Code of Practice

The Phone-paid Services Authority (PSA) is the UK regulator for content, goods and services charged to a phone bill.

The PSA regulates primarily by setting Standards and Requirements for premium rate service (PRS) providers to meet in respect of the provision, content, promotion and marketing of their services, and by monitoring and enforcing those Standards and Requirements, in accordance with this Code of Practice (the Code).

The Standards are designed to provide clarity for industry and deliver necessary technical and operational protections in the market. They also aim to ensure that all consumers, including those who are or may be vulnerable, have confidence and consistent experiences when engaging with PRS and ensure that their expectations are aligned with their experiences of other digital payment platforms.

The PSA will support PRS providers to comply with its Standards and Requirements through the provision of guidance, best practice information and stakeholder engagement. The PSA will seek to provide flexibility in how PRS providers can meet the Standards set by this Code, including (where appropriate) by considering PRS providers’ particular circumstances and granting permission for alternative ways for Standards to be met. This approach also helps to facilitate opportunities for innovation in the interests of consumers within a healthy, competitive and well-regulated market.

The PSA will conduct appropriate checks on PRS providers using an effective registration system. This will provide essential information about PRS organisations and the services they offer, as well as putting in place clear and stringent due diligence, risk assessment and control (DDRAC) Requirements to ensure that those entering and operating in the market comply with the Code and act in the consumer interest.

The PSA will monitor compliance with the Code using a range of tools set out in this Code. Where the PSA identifies potential or actual non-compliance with the Code, it may take regulatory actions, including using informal engagement and/or formal enforcement action, as specified in this Code.

The PSA is committed to acting in a transparent, accountable, proportionate, consistent and targeted manner.  Within this framework the PSA acts to ensure that PRS are provided in a way that meets consumer expectations so that all consumers can have a consistently positive experience of PRS.

The Communications Act 2003 (the Act) gives Ofcom the power to approve a Code for the purposes of regulating PRS. Ofcom has approved this Code under section 121 of the Act. Under section 120 of the Act certain providers of PRS are obliged, through the Condition set by Ofcom, to comply with provisions of the Code and directions given by the PSA in accordance with the Code for the purpose of enforcing its provisions.

The Condition set by Ofcom applies to Controlled premium rate services which are a subset of services defined as PRS in the Act.

The PSA regulates by imposing Standards and Requirements, as well as responsibilities and obligations on PRS providers, all of which are enforceable. Three categories of PRS providers comprise the PRS value chain and are defined at paragraphs D.1.3–D.1.9 below: (a) network operators; (b) intermediary providers (which form part of a PRS value chain); and (c) merchant providers (the person responsible for providing the PRS to end users). A PRS provider may fall within more than one of these categories.

The PSA operates independently from the industry. All members of the PSA’s Board are appointed in their individual capacities. No member of the Board may have any current commercial interest in PRS but Board members may be appointed on the basis of their contemporary industry knowledge.

Board members do not sit on PSA Code Adjudication Tribunals (Tribunals) which adjudicate on allegations of non-compliance with the Code. Tribunals are made up of members of the PSA’s Code Adjudication Panel (CAP), the composition and function of which is set out at paragraphs 6.3.1-6.3.3 below.

The Board may delegate its powers to employees of the PSA and/or the CAP as it sees fit. Delegated powers may not further be sub-delegated.

Confidential information received by the PSA may only be shared with third parties in accordance with paragraph 1.6.3 below.

The PSA shall treat information received as confidential where it relates specifically to the affairs of a particular PRS provider or associated individual, and publication of it would or might, in the reasonable opinion of the PSA, seriously and prejudicially affect the interests of that provider or individual.

Confidential information received by the PSA will generally be held in confidence by the PSA. Subject to applicable law, such information will only be shared with a third party (other than, professional advisers and Ofcom) where:

1. the PSA reasonably considers that:
   1. there is a risk of imminent consumer harm or actual consumer harm as a result of a potential or actual breach of the Code by a relevant PRS provider; and
   2. it is necessary and proportionate to share confidential information within the relevant PRS value chain (i.e. with any network operators, intermediary providers and/or merchant providers in that chain) in order to address the relevant consumer harm issue and/or to ascertain whether a contravention of the Code has occurred or is occurring, in circumstances where the PSA has been unable to secure prompt and effective cooperation with its regulatory efforts from the relevant PRS provider.
2. the provider of the information has given their consent for it to be so shared (such consent not being unreasonably delayed or withheld);
3. the information has been requested by another regulator or other lawful authority for the proper discharge of their functions;
4. the information is required by law enforcement agencies for the purpose of investigating fraud or other potential or alleged offences; or
5. the information has entered the public domain or has become lawfully available from a third party free from any confidentiality restriction.

For the avoidance of doubt, where the PSA shares any confidential information under sub-paragraph 1.6.3(a) above, it will have particular regard to the need to minimise the sharing of such information as far as it is practicable to do so in all the circumstances. Where a PRS provider’s confidential information has been shared in this manner, the PSA will notify that provider in writing as soon as reasonably practicable, bearing in mind the need to ensure that any ongoing efforts to prevent or minimise consumer harm are not jeopardised by such notification. In the written notification, the PSA will set out:

(a) a list of the information that has been shared;

(b) a list of the persons with whom it has been shared; and

(c) a brief explanation of why the disclosure of that information was considered necessary and proportionate.

Save as is provided below, the Code applies to all PRS that are accessed through a provider of a United Kingdom electronic communications network or electronic communications service as defined by section 32 of the Act.

Some PRS may also be Information Society Services. In such cases, the Code may be subject to certain provisions of Directive 2000/31/EC (the e-Commerce Directive) as transposed into the Electronic Commerce (EC Directive) Regulations 2002 (the e-Commerce Regulations). By virtue of the Communications Act (e-Commerce) (EU Exit) Regulations 2020, the Code applies to all Information SocietyServices irrespective of whether the intermediary provider or merchant provider responsible for the provision of those services under the Code is:

1. established in the United Kingdom; or
2. established in another EEA member state, and the services are being accessed or may be accessed from within the United Kingdom.

Nothing in this Code will be construed as enabling the PSA to take any action, or require any person to take any action, that would contravene the e-Commerce Regulations and/or the e-Commerce Directive.

This 15th edition of the Code came into force on 5th April 2022 (the commencement date). 

Section 5 of the Code and any Procedures published by the PSA from time to time under that section, and paragraph 6.1.1 of the Code where it is applied in respect of engagement and enforcement under Section 5, shall apply to:

a. any investigations commenced pursuant to the previous edition of the Code and prior to the commencement date, but not concluded at that date;

b. the PSA’s consideration of any complaints received by it and/or conducting of any monitoring in respect of a service pursuant to the previous edition of the Code and prior to the commencement date.

This Code is approved by the Office of Communications (Ofcom) for the purposes of sections 120 and 121 of the Communications Act 2003.

General, compliance and media enquiries

Switchboard:                   020 7940 7474

Web:                               www.psauthority.org.uk

Compliance Advice:       compliance@psauthority.org.uk

Media Office:                  020 7940 7440

Media Office:                  pressoffice@psauthority.org.uk