To use phone numbers compliantly in many countries of the world, both Twilio and our customers must adhere to the local country regulations. Doing so often means that we must provide adequate identity documentation to the local regulator or carrier. If they don’t provide this information, there is a high risk the local regulators or carriers will disconnect the phone number.
This list of Frequently Asked Questions (FAQ) will provide more details about regulations, what you need to do to stay compliant, and why.
Q: How are phone number regulations changing and why?
A: Many countries around the world have recently been increasing their scrutiny of how their phone numbers are used. This increased scrutiny is driven by various factors, including increased incidents of misuse and abuse of phone numbers, heightened national security concerns, and increased pressure on the supply of numbers.
As a result, various countries are updating their regulations or placing greater emphasis on the enforcement of existing regulations, including those requiring validation of who is actually using the phone number and exactly where that individual or business is located. In short, the intent of these regulations is to verify who is using the number and where they are.
Twilio, our customers, end users, and providers each have a role and a collective obligation to ensure numbers are assigned and used in a manner consistent with the intent of the regulations in the relevant country.
Q: Is this enforcement only impacting Twilio customers? Is it because there’s spam and abuse on your platform?
A: No. Twilio does not permit spam or abuse on our platform. Regulatory requirements are due to worldwide enforcement of existing and new regulations as nations seek to have better control over their national communications infrastructures. All communications companies, including Twilio, are subject to these regulations, and providers and end customers ignore such requirements at their peril. End-user phone numbers that do not comply are at risk of being disconnected due to national regulatory action without notice regardless of provider, a gamble to which Twilio does not subject its customers or itself.
Q: Other providers do not require address and identity information for my phone numbers. Why does Twilio?
A: Many countries around the world have recently been increasing their scrutiny of how their phone numbers are used. We strongly believe all providers are being asked—or soon will be asked—to provide the same information Twilio requires. In every country, the regulations apply equally to all phone number providers. Twilio is in no way being singled out.
Q: Which countries are affected? What are the exact requirements?
A: To help you comply with these regulations and minimize the risk of disruption to your phone numbers, Twilio maintains an up-to-date country-by-country guide of phone number regulatory requirements. We urge our customers to provide the necessary information for each country to help ensure their service isn’t interrupted or disconnected.
To understand these regulations, it’s helpful to keep in mind the objective: Regulators want to know who is using the phone number and where they are located. It is therefore understandable that the regulations focus on the end user, the party actually using the phone number in question to make or receive calls. It also makes sense that regulators want the end user’s name, address, proof of address, and/or an identity document, and that all the documents must match. For example, the name on a utility bill submitted as proof of address must exactly match the name on the submitted passport. In some instances, a local address is required, as indicated by country.
Q: I’ve been told to “map” my phone numbers to addresses and identity documents. What does this mean, and how do I do it?
A: Phone numbers with regulatory requirements need to have certain information or documents associated with them, which is what we call “mapping”. It lets us know which phone numbers go with which addresses and identity documents. You can find instructions on how to map a phone number to an address and document here.
Q: How long does it take Twilio to verify documents that have been submitted?
A: We do our best to verify documents submitted within 24 business hours.
Q: What is Twilio doing to make regulatory compliance easier for me?
A: We are investing heavily in automated systems to make compliance easier. We have brought a number of these systems online already and you’ll see many improvements in the coming months that will make the process easier and faster. These systems will include intelligently determining and presenting regulatory requirements for each number-set up front, a new user experience, and improved APIs to help guide you through the processes required.
Q: How is Twilio handling privacy?
A: Twilio takes privacy very seriously. Twilio must collect the data requested and we have legitimate interests for doing so, including regulatory obligations and fraud and abuse prevention. Accordingly, the collection of this data is lawful under privacy law. Although we must collect the data, we remain conscious that the data being collected is sensitive and we must treat it accordingly. The data is subject to the requirements of our Binding Corporate Rules - Controller Policy, which provides for application of a GDPR-level of data protection regardless of where the data originates globally. And pursuant to our internal data protection risk impact assessment, the data is subject to more stringent handling requirements commensurate to the sensitivity level. Among other things, these requirements include limiting access to the data to only those staff members who must see it to perform their job functions, conducting privacy and security training with these staff members prior to permitting them to handle the data, and ensuring all data is stored securely.
Q: Where can I find the regulations underpinning Twilio’s requirements page?
A: Our requirements are a synthesis of multiple sources and therefore generally cannot be found verbatim in the local regulations. The sources we use are primarily the text of the regulations, direct conversations with regulators, the judgment and interpretation of Twilio’s legal counsel, industry best practices, the standards of telephone carriers, and our experience in handling requests by government and law enforcement agencies.
Q: I need to retain my phone number in a country but do not meet the requirements. What should I do?
A: If you cannot meet the requirements for a specific phone number type in a given country, we recommend you look at a different number type for that country. Countries often have multiple phone number types (for example, national vs. local), and different phone number types are set up for different uses and have different requirements. It may be that you are using a current phone number type that isn’t appropriate for your situation; for example, local numbers are often meant for people with physical addresses in a specific region of a country. However, there is often another number type in the same country that is well suited to your situation. If that approach doesn’t work, then you may have to use a phone number in another country where you meet the requirements. Please email your account rep or email@example.com for assistance, if you cannot find a solution.
Q: I need to retain my current phone numbers in a country where I don’t meet the regulatory requirements for any of the phone number types. I’ve tried everything you’ve outlined and there is no acceptable alternative. What do I do? What is Twilio doing to help me?
A: We recognize that this is an exceedingly difficult situation for our customers. We want to assure you that we’ll allow you to use your current phone numbers for as long as we reasonably can. We will only disconnect your phone numbers if there is no other legal option available.
We are also committed to helping you find a solution in the following ways:
- We are actively working to enable new number types in some countries.
- As the opportunities arise, we will advocate for changes to these regulations. We fundamentally believe that every country should offer a phone number type accessible to any international business that provides valuable services to the citizens of that country. We are, however, realistic about timelines. We recognize that the passage of new regulations may take time, and as a result, this approach is likely a longer-term solution.
- We are working on possible solutions that would make it easier for customers to comply with current regulations. For example, there are sometimes relatively inexpensive ways for you to set up a legal entity and/or a presence in a country. We are investigating where we can provide lightweight solutions to meet the requirements.