Mexico’s latest attempt to regulate mobile communications in the name of public security has reignited a familiar legal debate. On January 9, 2024, authorities launched a new mandatory registry for active mobile phone lines, requiring users to submit official identification, CURP, or passport data. The measure is framed as a tool to combat extortion, one of the country’s most prevalent crimes, often perpetrated through anonymous calls and messages. Yet despite avoiding the biometric data collection that doomed its predecessor, the registry has already drawn scrutiny over its legality and effectiveness.
The policy mandates that all users of voice- and SMS-enabled SIM cards register their lines by June 29, 2026. Non-compliant lines will be suspended starting June 30 of that year. The requirement applies across major telecom providers including Telcel, Movistar, AT&T, Bait, and Altán. Registration can be completed online or in person. Lines using SIM cards that do not support voice or SMS are exempt from the obligation.
The initiative follows the 2022 Supreme Court ruling that invalidated the National Mobile Phone Users Registry (PANAUT), which had required biometric data such as fingerprints and facial recognition. The Court found that PANAUT violated constitutional protections on privacy and data security, citing insufficient safeguards and a lack of proportionality between the policy’s aims and its intrusiveness. In contrast, the current registry omits biometric requirements—a design choice seemingly intended to address those constitutional failings.
The absence of biometric data does not automatically render the new scheme constitutional.
However, legal experts caution that the absence of biometric data does not automatically render the new scheme constitutional. Concerns persist about whether the policy meets standards of necessity and proportionality under Mexican law. Critics argue that mandatory identification may still infringe on privacy rights without demonstrable gains in crime prevention. They also question whether telecom operators are adequately equipped to protect sensitive user data from misuse or breaches.
Authorities defend the registry as a necessary response to persistent extortion threats. By linking mobile numbers to verified identities, they argue, law enforcement can more effectively trace criminal activity. Some legal analysts concede that a narrowly tailored registry—if implemented with robust data protection measures—could withstand judicial scrutiny. But such safeguards have yet to be clearly articulated or tested in practice.
The policy also imposes administrative burdens on both users and telecom providers. Millions of mobile lines will need to be registered over the next two years, raising logistical challenges and potential service disruptions. For operators, compliance entails new systems for identity verification and data management—tasks that carry financial and operational costs.
Beyond its immediate legal implications, the registry reflects broader tensions in Mexico’s approach to digital governance. Balancing public security with individual rights remains a persistent challenge in regulatory design. As with PANAUT before it, this latest initiative may ultimately be shaped not only by legislative intent but by judicial interpretation.
Legal challenges appear likely as civil society groups and privacy advocates assess the registry’s compliance with constitutional norms. Should such cases reach the Supreme Court again, the outcome may hinge on whether authorities can demonstrate that this version of the registry avoids past overreach while delivering measurable public safety benefits.
