[yupyupyups]

This is not about individual network operators making the choice by themselves, rather they are many times compelled to do so by law.

This is partucularly problematic when it comes to mobile services as they allow people to be tracked.

[immibis]

AFAIK network operators are no longer required to know their customer, but may still choose to do so. They're required to cooperate with law enforcement investigations. This doesn't seem like "cooperation" in this case, but rather "police just barge in and take all your stuff" and they probably could win a civil case against the police to get their equipment back or its monetary value, as well as lost revenue. Europe generally has higher rule of law than USA, so there's less chance a judge could say "your business sounds shady so you don't win this case."

The recent EU-wide Digital Services Act has generous liability protections for "mere conduits". A mere conduit is anyone who is just getting traffic from A to B, unless they are A or B themselves. Even though in this case their cellphone operator may think they are originators of traffic, if they are a relay business (and not spammers themselves) then they are mere conduits and protected from liability*. Of course they must still cooperate with law enforcement to track down the source of the spam, but they are not required to pre-emptively KYC. Having their office raided and all their equipment stolen doesn't sound like "cooperating" to me.

* their cellphone company probably has the right to terminate these SIM contracts, and may also sue for damages, but I suspect the damages would be something like the difference between their actual cost of SIM cards and the EU-prescribed maximum wholesale rate for sending texts, which is likely a negative number.