the ACMA to establish and maintain the Register. The purpose of the Register, once established, is to reduce the prevalence and impact of scams delivered via SMS or MMS which impersonate well-known brands through the illegitimate use of sender identifications (the alphanumeric headers in SMS/MMS; for example, ‘ATO’ and ‘NAB’). The Register will accept applications from, and store the sender identifications of, registered entities.

On 3 December 2024, the Government announced that registration of sender identifications would be mandatory. This means that messages sent with unregistered sender identifications after the register commences will be disrupted (that is, the unregistered sender identification will be replaced with ‘Unverified’). The Determination sets out the requirements that entities must meet if they want to register sender identifications.

Purpose

The Determination imposes requirements relating to applications to participate in the register and register sender identifications, the types of sender identifications that can be registered and who can have access to the register and undertake certain actions, such as granting or removing an originating telecommunications provider’s authorisation to send messages using the entity’s registered sender identification. The Determination also sets out the application process for participating telecommunications providers that want to obtain certification to deal with entities that do not have an Australian Business Number (ABN) who are seeking to send messages that include sender identifications.

The Determination seeks to protect the security and integrity of the Register by limiting access to the Register to business administrators and authorised users. Limiting access to the register to authorised contacts protects registered sender identifications from being misused by scammers to impersonate well-known entities.

Operation

Part 1 of the Determination sets out preliminary information such as commencement dates and definitions of terms used in the Determination.

Part 2 of the Determination outlines the pathways for entities to apply for approval and to register a sender identification under sections 484F and 484G of the Act, application form requirements and application approval requirements. It also provides the application process for a participating telecommunications provider to apply to become a certified telecommunications provider.

Part 3 of the Determination sets out the technical and content-based criteria for sender identifications submitted for registration on the Register. These criteria are designed to ensure sender identifications are clear, legitimate, and not misleading or harmful. Part 3 also provides that an entity may only request to register a sender identification if the entity has a valid use case for the sender identification.

Part 4 of the Determination outlines the process for entities to authorise, and remove authorisation for, participating telecommunications providers, international partners and EMSP partners to send messages for a sender identification registered in the Register by or on behalf of the entity.

Part 5 of the Determination outlines the access arrangements for the Register. It defines the roles and permissions of business administrators and authorised users in relation to the Register.

Part 6 of the Determination provides for administration of the register.

A provision-by-provision description of the Determination is set out in the notes at Attachment A.

The Determination is a legislative instrument for the purposes of the Legislation Act 2003 (the LA) and is disallowable.

Documents incorporated by reference

The Determination incorporates or refers to the following Acts, legislative instrument (including by the adoption of definitions) and code:

1.        Acts Interpretation Act 1901.
2.        American Standard Code for Information Interchange.
3.        Corporations Act 2001.
4.        The LA.
5.        Telecommunications (SMS Sender ID Register) Industry Standard 2025 (the Standard).
6.        Telecommunications Act 1997.

The Acts and legislative instrument listed in dot points 1, 3, 4, 5 and 6 are available free of charge on the Federal Register of Legislation at www.legislation.gov.au

The Acts and legislative instruments listed in dot points 1, 3, 4, 5 and 6 above are incorporated as in force from time to time in accordance with section 10 of the Acts Interpretation Act 1901, subsection 13(1) of the LA and section 589 of the Act.

Under paragraph 589(2)(b) of the Act, an instrument made under the Act may make provision in relation to a matter by applying, adopting or incorporating (with or without modifications) matter contained in any other instrument or writing, as in force or existing from time to time; even if the other instrument or writing does not yet exist when the instrument is made. This power has been relied upon to incorporate document 2 in the list above which is incorporated as in force and existing from time to time.  The American Standard Code for Information Interchange can be accessed free of charge at www.ascii-code.com.

Paragraph 589(2)(b) of the Act has also been relied upon to incorporate the list referred to in the definition of “restricted word” (see subsection 4(2) of the Determination).  The Determination adopts, by reference, a list of words published for the purposes of that definition from time to time on the ACMA web address https://www.acma.gov.au/restricted-terms-sender-ids.  The Determination provides that, in order to be included in the list, the ACMA must have determined that the word is used, or is likely to be used, in scam communications to mislead or deceive, including by falsely conveying a sense of urgency, or by falsely conveying that the message is official or important.

Consultation

Before the instrument was made, the ACMA was satisfied that consultation was undertaken to the extent appropriate and reasonably practicable, in accordance with section 17 of the LA.

The ACMA consulted with the public and with the Australian Competition and Consumer Commission; the Telecommunications Industry Ombudsman; the Office of the Australian Information Commissioner; bodies that represent the telecommunications industry, Australian Telecommunications Alliance and the Australian Mobile Telecommunications Association;  bodies that represent entities that use sender identifications, for example, the Australian Banking Association, and the Australian Small Business and Family Enterprise Ombudsman; and consumer bodies—the Australian Communications Consumer Action Network, CHOICE - Consumers' Federation of Australia and IDCARE.

First consultation

Starting on 27 March 2025, the ACMA undertook public consultation which included publishing a consultation paper on the ACMA’s website for 30 days—see: https://www.acma.gov.au/consultations/2025-03/proposed-rules-and-operation-sms-sender-id-register

The ACMA informed key stakeholders of the consultation and invited comment on issues set out in the consultation paper. In addition, the ACMA undertook further targeted consultation with relevant stakeholders.

The consultation paper sought comments about the operation of the Register and included information that informed the subsequent drafting of the Determination. The ACMA received 41 submissions from a range of stakeholders, including the telecommunications industry, entities, consumer advocacy groups and government agencies. The ACMA considered all relevant issues raised during the consultation process.

Second consultation

Starting on 21 August 2025, the ACMA undertook a second public consultation which included publishing a consultation paper and a draft of the Determination on the ACMA’s website for 19 days—see: https://www.acma.gov.au/consultations/2025-08/proposed-requirements-sms-sender-id-register.

The ACMA informed key stakeholders of the publication of the documents and invited comments.

The consultation paper sought comments on proposals included in the draft Determination that had originally been raised in the March 2025 consultation and had been revised following feedback. The ACMA received 28 submissions from a range of stakeholders, including the telecommunications industry, entities that use sender IDs, consumer advocacy groups and government agencies. The ACMA considered all relevant issues raised in response to the consultation process and updated the Determination to include:

• changes to make the Determination consistent with the Standard;
• revisions to the application criteria for certified telecommunications providers, so that certified telecommunications providers must demonstrate they have processes to verify that an entity without an ABN (domestic or international) has been officially recognised or certified by a governing body regulatory authority or accreditation organisation in the country in which the entity is based. This change provides certified telecommunications providers a broader range of options to verify non-ABN entities;
• changes to prevent the registration of sender identifications that solely consist of words the ACMA has determined are used, or are likely to be used, in scam communications to mislead or deceive, including by, falsely conveying a sense of urgency, or falsely conveying that the message is official or important;
• addition of a section that sets out the process for entities to authorise, or remove authorisation for, participating telecommunications providers, international partners and EMSP partners to send messages for a sender identification registered in the Register by or on behalf of the entity.

There were concerns raised during the consultation process about the Register implementation timeframe. On 30 September 2025, the Minister for Communications made the Telecommunications (SMS Sender ID Register Industry Standard) Amendment Direction (No.2) 2025, which commenced on 3 October 2025 and effectively changed the date by which the Register must commence in full, from 15 December 2025 until 1 July 2026.

There were also suggestions made about how to improve the Register processes. Further changes were made to the Determination, and the ACMA will publish guidance to assist telecommunications providers and entities.

Statement of compatibility with human rights

Subsection 9(1) of the Human Rights (Parliamentary Scrutiny) Act 2011 requires the rule-maker in relation to a legislative instrument to which section 42 (disallowance) of the LA applies to cause a statement of compatibility with human rights to be prepared in respect of that legislative instrument.

The statement of compatibility with human rights set out in Attachment B has been prepared to meet that requirement.

Attachment A

Notes to the SMS Sender ID Register (Application, Access and Administration) Determination 2025

Part 1–Preliminary

Section 1 Name

This section provides for the instrument to be cited as the SMS Sender ID Register (Application, Access and Administration) Determination 2025 (the Determination).

Section 2 Commencement

This section provides for:

• sections 1-5, 9 and 17 of the Determination to commence at the start of the day after the day it is registered on the Federal Register of Legislation;
• subsections 6(3), 6(6), 7(3), 7(5) and 11(3) of the Determination to commence on 1 April 2026;
• all other provisions in the Determination not elsewhere covered by the commencement table at section 2, to commence on 30 November 2025.

Section 3 Authority

This section identifies the provision of the Act that authorises the making of the Determination, namely section 484L of the Telecommunications Act 1997 (the Act).

Section 4 Definitions

This section defines key terms used in the Determination.

A number of other expressions used in the instrument are defined in the Telecommunications (SMS Sender ID Register) Industry Standard 2025 (the Standard) or in the Act.

Section 5 References to other instruments

This section provides that in the Determination, unless the contrary intention appears:

• a reference to any other legislative instrument is a reference to that other legislative instrument as in force from time to time; and
• a reference to any other kind of instrument is a reference to that other instrument as in force or existing from time to time.

Part 2–Applications to the Register

Section 6 How to apply for approval under section 484F of the Act and for registration of a sender identification under section 484G of the Act

Subsection 6(1) provides that ABN entities may apply for approval (under section 484F of the Act) or to register a sender identification in the Register (under section 484G of the Act) using the process in subsection 6(2) or (3) of the Determination.

Subsection 6(2) provides that an ABN entity may request a participating telecommunications provider that is an originating telecommunications provider; or a certified telecommunications provider; or an international partner or EMSP partner of either a participating telecommunications provider or a certified telecommunications provider, to apply for approval and registration on the ABN entity’s behalf.

The note under subsection 6(2) notes that such applications are subject to provisions in the Standard and can be made by the relevant provider to the ACMA through ACMA Assist or via the application programming interface (API).

Subsection 6(3) provides that an ABN entity may apply for approval or registration directly to the ACMA via ACMA Assist.

Subsection 6(4) provides that non-ABN entities may apply for approval (under section 484F of the Act) or to register a sender identification (under section 484G of the Act) using the process in subsection 6(5) or (6) of the Determination.

Subsection 6(5) provides that a non-ABN entity may request a certified telecommunications provider or an international partner or EMSP partner of a certified telecommunications provider to apply for approval and registration on the non-ABN entity’s behalf.

Subsection 6(6) provides that a non-ABN entity may apply for approval or registration directly to the ACMA via ACMA Assist.

The note under subsection 6(6) notes an application for approval must be made using the approved form published on the ACMA’s website.

The intent of this section is to provide ABN and non-ABN entities options for making an application either through participating telecommunications providers with which the entity sends, or wishes to send sender identification messages, including certified telecommunications providers, and their partners, or directly to the ACMA. When a sender identification is registered by a provider or partner on behalf of an entity, the provider or partner is authorised to send messages using that sender identification on behalf of the entity. If an entity chooses to apply to register directly with the ACMA, the entity will still have to go through the registration process with the provider/s or partner/s it wishes to use to send sender identification messages, to authorise them in accordance with section 12.

Section 7  Application approval requirements

Section 7 provides the requirements that must be met, for the purposes of paragraphs 484F(3)(d) and 484G(2)(c) of the Act, before the ACMA can approve an application. This section requires that:

• the identity of the individual making/confirming the application is verified;
• the individual is authorised to act on behalf of the entity;
• the entity is legitimate.

Subsection 7(1) provides that where an ABN entity makes an application under paragraph 6(2)(a) or (b) of the Determination (through a participating telecommunications provider who is an originating telecommunications provider or partner), the application must be confirmed by a business administrator or an authorised user for the entity, and the entity must be listed on the Australian Business Register (the ABR). ABN entities are required to confirm applications made via participating telecommunications providers and partners so that the individual’s identity, authorisation to act on behalf of the entity and the entity’s ABN can be checked via ACMA Assist, to ensure that the application was not made by a scammer impersonating an entity.  

Subsection 7(2) provides that where an ABN entity makes an application under paragraph 6(2)(c) or (d) of the Determination (through a certified telecommunications provider or partner):

• the individual who asks the provider to make the application on behalf of the entity must be an entity representative;
• the identity of the entity representative must be able to be confirmed; and
• the entity must be officially recognised or certified by a governing body, regulatory authority or accreditation organisation in the country in which the entity is based.

The note under paragraph 7(2)(b) notes that the Standard requires a certified telecommunications provider to confirm the identity of the individual by using an identity verification service.

The note under subsection (2) notes that an ABN entity can choose to engage a certified telecommunications provider to make an application on behalf of the ABN entity in which case it will be treated as though it is a non-ABN entity.

Subsection 7(3) provides that where an ABN entity makes an application under subsection 6(3) of the Determination (directly to the ACMA through ACMA Assist), the application must be made by a business administrator or an authorised user for the entity, and the entity must be listed on the ABR. The individual’s identity, authorisation to act on behalf of the entity and the entity’s ABN will be checked via ACMA Assist, to ensure that the application was not made by a scammer impersonating an entity.

Subsection 7(4) provides that where a non-ABN entity makes an application under subsection 6(5) of the Determination (through a certified telecommunications provider or partner):

• the individual who asks the provider to make the application on behalf of the entity must be an entity representative;
• the identity of the entity representative must be able to be confirmed; and
• the entity must be officially recognised or certified by a governing body, regulatory authority or accreditation organisation in the country in which the entity is based.

The note under paragraph 7(4)(b) notes that the Standard requires a certified telecommunications provider to confirm the identity of the individual by using an identity verification service.

Subsection 7(5) provides that where a non-ABN entity makes an application under subsection 6(6) of the Determination (directly to the ACMA):

• the individual who makes the application must be an entity representative;
• the identity of the entity representative must be able to be confirmed; and
• the entity must be officially recognised or certified by a governing body, regulatory authority or accreditation organisation in the country in which the entity is based.

Paragraphs 7(2)(b) and 7(4)(b) of the Determination refer to the identity of the individual making an application being confirmed by a certified telecommunications provider or partner. The note to subsections 7(2)(b) and 7(4)(b) notes the direct requirement on a certified telecommunications provider in paragraph 12(4)(a) of the Standard to confirm the identity of the relevant individual using an identity verification service.  The confirming of an individual’s identity will require the collection of personal information.  The collection, use and disclosure of this information is necessary to ensure that the identity of an applicant can be confirmed.  Most certified telecommunications providers will be an ‘organisation’ within the meaning of the Privacy Act 1988. If so, the provider will have to comply with the Australian Privacy Principles in the collection, use and disclosure of personal information. A person who keeps such records may not be subject to the Privacy Act 1988 in relation to any personal information so kept (because they are a ‘small business operator’ for example). Where the Privacy Act 1988 does not apply to a participating telecommunications provider, section 26 of the Standard provides that the provider must ensure that personal information it collects in connection with the Standard must be used only for specified purposes and must be destroyed in a secure manner when it is no longer required to be retained.

Subsection 7(5)(b) provides that the identity of the relevant individual must be able to be confirmed by the ACMA. The ACMA may need to collect, use and disclose personal information for that purpose.  Where the ACMA collects such personal information, the ACMA is obliged to comply with the Australian Privacy Principles set out in Schedule 1 to the Privacy Act. The ACMA has published a privacy policy, which is available from its website at www.acma.gov.au/privacy-policy.

Section 8 Application form requirements

Section 8 provides that for paragraphs 484F(3)(d) and 484G(2)(c) of the Act, an application for approval under section 484F of the Act and to register a sender identification in the Register, or to register a sender identification in the Register, can be made by an entity directly to the ACMA or by a participating telecommunications provider or international partner or EMSP partner on the entity’s behalf. Applications must include:

• the entity’s name;
• for an ABN entity – its ABN;
• for a non-ABN entity –
  • a unique identifier associated with the entity’s official recognition or certification by a governing body, regulatory authority or accreditation organisation in the country in which the entity is based; or
  • if the entity’s official recognition or certification does not include a unique identifier, the entity name exactly as it is entered on the official record of recognition or certification;
• for a non-ABN entity– the name of at least one:
  • certified telecommunications provider; or
  • international partner or EMSP partner of a certified telecommunications provider,

that the entity intends to use to send sender identification messages on behalf of the entity.

• one of the entity’s web addresses relating to the entity’s website or online presence on a social media platform (for example, the URL for a Facebook page, Instagram profile or LinkedIn profile);
• if the entity is a company – the full address of the entity’s registered office;
• if the entity is not a company – the entity’s principal place of business, operation or administration;
• the full name, email address and contact telephone number of the entity representative;
• the sender identification(s) that the entity wishes to register; and
• where an entity wishes to register a sender identification for a period shorter than 12 months – the date on which the registration will expire.

The note under paragraph 8(i) notes that where an ABN entity makes an application through a participating telecommunications provider or partner, the entity representative making the application does not necessarily need to be the entity’s business administrator or authorised user at the time of making the application. The Register system will provide information to the entity representative about how they can obtain authorisation from a business administrator, so they can then confirm the application as required under subsection 7(1).

The note under paragraph 8(j) notes that the sender identification or identifications included in a registration application must meet the criteria outlined in section 10 of this Determination.

The first note under section 8 notes that sections 11, 12 and 13 of the Standard allow participating telecommunications providers who are originating telecommunications providers to register sender identifications on behalf of an entity.

The second note under section 8 notes that if a date is not specified for the purposes of paragraph 8(k), registration of a sender identification is ongoing, unless the ACMA has specified a default registration period, or the sender identification is otherwise revoked or removed from the Register. Allowing entities to register a sender identification for a specified period may help to prevent misuse of registered sender identifications that are intended for a short-term event or purpose, such as an election or retail sales event.

The application process aims to make sure that information provided enables verification of the person making the application, and the entity.

This section will result in the ACMA collecting some personal information about individuals in connection with applications for approval to participate in the Register and applications to register sender identifications.  The purpose of collecting this information is to verify the entity’s application.  This may include personal information within the meaning of the Privacy Act 1988 (the Privacy Act). Where the ACMA collects such personal information, the ACMA is obliged to comply with the Australian Privacy Principles set out in Schedule 1 to the Privacy Act. The ACMA has published a privacy policy, which is available from its website at www.acma.gov.au/privacy-policy.

Section 9 Application to be approved as a certified telecommunications provider

Section 9 provides the process for applying to be a certified telecommunications provider. To become certified, a participating telecommunications provider that is an originating telecommunications provider may apply to the ACMA in the form approved in writing by the ACMA. The provider’s application must include evidence that it has and will use robust processes to accurately confirm the following information in relation to non-ABN entities on whose behalf the provider may apply to register a sender identification in the Register:

• the identity of the individual making the application, using an identification verification service;
• that the individual making the application is an entity representative;
• that the entity has been officially recognised or certified by a governing body, regulatory authority or accreditation organisation in the country in which the entity is based.

Certified telecommunications providers can apply for registration of a sender identification, or originate messages, on behalf of a non-ABN entity, in order to facilitate the participation of non-ABN entities in the Register.

Although the application criteria have been designed for the purpose of accepting applications from non-ABN entities, a certified telecommunications provider may also deal with ABN entities.

Part 3–Criteria for sender identifications

Section 10 Sender identifications

Section 10 provides that a sender identification that is included in an application for registration:

• must only include characters from the ASCII decimal codes 32-126;
• must be between 2 and 11 characters in length;
• must not consist solely of numbers;
• must not contain a space or an underscore at the beginning or end of the sender identification;
• must not contain the word “unverified”;
• must not contain a word or words that are offensive, deceptive or misleading; and
• must not solely consist of a restricted word or restricted words.

The note under section 10 notes that the Register will treat sender identifications as case insensitive, meaning variations in letter casing (e.g. “ABC” and “abc”) are considered the same sender identification.

The purpose of this section is to set out the criteria for sender identification registrations and to help prevent impersonation of a registered sender identification by limiting the number and type of characters that can be used. The criterion of no more than 11 characters reflects current technical limitations. The permitted ASICII decimal code characters largely correspond with characters found on a keyboard, including all upper and lower case letters of the English alphabet, numerals 0-9, and a limited range of symbols.

“A restricted word” is defined in subsection 4(2) of the Determination to be each of the following words:

• account;
• alert;
• anti-fraud;
• assist;
• assistance;
• bank;
• banking;
• bill;
• billing;
• delivery;
• help;
• important;
• info;
• information;
• message;
• notice;
• notify;
• package;
• password;
• sale;
• secure;
• security;
• service;
• support;
• tax;
• urgent;
• verify;
• verified,

and each other word that the ACMA has determined is a word that is used, or is likely to be used, in scam communications to mislead or deceive, including by falsely conveying a sense of urgency, or by falsely conveying that the message is official or important, and which is included in the list published for the purposes of that definition on the web address https://www.acma.gov.au/restricted-terms-sender-ids.

While these words cannot not be used in isolation, they can be used if combined with characters that identify the sender of the message. For example, ‘Alert’ could not be registered by the ACMA as a sender identification, but the ACMA could register ‘ACMA Alert’.

This requirement complements the valid use case requirements in the Standard. It aims to prevent bad actors from attempting to exploit the valid use case requirements, for example, by attempting to register a business name or domain name using one of the restricted words, and then using that as evidence of a valid use case.  

Section 11 Entity must have a valid use case

Subsection 11(1) provides that, subject to subsection 11(4), an entity may only request to register a sender identification if it has a valid use case for the sender identification.

Subsection 11(2) provides that to register a sender identification via a participating telecommunications provider (that is an originating telecommunications provider), or an international partner or EMSP partner, an entity must provide evidence of a valid use case to the provider/partner. This includes where the participating telecommunications provider is a certified telecommunications provider.

Subsection 11(3) provides that to register a sender identification directly with the ACMA, an entity must provide evidence of a valid use case to the ACMA.

Subsection 11(4) provides that subsection (1) does not apply where the exception for a government agency specified in in subsections 11(5) or 12(5) of the Standard applies.

The first note under section 11 notes that subsections 11(5) and 12(5) of the Standard provide for an exception in specified circumstances where a government agency, that is either an ABN or a non-ABN entity, requests a provider to initiate registration of a sender identification, where there is not a sender identification match to the agency.

The second note under section 11 notes that the same sender identification can be registered by more than one entity provided that each entity can demonstrate it has a valid use case for the sender identification. For example, two entities that share the same acronym for a registered business name (e.g. ‘ABC’) can apply to register the same sender identification (e.g. ‘ABC-Service’) if they each provide evidence of a valid use case for the sender identification to their provider or the ACMA.

The valid use case requirements prevent misuse and spoofing of sender identifications by requiring evidence to be provided that demonstrates a sender identification relates to, or is owned by, the entity seeking to register that sender identification. It reflects obligations in the Standard on telecommunications providers to confirm that entities have a valid use case for the sender identification the entity is seeking to register.

Part 4–Authorisation to send messages for a sender identification

Section 12 Authorisation to send messages for a sender identification relating to an entity

Section 12 provides for entities to authorise participating telecommunications providers, international partners and EMSP partners to send messages that include a sender identification that has been registered in the Register by or on behalf of the entity. This section complements:

• section 11 of the Standard, which provides for participating telecommunications providers that are originating telecommunications providers to make applications to register sender identifications on behalf of ABN entities;
• section 12 of the Standard, which provides for certified telecommunications providers to make applications to register sender identifications on behalf of non-ABN entities; and
• subsection 16(4) of the Standard, which requires telecommunications providers to check they have been authorised by an entity before sending messages using a sender identification registered by that entity.

Subsection 12(1) provides that an ABN entity may authorise:

• a participating telecommunications provider that is an originating telecommunications provider;
• an international partner or an EMSP partner of a participating telecommunications provider;
• a certified telecommunications provider; or
• an international partner or an EMSP partner of a certified telecommunications provider,

to send sender identification messages that include a sender identification registered in the Register by or on behalf of the entity.

Subsection 12(2) provides that a non-ABN entity may authorise:

• a certified telecommunications provider; or
• an international partner or an EMSP partner of a certified telecommunications provider,

to send sender identification messages that include a sender identification registered in the Register by or on behalf of the entity. This subsection makes it clear that non-ABN entities can only authorise certified telecommunications providers or their partners to send sender identification messages on the entity’s behalf.

Subsection 12(3) provides that to authorise a telecommunications provider, international partner or EMSP partner to send messages on behalf of an entity using a registered sender identification:

• an ABN entity must make an application to each provider or partner, following the process set out in sections 6, 7 and 8.
• a non-ABN entity must make an application to each provider or partner following the process set out in sections 6, 7, 8 and 11.

To make sure that messages that include registered sender identifications can only be sent by participating telecommunications providers, international partners or EMSP partners that have been authorised by the entity that registered the sender ID, the entity must go through the registration process with each provider and partner it wishes to authorise. ABN entities only need to provide evidence of a valid use case for a sender identification when they first register a sender identification (either through  a provider, partner or the ACMA, in accordance with section 11). They do not need to provide evidence of a valid use case to other providers or partners they authorise to send messages under section 12. Non ABN entities must provide evidence of a valid use case for a sender identification to each certified telecommunications provider or partner with which they register.

Applications to authorise multiple telecommunications providers or partners to send messages using a registered sender identification do not result in that sender identification being registered in the Register multiple times.

Section 13 Removal of authorisation to send messages for a sender identification relating to an entity

Section 13 provides that an entity may remove authorisation given to provider or partner under section 12. They can do this via the ACMA or by requesting that the provider or partner remove the authorisation.

The intent of this provision is to provide entities with options for removing authorisation granted to a provider or partner to send messages that include a registered sender identification, either via the ACMA or by making a request directly to the provider.

Part 5–Access to the Register system

Section 14 Business administrators

Section 14 provides that a business administrator for an entity is authorised to access the entity’s account on ACMA Assist to:

• apply to register a sender identification on behalf of the entity;
• confirm the registration of a sender identification on behalf of the entity;
• remove the registration of a sender identification on behalf of the entity;
• grant or remove an originating telecommunications provider’s, international partner’s or EMSP partner’s authorisation to send messages using the entity’s registered sender identification; and
• grant or remove a permission to be an authorised user or a business administrator.

This provision supports secure and flexible account management and delegation of management for entities participating in the Register.

Section 15 Authorised users

Section 15 provides that an authorised user for an entity is authorised to access the entity’s account on ACMA Assist to:

• apply to register a sender identification on behalf of the entity;
• confirm the registration of a sender identification on behalf of the entity;
• remove the registration of a sender identification on behalf of the entity; and
• grant or remove an originating telecommunications provider’s, international partner’s or EMSP partner’s authorisation to send messages using the entity’s registered sender identification.

This provision supports secure and flexible account management for entities participating in the Register.

Section 16 Access for terminating telecommunications providers

Section 16 provides that terminating telecommunications providers participating in the Register will be able to access a list of all registered sender identifications via the application programming interface. The note under section 16 notes that the list of all registered sender identifications will also be available via the ACMA website at www.acma.gov.au.

This provision ensures terminating telecommunications providers have appropriate access to information that they need to fulfil obligations set out in section 18 of the Standard, specifically, checking if a sender identification is registered before terminating a sender identification message.

Part 6–Administration of the Register

Section 17 Terms and conditions

Section 17 provides that entities approved under section 484F of the Act must comply with any terms and conditions as existing from time to time relating to the Register as are approved by the ACMA and published on the ACMA’s website at www.acma.gov.au, provided that such terms and conditions are;

• reasonably necessary for the proper and efficient administration of the Register; and
• not inconsistent with this Determination, the Standard or Part 24B of the Act. 

The purpose of this provision is to make sure all users comply with terms and conditions for accessing Register information and functions through ACMA Assist.
Attachment B

Statement of compatibility with human rights

Prepared by the Australian Communications and Media Authority under subsection 9(1) of the Human Rights (Parliamentary Scrutiny) Act 2011

SMS Sender ID Register (Application, Access and Administration) Determination 2025

Overview of the instrument

The SMS Sender ID Register (Application, Access and Administration) Determination 2025 (the Determination) has been made under section 484L of the Telecommunications Act 1997 (the Act). It is drafted to address a range of operational and procedural matters that the ACMA may determine, including application requirements, registration processes, criteria for sender identification approval, and access arrangements.

The Determination imposes requirements relating to applications to participate in the register and register sender identifications, the types of sender identifications that can be registered and who can have access to the register and undertake certain actions, such as granting or removing the authorisation of an originating telecommunications provider, a certified telecommunications provider or the partner of one of those providers, to send messages using the entity’s registered sender identification. The Determination also sets out the application process for telecommunications providers that want to obtain certification to deal with entities that do not have an Australian Business Number (ABN) who are seeking to send messages that include sender identifications.

Human rights implications

The ACMA has assessed whether the instrument is compatible with human rights, being the rights and freedoms recognised or declared by the international instruments listed in subsection 3(1) of the Human Rights (Parliamentary Scrutiny) Act 2011 as they apply to Australia.

Having considered the likely impact of the instrument and the nature of the applicable rights and freedoms, the ACMA has formed the view that the instrument engages the following rights and freedoms:

• the right to privacy and reputation prohibiting interference with privacy and attacks on reputation contained in Article 17 of the of the International Covenant on Civil and Political Rights (the ICCPR)
• the right to freedom of expression contained in paragraph 2 of Article 19 of the ICCPR.

Specific articles and the manner in which the Determination engages them are presented below.

Right to privacy and reputation

Article 17 of the ICCPR prohibits arbitrary or unlawful interference with an individual’s privacy, and attacks on reputation. Non-arbitrary interference, and some limitations provided by law, are permissible. In order for limitations to be deemed non-arbitrary, there must be a legitimate objective, and it must be reasonable, necessary and proportionate.

Scams, including those delivered by SMS, can compromise a person’s personal and financial information, leading, in many cases, to identity theft and corresponding financial loss. In addition to compromising an individual’s privacy, identity theft can also compromise the reputation of individuals.

The reputation of legitimate entities and their brands can also be damaged by the impersonation of these entities by scammers through the illegitimate mimicking of the entities’ legitimate sender identifications with the intention of undertaking scam activity.

The Determination, together with the Telecommunications (SMS Sender ID Register) Industry Standard 2025 (the Standard), is aimed at reducing SMS/MMS scam activity and will enforce the rights to privacy and reputation of the individuals who receive the messages and are at risk of fraud, identity theft and impersonation. Likewise, the Determination will reduce the reputational damage suffered by legitimate entities who would otherwise be at risk of being impersonated by scammers sending SMS with the purpose of undertaking scam activity.

The Determination will result in the ACMA collecting some personal information about individuals in connection with applications for approval to participate in the Register (under section 484F of the Act) or applications for sender identifications to be entered in the Register (under section 484G of the Act) or an application to be approved as a certified telecommunications provider. The purpose of collecting this information is to verify the entity’s application.

Part 5 of the Determination incorporates safeguards to ensure business administrators and authorised users for an entity have access to the entity’s account on the Register to manage registrations and arrange or remove access for other entity personnel. The Determination aims to protect against unauthorised and unintended sender identification registration by requiring an application that is made through a participating telecommunications provider (or international partner or EMSP partner) to be confirmed by a business administrator or an authorised user of the entity.

These safeguards, together with the other restrictions on the handling of personal information within the Standard, and the ACMA’s obligations to comply with the Privacy Act 1988, indicate that the Determination is reasonable, necessary and proportionate to the objectives of protecting Australians from the harms of scam activity.

Right to freedom of expression

Article 19(2) of the ICCPR protects freedom of expression, including the right to seek, receive and impart information and ideas of all kinds, through any medium, including written and oral communication, media and broadcasting. While not expressly stated, implied broadly in the application of this right, is a person’s ability to receive media such as SMS messages through an individual’s mobile telephone service.

The Register may limit the right to freedom of expression of scammers using sender identifications which impersonate legitimate entities to send scam SMS/MMS messages to individuals. However, any such limitation achieves a legitimate purpose by reducing the potential harms that scams can deliver. The restrictions are partly provided for by law, given a large proportion of scam messages perpetrate fraud and/or identity theft.

Requiring persons who use sender identifications to provide information about themselves and the entity they represent to enable verification prior to a sender identification being registered is a basic and crucial way to minimise the risk of telecommunications networks being used in, or in relation to, the commission of offences. It also assists relevant agencies to identify and apprehend persons who do use, or attempt to use, telecommunications networks and facilities in, or in relation to, the commission of offences. The Determination is, in this respect, a reasonable, necessary and proportionate restriction on the freedom of expression.

The Determination also engages the right to freedom of expression, in so far as that right includes the right of entities to choose, subject to meeting certain requirements, a sender identification that they wish to register. Section 11 of the Determination requires that the entity may only request to register a sender identification if it has a valid use case for the sender identification and section 10 of the Determination sets out the criteria that a sender identification must meet.

The requirements under these provisions are intended to prevent sender identification misuse and spoofing by scammers while promoting the right to freedom of expression of legitimate entities. Accordingly, the ACMA considers that the Determination is reasonable, necessary and proportionate to the objectives of protecting Australians from the harms of scam activity.

Conclusion

This Determination is compatible with the human rights and freedoms recognised or declared in the international instruments listed in section 3 of the Human Rights (Parliamentary Scrutiny) Act 2011. To the extent that the requirements under the Determination may limit human rights, those limitations are reasonable, necessary and proportionate to achieving the legitimate policy objective of protecting Australian consumers and legitimate businesses and entities from the harmful impacts of impersonation scams.

To the extent that it may engage Article 17 of the ICCPR, the Determination protects the privacy and reputation of legitimate entities who send SMS/MMS that include sender identifications to communicate with their customers. To the extent that it may engage Article 19 of the ICCPR, any limitations that it imposes on freedom of expression are reasonable, necessary and proportionate to protect Australians from the harms of these scams.

[1] Fees for the register are subject to Government decision and will not be in place when the Determination commences.

[2] Australian Competition and Consumer Commission, ‘Scam Statistics’, Scamwatch (2024).