The CNMC (National Commission for Markets and Competition) has just approved the Alias ​​Registry, a database in which brands and entities must register to send SMS, MMS, or RCS messages to Spanish numbers. This system aims to create a safer communications environment, eliminating practices such as smishing (an online scam in which a cybercriminal impersonates a trusted company via SMS). How the Alias ​​Registry Works The Alias ​​Registry, created and approved by the CNMC, is a system that identifies senders using brand or commercial names to send text messages to Spanish phone numbers. In other words, if your brand wants to send communications via SMS, MMS, or RCS to its customers or target audience, it must first register in the Alias ​​Registry. Otherwise, its messages will be blocked. As the CNMC explains in its statement: “Aliases may be registered by alias holders (companies and public administrations) or other entities or messaging providers acting on behalf of alias holders.” To register, they must demonstrate that the alias is related to the brand, trade name, company name, or domain, or other criteria; and that it complies with the technical and formatting rules established in the circular. The Alias ​​Registry will compile all alphanumeric identifiers (letters, numbers, and letters combined, or other characters) that can be used as the sender in SMS, MMS, or RCS messages sent to Spanish numbers. The CNMC, the body responsible for managing this system, will provide access to the registry through a public portal on its website, allowing citizens to check which aliases are registered and who owns them. Responsibilities of Messaging Providers

The circular regulating the Alias ​​Registry also establishes the responsibilities of the various agents involved in sending messages (messaging service providers at origin, in transit, or at the destination). Specifically, these providers must block SMS, MMS, or RCS messages when: - Aliases not registered in the registry are used - They originate from providers that are not registered - They are sent without authorization from the alias holder - They correspond to foreign companies not registered in Spain. An exception to this last point is made for cases where the message recipient is roaming. Implementation Deadlines Finally, the CNMC has defined the following roadmap for the effective implementation of the Alias ​​Registry: - Publication in the Official State Gazette (BOE): Messaging providers may carry out bulk uploads of aliases for one month from the date the Circular enters into force after its publication in the BOE. -Until June 6, 2026: deadline for messaging providers to conduct tests and adapt their systems to connect with the Alias ​​Registry. From June 7, 2026: the obligation to block sent messages that do not meet the requirements will come into effect. How to protect yourself from online scams like smishing Scams like smishing aim to impersonate trusted sources or companies (banks, utility companies, insurance companies, marketplaces, or even the Tax Agency) to obtain confidential information or trick the victim into clicking on a malicious link. While the CNMC's Alias ​​Registry is an important step towards ensuring the online security of users, it's also helpful to know some tricks to detect and avoid falling victim to online scams or fraud, thus protecting your personal and financial information. -Be wary of urgency and alarmism: Smishing messages often create a sense of urgency, urging you to act immediately to avoid negative consequences. For example, they might alert you to a problem with your bank account or a package that couldn't be delivered. -Verify the source: Before clicking on any link, make sure the sender is legitimate. Check the phone number and look for inconsistencies in the company name or address. Official entities rarely request confidential information via SMS. -Don't share confidential information: Never provide passwords, verification codes, your ID number, or credit card details in response to an SMS. No legitimate company will ask for this type of information through this channel. -Be very careful with links: Don't click on links you haven't requested, even if they appear to come from a trusted source. A quick glance can often reveal misplaced characters or unusual elements in the URL that should raise red flags. The safest way to access websites is by typing the correct address directly into your browser. - Enable two-factor authentication (2FA): This extra layer of security will help protect your accounts, even if a cybercriminal manages to obtain your credentials. - Use a mobile security solution: Install an antivirus or security app that detects and blocks smishing messages.