📡 The Big Story
Apple Finally Encrypts RCS Between iPhones and Androids 🔥
Well, look at that. With iOS 26.5, Apple is rolling out end-to-end encrypted RCS messaging between iPhone and Android, closing the single biggest security gap in cross-platform texting. Per 9to5Mac, the release notes confirm it: green bubble conversations are now actually private.
This matters way more than the average iOS dot-release feature. For two years, RCS between iPhones and Androids has been "better SMS" with all the features and roughly none of the security. Now it's a legitimate channel for sensitive business communication, the kind of stuff that previously had to live in WhatsApp or a proprietary app. Banks, healthcare, government services? They've been waiting for this exact thing.
Here's the thing nobody wants to say out loud: this also puts real competitive pressure on WhatsApp and even iMessage as a brand differentiator. If green bubbles are now encrypted, fast, and feature-rich, the moat shrinks. The walled garden just got a side door. For the broader A2P ecosystem, RCS just became a lot harder to dismiss as "interesting but not enterprise-ready."
🔥 What's Moving
Australia's ACMA Sender ID Registry Goes Live July 1 👀
From July 1, 2026, any branded SMS sent in Australia without a registered sender ID gets relabeled "Unverified" and dumped into the scam pile, per Dynamic Business. So if your brand isn't registered, your customers literally see "Unverified" where "MyShop" used to be. Brutal.
This is Australia's version of what the UK did with the 7726 registry, and honestly it works. Scam SMS volume in Aus has been ugly for years. The flipside: every Australian-facing texter needs to act now or watch their CTRs faceplant on Canada Day. Aussie Day. Whatever, the point is July 1.
Infobip Walks Through RCS 4.0 😴
Infobip published a deep dive on RCS 4.0, breaking down the new spec's implications for brands. The features are genuinely useful (better rich cards, improved fallback handling, expanded verified sender controls), but let's be real: most enterprises are still figuring out RCS 1.0. We're shipping 4.0 to an audience that hasn't deployed 2.0. Classic telecom move.
Still, paired with Apple's encryption news above, this is the maturity curve doing what it should. RCS in 2026 is starting to look like SMS in 2014: spec-heavy, fragmented, but undeniably the future.
FCC One-to-One Rule Officially Dead, States Take the Wheel 🤡
The FCC's one-to-one consent rule, postponed in January 2025 and formally killed in July 2025 after the Eleventh Circuit struck it down, is now ancient history per ActiveProspect's 2026 regulatory rundown. Meanwhile the CFPB went from 1,700 employees to roughly 200, and from 27 enforcement actions in 2024 to a grand total of one, according to TSI.
If you think this means compliance got easier, congratulations, you're about to get sued by an attorney general. Over 20 state AGs are now running active enforcement programs, and California, New York, Massachusetts, and Illinois are not subtle about it. The risk didn't disappear, it just got 50 different flavors.
March TCPA Filings Cool, FCRA Heats Up 👀
Per Troutman Pepper Locke, TCPA filings dipped in March while FCRA and FDCPA filings climbed. Is this the post-one-to-one bump finally showing up in the data? Maybe. Or it's plaintiff lawyers chasing easier targets. Either way, one month doesn't make a trend, but it's the first encouraging data point texters have gotten in a while.
🏆 Winner of the Week: Android users, who finally get encrypted iMessage-grade texting with their iPhone friends without installing a third-party app.
📉 Loser of the Week: The CFPB, going from regulatory heavyweight to a 200-person operation with one enforcement action in a year. Quite a fall.
📊 By the Numbers
- 1,700 → 200: CFPB headcount collapse. That's an 88% staff reduction in a single agency. Compliance teams reading this: your risk map just got redrawn.
- 27 → 1: CFPB enforcement actions, 2024 vs 2025. One. Singular. The state AGs are going to fill that vacuum and then some.
- July 1, 2026: The date every Australian-facing SMS sender needs tattooed on their forearm. Unregistered = "Unverified" = ignored.
🔮 What We're Watching
Iran's Internet Blackout and the SMS Comeback
Per IranWire, businesses across Iran (restaurants, salons, pharmacies, clinics) have all reverted to promotional SMS as internet restrictions tighten. The author calls it a "forced market regress." We call it Tuesday. SMS keeps proving it's the only channel that works when everything else breaks. Watch this dynamic if geopolitical fragmentation continues, because A2P volumes globally are about to look very different from what the forecasts say.
The First Big RCS Encryption Use Case
Now that encrypted RCS is live, who ships the first major enterprise campaign on it? Banking and healthcare are the obvious bets. Whoever moves first sets the template for the next three years of enterprise RCS deployment.
💡 The Hot Take
Here's my bold prediction: encrypted RCS is going to do more damage to WhatsApp Business in mature markets than anything Meta has done to itself, and that's saying something. For years the pitch for WhatsApp over SMS in the US, UK, and Australia was "richer experience, encrypted, app-based engagement." Apple just took two of those three off the table. The third (app engagement) was always shakier than the WhatsApp salespeople would admit.
Combine that with the regulatory shift to state AGs, where the rules are different in every jurisdiction and enforcement is unpredictable, and brands are going to want fewer channels, not more. They're going to consolidate around the channel that works everywhere, is now encrypted, and doesn't require their customers to install anything. That's RCS where supported, SMS as the universal fallback.
WhatsApp will keep winning in markets where it already owns the social graph (Brazil, India, parts of Europe). But in the US, UK, Canada, and Australia? The next 18 months are going to be a quiet bloodbath, and most people won't notice until the volume reports come out. Mark this one.
