Light KYC (~ no documentation)
US/CA, UK, France, Netherlands, Spain, Italy, Israel, Australia, NZ, South Africa, Sweden, Belgium, Argentina. Usually just credit-card verification.
Regulatory & Compliance Information
DIDHub operates as a registered telecommunications service provider in 130+ jurisdictions. This page summarizes our regulatory posture: who regulates us where, what KYC requirements you should expect, how we handle data residency, and which compliance frameworks (GDPR, HIPAA, SOC 2, etc.) we operate under.
Last updated: 2026-04-25.
1. Regulators by country
In each country we serve, DIDHub either holds the required telecommunications registration directly, or is interconnected (under contract) with a locally licensed operator that does, we do not hold direct licensing in every country, and where we don’t, the regulator-mandated obligations are met through a licensed in-country partner. Selected major markets:
| Country | Regulator | Key requirements |
|---|---|---|
| United States | FCC | Form 499-A, USF contribution, STIR/SHAKEN attestation A, CALEA |
| Canada | CRTC | STIR/SHAKEN, Numbering Resource Utilization, Lawful Intercept |
| United Kingdom | Ofcom | General Conditions, GC C6 emergency, GC C5 number portability, GC A3 CLI |
| Germany | Bundesnetzagentur (BNetzA) | Local address requirement, TKG compliance, Vorratsdatenspeicherung |
| France | ARCEP | Light-touch KYC, ARCEP declaration, RGPD compliance |
| Israel | Ministry of Communications | Standard registration; light KYC for ordinary numbers |
| India | TRAI / DoT | OSP licence, ELOA / customer ID, DLT registration for SMS |
| UAE | TDRA (formerly TRA) | Strict KYC, Trade License, IP allowlist requirements |
| Saudi Arabia | CST (formerly CITC) | Strict KYC, Commercial Registration (CR), local presence |
| Australia | ACMA | Carrier Service Provider, Carriage Service Provider rules, LNP |
| Brazil | Anatel | SCM authorization, LGPD compliance, mobile/landline portability |
| Mexico | IFT | Concesionario de Red Pública de Telecomunicaciones |
| Japan | MIC | Type-2 Telecommunications Carrier registration, KYC |
| South Korea | KCC | Telecom Business Act compliance, KISA security |
| South Africa | ICASA | ECNS / ECS licence, RICA compliance for KYC |
| EU markets | National regulators (BIPT, ACM, AGCOM, etc.) | EECC (European Electronic Communications Code) compliance, GDPR |
2. KYC and documentation requirements
What you'll be asked for varies by country. Roughly three tiers:
Address-based KYC
Germany, Switzerland, some EU. Requires verified local address (residential, business, or registered agent). DIDHub helps with virtual-office options where needed.
Full KYC + business filing
India, UAE, Saudi Arabia, China, Brazil, Vietnam, Egypt, Turkey, Japan. Business registration cert, ID for responsible party, sometimes country-specific filings (DLT in India, ICP in China).
The exact requirements per number are surfaced in the DIDHub dashboard before purchase, you'll see the required documents and approval timing before committing.
3. Data residency
DIDHub operates a region-aware data plane. Per default:
- EU customers / EU DIDs: SBC media + signaling pinned to EU regions (Frankfurt + Amsterdam). Call-detail records (CDRs) and recordings stored in EU.
- US customers / US DIDs: US-only data plane (NOAM region).
- UK customers: UK + EU data plane (post-Brexit pragmatic default).
- APAC customers: APAC region (Singapore + Tokyo). Per-country pinning available on request (e.g. Japan-only for Japanese tenants with strict residency requirements).
- MENA customers: MENA region (Dubai + Frankfurt as fallback).
For tenants with stricter residency requirements (German federal, French OIV, UK FCA, Indian critical infrastructure), DIDHub offers single-tenant SBC isolation in a dedicated region. Talk to us about the specific regulatory profile.
4. Compliance frameworks
| Framework | Status | Notes |
|---|---|---|
| SOC 2 Type II | In place | Annual third-party audit; report available under NDA. |
| ISO 27001 | In place | Information security management system certified. |
| GDPR (EU) | Compliant | Standard DPA; Art. 28 sub-processor list published; SCCs for non-EU transfer. |
| UK Data Protection Act | Compliant | UK GDPR; DPA mirrors EU. |
| CCPA / CPRA (California) | Compliant | Privacy notice + consumer rights handling. |
| HIPAA (US healthcare) | Available with BAA | BAA signing on Enterprise plans; covered for healthcare providers handling PHI in voice or SMS. |
| LGPD (Brazil) | Compliant | For Brazilian customers; mirrors GDPR substantially. |
| DSGVO (Germany) | Compliant | German GDPR implementation; available for German tenants with strict residency. |
5. STIR/SHAKEN attestation
For US/CA outbound, DIDHub signs every call with one of three STIR/SHAKEN attestation levels:
- Attestation A (full): verified relationship between caller and Caller ID. The Caller ID is owned by, ported into, or under verifiable authorization to DIDHub for this customer. This is the default for DIDHub-allocated and DIDHub-ported numbers.
- Attestation B (partial): known relationship to caller but unverified Caller ID. Used in BYOC scenarios where the customer presents a Caller ID DIDHub doesn't directly own.
- Attestation C (gateway): reserved for international transit, not used on standard DIDHub outbound.
Attestation level affects spam-flagging on US/CA mobile carriers. Attestation A is required for sustained delivery; attestation C is increasingly dropped.
6. Emergency calling
DIDHub supports emergency calling (E911 in US/CA, 999 in UK, 112 in EU, 000 in Australia, etc.) with location-based routing in markets where the regulator requires it.
For US tenants on Microsoft Teams Direct Routing or 3CX, DIDHub provides PIDF-LO-based dynamic E911 with Kari's Law and Ray Baum's Act compliance, calls reach the correct PSAP (Public Safety Answering Point) based on the caller's verified location at call time. Compliance details available on request for healthcare/regulated tenants.
7. Law-enforcement requests
DIDHub responds to valid legal process in jurisdictions where we operate. Requests should be sent to [email protected] on official agency letterhead with the relevant subpoena, court order, search warrant, or international legal-assistance treaty paperwork.
Per US law (Stored Communications Act + analogues globally), DIDHub provides only the data legally required for the specific request type:
- Subpoena: subscriber information.
- 2703(d) court order: non-content transactional records (CDRs, message logs).
- Search warrant: content (call recordings, SMS bodies) where retained.
DIDHub publishes an annual transparency report aggregating law-enforcement requests by jurisdiction.
Ready to get a number?
Pick a DID in 130+ countries from $1.99/month. Activates instantly on most numbers.