Who this is for

Not sure whether your business needs to notify Ofcom, obtain FCA authorisation or register with the ICO? Regulatory perimeter analysis determines which regimes apply to your activities and what obligations follow, before you invest in a compliance programme you may not need.

Market entry for technology-based services may also require review of IP licensing arrangements and third-party technology dependencies alongside regulatory authorisation.

Business activity	Primary regulator	Key legislation	Authorisation required?
Providing an electronic communications service (voice, data, messaging)	Ofcom	Communications Act 2003, s 32	No (but must comply with General Conditions)
Issuing e-money or providing payment services	FCA	Payment Services Regulations 2017, reg 5	Yes (FCA authorisation or registration)
Processing personal data as a controller	ICO	Data Protection Act 2018, s 3; UK GDPR, Art 4	ICO registration required
Operating a payment system	PSR / Bank of England	Financial Services (Banking Reform) Act 2013, s 43	Designation by HM Treasury
Product spanning telecoms and payments (e.g. mobile wallet, direct carrier billing)	Ofcom + FCA	CA 2003 + PSRs 2017	Depends on product classification

Typical triggers

• The board asks ‘are we regulated?’ and nobody in the business has a confident answer
• A fintech has designed a payments feature and needs to confirm whether it crosses the FCA’s regulatory perimeter before committing to the technology build
• An overseas telecoms operator is planning a UK launch and needs to understand Ofcom General Conditions before going live
• An investor is about to sign heads of terms and needs a perimeter opinion on the target’s regulatory status
• A platform has added functionality that may now constitute a payment service or electronic communications service
• A business is planning to launch an MVNO and needs to understand the regulatory requirements before signing a host network agreement
• A fintech is developing a new payment product and needs to know whether it requires FCA authorisation or falls within an exemption
• A telecoms provider is unsure which tier it falls into under the Telecommunications (Security) Act 2021 and what compliance steps are required

What we deliver

• Perimeter opinion: a clear written opinion on whether your business or product is regulated, under which regime, and what authorisations or regulatory steps are required
• Market entry memo: a summary of the regulatory steps between where you are now and lawful operation in the UK
• Application support: where authorisation is required, advice on FCA application requirements, applicable conditions and timelines
• Defensive position paper: where you conclude you are not regulated, a documented reasoning to support that position if challenged
• Regulatory mapping: for businesses with multiple product lines, a matrix identifying which products fall under which regulatory regime and the applicable obligations for each
• Ongoing compliance framework: where a business is entering the regulatory perimeter for the first time, an outline of the key ongoing obligations, reporting requirements and compliance milestones

If you need advice on whether your business requires FCA authorisation, compliance with UK telecoms regulation, or both, we can usually provide an initial assessment within a week. See all our direct legal advice services or get in touch.

Rob Bratby advises from first-hand experience of the regulatory perimeter, having worked at Oftel and Ofcom before holding General Counsel roles at telecoms and payments businesses. Bratby Law is ranked in Chambers UK (Band 2) for telecoms and recognised as a Legal 500 Leading Partner.

Related direct legal advice pages

See also our other direct legal advice pages:

• What should I do if a regulator is investigating my business?
• What regulatory risks should I check before buying a regulated business?
• Payments Product, Safeguarding and Scheme Governance Advice
• Commercial and Technology Contract Support
• AI, Data and Governance Advice
• Telecoms Product Launch Advice
• Direct Legal Advice (overview)

Representative experience

Recent and representative matters include:

• Advised a cloud communications provider on whether its platform constituted an electronic communications service, confirming that the platform fell within scope and mapping the resulting General Conditions obligations.
• Conducted regulatory perimeter analysis for a fintech launching a digital wallet, determining that the product fell within the e-money definition and required FCA authorisation rather than the lighter-touch registration route.
• Assessed whether an IoT connectivity platform was providing an electronic communications service or merely reselling, resolving the classification and avoiding unnecessary regulatory burden.
• Determined that a payment initiation service could rely on the limited network exclusion rather than seeking full FCA authorisation, saving the client six months of application lead time.
• Advised a satellite broadband provider on the interaction between Ofcom PECN notification and Wireless Telegraphy Act spectrum licensing, identifying the correct regulatory pathway before launch.

Frequently asked questions

Do I need FCA authorisation to offer a new payment service?

Whether you need FCA authorisation depends on the specific payment services you intend to provide and whether any exemptions apply. The regulatory perimeter for payments is defined by the Payment Services Regulations 2017 and the Electronic Money Regulations 2011. We assess your proposed product against the statutory definitions and advise on the correct authorisation route, including the option of acting as an agent or using the small payments institution exemption.

How do I set up an MVNO in the UK?

Setting up a mobile virtual network operator requires a host network agreement with an existing mobile network operator, compliance with the General Conditions of Entitlement under the Communications Act 2003, and in most cases a notification to Ofcom. We advise on the regulatory structure, commercial negotiations with host networks, numbering allocations, and the contractual framework needed to launch an MVNO service.

What tier are we under the Telecommunications Security Act?

Your tier under the Telecommunications (Security) Act 2021 depends on your annual turnover and the nature of the electronic communications services you provide. Tier 1 applies to the largest providers, with the most prescriptive obligations. Tier 2 and Tier 3 providers face proportionately lighter requirements. We assess which tier applies to your business, identify the specific security duties that follow, and advise on practical compliance steps.

You are launching a product, entering a new market or acquiring a business and you need to know: are we regulated, and if so by whom? Getting the perimeter wrong means operating without authorisation, structuring a deal around an incorrect regulatory assumption, or building a product that cannot lawfully be offered. We advise businesses directly on regulatory perimeter questions, FCA authorisation requirements and Ofcom regulatory obligations across telecoms and payments.

How long does a perimeter opinion take?

Typically 5 to 10 working days for a single-regime question. Multi-regime questions, for example a product that may engage both telecoms and payments regulation, may take longer. We scope the work at the outset so you have a clear timeline. Where urgency is required, for example ahead of a product launch or deal signing, we can prioritise accordingly.

What if we are already operating and discover we should have been authorised?

We advise on remediation, including retrospective applications and managing enforcement risk. Early engagement with the regulator is usually better than waiting. We assess your current position, identify the regulatory gap and work with you on a plan to bring the business into compliance. The approach depends on the regime, the duration of the breach and whether the regulator has already made contact.

Can you handle the FCA application process?

Yes. FCA authorisation involves a substantive application and approval process. We advise on application strategy, preparation, regulatory engagement and ongoing compliance once authorised. For telecoms, the process is different because Ofcom operates a general authorisation regime rather than an individual licensing system. We handle both routes and can advise on the process, timeline and requirements for your specific product.

How does this page differ from the Telecoms Regulation or Payments Regulation pages?

Those pages explain the regulatory frameworks. This page is for a live instruction where you need direct advice on whether your business is regulated and what steps to take.

We are launching a new product. How early should we get a perimeter opinion?

As early as possible in the product development cycle. A perimeter opinion at the design stage allows you to structure the product to manage regulatory exposure before you commit to a technology build or commercial model. Retrofitting regulatory compliance after launch is significantly more expensive and can delay go-to-market.

We are acquiring a business. Can you provide a perimeter opinion for the deal?

Yes. We routinely provide regulatory perimeter opinions as part of transaction due diligence. Investors and acquirers need to understand whether the target is correctly authorised, whether its products are properly classified, and whether there are any gaps in regulatory compliance that could affect the deal valuation or post-completion obligations. We deliver this as a standalone market entry memo or as part of a broader regulatory due diligence exercise.

Our product may span both telecoms and payments. How do you handle that?

Converged products are increasingly common. A telecoms provider offering direct carrier billing, for example, may engage both the telecoms and payments regulatory regimes simultaneously. We advise on both regimes and can map the full regulatory perimeter for multi-regime products in a single engagement, rather than requiring separate telecoms and payments workstreams.

What does a typical market entry engagement look like?

A typical engagement starts with a call to understand the business model and product, followed by a written perimeter opinion identifying which regulatory regimes apply. If authorisation is required, we advise on the application process, timeline and conditions. If no authorisation is needed, we provide a defensive position paper documenting the reasoning. Most perimeter opinions are delivered within two weeks. For a fuller picture of how we work, see our direct legal advice engagement model.

Does my product need both FCA authorisation and Ofcom compliance?

Independent directory rankings

Our specialist expertise is recognised in major independent legal directories:

• Chambers & Partners: Rob Bratby is ranked as a band 2 lawyer in the UK Guide 2026 in the “Telecommunications” category: Chambers
• The Legal 500: Rob Bratby is listed as a “Leading Partner – Telecoms” in London (TMT – IT & Telecoms): The Legal 500
• Lexology: Rob Bratby is featured on Lexology’s expert profiles as a Global Elite Thought Leader for data: Lexology