There’s a Deadline Coming. And It’s Not as Simple as You’ve Been Told.
On 1 July 2026, ACMA's Sender ID requirements move from guidance to enforcement.
If your business sends SMS to Australian customers using a branded name — a word, not a number — you are in scope. What that means in practice is more involved than most businesses realise, and what your SMS provider has told you is almost certainly incomplete.
This isn't alarmism. It's what we see consistently when we assess Australian businesses against the Scam Prevention Framework obligations. The gap between "we send SMS" and "we are compliant" is wider than expected — and it's rarely obvious from the outside.
Why "We're Set Up With a Provider" Isn't Enough
The most common thing we hear is some version of: "Our provider handles that."
They don't. Not the part that matters for your compliance status.
There are layers to Sender ID compliance that sit outside your provider relationship entirely — technical configurations, registration requirements, and documentation obligations that your provider is neither required to manage nor liable for if they're wrong.
The businesses that find this out the hard way typically find out when something stops working. By then, the deadline has passed.
What's Actually Being Assessed After 1 July
Without going into the full technical detail — which varies significantly by business type, provider arrangement, and how your SMS communications are structured — the compliance picture involves more moving parts than a single registration action.
There are elements that are visible and easy to check. There are elements that look fine on the surface but have underlying configuration issues that only surface under scrutiny. And there are documentation requirements that most businesses haven't thought about at all.
Getting one element right while missing another doesn't make you compliant. It makes you partially compliant — which, from an enforcement standpoint, is the same as non-compliant.
The Part Nobody Talks About
Penalties under the Scam Prevention Framework aren't theoretical. ACMA has enforcement powers, and the framework is designed to be used.
What's less discussed is that enforcement doesn't require a formal complaint. ACMA can investigate proactively. And when a business is found to be non-compliant — regardless of whether they knew, regardless of what their provider told them — the liability sits with the business.
The question isn't whether the deadline applies to you. It almost certainly does. The question is whether your current setup would survive a compliance check.
Where Most Businesses Stand Right Now
Based on what we see in readiness assessments, the majority of Australian businesses sending branded SMS fall into one of three categories:
- Unregistered and unaware — haven't started, didn't know they needed to.
- Partially configured — some steps done, critical gaps remaining, often in the technical layer.
- Registered but non-compliant — completed the visible registration step but have underlying configuration or documentation issues that still create exposure.
If you don't know which category you're in, that's the first problem to solve.
What to Do Before the Deadline
The honest answer is: it depends on your specific situation, your provider arrangement, and how your SMS communications are structured.
What we can tell you is that the businesses that are genuinely compliant by 1 July have started the process now — not in June. The process has layers, and some of those layers take time to resolve.
If you want to know where your business actually stands, we run a confidential Sender ID readiness assessment that covers the full picture — not just the parts that are easy to check.
📞 Talk to us before the deadline catches you out.
Book a confidential Sender ID readiness conversation with TritonArk — tritonark.com.au/contact
Or run the Sender ID Readiness quick check first: tritonark.com.au or https://apps.tritonark.com.au/
