Introduction
Imagine a call center or chatbot run by the Telecommunications Regulatory Commission (CRT) to address existing user concerns regarding the new mandatory mobile line registration. There’s a lot of interest, worry, and questioning about how to register and the implications for user privacy. This is why I’m writing a second piece on this topic.
The Regulation and Its Implications
Starting January 9, 2026, the regulation mandates associating each number with a physical or legal person. Failure to register by June 30 could result in line suspension.
Addressing Common Concerns
- What if my phone is stolen and used for extortion or fraud? The Telecommunications Law outlines procedures to report stolen equipment and obligates service providers to swiftly verify user identity and suspend or block lines upon request.
- What about individuals without official documentation? The regulation requires CURP or INE for individuals and RFC for legal entities. It also allows identification of foreigners with a passport.
- How will this affect vulnerable individuals accessing mobile services through prepaid cards? The regulation should provide alternative identification options to prevent digital exclusion.
- What happens to migrants using mobile services during their transit through Mexico? The regulation allows for the identification of foreigners by name, country, and passport number. However, practical strategies are needed as some migrants may not have passports.
- How will this impact the 25 million lines managed by Mobile Virtual Network Operators (MVNOs)? MVNOs will need to comply with identification guidelines and collaborate with operators for data preservation and delivery.
Consequences of Non-Compliance
After implementation, any unregistered line will be suspended and only usable for emergency and citizen assistance calls. This affects internet access as many people use mobile packages for connectivity.
- How can the regulation mitigate this impact? The regulation should include communication campaigns, free minutes and data incentives, extended deadlines, accessible registration points, and protective measures for vulnerable groups.
Real Concerns vs. Technical Responses
Can authorities access phone lines in real-time beyond crime prevention? The law requires service providers to collaborate with justice, maintain traffic and location data, and make it available in real-time to competent authorities as per legal mechanisms.
- Is real-time access unlimited and indiscriminate? No, such intervention or geofencing requests need the Attorney General’s knowledge, a warrant, and judicial motivation.
Critical Issues: Number Spoofing and SIM Cloning
While registration identifies the subscriber, it doesn’t eliminate spoofing or using VoIP services for masked calls. The regulation should accompany measures reducing the effectiveness of spoofing and cloning.
Data Access Regulations
Who can request access to the database? The National System for Investigation and Intelligence Law stipulates that public and private databases useful for intelligence tasks must be linked and allow querying according to the law’s mechanisms.
How are data delivery and consultation procedures governed? These procedures involve the Public Ministry, judicial authority, and National System instances based on request nature. The law provides institutional access mechanisms rather than an open door for indiscriminate surveillance.
Is the government planning to spy on and control users? The technical answer is no; the law requires legal grounds, time limits, judicial control for interventions, and data destruction if they don’t contribute to investigations.
What’s the real risk? The actual risk is poor implementation and lack of transparency in accessing information. Regular transparency reports from the CRT on suspended, intervened, blocked lines, stolen phones, fraud prevention improvements, and penalties for misusing personal data can help mitigate this risk.
