From record multimillion-dollar fines on telecom operators in APAC to heavier consequences for failures in critical emergency services worldwide, Lexology PRO analyses telecoms enforcement activity from 2025 to identify key risks and trends.
The data in this article is based on Lexology PRO’s Scanner, our automated regulatory monitoring tool covering 18 regulatory areas and tracking over 1500 regulatory sources. Full details on Scanner’s regulatory coverage can be found here.
Enforcement in this series includes any action regulators have taken as part of their enforcement powers, including active investigations, audits, decisions, fines, penalties, settlements, and/or orders. This report covers data – primarily agency announcements – released between 1 November 2024 and 1 November 2025.
Where did the most enforcement activity come from?
Brazilian regulators led global enforcement activity against telecoms companies in 2025 with extensive crackdowns on counterfeit equipment and new telecoms product regulations, setting a strong precedent for compliance standards.
European regulators also issued a high volume of actions, imposing major fines for data protection and consumer violations. In the US, enforcement centred on combating robocalls and telemarketing abuses.
Across the Asia-Pacific (APAC) region, particularly in Pakistan, Australia, and South Korea, regulators focused on consumer protection and telecom fraud.
Together, these regions drove a global trend of rigorous enforcement aimed at protecting consumers, securing networks, and ensuring regulatory compliance.
Brazil’s telecoms regulator tops the charts
According to Scanner data, Brazil’s National Telecommunications Agency (Anatel) was one of the most active regulators.
Anatel led dozens of high-profile operations, including crackdowns on counterfeit and smuggled telecom equipment. These measures were combined with commitments to improve rural connectivity. In a recent case, Anatel converted a monetary penalty on Sky Serviços de Banda Larga into an obligation to provide internet access to remote schools. This approach demonstrates a regulatory approach that combines enforcement with infrastructure development.
Consumer protection also featured prominently. In 2024, Anatel turned its attention to blocking illegal betting sites and imposed penalties on online platforms for failing to meet service obligations. In the competition arena, Anatel teamed up with Brazil’s antitrust watchdog to pursue a local energy company for discriminatory pricing in telecoms pole-sharing agreements.
APAC authorities crack down on data breaches and consumer fraud
Regulators in the Asia-Pacific (APAC) region were notably active in pursuing telecoms-related enforcement, according to Scanner data.
South Korea led enforcement activity APAC activity. The most significant case was a ₩134.8 billion (US$83 million) fine against SK Telecom for a data breach impacting 23 million users under the Personal Information Protection Act 2020, the largest penalty ever imposed on a telecom operator in South Korea. Regulators also enforced compliance with the Telecommunications Business Act 2022, as demonstrated by the Korea Communications Commission’s investigation into “smart learning paper” providers over excessive early-termination penalties that may breach the law and restrict elementary school users’ ability to cancel contracts.
Following a separate investigation conducted by the State Affairs Coordination Office, the South Korean government introduced measures to curb voice phishing, such as mandatory AI-based fraud detection and rapid number-blocking protocols.
Meanwhile, Australia’s Communications and Media Authority (ACMA) focused on enforcement action promoting consumer protection and network reliability. Key actions included multi-million-dollar penalties for breaches by telecoms companies of the Spam Act 2003, as well as an AU$100 million (US$65.3 million) fine against Optus for selling mobile services to vulnerable consumers. This marked one of the ACMA’s largest fines to date.
Pakistan emerged as another enforcement hotspot. In a series of operations, Pakistan’s Telecommunication Authority (PTA) seized thousands of illegally activated SIM cards, biometric verification data and devices, and cloned mobile phones. These actions were paired with arrests and confiscation of franchises, underscoring Pakistan’s regulatory priority: strengthening digital identity verification and curbing telecom-enabled fraud.
Across Southeast Asia, regulators were equally active. Thailand’s National Broadcasting and Telecommunications Commission revoked licences for operators linked to call centre scams and public fraud, whilst the Indonesian Broadcasting Commission suspended numerous programmes breaching broadcast decency standards.
APAC’s enforcement surge highlights a common regulatory theme: protecting consumers, securing telecom networks, and curbing fraud, with penalties and operational reforms reshaping compliance expectations across the region.
Europe’s telecom watchdogs hit hard with big fines
European regulators were responsible for high volumes of enforcement activity targeting the telecoms sector during this period.
Several of these actions took the form of substantial financial penalties. Germany’s data protection authority fined Vodafone €45 million (US$53 million) for GDPR failures in June 2025. Similarly, France also made headlines when the National Commission on Informatics and Liberty imposed a €50 million (US$56 million) fine against Orange for embedding advertising messages disguised as emails in users’ inboxes without consent. Elsewhere,
Telefónica faced a penalty of €20 million (US$23 million) in Spain for breaching merger commitments in July 2025.
Hungary’s National Media and Infocommunications Authority focused on consumer protection, penalising broadcasters for misclassifying programmes and failing to meet age-rating obligations, including fines against TV2.
The UK Information Commissioner’s Office (ICO) concentrated enforcement action around violations of the Privacy and Electronic Communications Regulations 2003, which was the sixth most violated law across global telecoms enforcement in the past year, according to Scanner. Enforcement targeted companies that engaged in unlawful marketing “robo calls” and spam texts, often aimed at vulnerable consumers.
US agencies tackle scam calls and telemarketing abuses
US enforcement activity focused heavily on consumer protection and telecom fraud prevention in recent months.
One of the most notable actions was the Federal Communications Commission’s proposed US$4.5 million fine against a major robocall operation accused of making millions of scam calls, including Medicare and credit card fraud schemes.
In addition to imposing significant fines, the FCC strengthened its anti-robocall efforts on 25 August 2025 by removing more than 1,200 voice service providers from the Robocall Mitigation Database for failing to maintain accurate Database certificates, disconnecting them from the U.S. telephone network. The also FCC announced new third-party caller ID authentication rules requiring providers to authenticate calls using credentials tied to their own identity, rather than relying on third parties.
The Federal Trade Commission (FTC) also imposed a US$1 million penalty on Citizens Disability, for making over 109 million illegal telemarketing calls, violating the Do Not Call Registry and misrepresenting services to vulnerable individuals.
Increasing scrutiny on critical service outages
Telecom regulators imposed significant penalties for failures in emergency and critical call services in the last 12 months.
In Australia, ACMA launched an investigation into Optus after a firewall upgrade caused a 13-hour outage of Triple Zero services in September 2025.This was a repeat offence, as Optus was previously fined AU$12 million (US$7.8 million) for a similar outage that disrupted emergency calls.
Additional enforcement by ACMA included notices to TPG for emergency call rule breaches and penalties against Telstra for disabling emergency support during a server migration in June 2025.
In the UK, Ofcom fined Vonage £700,000 (US$926 million) in September 2025 for failing to ensure reliable access to emergency services. Sweden’s Post and Telecom Authority investigated Telia in October 2025 for failing to deliver emergency public alerts, while Icelandic authorities addressed disputes over emergency call costs earlier in the year. These cases highlight regulators’ zero-tolerance approach to lapses in critical telecom services, no matter the jurisdiction.
What to expect in 2026 and beyond?
Regulators worldwide are setting ambitious agendas for 2026. According to a recent EY report, the biggest risks to telecoms companies are managing privacy, security, and trust amid the rapid adoption of AI technology, as well as escalating cybersecurity threats.
In Australia, Johnson Winter Slattery partners Sophie Dawson and Jennifer Dean expected regulation in 2026 to centre around “significantly strengthened consumer protections, an ongoing emphasis on 000 network resilience, and the rollout of new scam prevention and disruption requirements.”
This includes the recently passed Triple Zero Custodian Act, giving ACMA new powers to oversee emergency call services. Dawson and Dean also expect enforcement to ramp up next year under several upcoming rules aimed at strengthening consumer protection, including the Scams Prevention Framework and new standards on protections for domestic and family violence victims.
Elsewhere in APAC, India is set to reshape its telecoms regulatory landscape through a set of new rules, which will introduce new authorisation categories for infrastructure and network services.
On 29 October 2025, the US FCC proposed major changes to the Telephone Consumer Protection Act 1991. The proposals include a new framework for caller identity verification and seek to tighten rules on calls originating from overseas and clarify consent revocation requirements, giving consumers greater control over unwanted communications.
Speaking with Lexology PRO about what’s on the horizon in the EU, Milan-based Dentons partner Giangiacomo Olivi expects telecoms regulators to prioritise adapting currently regulatory frameworks to “the evolving digital landscape.”
He suggests that companies should anticipate measures that extend traditional media principles into the online space, such as the Italian Communications Regulatory Authority’s Resolution 197/25/CONS, requiring “significant” influencers with large audiences to comply with content transparency standards like traditional broadcasters.
Olivi also notes that the European Commission’s (EC) recent Digital Omnibus package proposed repealing Regulation (EU) 2019/1150 (P2B), currently enforced by national telecom regulators, and incorporating its key provisions into other EU laws.
A parallel development to note is the Digital Networks Act, an EC initiative expected to be presented in Brussels on 20 January 2026. In a bid to modernise the bloc’s telecom regulatory framework, the proposal aims to introduce a streamlined authorisation regime for cross-border operations and provide essential infrastructure to support advanced AI and quantum computing technologies.