Brazil is in the middle of one of the most ambitious anti-fraud experiments in the world's mobile market, and almost no one outside the country is watching closely. Anatel, the national telecom regulator, has been steadily tightening the rules that bind every SIM card to a CPF — the national tax identification number that doubles as Brazil's de facto universal ID. Working alongside the Ministry of Justice's Celular Seguro program, launched in December 2023, and the telecom-bank fraud platform Origem — jointly operated by Claro, Vivo, and TIM — the regulator is treating the mobile line itself as a piece of critical identity infrastructure.
The motivation is real and serious. Brazil has been hit by an industrial-scale wave of phone scams, SIM-swap attacks, and identity-theft frauds, many of them riding on lines activated in someone else's name or on stolen handsets re-registered to throwaway IMEIs. Celular Seguro alone reportedly registered hundreds of thousands of users in its first months, allowing victims to centrally block a stolen device, freeze associated bank apps, and flag the line for carrier action. Origem, run by the three biggest carriers in concert with the banking sector, is designed to cross-check the CPF on a line against the CPF on a financial account in real time, blunting the SIM-swap attacks that have drained Pix instant-payment wallets.
The case for action — and the case for caution
From a pro-innovation standpoint, none of this is inherently bad. Fraud is a tax on every legitimate business in the digital economy, and Brazil's Pix system — the world's most successful instant-payments rollout, with the central bank reporting billions of monthly transactions — cannot survive politically if scam losses keep climbing. Verified-identity infrastructure, done proportionately, lowers transaction costs, expands access to credit and digital services, and supports the kind of open, competitive fintech ecosystem Brazil has spent a decade building.
The problem is not the goal. It is the architecture.
Binding every SIM to a single state-issued identifier creates a high-value chokepoint with consequences that go well beyond fraud prevention:
- It turns every mobile line into a tracked credential. If the CPF-to-line mapping is queryable by law enforcement, regulators, or private partners without strict judicial controls, the result is a near-real-time map of who is calling whom, from where, on which device. Brazil's General Data Protection Law (LGPD, Law No. 13.709/2018) requires purpose limitation and proportionality, but enforcement by the ANPD on telecom and security data has been uneven.
- It risks excluding the people the system says it protects. Many Brazilians — informal workers, rural residents, migrants — have CPF irregularities, no fixed address, or shared family lines. Tight binding rules disproportionately push these users into the informal SIM market or off the network entirely.
- It centralizes a target. A unified CPF-SIM-IMEI-bank database operated jointly by carriers and banks is exactly the kind of dataset that attackers, insiders, and abusive officials will try to query. A 2021 incident in which the personal data of reportedly more than 220 million Brazilians appeared for sale is a reminder that 'just store it carefully' is not a complete answer.
Anatel's evolving rulebook
Anatel's General Telecommunications Law (Law No. 9.472/1997) and successive resolutions on the General Consumer Rights Regulation (Resolution No. 632/2014, updated multiple times) have for years required carriers to verify subscriber identity at activation. What is new is the tightening of ongoing obligations: revalidating CPF data, blocking lines that fail cross-checks against the Receita Federal's CPF database, and feeding telecom signals back into the Ministry of Justice's Celular Seguro and the carrier-bank Origem pipelines. The regulator has signalled that prepaid lines, historically the soft underbelly of Brazilian fraud, will face the strictest revalidation rules.
This is a meaningful expansion of state-mandated identity infrastructure, and it is happening largely through regulatory resolutions rather than primary legislation — with limited parliamentary debate and minimal civil-society engagement compared to the LGPD or Marco Civil da Internet (Law No. 12.965/2014) when those were drafted.
A proportionate path forward
We are sympathetic to the fraud problem. We are skeptical of the architecture. A few principles should guide the next phase:
- Statutory grounding. A nationwide CPF-SIM-IMEI binding regime touches free expression, freedom of association, and financial access. It deserves a debate in Congress, not just a resolution from Anatel.
- Strict purpose limitation. Data flowing through Celular Seguro and Origem should be ring-fenced for fraud and stolen-device response, with statutory bars on repurposing for surveillance, marketing, or political profiling. The ANPD should publish binding guidance.
- Independent oversight. A multi-stakeholder body — including consumer groups, the public defender's office, and the Internet Steering Committee (CGI.br) — should audit access logs and publish transparency reports.
- Exclusion safeguards. Anatel should measure and publish how many users are blocked, why, and how quickly they regain access. A fraud regime that disconnects the working poor is not a fraud regime; it is a regressive tax.
- Encourage privacy-preserving cryptography. Bank-telecom fraud checks can increasingly be run with zero-knowledge proofs or hashed-identifier matching rather than raw CPF exchange. The state should incentivize, not foreclose, these designs.
Brazil has, twice in the last decade, written internet rules the rest of the world quietly copied: the Marco Civil and the LGPD. It has the institutional capacity to design a SIM-identity regime that is genuinely anti-fraud without becoming quietly anti-citizen. The question is whether it will treat this generation of rules as seriously as it treated the last one.