Recent legislative changes in Brazil, Chile and Mexico during 2025 have increased regulatory complexity for IoT and M2M connectivity services across the Americas.

Regulatory treatment of permanent roaming, authorisation regimes and SIM registration obligations has long varied across the 11 countries surveyed. However, recent legislative changes make it necessary for global IoT providers to reassess whether their existing deployment models remain compliant with evolving national requirements.

Key takeaways

• Permanent roaming remains legally permissible in most of the 11 countries covered but Brazil remains an outlier, with Anatel reinforcing its long-standing ban on permanent roaming practices in 2025.
• Authorisation and notification obligations increasingly depend on service classification, particularly where IoT subscriptions include public internet access. Brazil and Costa Rica apply stricter domestic authorisation requirements than most other markets.
• SIM registration regimes diverge significantly: Canada and the United States impose no such requirements, while several Latin American countries apply registration obligations to consumer-facing IoT services, especially where public internet access is provided.

Why it matters

Regulatory fragmentation across the Americas is shifting compliance risk from network architecture to service design. What services are offered and to whom, and how they are classified now matter more than roaming itself.

Background / context

Cullen International’s latest benchmarks assess the regulatory frameworks affecting IoT and M2M services across North, Central and South America. The research examines three core areas: whether permanent roaming is permitted, requirements for authorisation and notification, and whether and how SIM cards should be registered.

Across most markets surveyed, permanent roaming is treated as legally permissible, meaning that, in the absence of explicit prohibitions, foreign-issued SIM cards may be used in connected devices. Brazil is a notable exception. Its long-standing prohibition on permanent roaming has been reinforced by regulatory steps taken by Anatel in 2025.

Most countries do not require licensing or notification for IoT connectivity delivered entirely from abroad, provided there is no direct contractual relationship with local end users and no reliance on domestic infrastructure. However, where IoT services include public internet access, several jurisdictions classify the activity as a regulated telecommunications service. This may trigger licensing requirements, service registration and, in some cases, the need for a local legal presence.

SIM registration frameworks vary widely. Canada and the USA impose no SIM registration obligations. In contrast, many Latin American countries apply general mobile user registration rules to consumer-facing IoT services, while enterprise M2M deployments are often subject to different treatment, focusing verification on the contracting legal entity. Mexico’s reintroduced framework combines broad registration requirements with limited exemptions and in-person verification obligations for enterprise deployments.

Scope
Region: Americas
Countries covered: 11
Policy area: Internet of Things
Last updated: January 2026

For more information and to access the research, please click 'Access full content' - or 'Request access' if you are not a subscriber to our IoT service.

Interested in other regions? Check these out:

• Africa
• Middle East