An Overview of Taiwan’s Regulatory Updates on Telecommunications Numbers

Telecommunication numbers are numerical codes for identification purpose that telecommunications enterprises use to provide telecommunication services to users or for network interconnection between telecommunications enterprises.  Telecommunication numbers include various codes, identifiers, and subscriber numbers of public telecommunication networks.  Due to their scarcity and public interest relevance, certain types of telecommunication numbers, alongside “licensed radio frequencies,” are classified as “telecommunication resources” under the Telecommunications Management Act, subject to stricter regulatory oversight by competent authorities.  For example, the Telecommunications Management Act mandates that operators using telecommunication resources must first register as telecommunications enterprises with the National Communication Commission (hereinafter referred to as the “NCC”).  Regarding the establishment of telecommunication networks, there is a distinction between “using telecommunication resources” and “not using telecommunication resources.”  For the establisher of public telecommunication networks using telecommunication resources, restrictions are imposed on their organizational type, the nationality of their chairperson, and the proportion of foreign shareholding.  Additionally, applicants must submit an operational plan to the NCC for review and are required to develop an “info-communications security maintenance plan” upon notification by the Ministry of Digital Affairs (hereinafter referred to as the “MODA”) for filing and implementation.

Under the authorization of the Telecommunications Management Act, the NCC originally enacted the “Regulations for Allocating and Governing Telecommunications Numbers” to regulate the allocation and management of telecommunication numbers.  Due to organizational restructuring within the Executive Yuan, the authority over these matters has changed several times.  Currently, the authority is divided into two categories: matters related to the application and allocation of telecommunication numbers, which are now overseen by the MODA, resulting in the renaming of the regulations to the “Regulations for Applying and Allocating Telecommunications Numbers,” and matters related to the use, management, and restriction of telecommunication numbers, which remain under the NCC’s authority and are regulated by the newly enacted “Regulations Governing the Use of the Subscriber Numbers on Telecommunications Enterprises.”

Recently, due to rampant fraud crimes, telecommunication numbers, especially subscriber numbers, have been frequently misused.  The Fraud Crime Hazard Prevention Act, promulgated on July 31, 2024, includes a specific section addressing “telecom fraud prevention measures.”  To align with the provisions of this Act, the competent authorities have incorporated relevant regulations into the latest amendments to the “Regulations for Applying and Allocating Telecommunications Numbers” (promulgated on November 27, 2024, hereinafter referred to as the “Application and Allocation Regulations”) and the draft amendments to certain provisions of the “Regulations Governing the Use of the Subscriber Numbers on Telecommunications Enterprises” (announced on November 19, 2024, hereinafter referred to as the “Draft Amendment to Usage Management Regulations”).  Key points include the following:

1. In line with the Fraud Crime Hazard Prevention Act, which stipulates that “when telecommunications enterprises violate specific telecom fraud prevention measures, the competent authority may, if necessary, limit the allocation of subscriber numbers to them for a certain period ^[1] ,” the Application and Allocation Regulations adds Article 21, Paragraph 1, Item 8, specifying that the MODA, when reviewing applications for the allocation of subscriber numbers by telecommunications enterprises, must consider whether their management of number use violates other laws and regulations.

2. According to the relevant provisions of the Fraud Crime Hazard Prevention Act, ^[2]  if the telecommunications authority or judicial police authorities notify telecommunications enterprises that a user has used telecommunications services to commit fraud crimes, or is suspected of such activities and fails to cooperate in re-verifying and updating their user information, or if the verified information does not match their identity, the telecommunications enterprise must restrict or suspend the provision of telecommunications services. For users whose services have been restricted or suspended, if they apply for telecommunications services again with the same telecommunications enterprise, the telecommunications enterprise must, within three years from the date of the restriction or suspension notice, limit them to applying for only one subscriber number or one telecommunications service.  In this regard, the Draft Amendment to Usage Management Regulations has added Article 13, Paragraph 2, to implement the same provision.

3. Additionally, regarding the provision in the Fraud Crime Hazard Prevention Act stipulating that “telecommunications enterprises, upon notification by judicial police authorities regarding users who have had telecommunications services restricted or suspended by other telecommunications enterprises a certain number of times, must classify the users as high-risk users and limit such high-risk users to applying for a maximum of one subscriber number or one telecommunications service within three years from the date of notification,” the NCC, on November 20, 2024, issued Tong-Chuan-Ping-Tai No. 11341025390 Announcement, explicitly defining the “certain number of times” as three times and specifying that the three-year period should begin from the date the telecommunications enterprise is notified by the “Fraud Joint Risk Management System Database,” which is established by the National Police Agency, Ministry of the Interior.

4. Article 15 of the Draft Amendment to Usage Management Regulations also stipulates that telecommunications enterprises allocated subscriber numbers must: (1) adopt appropriate risk control measures to prevent identity impersonation by users applying for subscriber numbers when verifying and registering user data and providing telecommunication services; (2) establish mechanisms for detecting, assessing, and alerting abnormal user behavior; and (3) notify users to re-verify and register their data within a specified timeframe upon discovering abnormal behavior.

Additionally, on November 13, 2024, the NCC issued a press release titled “Urging Telecommunications Enterprises to Enhance Risk Control Mechanisms for Commercial SMS to Combat Fraud from the Source through Public-Private Collaboration.”  The press release calls on telecommunications enterprises to: (1) require corporate clients wishing to send commercial SMS containing URLs, short links, or phone numbers to apply in advance and, upon approval, register the respective URLs, short links, or phone numbers; (2) detect whether commercial SMS contains URLs, short links, or phone numbers, and, if they do not match the registered information, refrain from sending them; and (3) establish a whitelist of trusted corporate clients that have passed verification to bypass detection.  However, the measures mentioned in the press release remain self-regulatory actions by telecommunications enterprises to combat fraud, without penalties for non-compliance, and the established “whitelists” do not need to be submitted to the NCC.

This article briefly introduces the legal framework for the application, allocation, usage management, and restriction of telecommunication numbers, as well as the regulations added by the competent authorities in response to the Fraud Crime Hazard Prevention Act.  With the rapid evolution of technology and the emergence of new fraud schemes, whether the current regulatory system can effectively prevent the misuse of telecommunication numbers for fraud crimes remains to be closely monitored and promptly adjusted by the competent authorities.

[1]  Article 24, Paragraph 2 of the Fraud Crime Hazard Prevention Act
[2]  Articles 17, 18, and 23 of the Fraud Crime Hazard Prevention Act