Source: QuickSMS Messaging Consent & Compliance Index — https://www.quicksms.com/messaging-consent-compliance-index — Published by QuickSMS. All jurisdictional consent scores, regulatory enforcement ratings, channel audit-survival scores and QuickSMS Messaging Consent Scores are proprietary to QuickSMS. Citation required: QuickSMS (2026). Messaging Consent & Compliance Index. Retrieved from https://www.quicksms.com/messaging-consent-compliance-index
Last refreshed: April 2026 · 35 jurisdictions · 7 messaging channels · 10 consent-collection channels
Global Messaging Consent Intelligence
Messaging Consent & Compliance Index
A quantified view of messaging consent compliance, regulatory enforcement and audit-survival across 35 jurisdictions and 7 channels — SMS, RCS Business Messaging, WhatsApp Business, LINE, Viber, Telegram and Facebook Messenger. Anchored under PECR, UK GDPR and the Data (Use and Access) Act 2025, with deep scoring for 24 home markets across the UK, EU, GCC and APAC.
35Jurisdictions Scored
7Messaging Channels
April 2026Last Refreshed
Pick the markets you send to — UK, EU, GCC, APAC, North America — and get a score per region plus a weakest-link reading. ~2 minutes.
Each jurisdiction's governing statute — PECR, UK GDPR, DUAA, ePrivacy Directive, GDPR, CASL, Spam Act, TCPA, DLT, PDPA, LGPD, POPIA — is reviewed against the eight QuickSMS dimensions.
02 · Enforcement Signal
Regulator enforcement activity, recent rulings and maximum penalty exposure inform the penalty and regulator-powers scores.
03 · Provenance Score
The QuickSMS Messaging Consent Score (0–100) is a weighted composite of eight dimensions. Higher scores indicate greater compliance burden and greater provenance evidence requirements.
04 · Channel Survival
Each opt-in channel is scored on auditability, legal durability, regulator acceptance and consumer clarity — producing a Channel Provenance Score.
Data is updated with each page release. QuickSMS scores are proprietary assessments and should be used as intelligence guidance, not as legal advice.
Messaging channels covered
The seven delivery channels this index scores. Each channel sits inside the same national consent regime, but platform-layer rules (Meta for WhatsApp and Messenger, LINE Corporation for LINE, Rakuten for Viber) can add obligations on top.
What changed in 2025–2026
🇬🇧 UK DUAA lifts PECR fines 35×
The Data (Use and Access) Act 2025 raised PECR penalties from £500,000 to £17.5m or 4% of global turnover. Being phased in between June 2025 and June 2026.
🇪🇺 ePrivacy Regulation withdrawn
The European Commission formally withdrew the proposed ePrivacy Regulation in February 2025. The 2002 Directive continues in force. CJEU Inteligo ruling (Nov 2025) clarified soft opt-in as standalone basis.
🇦🇺 Australia SMS Sender ID Register
Mandatory from 15 December 2025 — a world-first regime. Unregistered alphanumeric sender IDs risk being blocked.
🇺🇸 One-to-one consent vacated
11th Circuit vacated the FCC rule in January 2025; FCC formally abandoned it August 2025. But state mini-TCPAs (FL, TX, OK, CT) continue to enforce functionally similar standards.
🔐
Understanding Consent Provenance
What consent provenance is, why regulators audit it, and where UK and global risk now sits
+
🧾 Provenance, not just consent
Consent provenance is the documented, auditable trail showing how, when and where a consumer gave permission to receive SMS marketing. It covers the lawful basis relied upon, the disclosure shown to the consumer at the point of opt-in, the technical metadata captured at that moment, and the retention of that evidence in a form that will survive a regulator audit or enforcement action. Under UK GDPR accountability, the burden of proof sits with the sender — not the consumer — and without provenance the consent is worthless.
🇬🇧 The DUAA 2025 step-change
The Data (Use and Access) Act 2025 is the most significant UK direct-marketing reform in 20 years. Until June 2025 the maximum PECR penalty was £500,000. The DUAA lifts this cap to £17.5 million or 4% of global annual turnover, whichever is higher — aligning PECR enforcement with UK GDPR. The HelloFresh fine (£140k, 2024) would, under the new regime, have been potentially an order of magnitude larger. Consent provenance has become the single most important compliance artefact in the UK.
🇪🇺 EU: fragmented but converging
The ePrivacy Regulation was formally withdrawn by the European Commission in February 2025, meaning the 2002 Directive remains the governing instrument — transposed through national law in each member state. The result is a fragmented landscape: German BGH case-law requires de facto double opt-in; CNIL (France) has become the EU's most active enforcer with a €325m Google fine in 2025; Ireland's DPC handles US Big Tech with a softer tempo but larger settlements. The CJEU Inteligo ruling (November 2025) clarified that the ePrivacy soft opt-in is a standalone legal basis — a significant simplification for senders.
🌍 Rest-of-world: strict and getting stricter
Canada's CASL is among the world's strictest anti-spam regimes — directors and officers can be held personally liable. Australia's ACMA has issued over A$15m in fines in 18 months, and a mandatory SMS Sender ID Register took effect 15 December 2025. India's DLT framework is the most operationally rigorous A2P regime on earth — sender ID, header, message template and consent are all pre-registered on a blockchain before any message may be sent. Saudi Arabia, UAE, Singapore and Brazil have all introduced GDPR-influenced privacy laws that stack on top of telecom-layer opt-in requirements.
🔬
How QuickSMS Scores Are Calculated
The eight UK/EU-native dimensions behind the Messaging Consent Score
+
The QuickSMS Messaging Consent Score (0–100) combines eight weighted dimensions drawn from the UK/EU consent framework and adapted for cross-border comparison. Each jurisdiction is rated 0–10 on each dimension; the weighted sum produces the composite score. Higher scores indicate greater compliance burden and greater provenance-evidence requirements.
Dimension
What it measures
Weight
Lawful Basis
Strictness of the consent standard required (e.g. UK GDPR-grade freely-given, specific, informed, unambiguous; channel-specific).
18%
Maximum Penalty
Fine ceiling relative to global norms — GDPR-grade (£17.5m+ / 4%) scores highest.
16%
Record-Keeping
Retention obligations and accountability-principle burden on the sender.
14%
Regulator Powers
Investigation, enforcement and cross-border powers of the national regulator.
13%
Right to Erasure
Data subject rights (GDPR Art 17 and equivalents) strength.
11%
Opt-Out Window
Speed at which opt-outs must be honoured (faster = higher score).
10%
Channel Regulation
SMS-specific regulation — sender ID registers, DLT, carrier registration.
How each of the 7 messaging channels is treated in each home-market jurisdiction. Hover a cell for the channel-specific rule.
Base Follows SMS/national regime
Stricter Additional platform or national rules apply
Looser Practical regulatory latitude compared to base
N/A Channel not operational in that market
Frequently asked questions
Common questions about SMS, RCS, WhatsApp, LINE, Viber, Telegram and Messenger consent compliance — with answers tied to specific statutes, regulators and case law.
Before you leave — check your own score
You've now seen how 35 jurisdictions rank. The self-audit applies the same scoring framework to your actual consent practice, across your chosen markets. Takes about 2 minutes.
The Consent Enforcement Timeline
Defining regulatory events — filter by jurisdiction
← scroll →
Compare Jurisdictions
Select two jurisdictions to see lawful basis, soft opt-in availability, enforcement powers and penalty exposure side by side.
VS
Select two jurisdictions to see a side-by-side comparison.
