Operating as a licensed telecommunications operator under applicable regulatory frameworks across Europe and Asia.
Compliance is a core operating principle at NML. Since our founding in 2015, we have built our business around the regulatory frameworks that apply to our activities as a licensed telecommunications operator and to our work with carrier and merchant partners across Europe and Asia.
NML holds active telecommunications licenses and registrations across multiple jurisdictions. Our internal teams monitor regulatory developments relevant to our services, update internal policies, and maintain documentation supporting our day-to-day operations.
For our clients — telecommunications partners, digital content businesses, and subscription companies — this means working with a partner that operates transparently within the legal frameworks of every market we serve. We support client due diligence processes and provide documentation about our regulatory standing on request.
NML is registered with and regulated by the following authorities. Each registration reflects our commitment to operating within the legal frameworks of every market we serve.
Federal Network Agency, Germany
Germany's federal regulatory authority for electricity, gas, telecommunications, post, and railway markets. NML holds telecommunications licenses issued by the Bundesnetzagentur, authorizing the provision of voice and data services within the German market.
Accounting and Corporate Regulatory Authority, Singapore
Singapore's national regulator for business entities, public accountants, and corporate service providers. NML — New Media License PTE LTD is incorporated and registered with ACRA under UEN 201540896K, maintaining full compliance with Singapore corporate governance requirements.
Infocomm Media Development Authority, Singapore
Singapore's statutory board responsible for the regulation and development of the infocomm and media sectors. NML is registered with IMDA for the provision of telecommunications and media-related services within Singapore.
Austrian Regulatory Authority for Broadcasting and Telecommunications
Austria's regulatory authority for broadcasting and telecommunications. NML is registered with RTR for the provision of telecommunications services in the Austrian market, ensuring compliance with Austrian telecommunications law and EU regulatory frameworks.
Office of Electronic Communications, Poland
Poland's national regulatory authority for the telecommunications and postal markets. NML holds registrations with UKE authorizing telecommunications operations in Poland, including voice services and data transmission.
National Broadcasting and Telecommunications Commission, Thailand
Thailand's independent regulatory body for broadcasting and telecommunications. NML operates in the Thai market under NBTC oversight, providing telecommunications services in compliance with Thai regulatory requirements.
All data at rest is encrypted using AES-256. Data in transit is protected using TLS 1.3 across all internal and external communications. Encryption keys are managed through dedicated key management systems with regular key rotation schedules. Database-level encryption is applied to all production systems storing personal or financial data.
All systems operate on the principle of least privilege. Access to production environments, client data, and sensitive infrastructure requires multi-factor authentication (MFA). Role-based access control (RBAC) is enforced across all platforms, with access reviews conducted quarterly. Privileged access is logged and monitored in real time.
NML engages independent third-party firms to conduct annual penetration tests and vulnerability assessments across all externally facing systems and critical internal infrastructure. Internal security reviews are performed on a regular cadence against established information security control objectives. Findings are tracked through a centralized remediation workflow with defined SLAs for resolution.
Our incident response plan follows a structured process: identification, containment, eradication, recovery, and post-incident review. Suspected security incidents are escalated within 30 minutes of detection. Clients and relevant authorities are notified within the timeframes required by applicable data protection and telecommunications regulations. Incident response procedures are tested through tabletop exercises at least twice annually.
Data retention periods are defined per data category and contractual obligation, in accordance with applicable legal requirements. Personal data is retained only for as long as necessary for the purpose for which it was collected. Upon expiration of the retention period or termination of a client engagement, data is securely deleted using methods that comply with NIST 800-88 guidelines for media sanitization.
NML's operational facilities are secured with access control systems, CCTV surveillance, and visitor management procedures. Data processing areas operate as restricted zones with additional access controls. Clean desk policies are enforced across all operational environments, and removable media usage is controlled and logged.
NML maintains a comprehensive Anti-Money Laundering (AML) and Know Your Customer (KYC) program in line with the requirements of the jurisdictions in which we operate, including the German Money Laundering Act (GwG), Singapore's Corruption, Drug Trafficking and Other Serious Crimes Act (CDSA), and applicable EU Anti-Money Laundering Directives.
Our AML program includes customer due diligence (CDD) and enhanced due diligence (EDD) procedures, ongoing transaction monitoring, sanctions screening against relevant lists (EU, UN, OFAC), suspicious activity reporting, and regular AML training for employees in relevant operational areas. The program is overseen by a designated Money Laundering Reporting Officer (MLRO) and is subject to annual independent review.
Read our full AML PolicyEuropean Telecommunications Network Operators' Association
The principal trade association representing Europe's major telecommunications network operators, advocating for a regulatory environment that supports innovation and investment.
European Fintech Association
An industry body representing fintech companies across Europe, promoting dialogue between financial technology innovators and regulators to shape the future of financial services.
European Data Protection Industries Association
A trade association representing companies in the data protection and privacy technology sector, contributing to policy discussions on data protection standards and best practices across Europe.
Computer & Communications Industry Association
An international nonprofit membership organization for companies in the computer, internet, information technology, and telecommunications industries, promoting open markets and innovation.
Telecommunications Industry Association
A leading trade association representing manufacturers, suppliers, and providers of information and communications technology, setting standards and advocating for policies that drive industry growth.
For compliance documentation, due diligence inquiries, or questions regarding our regulatory framework and certifications, please contact our compliance team directly.
compliance@nml.world