A2P SMS market 2026. SMS Is Not Being Killed. It’s Moving Upstream.

The Pattern in the Room at GCCM London

I did something slightly unscientific at GCCM London this week. Every conversation I walked into, every coffee I picked up, every handshake that turned into a proper chat, I asked the same question. What’s your main challenge right now?

I wasn’t expecting a pattern. I got one anyway.

Revenue contraction. Limited resources. No time. Three answers, over and over, from people running small to medium messaging and CPaaS businesses across the room. And almost every single one of them, when we got past the polite version of the answer, said the same thing underneath it. Traditional SMS volumes are down. Somewhere around 30% year on year for many of them. Not catastrophically, not all at once, but steadily, persistently, in the way that a slow leak is more dangerous than a burst pipe. You keep thinking you’ll deal with it next quarter.

The interesting part was what they thought the fix was. Enterprise introductions. New logos. Bigger clients. I get it, I really do, but it’s a bit like responding to a structural problem by redecorating. The revenue isn’t contracting from lack of customers. The product mix hasn’t moved. That’s the problem.

What Is Actually Happening to A2P SMS Market in 2026

SMS is not being killed. It’s being promoted. Quietly, unglamorously, in the way that only infrastructure ever gets promoted, by becoming the thing everything else falls back on when the clever stuff fails.

The A2P SMS market sits at roughly $52 billion in 2025 and is forecast to reach $63 billion by 2030. That is not a death spiral.

That’s a channel shedding the work it was never great at and consolidating around what it’s genuinely irreplaceable for. Universal reach. Authentication fallback. Critical alerts that reach people with or without a specific app on their phone. SMS is becoming the backbone nobody talks about until it breaks.

The channels taking share are not replacing SMS. They are taking the jobs SMS was doing badly. WhatsApp is eating the conversational, high-engagement work in markets where it’s culturally dominant, Brazil, India, Indonesia, where it’s already the default channel for everything from banking updates to customer support. RCS, now that Apple joined the picture with iOS 18, is taking the rich media, branded campaign work that SMS was struggling to do with 160 characters and no images.

WhatsApp and RCS together are forecast to represent over 60% of CPaaS revenue by 2030. That is a real reallocation, not a replacement.

The SMS OTP Revenue Squeeze: Two Directions at Once

SMS OTP revenue, which has quietly been carrying a lot of weight for smaller providers, is being squeezed from two directions simultaneously. The headlines tend to collapse them into one. They are not the same thing.

The Regulatory Squeeze

The UAE did a complete ban, hard deadline March 2026, replaced with biometrics, app based tokens, and facial recognition. Unambiguous. But India, which everyone cites in the same breath, did something more nuanced. The RBI did not ban SMS OTP. It mandated two-factor authentication for all digital payments from April 2026, with at least one factor being dynamic and unique to each transaction. SMS can still be one of those factors. What is being pushed out is SMS as the only factor.

Similar shifts are underway in Singapore, the Philippines, and across US regulatory bodies including FINRA and the US Patent Office. The pressure is real, but it is geographically uneven in a way the analyst reports tend to flatten into a single dramatic story.

The Hyperscaler Exodus

The second squeeze landed harder, and almost nobody in those GCCM conversations seemed aware of it. The hyperscalers are walking away from SMS OTP on their own terms, without waiting for anyone to tell them to.

In February 2025, Google announced it was replacing SMS OTPs for Gmail with QR code authentication and is moving toward passkeys across all its services. Microsoft made SMS MFA unavailable across its platforms as of September 2025.

Think about what that actually means for SMS OTP volume. Google and Microsoft alone represent an almost incomprehensible number of authentication events every single day. When they stop sending SMS codes, that traffic does not slow down gradually. It stops. And the CPaaS providers and smaller messaging operators who were carrying that volume do not get a warning letter. They just watch the numbers drop.

As of 2025, 15 billion online accounts support passkeys, with 87% of enterprises surveyed by the FIDO Alliance having deployed or actively deploying them.

What Is Replacing SMS OTP: Four Distinct Mechanisms

The replacement stack is worth understanding properly. It is not one thing. It is four, and they serve different parts of the market.

Passkeys and biometrics built into the device are handling the high security use cases, the use cases that need phishing resistance and can no longer afford the liability of SMS. App based tokens and push authentication are covering financial services, particularly in markets with hard regulatory deadlines. WhatsApp OTP is functioning as a transitional middle ground in emerging markets where the infrastructure for the others is not ready yet, cheaper than SMS, encrypted, and already on the device.

None of these generate the same per message revenue as traditional SMS OTP traffic.

The Network API Opportunity: The One Nobody Was Talking About

The fourth replacement mechanism was conspicuously absent from most conversations at GCCM. Network APIs, specifically the GSMA Open Gateway initiative built on the CAMARA standard, are positioning themselves as the silent replacement for SMS OTP at the network layer.

Number Verify, now commercially launched across major European operators, verifies a user’s mobile number automatically in the background, with no SMS sent and no code manually entered by the user.

TikTok has already started replacing SMS OTP with the Number Verification API in partnership with Telefónica in select markets. SIM Swap detection runs alongside it, checking whether a phone number has recently changed SIM cards before any authentication is approved.

STL Partners forecasts identity APIs alone growing from just under $3 billion in 2025 to $12 billion by 2030. McKinsey estimates the broader network API opportunity at between $100 billion and $300 billion over the next five to seven years.

Operators are being handed a genuine monetisation opportunity built on capabilities only they possess. The phone number. The SIM. The network signal. The data that hyperscalers, CPaaS providers, and app platforms simply cannot replicate.

For most of the smaller providers in that GCCM room, this cuts both ways. If operators go direct to enterprise with these APIs, which several are already doing, the aggregation layer that smaller messaging providers have historically occupied gets thinner. The industry has spent a decade telling telcos that APIs are the future, and for most of that decade it stayed stuck in presentation mode. What has changed in the last 18 months is the business environment. The technology was always there. The window to figure out where you sit in that new stack is narrowing faster than most people are moving.

The Geographic Reality Check

Here is where I would push back on the “OTP is simply dead everywhere” narrative. It skips over a reality anyone who has actually worked in emerging markets knows.

Urban India’s mobile penetration sits at 125%, while rural India lags at 58.8%. Around 250 million mobile users in India are still on 2G networks.

Many of those connections still only provide basic voice and SMS services, with just 27% of rural users digitally literate. Passkeys require biometric hardware built into the device. App based tokens require a smartphone and a banking app. The RBI framework itself acknowledged that for smaller banks operating in rural areas, the compliance burden could be more pronounced.

In metro India, urban Brazil, the UAE, the hyperscaler shift is already landing. In rural India, rural Southeast Asia, large parts of Africa, SMS is not going anywhere as the fallback authentication layer for years, possibly a decade. The disruption is real. It is just not evenly distributed.

Why Enterprise Introductions Are Only Half the Answer

Enterprise introductions were the recurring request in that room. Someone who can open a door, make a call, get a foot in. And I understand the instinct. When revenue is contracting and resources are thin, a warm introduction feels like the fastest way out.

An introduction without the infrastructure to survive procurement is just a meeting. A good meeting, maybe. But still just a meeting.

Here is what actually happens when a smaller messaging provider gets that introduction. The call goes well. There is genuine interest. And then a procurement questionnaire lands in their inbox. ISO 27001 certification. SOC 2. Compliance documentation across multiple regions. Uptime SLAs with teeth. Integration capability with enterprise CRM and security stacks. Evidence of financial stability. And suddenly the warm introduction is sitting on ice, legal review drags on for three months, and the enterprise quietly moves to a provider that already had the answers ready.

The room was asking the wrong question. Introductions matter, but readiness is what closes the deal. Enterprise readiness is its own work, sitting apart from channel strategy and product mix decisions.

The providers who come through this period well will be the ones who stopped treating it as a sales problem and started treating it as a positioning problem. The right channels matter, yes, but so do the right certifications, the right legal readiness, and the ability to hold a very different kind of conversation with a very different kind of buyer.

SMS A2P market in 2026 is growing up. The providers who built their businesses on it need to decide if they are too.

Frequently Asked Questions

Is SMS dying in 2026?

No. The A2P SMS market is projected to grow from $52 billion in 2025 to $63 billion by 2030. SMS is shifting from a primary channel to a universal fallback layer for authentication and critical alerts, particularly in markets where smartphone penetration and app adoption remain low. The channel is changing function, not disappearing.

Why are smaller SMS providers seeing 30% revenue contraction?

The contraction is concentrated in two areas. Bulk promotional SMS is being displaced by richer channels like WhatsApp and RCS that offer better engagement. SMS OTP revenue is being reduced by regulatory changes banning SMS as a sole authentication factor in markets including the UAE, India, Singapore, and the Philippines, and by hyperscalers like Google and Microsoft removing SMS from their own authentication stacks.

What is replacing SMS OTP authentication?

Four mechanisms are replacing SMS OTP across different markets and use cases. Passkeys and device native biometrics are replacing SMS for high security use cases. App based tokens and push authentication are replacing it in financial services. WhatsApp OTP is replacing it as a cheaper encrypted alternative in emerging markets. Network APIs through the GSMA Open Gateway initiative, specifically Number Verify and SIM Swap detection, are replacing it at the network layer with silent background verification requiring no code to be sent or entered.

What is the GSMA Open Gateway and why does it matter for SMS?

The GSMA Open Gateway is a framework of standardised network APIs built on the CAMARA standard, now commercially deployed across major operators in Europe, India, and other markets. The Number Verify API allows enterprises to confirm a user’s identity automatically in the background without sending an SMS code. This directly replaces a core SMS OTP use case. STL Partners forecasts identity APIs growing from $3 billion in 2025 to $12 billion by 2030.

Will SMS OTP disappear in India and other emerging markets?

Not in the near term. India’s RBI did not ban SMS OTP. It mandated multi-factor authentication where SMS can still be one factor. With approximately 250 million mobile users in India still on 2G networks and rural mobile penetration at 58.8%, the infrastructure required for passkeys and app based authentication does not exist across large parts of the country. SMS will remain the fallback authentication layer in these markets for years.

How can smaller messaging providers compete for enterprise clients?

Enterprise procurement evaluates providers on delivery reliability and uptime SLAs, security certifications including ISO 27001 and SOC 2, multi-region compliance documentation, integration capability with enterprise systems, and evidence of financial stability. A warm introduction gets a provider into the conversation. Certification and legal readiness determines whether they close the deal. Providers winning enterprise business are typically those with specific regional carrier advantages or deep compliance expertise in a regulated sector, not those competing on price against larger platforms.

What is RCS and how does it affect SMS providers?

RCS, Rich Communication Services, is the successor to SMS that supports rich media, interactive buttons, branded sender profiles, and verified sender IDs. Apple’s support in iOS 18 removed the main barrier to RCS adoption in western markets. RCS is taking the rich campaign and marketing work that SMS was doing poorly, rather than replacing transactional SMS. Providers who can offer both SMS fallback and RCS delivery through a single API are better positioned than those offering SMS alone.

If you want to know more about how Apiro Data can help your Digital Transformation, IoT and operational strategy.

Get in touch, and let’s build something great together!

Or email us at info@apirodata.com

Apiro Data is Your Guide to Navigating the Digital Landscape. Our versatile modular solutions guide your business smoothly through digital transformation and operational enhancements. Our experience-driven approach delivers tangible solutions grounded in real-world wisdom.

Follow us on LinkedIn.