Spain to block sms scams: new system arrives in 2026

Get ready for a significant shift in how you receive text messages. Spain's National Commission of Markets and Competition (CNMC) is implementing a groundbreaking system designed to eradicate SMS fraud and bolster data security, a move poised to reshape the mobile landscape for millions.

A fortress against smishing

For years, consumers have been bombarded with deceptive SMS messages – “smishing” – impersonating banks, telecom providers, and insurance companies, all with the nefarious goal of stealing personal data. The CNMC’s new initiative directly addresses this escalating threat, aiming to dismantle the tactics employed by cybercriminals who exploit social engineering to pilfer financial information.

The core of this strategy lies in mandating that businesses register their sender identities, known as “aliases,” with the CNMC. Companies failing to comply face stiff financial penalties. Essentially, the CNMC is establishing a robust verification system, demanding transparency and accountability from organizations transmitting SMS or RCS messages to Spanish mobile users.

Think about the frustration of receiving a seemingly legitimate SMS from your bank, urging you to click a suspicious link. This scenario, increasingly common, is set to become a relic of the past. The new ‘alias’ registry, managed by the CNMC, will collect alphanumeric codes used by senders, allowing recipients to instantly recognize the origin of an SMS without resorting to internet searches or contact lists.

It's not just Spanish companies that are affected. Multinational corporations sending SMS or RCS messages to Spanish clients will also be required to register their aliases, proving their connection to their brand or domain. The CNMC’s circular, published on February 12th, outlines the specifics of this registration process.

How the blocking will work

The CNMC will begin blocking messages under several conditions: mismatches between the alias and the registered identifier, messages from unregistered providers, unauthorized transmissions, and messages originating from foreign companies not registered in Spain. A grace period until June 6, 2026, allows providers to adapt their systems and conduct testing, but the deadline is firm.

This represents one of Spain's most ambitious moves to combat cybercrime, complementing existing measures against unwanted phone calls. The success of the initiative hinges on a collaborative partnership between mobile operators and the regulatory body, ensuring the registry functions as a trusted resource.

While the rollout won't be immediate, the CNMC's proactive approach signals a significant commitment to protecting consumers in the digital age. The implementation of this system is not merely a regulatory update; it is a declaration of war against SMS fraud, one that promises to reshape the mobile communication experience for every user in Spain.