Article
Connectivity

Telcos Face Complex 2025 Rules on AI, Security & IDs

By Stella Nolan
June 04, 2025
undefined mins
Share this article
Prioritise Us on Google
Share this article
Prioritise Us on Google
Telecommunications operators are navigating increasingly complex global regulatory environments | Photo: Image FX
Telecom providers must upgrade compliance amid new AI laws, stricter sender ID rules and national security measures shaping the global regulatory landscape

Telecommunications operators are navigating increasingly complex global regulatory environments. From AI oversight to identity verification and national security concerns, compliance burdens are rising, particularly for multinationals managing services across borders.

EY’s latest annual risk study for the telecoms sector highlights how operators must adapt. The report identifies “underestimating changing imperatives in privacy, security and trust” as telcos’ number one risk in 2025.

Adrian Baschnonga, EY’s lead analyst for global technology, media & entertainment and telecommunications (TMT)

Adrian Baschnonga, EY’s lead analyst for global technology, media & entertainment and telecommunications (TMT), added:

“Telcos should carefully consider how best to phase emerging technology deployments, especially given the complex mix of software and hardware capabilities in scope and the need to simplify legacy IT and networks… telcos also face strategic choices, specifically around AI, on issues ranging from use case prioritisation to the selection of open-source or proprietary large language models (LLMs) as well as vendor and partnership decisions.”

AI governance: Regulation vs innovation

The pace of AI innovation has triggered rapid regulatory responses. The EU AI Act, a landmark initiative, is emerging as a critical reference point.

Designed to categorise AI systems by risk level, the Act introduces compliance obligations that could significantly affect telecom operators, particularly those integrating AI into network optimisation, customer service automation, or predictive maintenance.

Enza Iannopollo, an analyst at Forrester

Enza Iannopollo, an analyst at Forrester, highlighted the dual benefit of the legislation:

“Despite the criticism, this is good news for businesses and society. For businesses, it starts providing companies with a solid framework for the assessment and mitigation of risks, that—if unchecked—could hurt customers and curtail businesses’ ability to benefit from their investments in the technology. And for society, it helps protect people from potential, detrimental outcomes.”

Aetha Consulting’s recent market analysis further acknowledged the sector-specific implications:

“The AI Act marks a significant step towards addressing AI risks, but its implementation must strike a balance that preserves innovation, particularly in telecoms… Its ubiquity raises the potential for it to act as a global benchmark for AI regulation across all industries.

"However, its success depends on how it is implemented—there are risks related to ambiguity in the definition of tiers.”

Operational impact of compliance timelines

May 2025 brought new urgency to compliance with identity verification and Sender ID regulations. Countries including the Czech Republic, Ireland, Qatar and Tanzania have announced hard deadlines for Sender ID registration to mitigate messaging fraud.

Ireland will label unregistered senders as “Likely Scam” from July 2025, moving to complete blocking by October.

Youtube Placeholder

In the US, the Federal Communications Commission (FCC) has broadened the definition of a “Voice Service Provider” under the STIR/SHAKEN framework.

The definition now includes any business placing PSTN calls on behalf of others or controlling the associated phone numbers. Such entities must secure their own SPC token and signing credentials, adding technical and administrative overheads for many service providers.

Simultaneously, new Know Your Customer (KYC) requirements affect number provisioning across Brazil, Ireland and Belgium.

In Brazil, any number not tied to a registered compliance bundle faces reclamation from June 2025.

In Ireland and Belgium, unverified mobile numbers are subject to similar enforcement actions.

National security and critical infrastructure

National security imperatives increasingly shape telecom regulation. The FCC has launched a comprehensive review of submarine cable licensing in the US, the first in decades.

The review could introduce shorter license durations and new reporting requirements, particularly concerning ownership and usage rights such as Indefeasible Rights of Use (IRUs).

In addition, the FCC may expand its “Covered List” of equipment and vendors posing unacceptable security risks. The action would broadly affect procurement, partnerships and cross-border technology supply chains.

As the telecommunications landscape shifts under the weight of AI governance, data integrity standards and security concerns, operators face strategic decisions that extend far beyond infrastructure investments.

With rising compliance demands and evolving risks, the ability to adapt regulatory strategies across jurisdictions is now critical for sustaining operational agility and long-term competitiveness.

Explore the latest edition of Mobile Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cloud & 5G LIVE. Discover all our upcoming events and secure your tickets today.

Sign up to receive the Mobile Magazine weekly newsletter.

Mobile Magazine is a BizClik brand​​​​​​​

Company portals

Tags

EYAILarge-Language ModelsEUForresterAI ActCzech RepublicIrelandQatartanzaniaUnited StatesFederal Communications CommissionVoice Service ProviderSTIR/SHAKEN frameworkPSTNSPCKnow Your CustomerBrazilBelgiumIndefeasible Rights of UseAI governancedata integrity standardsTelcoTelecommunicationsAetha Consulting