The ban covers Global Titles (GTs), a special type of mobile number that is used behind the scenes to route signalling messages like SMS or call set-up commands across networks
Ofcom argues that leasing GTs to third parties has allowed bad actors to intercept SMS messages, including two-factor authentication (2FA) texts from banks, bypass network firewalls, and mask their identities by operating under the guise of legitimate telcos.
“Leased Global Titles are one of the most significant and persistent sources of malicious signalling,” said Natalie Black, group director for networks and communications at Ofcom. “Our ban will help prevent them falling into the wrong hands, protecting mobile users and our critical telecoms infrastructure in the process.”
With immediate effect, carriers are banned from leasing GTs or new ones created from sub-allocated numbers.
For existing leases, the ban will take full effect from April 2026, with operators given until October 2026 to migrate complex cases of leased numbers.
The regulator suggests that Global Titles created from +44 number ranges have become “one of the most significant and persistent sources of malicious signalling traffic,” citing data from security firm Enea, which found that UK-based GTs ranked sixth globally for threat severity and third for overall signalling violations.
According to Ofcom, GTs sent from +44 numbers were often perceived as ‘trusted’ due to their UK origin—an assumption that bad actors have exploited. The risks, the regulator warned, are not just theoretical but potentially life-threatening:
“In extreme cases, individuals may be at risk of significant physical harm or intimidation… severe and irreparable harms could potentially arise from a single instance of misuse of network signalling.”
Ollie Whitehouse, chief technical officer at the UK National Cyber Security Centre (NCSC), said: “Today’s announcement marks an important step in the support of our mission to make the UK the safest place to live and work online.
“This technique, which is actively used by unregulated commercial companies, poses privacy and security risks to everyday users, and we urge our international partners to follow suit in addressing it.”
