How many mobile phone calls do you receive each day? And how many of those are sales calls from companies (either with an operator or a robot) trying to sell you something?
We have some good news: This year brings essential legal developments in the area of unwanted advertising that will affect both individual users and businesses in Spain. The new regulatory changes, which take effect in May, have marked a turning point in the handling of sales calls, SMS messages, and protection against telephone fraud.
At Dylsi, we work with both individuals and businesses. We are committed to helping our clients protect themselves and their loved ones, beyond mere insurance matters. That is why we collaborate with leading experts, such as digital law specialist Jorge Morell, who explains the regulatory changes, how they affect you and how you can best protect yourself.
What has changed since May 2025?
Digital law specialist Jorge Morell, founder of the law firm Términos y Condiciones and creator and author of the blog and newsletter on AI and law, The Legal Letters, is a renowned expert in the field of law related to networks and the digital environment. He has been providing legal services in this area for over 16 years, both in the public and private sectors. Among other media and publications, he writes and contributes to the blog on legal innovation by Abogacía Española (the General Council of Spanish Lawyers). At Dylsi, we work closely with him to provide informed advice to our clients, including both companies and individuals.
In this article, Jorge Morell explains the changes that took place in May earlier this year: the law has taken a firm step towards limiting unwanted contact between companies and users.
‘In 2023, the General Telecommunications Law was amended to prevent commercial calls without consent, with precise exceptions, such as the existence of a prior contractual relationship,’ he says. ‘However, that law had some legal loopholes that certain companies tended to abuse. To close those loopholes, Order TDF/149/2025 was approved in February 2025.’
These are the main measures against unwanted advertising:
• As of May 15, 2025, As of May 15, 2025, companies must no longer use mobile or international numbers for commercial calls and SMS messages. They may only call from geographic (local) or special numbers (such as 800 and 900, which are now also allowed for calls).
• Telephone operators must block calls and SMS messages with unassigned or unallocated numbers.
• The authorities enforce the use of advertising exclusion lists, such as the Robinson List or the new Stop Advertising List, which also applies to advertising on social networks. ‘If a user is registered on one of these lists, the company must not contact that user,’ the lawyer remarks.
• Companies that ignore these lists are liable to penalties if the user files a complaint with the Spanish Data Protection Agency (AEPD).
• In May 2026, a mandatory register of aliases for commercial SMS will be established to facilitate the secure identification of companies that issue calls and send messages, to prevent identity theft, such as by banks or the postal service.
Better control and increased security
For end users, these new rules significantly improve their control of the commercial communications they receive: ‘Anyone who wants to avoid receiving unwanted calls and messages can sign up to the Robinson list and/or the Stop Publicidad list. These are exclusion lists, which companies must consult. They must not send direct messages, SMS, emails or make calls to users registered on these lists without their consent.’
For companies, this means they are required to consult these lists before launching any telephone advertising campaign and pay the corresponding costs. Furthermore, they may only use numbers that you can identify as reliable for commercial calls; mobile phone numbers and international numbers are not allowed for those purposes. If a user detects abuse or fraud, they can easily report it to the AEPD.
‘It’s good to be a little paranoid.’
In addition, it is essential to take a more proactive and cautious approach to fraud, as Jorge Morell explains: ‘It’s good to be a little paranoid to avoid falling victim to hackers.’ In this regard, he has some key tips:
1. If you receive a call supposedly from your bank and they start discussing fraudulent transactions that are happening right now or the need to take immediate action, hang up and call your bank’s official number. Don’t call back the number the person just called from.
2. Agree on safe words with family or friends to prevent identity theft on services such as WhatsApp, for example, typical messages such as “I’ve lost my mobile phone, this is my new number” or “I need you to lend me some money urgently”.
3. Avoid sharing too much personal information on social media: announcing that you are on holiday or that you have made a large purchase can put you at risk. ‘We share our whole lives on social media and criminals take advantage of this information,’ warns Jorge Morell.
At Dylsi, we would also like to remind you that there are insurance policies that protect against digital fraud, which can cover everything from identity theft to certain types of financial losses if they are covered by the policy you have taken out. These types of insurance are increasingly being included as a supplement to home insurance or cybersecurity.
Implications for businesses and entrepreneurs
For businesses that regularly communicate with their customers (or potential customers), these changes mean:
• It is prohibited to contact prospects from mobile or international numbers. Adaptation to regular numbers is mandatory.
• They must consult exclusion lists before any commercial contact. This procedure has a cost, and failure to comply may result in penalties.
• Registration of aliases in SMS: If you use SMS marketing campaigns, your alias must be validated, or your provider will be blocked.
These measures aim to prevent fraud, but they also involve that companies review their internal communication and marketing processes. For many SMEs and freelancers, this is the ideal time to implement best practices and ensure that their interactions with customers are transparent, safe, and compliant with the law.
At Dylsi, we recommend that any company, large or small, take out professional liability insurance to protect against errors in personal data management and communications. A poorly handled commercial enquiry could, in the worst case, lead to a legal claim or administrative penalty.
Education, prevention and common sense
As Jorge Morell reminds us, absolute security does not exist, but we can improve significantly with small habits and training: be selective with what we share, be cautious of anything that seems suspicious, and take a moment before reacting.
At Dylsi, we encourage you to stay informed, protect yourself, and consult with us if you have any questions about how insurance can help you in these scenarios, whether it’s to protect your identity, information, or business. Contact us to determine if your current policy provides coverage against digital fraud.
This article has been created in collaboration with the lawyer specializing in digital law Jorge Morell. Here’s how you can contact him:
Web: Terms and Conditions
Phone: (0034) 601 327 700
Email: Contact
RRSS: Instagram Linkedin Facebook
Languages: 
