How we operate.
Wholesale telecom is regulated work. This page is the public version of the answers our compliance, security, and ops teams give to procurement, legal, and regulators.
Who we are
MB Codus Nullus, a private limited company registered in the Republic of Lithuania. Registered office in Vilnius. Operating as a wholesale telecommunications provider under EU regulatory framework.
- Legal name
- MB Codus Nullus
- Jurisdiction
- Lithuania (EU member state)
- Company registration
- Available on request
- VAT number
- Available on request
- RTK / NAT registration
- In progress with RRT
- Operating address
- Vilnius, Lithuania
Where we source
For v1 we operate as a Voxbeam reseller with our own SBC and dispatcher in front. The architecture is multi-upstream-ready: customers connect to our edge, we authenticate and route, and the upstream is a routing decision rather than a customer-visible contract.
- - Customers never sign a contract with our upstream; they contract with us.
- - When a new upstream is activated, every active customer is notified by email and in the portal at least 14 days before any traffic begins to route over it.
- - When an upstream is removed, any DIDs hosted there are ported to a remaining upstream before removal completes; portability windows are communicated in advance.
- - No customer SIP configuration changes when upstreams are added or removed.
How DIDs work
Two tracks: API-orderable and regulatory-required. The same endpoint serves both; the response indicates which track applies.
| Country | Local | National | Toll-free | Mobile | Track | Typical turnaround |
|---|---|---|---|---|---|---|
| Lithuania | Yes | Yes | Yes | Yes | API-orderable | Same call |
| United Kingdom | Yes | Yes | Yes | Yes (most ranges) | API-orderable for most | Same call to 1 day |
| Netherlands | Yes | Yes | Yes | Yes | API-orderable | Same call |
| Ireland | Yes | Yes | Yes | Yes | API-orderable | Same call |
| Poland | Yes | Yes | Yes | Yes | API-orderable | Same call |
| Latvia | Yes | Yes | Yes | Yes | API-orderable | Same call |
| Estonia | Yes | Yes | Yes | Yes | API-orderable | Same call |
| Germany | Yes | Yes | Yes | Yes | Regulatory-required | 3 to 10 business days |
| Italy | Yes | Yes | Yes | Yes | Regulatory-required | 5 to 15 business days |
| Switzerland | Yes | Yes | Yes | Yes | Regulatory-required | 5 to 10 business days |
| Belgium | Yes | Yes | Yes | Yes | Regulatory-required | 5 to 10 business days |
| United States (toll-free) | - | - | Yes | - | Regulatory-required (RespOrg attestation) | 1 to 5 business days |
| Australia (mobile) | - | - | - | Yes | Regulatory-required | 5 to 15 business days |
More countries available on request. The matrix above covers the most-requested set; the full inventory is in the portal.
Typical document set per region
- - Local address proof for the registered owner (utility bill, lease, or chamber-of-commerce extract within 90 days)
- - Company registration extract
- - Government-issued ID for the responsible signatory
- - Where applicable: signed end-user statement and intended-use description
- - Local presence or a local authorised representative
- - Company registration and ID for the signatory
- - Service-description form per country
- - RespOrg attestation
- - Intended-use description
- - Robocalling-mitigation statement aligned with FCC requirements
- - ABN or local authorised representative
- - End-user statement of intended use
- - Compliance with ACMA rules on use of mobile-range numbers for non-handset traffic
KYB and business identity
For wholesale accounts we run know-your-business checks before activating outbound termination. The checks are proportionate to the volume and risk profile.
What we collect
- - Company registration extract and tax ID
- - Beneficial-ownership disclosure for owners above 25%
- - Government-issued ID for the responsible signatory
- - Description of intended traffic and target geographies
Who sees it
- - Our internal compliance team (named individuals, audited access).
- - Relevant upstream operators when a country requires it for provisioning. Sharing is limited to what the upstream needs and is logged.
- - Lawful authorities when compelled by a valid order from a competent jurisdiction (see below).
We retain KYB records for the duration of the customer relationship plus the period required by Lithuanian and EU law (currently 5 years after termination for AML records; up to 10 years for accounting records).
A customer may close the account at any time. KYB records remain only for the legally required retention period and are then deleted.
AML and sanctions
- - We do not knowingly carry traffic to or from designated persons or entities on EU, UK, or US sanctions lists.
- - New customers are screened against EU consolidated, UK OFSI, and US OFAC SDN lists at onboarding and rescreened on list updates.
- - Suspicious-activity reporting follows Lithuanian Financial Crime Investigation Service (FCIS) procedure where applicable.
- - A customer found to be sanctioned after onboarding is suspended pending review and reported to the relevant authority.
Data
- - Customer business data (account, invoices, KYB documents) is stored in Hetzner data centres in Germany and replicated within the EU.
- - Edge configuration and short-lived caches are processed by Cloudflare globally; no long-term customer data is stored at the edge.
- - CDRs are stored on EU-resident infrastructure for the period required by Lithuanian retention rules.
- - Access to customer data is limited to named team members and is audited. Production access requires VPN, hardware key, and per-action logging.
- - Data subjects may exercise EU GDPR rights (access, rectification, erasure within retention limits) by writing to [email protected].
Reporting and cooperation
We respond to lawful requests from competent authorities. The applicable jurisdiction is Lithuania.
- - Requests must be served on the operating entity at our registered address or via email to [email protected].
- - Foreign requests must come through Lithuanian channels (mutual legal assistance treaty, EU evidence framework, or equivalent) unless directly applicable under EU regulation.
- - Customers are notified of requests for their data unless a court order specifically prohibits notification.
- - A short transparency note about request volumes is published annually.
Number portability
Where the destination country supports porting, we accept incoming and process outgoing port requests at no markup beyond the upstream pass-through cost.
- - EU domestic porting: typically 5 to 10 business days, subject to losing-carrier response.
- - UK porting: typically 5 business days.
- - US toll-free RespOrg change: typically 3 to 5 business days.
- - Outgoing port requests are processed within one business day of receiving a valid LOA.
Termination quality
Quality targets, monitoring methodology, and the auto-rotation policy are summarised on the voice termination page.
Compliance, legal, or procurement question?
Write to [email protected] for KYB, AML, or sanctions questions; [email protected] for lawful requests and contracts; [email protected] for data-protection matters. A reply lands within one business day.