ACMA is enforcing, and the SMS Sender ID Register is coming
Over AUD 5.4 million in penalties for basic email and SMS compliance failures. The SMS Sender ID Register becomes mandatory 1 July 2026. Unregistered sender IDs will be blocked.
ACMA issued over AUD 5.4 million in penalties to wagering companies during 2025-2026 for breaching email and SMS marketing rules. The regulator is active, the penalties are substantial, and the violations are structural rather than sophisticated.
The cases that set the precedent
Tabcorp paid AUD 4 million for sending thousands of SMS and WhatsApp messages without functional opt-outs, plus AUD 112,680 for failing to check the BetStop (National Self-Exclusion Register). Betfair paid AUD 871,660 for sending over 140 marketing messages to customers who had not consented or had withdrawn consent. PointsBet paid AUD 500,800 for marketing to more than 500 people on the self-exclusion register and misclassifying marketing emails as “non-commercial” to bypass unsubscribe requirements.
The common thread is that none of these are sophisticated violations. They are failures in consent management, opt-out functionality, and message classification. ACMA is enforcing against the basics, which should worry any team that has not stress-tested its own.
SMS Sender ID Register, mandatory from 1 July 2026
From 1 July 2026, all businesses using alphanumeric SMS sender IDs must register them with ACMA. Unregistered sender IDs will be blocked. The register is designed to combat impersonation scams (a real and growing problem) and it directly affects SMS marketing operations.
If your organisation sends marketing SMS with a branded sender ID and that ID is not registered by July 2026, those messages will not be delivered. There is no grace period in the published guidance.
What needs to happen
Four operational tasks before July 2026.
Audit consent records. Can you demonstrate, for every person in your SMS and email marketing database, that valid consent was obtained? If not, the risk is direct.
Test opt-out mechanisms across every channel, including WhatsApp. Functional means the unsubscribe actually unsubscribes the user, not just acknowledges the request. The Tabcorp case turned on this point.
Review message classification. If any marketing messages are classified as “non-commercial” or “transactional” to avoid opt-out requirements, the classification has to be defensible. The PointsBet case shows that ACMA will challenge it (and IMO the bar is higher than most internal compliance teams assume).
Register SMS sender IDs before July 2026. This is an operational task with a hard deadline. Missing it means messages do not arrive. Owner this to a single team before April 2026 to leave runway for issues.