Why International Phone Numbers Need KYC: Compliance Bundles Explained

1. Why regulators require this

A phone number is not just a routing label, it’s an identity on the public telephone network, and almost every national telecom regulator treats it that way. Bodies like Germany’s Bundesnetzagentur (BNetzA), the UK’s Ofcom, France’s ARCEP, Italy’s AGCOM, Spain’s CNMC, and India’s DoT/TRAI all impose end-user registration requirements on the numbers issued in their countries. They do this for three concrete reasons.

Fraud prevention. Anonymous, instantly-provisioned numbers are the raw material of telecom fraud, spoofing, vishing, wangiri, and toll fraud all get much harder when there’s a verified person or business of record behind each number. Knowing who controls a number deters abuse and gives carriers a paper trail when abuse happens anyway.

Lawful intercept. Licensed operators in most jurisdictions are legally obliged to be able to identify the subscriber behind a number and, under proper legal process, assist law enforcement. That obligation only works if a real, verifiable end user is registered against the number in the first place.

Emergency-call routing. When someone dials 112, 999, or 911, the call has to reach the right emergency dispatch center, and, increasingly, carry an accurate caller location. The end user’s registered address (the “address of record”) is what feeds that routing in many jurisdictions. No verified address, no reliable emergency routing, which is exactly what regulators are trying to avoid.

None of this is DIDHub being cautious. These are obligations that flow from the regulator to the carrier to you, and we’re simply the part of the chain that collects what the regulator already requires.

2. Identity and address, the two pillars

Strip away the country-by-country variation and almost every KYC requirement reduces to two questions: who will use this number, and where are they based? Those are the two pillars, proof of identity and proof of a local address.

Proof of identity establishes the person or company that will actually use the number, the end user, not necessarily the account holder reselling or managing it. Proof of address establishes a registered address of record, which many regulators require to be in the number’s own country or region. That same address is frequently what powers emergency-call routing, which is why a P.O. box or a mismatched country often won’t be accepted.

A practical note on address documents: regulators and carriers usually want them recent. A utility bill or bank statement older than about three months is commonly rejected, because the point is to prove a current address, not a historical one. Keep that in mind before you dig an old PDF out of your archive.

3. Person vs business end users

The documents you supply depend on whether the end user is an individual or a company. DIDHub models this distinction directly: every end user is either a person or a business, and each kind has its own set of fields and expected documents.

Person (individual). You provide the individual’s name, address, and a government-issued identity document, typically a passport, national ID, or driver’s license, plus an address proof such as a utility bill or bank statement in their name. Some jurisdictions also want a date of birth and the issuing country of the ID document.

Business (company). You provide the legal company name and registered address, a business registration document (and, where applicable, a VAT certificate), and usually an identity document for a responsible individual acting on the company’s behalf. The company’s registered address proof stands in for the personal address proof you’d give for an individual.

Choosing the right end-user type up front matters: a number registered to “Acme GmbH” needs company paperwork, while a number for a freelancer needs personal ID. Mixing them up is one of the most common causes of a rejected submission.

4. How strict is your country?

Requirements vary enormously by country, but they tend to fall into three rough tiers. The table below is illustrative, not a definitive legal list, rules change, and the same country can apply different requirements to geographic numbers, mobile numbers, and toll-free numbers. The authoritative, up-to-date requirement for any specific number is always the one DIDHub surfaces at order time.

Two caveats worth repeating. First, “document-light” does not mean “no requirements”, even in the US and Canada you’ll generally need to register a valid address for emergency-call routing. Second, these tiers describe common patterns, not guarantees; a country can tighten its rules with little notice. Treat the table as a planning aid and rely on the per-number requirement list when you actually order.

5. What “pending documents” means, and how long it takes

When you order a regulated number, DIDHub can usually reserve and provision it immediately, but it won’t route calls until the required compliance documents have been submitted and accepted. In that interim state the number shows as pending_documents: it’s yours and it’s allocated, but it is not yet routable.

The lifecycle looks like this:

How long does approval take? It depends entirely on the carrier and regulator behind the specific number. Document-light markets can clear in minutes to hours. Standard EU markets are often a day or two. The strictest jurisdictions, or any submission that needs a correction and resubmission, can take one to several weeks. The single biggest factor you control is getting the documents right the first time, correct end-user type, in-date address proof, legible scans, so the package isn’t bounced back for a redo.

6. How DIDHub’s Compliance Center handles it

DIDHub’s Compliance Center turns this whole process into three reusable building blocks, end users, documents, and bundles, that you manage once and apply across as many numbers as you need. You can do everything in the dashboard or via the /v1/compliance/* API.

1. Create end users. An end user is the person or business that will use a number. You create each one as either a person (name, address, identity-document details) or a business (legal name, registered address, registration and VAT details), and end users are reusable, one record can back many numbers, so you set up a given customer or entity only once.

2. Upload documents. Upload the supporting files, passport, national ID, driver’s license, utility bill, bank statement, business registration, VAT certificate, and so on, as PDF, JPEG, or PNG. Documents are tied to your account and can carry an expiry date, which is handy for things like utility bills that are only valid for a few months. A single document can be reused across multiple submissions; the same passport scan can back both a UK and a German package without re-uploading it.

3. Package them into a bundle. A bundle ties one end user together with the documents needed for a given jurisdiction. You give it a name, point it at an end user, optionally stamp it with the jurisdiction it’s assembled for, and attach the relevant documents. Bundles move through a clear status flow, draft while you assemble it, submitted when it goes for review, then approved or rejected, so you always know where each package stands, and a rejection comes back with a reason so you can fix and resubmit.

4. Attach an approved bundle to a number. Once a bundle is approved, you attach it to the number that needs it. That attachment is what unblocks activation: it moves the number from pending_documents toward active and routable. Because the same end user can have several bundles across different jurisdictions, a multi-country deployment stays organized rather than turning into a pile of loose files.

Prefer to automate it? Every one of these steps, creating end users, uploading documents, building bundles, and attaching a bundle to a number, is available under the /v1/compliance/* endpoints, with the number attachment exposed on the number itself. Browse the full request and response shapes in the API explorer and wire compliance straight into your own provisioning flow.

7. Bottom line

KYC on international phone numbers isn’t optional, and it isn’t a DIDHub policy, it’s a regulator-mandated part of how the global telephone network works. The good news is that it’s entirely predictable once you know the pattern:

• Expect two things: proof of identity for the end user, and proof of a local address, the two pillars behind almost every country’s rules.
• Know your end-user type: a person needs personal ID; a business needs registration paperwork. Get this right before you order.
• Prep documents before you order regulated numbers: have current, legible ID and address proof ready, especially for strict markets like Germany, Italy, Spain, and India.
• Let DIDHub tell you what’s needed: the exact requirement for any specific number is surfaced at order time, so you’re never guessing.
• Use the Compliance Center: create end users, upload documents once, bundle them per jurisdiction, and attach an approved bundle to move a number from pending_documents to active, in the dashboard or via the API.

Handled this way, “pending documents” stops being a roadblock and becomes a quick, well-understood step on the way to a live number. For the number-type angle, which types tend to need a local address in the first place, see DID number types explained.

Not sure what a particular country will ask for, or working through a tricky regulated market? Tell us the country and number type and we’ll walk you through exactly what’s required, reach the team at [email protected].

More from the blog