📡 The Big Story
Apple and Google Finally Ship Cross-Platform Encrypted RCS 🔥
It actually happened. On May 11, Apple and Google started rolling out end-to-end encrypted RCS between iPhone and Android in beta. iOS 26.5 users will see a little lock icon in their chats, which is Apple's polite way of saying "we caved, but stylishly." Cross-platform E2EE in the green/blue bubble war is the kind of thing we've been writing about for years like it was vaporware. Now it's actually shipping.
Here's why this matters for anyone in business messaging: the security posture of RCS just changed overnight. The MLS-based encryption (yes, the same protocol the IETF blessed) means person-to-person RCS is now genuinely private. Business messaging is a different beast, those flows aren't E2EE by design because brands need delivery receipts, analytics, and a paper trail. But the perception shift is enormous. Consumers will start expecting that lock icon everywhere, and brands sending unencrypted SMS to "verify your account" are going to look increasingly archaic.
The competitive read: this is bad for WhatsApp and Signal at the margins, and great for RCS Business Messaging as a category. If you're a CPaaS vendor and you don't have an RBM roadmap right now, what are you even doing?
🔥 What's Moving
FCC Drops KYC Rules NPRM with $2,500 Per-Violation Fines 👀
The FCC published its long-rumored Know-Your-Customer NPRM, proposing that carriers and voice service providers actually validate who their customers are before letting them spray traffic across the network. Wild concept, I know. Fines run up to $2,500 per violation, which adds up real fast when you're a wholesale provider with thousands of resellers downstream.
Look, KYC in telecom has been the wild west forever. Every legitimate aggregator already does this. The bad actors? They'll either clean up or move to the next jurisdiction. The real story is the compliance cost burden landing on mid-tier players who've been getting by with a Google Form and a prayer.
TCPA Class Actions Hit All-Time Record 💀
March 2026 set a record with 283 TCPA cases filed, 220 of them class actions. Q1 is up 19% YoY and April reportedly got worse. Every single one of these is theoretically a bet-the-company exposure. The plaintiffs' bar has gone fully industrial on this, and the revoke-consent caselaw from last year just handed them more ammo.
If your compliance team still says "we'll get to it next quarter," your compliance team is wrong.
Court Issues Major Quiet Hours Ruling 😴
Nixon Peabody flagged a "loud decision on quiet hours" that's going to make marketing ops teams pull their hair out. The short version: time zones are the recipient's, not the sender's, and "I didn't know what zone they're in" is not a defense. Time to actually use that area code metadata properly, or better yet, the user's profile data.
Samsung Kills Samsung Messages, Bows to Google 👀
Samsung is shutting down Samsung Messages in July 2026 and defaulting Galaxy users to Google Messages. For RBM senders, this is genuinely great news. One less client to QA against, one less weird rendering edge case, and a more consistent RCS experience for the largest Android OEM in the world. The fragmentation tax on Android messaging just dropped meaningfully.
🏆 Winner of the Week: Google Messages, which just became the de facto Android messaging client AND ships interoperable E2EE with iPhone in the same week.
📉 Loser of the Week: Anyone running a TCPA-noncompliant SMS program. The litigation graph is going parabolic and you are the product.
📊 By the Numbers
- $74.45B → $107.91B: Projected global A2P messaging market growth from 2025 to 2034, per Renub Research. A 4.21% CAGR isn't sexy but on a $74B base, that's real money. SMS is not dying, it's just getting older and richer like the rest of us.
- 220 class actions in a single month: March 2026 TCPA filings. That's roughly 10 new class actions every business day. Your lead-gen vendor's "100% TCPA compliant" claim is doing a lot of heavy lifting.
- $2,500 per violation: The FCC's proposed KYC fine. Multiply by however many DIDs your provisioning system touched without validation last quarter. Yeah.
🔮 What We're Watching
FCC consumer-side ID verification: Fox News surfaced an FCC proposal that could require more personal ID to activate phones. Politically this is a third rail. Privacy advocates will be loud, and the carriers will have notes. But if it stops even 20% of robocall fraud, it might be worth the heat. Watching the comment period closely.
RBM rollouts post-E2EE announcement: Now that consumer RCS is encrypted by default, expect Google to push hard on the business side. We're watching for new RBM verification flows and brand identity features in the next 60 days.
💡 The Hot Take
Here's the take: the Apple/Google encrypted RCS launch is the beginning of the end for "raw" A2P SMS as the default authentication channel. Not next year, not in 2027, but the trajectory is now locked in. When consumers see lock icons on personal chats but plaintext SMS for their bank's 2FA code, the cognitive dissonance becomes a brand problem for the bank, not the carrier.
Combine that with the TCPA litigation explosion, FCC KYC rules adding cost to the SMS supply chain, and Samsung simplifying the RCS client landscape, and you have every ingredient for an enterprise migration story. The brands that move to RBM in 2026 with proper sender verification will look like geniuses by 2028. The ones still arguing that "SMS works fine" are the same people who said the same thing about fax in 2010. Spoiler: fax also still "worked fine," right up until it didn't.
SMS isn't going anywhere as a fallback. But as the front door for customer engagement? The clock just started ticking louder.
See you next week. Don't text anyone before 8am.
