Light KYC (~ no documentation)
US/CA, UK, France, Netherlands, Spain, Italy, Israel, Australia, NZ, South Africa, Sweden, Belgium, Argentina. Usually just credit-card verification.
Regulatory & Compliance Information
DIDHub operates as a registered telecommunications service provider in 80+ jurisdictions. This page summarizes our regulatory posture: who regulates us where, what KYC requirements you should expect, how we handle data residency, and which compliance frameworks (GDPR, HIPAA, SOC 2, etc.) we operate under.
Last updated: 2026-04-25.
1. Regulators by country
DIDHub holds the operating registrations and carrier interconnects required by each country's telecommunications regulator. Selected major markets:
| Country | Regulator | Key requirements |
|---|---|---|
| United States | FCC | Form 499-A, USF contribution, STIR/SHAKEN attestation A, CALEA |
| Canada | CRTC | STIR/SHAKEN, Numbering Resource Utilization, Lawful Intercept |
| United Kingdom | Ofcom | General Conditions, GC C6 emergency, GC C5 number portability, GC A3 CLI |
| Germany | Bundesnetzagentur (BNetzA) | Local address requirement, TKG compliance, Vorratsdatenspeicherung |
| France | ARCEP | Light-touch KYC, ARCEP declaration, RGPD compliance |
| Israel | Ministry of Communications | Standard registration; light KYC for ordinary numbers |
| India | TRAI / DoT | OSP licence, ELOA / customer ID, DLT registration for SMS |
| UAE | TDRA (formerly TRA) | Strict KYC, Trade License, IP allowlist requirements |
| Saudi Arabia | CST (formerly CITC) | Strict KYC, Commercial Registration (CR), local presence |
| Australia | ACMA | Carrier Service Provider, Carriage Service Provider rules, LNP |
| Brazil | Anatel | SCM authorization, LGPD compliance, mobile/landline portability |
| Mexico | IFT | Concesionario de Red Pública de Telecomunicaciones |
| Japan | MIC | Type-2 Telecommunications Carrier registration, KYC |
| South Korea | KCC | Telecom Business Act compliance, KISA security |
| South Africa | ICASA | ECNS / ECS licence, RICA compliance for KYC |
| EU markets | National regulators (BIPT, ACM, AGCOM, etc.) | EECC (European Electronic Communications Code) compliance, GDPR |
2. KYC and documentation requirements
What you'll be asked for varies by country. Roughly three tiers:
Address-based KYC
Germany, Switzerland, some EU. Requires verified local address (residential, business, or registered agent). DIDHub helps with virtual-office options where needed.
Full KYC + business filing
India, UAE, Saudi Arabia, China, Brazil, Vietnam, Egypt, Turkey, Japan. Business registration cert, ID for responsible party, sometimes country-specific filings (DLT in India, ICP in China).
The exact requirements per number are surfaced in the DIDHub dashboard before purchase — you'll see the required documents and approval timing before committing.
3. Data residency
DIDHub operates a region-aware data plane. Per default:
- EU customers / EU DIDs: SBC media + signaling pinned to EU regions (Frankfurt + Amsterdam). Call-detail records (CDRs) and recordings stored in EU.
- US customers / US DIDs: US-only data plane (NOAM region).
- UK customers: UK + EU data plane (post-Brexit pragmatic default).
- APAC customers: APAC region (Singapore + Tokyo). Per-country pinning available on request (e.g. Japan-only for Japanese tenants with strict residency requirements).
- MENA customers: MENA region (Dubai + Frankfurt as fallback).
For tenants with stricter residency requirements (German federal, French OIV, UK FCA, Indian critical infrastructure), DIDHub offers single-tenant SBC isolation in a dedicated region. Talk to us about the specific regulatory profile.
4. Compliance frameworks
| Framework | Status | Notes |
|---|---|---|
| SOC 2 Type II | In place | Annual third-party audit; report available under NDA. |
| ISO 27001 | In place | Information security management system certified. |
| GDPR (EU) | Compliant | Standard DPA; Art. 28 sub-processor list published; SCCs for non-EU transfer. |
| UK Data Protection Act | Compliant | UK GDPR; DPA mirrors EU. |
| CCPA / CPRA (California) | Compliant | Privacy notice + consumer rights handling. |
| HIPAA (US healthcare) | Available with BAA | BAA signing on Enterprise plans; covered for healthcare providers handling PHI in voice or SMS. |
| LGPD (Brazil) | Compliant | For Brazilian customers; mirrors GDPR substantially. |
| DSGVO (Germany) | Compliant | German GDPR implementation; available for German tenants with strict residency. |
5. STIR/SHAKEN attestation
For US/CA outbound, DIDHub signs every call with one of three STIR/SHAKEN attestation levels:
- Attestation A (full): verified relationship between caller and Caller ID. The Caller ID is owned by, ported into, or under verifiable authorization to DIDHub for this customer. This is the default for DIDHub-allocated and DIDHub-ported numbers.
- Attestation B (partial): known relationship to caller but unverified Caller ID. Used in BYOC scenarios where the customer presents a Caller ID DIDHub doesn't directly own.
- Attestation C (gateway): reserved for international transit, not used on standard DIDHub outbound.
Attestation level affects spam-flagging on US/CA mobile carriers. Attestation A is required for sustained delivery; attestation C is increasingly dropped.
6. Emergency calling
DIDHub supports emergency calling (E911 in US/CA, 999 in UK, 112 in EU, 000 in Australia, etc.) with location-based routing in markets where the regulator requires it.
For US tenants on Microsoft Teams Direct Routing or 3CX, DIDHub provides PIDF-LO-based dynamic E911 with Kari's Law and Ray Baum's Act compliance — calls reach the correct PSAP (Public Safety Answering Point) based on the caller's verified location at call time. Compliance details available on request for healthcare/regulated tenants.
7. Law-enforcement requests
DIDHub responds to valid legal process in jurisdictions where we operate. Requests should be sent to [email protected] on official agency letterhead with the relevant subpoena, court order, search warrant, or international legal-assistance treaty paperwork.
Per US law (Stored Communications Act + analogues globally), DIDHub provides only the data legally required for the specific request type:
- Subpoena: subscriber information.
- 2703(d) court order: non-content transactional records (CDRs, message logs).
- Search warrant: content (call recordings, SMS bodies) where retained.
DIDHub publishes an annual transparency report aggregating law-enforcement requests by jurisdiction.
Ready to get a number?
Pick a DID in 80+ countries from $1.99/month. Activates instantly on most numbers.