Messaging Compliance

Date of Last Revision: December 10, 2018

PLEASE NOTE THE FOLLOWING BEFORE READING FURTHER:

The following information exemplifies some (but not all) of the applicable laws, regulations and industry codes and standards which govern the use of Sinch’s messaging services (“Messaging Compliance Rules”).
The following information is not intended to constitute (nor does it constitute) legal, compliance or professional advice of any kind.
The following information is not a complete list of the Messaging Compliance Rules. It is the responsibility of all Sinch customers to comply with all Messaging Compliance Rules (whether or not they are referred to in the following information). In particular, the following information does not consider any of the specific rules enforced by the underlying carriers, operators and aggregators “Service Providers” who we use to provide the messaging services. Please refer to section 2 below for further information on Service Provider rules.

1. Messaging Compliance Rules

As Sinch messaging services are available across multiple territories and jurisdictions, all Sinch customers must consider where:

(i) they use the Sinch messaging services; and (ii) their use of the Sinch messaging services has an impact.

For example, if the Sinch messaging services are used to send messages from an entity in the United Kingdom to end users in Germany, the jurisdictional impact of the Messaging Compliance Rules in the United Kingdom and Germany will be relevant (in addition to any overriding EU Regulations).

Certain countries have specific Messaging Compliance Rules governing the sending of mobile messages by businesses. For example, some countries have:

laws and regulations governing the use of electronic communications and/or telecommunications services which apply to A2P messaging services;
laws and regulations governing the content of content of A2P messages and the time periods within which it is permissible to send them;
industry codes of conduct dealing with the use of short codes; and
regulations requiring the pre-registration of bulk SMS outbound (MT) message originators, i.e. the alphanumeric characters used in the SenderID to personalise Application-to-Person (A2P) SMS messages.

Further, some countries have laws, regulations and codes of conduct governing the marketing to individuals and businesses. These may be specific to messaging services or be of more general application to all marketing activities. Generally speaking they share a very important principle with the privacy laws in that it is necessary to ensure that the consent of the applicable individual has been obtained (and hasn’t been withdrawn) before any marketing is sent to that individual. What is meant by “consent” and the methods by which individuals can withdraw that consent may differ by jurisdiction. The general rule is that individuals must have provided clear and unequivocal consent to receive marketing through the messaging services and that they must be given an easy and convenient method by which they can opt-out at a later date.

Although the definition of what constitutes “personal data” or “personal information” (“Personal Data”) may differ by jurisdiction, it is generally understood to mean information about an individual that (a) can be used to identify, contact or locate a specific individual; (b) can be combined with other information that is linked to a specific individual to identify, contact or locate a specific individual. An individual’s mobile phone number (known as the MSISDN), an IP address and certain message content are generally understood to constitute Personal Data.

Before sending any Personal Data to us in connection with our messaging services, it is our customers’ responsibility to ensure that the applicable rules governing the use of that Personal Data have been complied with. For example (but without limitation), have the relevant individuals provided the necessary consent to the use and transfer of the Personal Data? Has that consent since been withdrawn?

2. Service Provider Rules

Many of our Service Providers impose their own specific requirements relating to the use of the messaging services by Sinch, its customers and any end users. These may include (but are not limited to) additional rules relating to the:

type, content and permitted time of sending of messages;
pre-registration of message originators;
prohibition of certain types of message originators;
pre-approval of messaging campaigns; and
pre-approval of key words used in response to mobile originated messages sent to short codes.

By using Sinch’s messaging services our customers agree to comply with such rules at all times. Therefore, before attempting to send any messages to a particular country, all customers should contact their account manager who (with the support of Sinch’s country managers and product management team) will discuss the Service Provider rules which may apply, including (but not limited) to any necessary pre-registration or registration of originators which needs to be undertaken before messages can be sent.

For more information about US specific regulatory requirements and compliance.

Telco transformed

The actionable guide to increasing customer loyalty with mobile messaging

Two-factor authentication: Why SMS is here to stay

Building a smooth, secure experience with SMS-based 2FA

Signaling threats: SS7 and beyond

Sinch named a Leader in IDC MarketScape 2023

What's in store? Rethinking CX for retail and e-commerce