Compliance

Regulatory & Compliance Information

DIDHub operates as a registered telecommunications service provider in 80+ jurisdictions. This page summarizes our regulatory posture: who regulates us where, what KYC requirements you should expect, how we handle data residency, and which compliance frameworks (GDPR, HIPAA, SOC 2, etc.) we operate under.

Last updated: 2026-04-25.

1. Regulators by country

DIDHub holds the operating registrations and carrier interconnects required by each country's telecommunications regulator. Selected major markets:

CountryRegulatorKey requirements
United StatesFCCForm 499-A, USF contribution, STIR/SHAKEN attestation A, CALEA
CanadaCRTCSTIR/SHAKEN, Numbering Resource Utilization, Lawful Intercept
United KingdomOfcomGeneral Conditions, GC C6 emergency, GC C5 number portability, GC A3 CLI
GermanyBundesnetzagentur (BNetzA)Local address requirement, TKG compliance, Vorratsdatenspeicherung
FranceARCEPLight-touch KYC, ARCEP declaration, RGPD compliance
IsraelMinistry of CommunicationsStandard registration; light KYC for ordinary numbers
IndiaTRAI / DoTOSP licence, ELOA / customer ID, DLT registration for SMS
UAETDRA (formerly TRA)Strict KYC, Trade License, IP allowlist requirements
Saudi ArabiaCST (formerly CITC)Strict KYC, Commercial Registration (CR), local presence
AustraliaACMACarrier Service Provider, Carriage Service Provider rules, LNP
BrazilAnatelSCM authorization, LGPD compliance, mobile/landline portability
MexicoIFTConcesionario de Red Pública de Telecomunicaciones
JapanMICType-2 Telecommunications Carrier registration, KYC
South KoreaKCCTelecom Business Act compliance, KISA security
South AfricaICASAECNS / ECS licence, RICA compliance for KYC
EU marketsNational regulators (BIPT, ACM, AGCOM, etc.)EECC (European Electronic Communications Code) compliance, GDPR

2. KYC and documentation requirements

What you'll be asked for varies by country. Roughly three tiers:

Light KYC (~ no documentation)

US/CA, UK, France, Netherlands, Spain, Italy, Israel, Australia, NZ, South Africa, Sweden, Belgium, Argentina. Usually just credit-card verification.

Address-based KYC

Germany, Switzerland, some EU. Requires verified local address (residential, business, or registered agent). DIDHub helps with virtual-office options where needed.

Full KYC + business filing

India, UAE, Saudi Arabia, China, Brazil, Vietnam, Egypt, Turkey, Japan. Business registration cert, ID for responsible party, sometimes country-specific filings (DLT in India, ICP in China).

The exact requirements per number are surfaced in the DIDHub dashboard before purchase — you'll see the required documents and approval timing before committing.

3. Data residency

DIDHub operates a region-aware data plane. Per default:

  • EU customers / EU DIDs: SBC media + signaling pinned to EU regions (Frankfurt + Amsterdam). Call-detail records (CDRs) and recordings stored in EU.
  • US customers / US DIDs: US-only data plane (NOAM region).
  • UK customers: UK + EU data plane (post-Brexit pragmatic default).
  • APAC customers: APAC region (Singapore + Tokyo). Per-country pinning available on request (e.g. Japan-only for Japanese tenants with strict residency requirements).
  • MENA customers: MENA region (Dubai + Frankfurt as fallback).

For tenants with stricter residency requirements (German federal, French OIV, UK FCA, Indian critical infrastructure), DIDHub offers single-tenant SBC isolation in a dedicated region. Talk to us about the specific regulatory profile.

4. Compliance frameworks

FrameworkStatusNotes
SOC 2 Type IIIn placeAnnual third-party audit; report available under NDA.
ISO 27001In placeInformation security management system certified.
GDPR (EU)CompliantStandard DPA; Art. 28 sub-processor list published; SCCs for non-EU transfer.
UK Data Protection ActCompliantUK GDPR; DPA mirrors EU.
CCPA / CPRA (California)CompliantPrivacy notice + consumer rights handling.
HIPAA (US healthcare)Available with BAABAA signing on Enterprise plans; covered for healthcare providers handling PHI in voice or SMS.
LGPD (Brazil)CompliantFor Brazilian customers; mirrors GDPR substantially.
DSGVO (Germany)CompliantGerman GDPR implementation; available for German tenants with strict residency.

5. STIR/SHAKEN attestation

For US/CA outbound, DIDHub signs every call with one of three STIR/SHAKEN attestation levels:

  • Attestation A (full): verified relationship between caller and Caller ID. The Caller ID is owned by, ported into, or under verifiable authorization to DIDHub for this customer. This is the default for DIDHub-allocated and DIDHub-ported numbers.
  • Attestation B (partial): known relationship to caller but unverified Caller ID. Used in BYOC scenarios where the customer presents a Caller ID DIDHub doesn't directly own.
  • Attestation C (gateway): reserved for international transit, not used on standard DIDHub outbound.

Attestation level affects spam-flagging on US/CA mobile carriers. Attestation A is required for sustained delivery; attestation C is increasingly dropped.

6. Emergency calling

DIDHub supports emergency calling (E911 in US/CA, 999 in UK, 112 in EU, 000 in Australia, etc.) with location-based routing in markets where the regulator requires it.

For US tenants on Microsoft Teams Direct Routing or 3CX, DIDHub provides PIDF-LO-based dynamic E911 with Kari's Law and Ray Baum's Act compliance — calls reach the correct PSAP (Public Safety Answering Point) based on the caller's verified location at call time. Compliance details available on request for healthcare/regulated tenants.

7. Law-enforcement requests

DIDHub responds to valid legal process in jurisdictions where we operate. Requests should be sent to [email protected] on official agency letterhead with the relevant subpoena, court order, search warrant, or international legal-assistance treaty paperwork.

Per US law (Stored Communications Act + analogues globally), DIDHub provides only the data legally required for the specific request type:

  • Subpoena: subscriber information.
  • 2703(d) court order: non-content transactional records (CDRs, message logs).
  • Search warrant: content (call recordings, SMS bodies) where retained.

DIDHub publishes an annual transparency report aggregating law-enforcement requests by jurisdiction.

Ready to get a number?

Pick a DID in 80+ countries from $1.99/month. Activates instantly on most numbers.