diff --git a/app/controllers/submit_form_controller.rb b/app/controllers/submit_form_controller.rb
index fcd0fdc8..6cbe16f5 100644
--- a/app/controllers/submit_form_controller.rb
+++ b/app/controllers/submit_form_controller.rb
@@ -7,11 +7,11 @@ class SubmitFormController < ApplicationController
   skip_before_action :authenticate_user!
   skip_authorization_check
 
+  before_action :load_submitter, only: %i[show update completed]
+
   CONFIG_KEYS = [].freeze
 
   def show
-    @submitter = Submitter.find_by!(slug: params[:slug])
-
     submission = @submitter.submission
 
     return redirect_to submit_form_completed_path(@submitter.slug) if @submitter.completed_at?
@@ -50,26 +50,24 @@ class SubmitFormController < ApplicationController
   end
 
   def update
-    submitter = Submitter.find_by!(slug: params[:slug])
-
-    if submitter.completed_at?
+    if @submitter.completed_at?
       return render json: { error: I18n.t('form_has_been_completed_already') }, status: :unprocessable_entity
     end
 
-    if submitter.template.archived_at? || submitter.submission.archived_at?
+    if @submitter.template.archived_at? || @submitter.submission.archived_at?
       return render json: { error: I18n.t('form_has_been_archived') }, status: :unprocessable_entity
     end
 
-    if submitter.submission.expired?
+    if @submitter.submission.expired?
       return render json: { error: I18n.t('form_has_been_expired') }, status: :unprocessable_entity
     end
 
-    if submitter.declined_at?
+    if @submitter.declined_at?
       return render json: { error: I18n.t('form_has_been_declined') },
                     status: :unprocessable_entity
     end
 
-    Submitters::SubmitValues.call(submitter, params, request)
+    Submitters::SubmitValues.call(@submitter, params, request)
 
     head :ok
   rescue Submitters::SubmitValues::RequiredFieldError => e
@@ -80,14 +78,16 @@ class SubmitFormController < ApplicationController
     render json: { error: e.message }, status: :unprocessable_entity
   end
 
-  def completed
-    @submitter = Submitter.completed.find_by!(slug: params[:submit_form_slug])
-  end
+  def completed; end
 
   def success; end
 
   private
 
+  def load_submitter
+    @submitter = Submitter.find_by!(slug: params[:slug] || params[:submit_form_slug])
+  end
+
   def build_attachments_index(submission)
     ActiveStorage::Attachment.where(record: submission.submitters, name: :attachments)
                              .preload(:blob).index_by(&:uuid)
diff --git a/app/controllers/templates_preferences_controller.rb b/app/controllers/templates_preferences_controller.rb
index a9221f7b..78399e6a 100644
--- a/app/controllers/templates_preferences_controller.rb
+++ b/app/controllers/templates_preferences_controller.rb
@@ -25,7 +25,7 @@ class TemplatesPreferencesController < ApplicationController
                       documents_copy_email_attach_documents documents_copy_email_reply_to
                       completed_notification_email_attach_documents
                       completed_redirect_url
-                      submitters_order
+                      submitters_order require_phone_2fa
                       completed_notification_email_subject completed_notification_email_body
                       completed_notification_email_enabled completed_notification_email_attach_audit] +
                       [completed_message: %i[title body],
diff --git a/app/javascript/elements/fetch_form.js b/app/javascript/elements/fetch_form.js
new file mode 100644
index 00000000..b3378a63
--- /dev/null
+++ b/app/javascript/elements/fetch_form.js
@@ -0,0 +1,36 @@
+export default class extends HTMLElement {
+  connectedCallback () {
+    this.form.addEventListener('submit', (e) => {
+      e.preventDefault()
+
+      this.submit()
+    })
+
+    if (this.dataset.onload === 'true') {
+      this.form.querySelector('button').click()
+    }
+  }
+
+  submit () {
+    fetch(this.form.action, {
+      method: this.form.method,
+      body: new FormData(this.form)
+    }).then(async (resp) => {
+      if (!resp.ok) {
+        try {
+          const data = JSON.parse(await resp.text())
+
+          if (data.error) {
+            alert(data.error)
+          }
+        } catch (err) {
+          console.error(err)
+        }
+      }
+    })
+  }
+
+  get form () {
+    return this.querySelector('form')
+  }
+}
diff --git a/app/javascript/form.js b/app/javascript/form.js
index 2e07f033..cbd26d1a 100644
--- a/app/javascript/form.js
+++ b/app/javascript/form.js
@@ -3,11 +3,13 @@ import { createApp, reactive } from 'vue'
 import Form from './submission_form/form'
 import DownloadButton from './elements/download_button'
 import ToggleSubmit from './elements/toggle_submit'
+import FetchForm from './elements/fetch_form'
 
 const safeRegisterElement = (name, element, options = {}) => !window.customElements.get(name) && window.customElements.define(name, element, options)
 
 safeRegisterElement('download-button', DownloadButton)
 safeRegisterElement('toggle-submit', ToggleSubmit)
+safeRegisterElement('fetch-form', FetchForm)
 safeRegisterElement('submission-form', class extends HTMLElement {
   connectedCallback () {
     this.appElem = document.createElement('div')
diff --git a/app/views/submissions/_detailed_form.html.erb b/app/views/submissions/_detailed_form.html.erb
index 37a2a88a..847ac5a8 100644
--- a/app/views/submissions/_detailed_form.html.erb
+++ b/app/views/submissions/_detailed_form.html.erb
@@ -31,7 +31,7 @@
                   </submitters-autocomplete>
                   <submitters-autocomplete data-field="phone">
                     <linked-input data-target-id="<%= "detailed_phone_#{item['linked_to_uuid']}" if item['linked_to_uuid'].present? %>">
-                      <input type="tel" pattern="^\+[0-9\s\-]+$" oninvalid="this.value ? this.setCustomValidity('<%= t('use_international_format_1xxx_') %>') : ''" oninput="this.setCustomValidity('')" name="submission[1][submitters][][phone]" autocomplete="off" class="base-input !h-10 mt-1.5 w-full" placeholder="<%= "#{t('phone')} (#{t('optional')})" %>" id="detailed_phone_<%= item['uuid'] %>">
+                      <%= tag.input type: 'tel', pattern: '^\+[0-9\s\-]+$', oninvalid: "this.value ? this.setCustomValidity('#{t('use_international_format_1xxx_')}') : ''", oninput: "this.setCustomValidity('')", name: 'submission[1][submitters][][phone]', autocomplete: 'off', class: 'base-input !h-10 mt-1.5 w-full', placeholder: local_assigns[:require_phone_2fa] == true ? t(:phone) : "#{t('phone')} (#{t('optional')})", id: "detailed_phone_#{item['uuid']}", required: local_assigns[:require_phone_2fa] == true %>
                     </linked-input>
                   </submitters-autocomplete>
                 </div>
diff --git a/app/views/submissions/new.html.erb b/app/views/submissions/new.html.erb
index 5de57e76..a7bcc8f6 100644
--- a/app/views/submissions/new.html.erb
+++ b/app/views/submissions/new.html.erb
@@ -1,10 +1,11 @@
+<% require_phone_2fa = @template.preferences['require_phone_2fa'] == true %>
 <%= render 'shared/turbo_modal_large', title: params[:selfsign] ? t('add_recipients') : t('add_new_recipients') do %>
-  <% options = [[t('via_email'), 'email'], [t('via_phone'), 'phone'], [t('detailed'), 'detailed'], [t('upload_list'), 'list']].compact %>
+  <% options = [require_phone_2fa ? nil : [t('via_email'), 'email'], require_phone_2fa ? nil : [t('via_phone'), 'phone'], [t('detailed'), 'detailed'], [t('upload_list'), 'list']].compact %>
   <toggle-visible data-element-ids="<%= options.map(&:last).to_json %>" class="relative text-center px-2 mt-4 block">
     <div class="flex justify-center">
       <% options.each_with_index do |(label, value), index| %>
         <div>
-          <%= radio_button_tag 'option', value, value == 'email', class: 'peer hidden', data: { action: 'change:toggle-visible#trigger' } %>
+          <%= radio_button_tag 'option', value, value == (require_phone_2fa ? 'detailed' : 'email'), class: 'peer hidden', data: { action: 'change:toggle-visible#trigger' } %>
           <label for="option_<%= value %>" class="block bg-base-200 md:min-w-[112px] text-sm font-semibold whitespace-nowrap py-1.5 px-4 peer-checked:bg-base-300 <%= 'hidden sm:inline-block' if value == 'list' %> <%= 'rounded-l-3xl' if index.zero? %> <%= 'rounded-r-3xl sm:rounded-r-none' if value == 'detailed' %> <%= 'rounded-r-3xl' if index == options.size - 1 %>">
             <%= label %>
           </label>
@@ -13,14 +14,16 @@
     </div>
   </toggle-visible>
   <div class="px-5 mb-5 mt-4">
-    <div id="email">
-      <%= render 'email_form', template: @template %>
-    </div>
-    <div id="phone" class="hidden">
-      <%= render 'phone_form', template: @template %>
-    </div>
-    <div id="detailed" class="hidden">
-      <%= render 'detailed_form', template: @template %>
+    <% unless require_phone_2fa %>
+      <div id="email">
+        <%= render 'email_form', template: @template %>
+      </div>
+      <div id="phone" class="hidden">
+        <%= render 'phone_form', template: @template %>
+      </div>
+    <% end %>
+    <div id="detailed" class="<%= 'hidden' unless require_phone_2fa %>">
+      <%= render 'detailed_form', template: @template, require_phone_2fa: %>
     </div>
     <div id="list" class="hidden">
       <%= render 'list_form', template: @template %>
diff --git a/app/views/templates_preferences/_form_fields.html.erb b/app/views/templates_preferences/_form_fields.html.erb
new file mode 100644
index 00000000..e69de29b
diff --git a/app/views/templates_preferences/show.html.erb b/app/views/templates_preferences/show.html.erb
index 013e3918..270c6c24 100644
--- a/app/views/templates_preferences/show.html.erb
+++ b/app/views/templates_preferences/show.html.erb
@@ -51,7 +51,7 @@
         <%= form_for @template, url: template_preferences_path(@template), method: :post, html: { autocomplete: 'off', class: 'mt-1' }, data: { close_on_submit: false } do |f| %>
           <toggle-on-submit data-element-id="form_saved_alert"></toggle-on-submit>
           <% configs = AccountConfigs.find_or_initialize_for_key(current_account, AccountConfig::SUBMITTER_COMPLETED_EMAIL_KEY).value %>
-          <%= f.fields_for :preferences, Struct.new(:completed_redirect_url, :completed_message).new(@template.preferences['completed_redirect_url'].presence, Struct.new(:title, :body).new(*(@template.preferences['completed_message'] || {}).values_at('title', 'body'))) do |ff| %>
+          <%= f.fields_for :preferences, Struct.new(:completed_redirect_url, :completed_message, :require_phone_2fa).new(@template.preferences['completed_redirect_url'].presence, Struct.new(:title, :body).new(*(@template.preferences['completed_message'] || {}).values_at('title', 'body')), @template.preferences['require_phone_2fa'] == true) do |ff| %>
             <div class="form-control mb-2">
               <%= ff.label :completed_redirect_url, t('redirect_on_completion_url'), class: 'label' %>
               <%= ff.url_field :completed_redirect_url, required: false, class: 'base-input', dir: 'auto' %>
@@ -64,6 +64,7 @@
                 </autoresize-textarea>
               </div>
             <% end %>
+            <%= render 'templates_preferences/form_fields', ff: %>
           <% end %>
           <div class="form-control pt-2">
             <%= f.button button_title(title: t('save'), disabled_with: t('saving')), class: 'base-button' %>
diff --git a/config/locales/i18n.yml b/config/locales/i18n.yml
index 538480f5..d6f7c3e3 100644
--- a/config/locales/i18n.yml
+++ b/config/locales/i18n.yml
@@ -26,6 +26,11 @@ en: &en
   reply_to: Reply to
   pending_by_me: Pending by me
   partially_completed: Partially completed
+  require_phone_2fa_to_open: Require phone 2FA to open
+  the_sender_has_requested_a_two_factor_authentication_via_one_time_password_sent_to_your_html: The sender has requested a two factor authentication via one time password sent to your <b>%{phone}</b> phone number.
+  send_verification_code: Send verification code
+  code_has_been_resent: Code has been re-sent
+  invalid_code: Invalid code
   unarchive: Unarchive
   signed: Signed
   first_party: 'First Party'
@@ -788,6 +793,11 @@ en: &en
       read: Read your data
 
 es: &es
+  require_phone_2fa_to_open: Requiere 2FA por teléfono para abrir
+  the_sender_has_requested_a_two_factor_authentication_via_one_time_password_sent_to_your_html: El remitente ha solicitado una autenticación de dos factores mediante una contraseña de un solo uso enviada a su número de teléfono <b>%{phone}</b>.
+  send_verification_code: Enviar código de verificación
+  code_has_been_resent: El código ha sido reenviado
+  invalid_code: Código inválido
   always_enforce_signing_order: Siempre imponer el orden de firma
   bcc_recipients: Destinatarios CCO
   edit_per_party: Editar por parte
@@ -1558,6 +1568,11 @@ es: &es
       read: Leer tus datos
 
 it: &it
+  require_phone_2fa_to_open: Richiedi l'autenticazione a due fattori tramite telefono per aprire
+  the_sender_has_requested_a_two_factor_authentication_via_one_time_password_sent_to_your_html: Il mittente ha richiesto un'autenticazione a due fattori tramite una password monouso inviata al tuo numero di telefono <b>%{phone}</b>.
+  send_verification_code: Invia codice di verifica
+  code_has_been_resent: Il codice è stato inviato di nuovo
+  invalid_code: Codice non valido
   always_enforce_signing_order: Applicare sempre l'ordine di firma
   bcc_recipients: Destinatari BCC
   edit_per_party: Modifica per partito
@@ -2327,6 +2342,11 @@ it: &it
       read: Leggi i tuoi dati
 
 fr: &fr
+  require_phone_2fa_to_open: Requiert une 2FA par téléphone pour ouvrir
+  the_sender_has_requested_a_two_factor_authentication_via_one_time_password_sent_to_your_html: L'expéditeur a demandé une authentification à deux facteurs via un mot de passe à usage unique envoyé à votre numéro de téléphone <b>%{phone}</b>.
+  send_verification_code: Envoyer le code de vérification
+  code_has_been_resent: Le code a été renvoyé
+  invalid_code: Code invalide
   always_enforce_signing_order: Toujours appliquer l'ordre de signature
   bcc_recipients: Destinataires en CCI
   edit_per_party: Éditer par partie
@@ -3098,6 +3118,11 @@ fr: &fr
       read: Lire vos données
 
 pt: &pt
+  require_phone_2fa_to_open: Necessário autenticação de dois fatores via telefone para abrir
+  the_sender_has_requested_a_two_factor_authentication_via_one_time_password_sent_to_your_html: O remetente solicitou uma autenticação de dois fatores via senha de uso único enviada para seu número <b>%{phone}</b>.
+  send_verification_code: Enviar código de verificação
+  code_has_been_resent: Código foi reenviado
+  invalid_code: Código inválido
   always_enforce_signing_order: Sempre impor a ordem de assinatura
   bcc_recipients: Destinatários BCC
   edit_per_party: Edita por festa
@@ -3869,6 +3894,11 @@ pt: &pt
       read: Ler seus dados
 
 de: &de
+  require_phone_2fa_to_open: Telefon-2FA zum Öffnen erforderlich
+  the_sender_has_requested_a_two_factor_authentication_via_one_time_password_sent_to_your_html: Der Absender hat eine Zwei-Faktor-Authentifizierung per Einmalpasswort angefordert, das an Ihre <b>%{phone}</b>-Telefonnummer gesendet wurde.
+  send_verification_code: Bestätigungscode senden
+  code_has_been_resent: Code wurde erneut gesendet
+  invalid_code: Ungültiger Code
   always_enforce_signing_order: Immer die Reihenfolge der Unterschriften erzwingen
   bcc_recipients: BCC-Empfänger
   edit_per_party: Bearbeiten pro Partei
@@ -4639,6 +4669,11 @@ de: &de
       read: Lese deine Daten
 
 pl:
+  require_phone_2fa_to_open: Wymagaj uwierzytelniania telefonicznego 2FA do otwarcia
+  the_sender_has_requested_a_two_factor_authentication_via_one_time_password_sent_to_your_html: Nadawca zażądał uwierzytelnienia dwuetapowego poprzez jednorazowe hasło wysłane na Twój <b>%{phone}</b> numer telefonu.
+  send_verification_code: Wyślij kod weryfikacyjny
+  code_has_been_resent: Kod został wysłany ponownie
+  invalid_code: Niepoprawny kod
   awaiting_completion_by_the_other_party: "Oczekuje na dokończenie przez drugą stronę"
   view: Widok
   hi_there: Cześć,
@@ -4698,6 +4733,11 @@ pl:
   resend_code: Wyślij Kod Ponownie
 
 uk:
+  require_phone_2fa_to_open: Вимагати двофакторну автентифікацію через телефон для відкриття
+  the_sender_has_requested_a_two_factor_authentication_via_one_time_password_sent_to_your_html: Відправник запросив двофакторну автентифікацію за допомогою одноразового пароля, відправленого на ваш номер телефону <b>%{phone}</b>.
+  send_verification_code: Надіслати код підтвердження
+  code_has_been_resent: Код повторно надіслано
+  invalid_code: Невірний код
   awaiting_completion_by_the_other_party: "Очікує завершення з боку іншої сторони"
   view: Переглянути
   hi_there: Привіт,
@@ -4757,6 +4797,11 @@ uk:
   resend_code: Відправити код знову
 
 cs:
+  require_phone_2fa_to_open: Vyžadovat otevření pomocí telefonního 2FA
+  the_sender_has_requested_a_two_factor_authentication_via_one_time_password_sent_to_your_html: Odesílatel požádal o dvoufaktorové ověření pomocí jednorázového hesla zaslaného na vaše telefonní číslo <b>%{phone}</b>.
+  send_verification_code: Odeslat ověřovací kód
+  code_has_been_resent: Kód byl znovu odeslán
+  invalid_code: Neplatný kód
   awaiting_completion_by_the_other_party: "Čeká se na dokončení druhou stranou"
   view: Zobrazit
   hi_there: Ahoj,
@@ -4816,6 +4861,11 @@ cs:
   resend_code: Znovu Odeslat Kód
 
 he:
+  require_phone_2fa_to_open: דרוש אימות דו-שלבי באמצעות טלפון לפתיחה
+  the_sender_has_requested_a_two_factor_authentication_via_one_time_password_sent_to_your_html: השולח ביקש אימות דו-שלבי באמצעות סיסמה חד פעמית שנשלחה למספר הטלפון שלך <b>%{phone}</b>.
+  send_verification_code: שלח קוד אימות
+  code_has_been_resent: הקוד נשלח מחדש
+  invalid_code: קוד שגוי
   awaiting_completion_by_the_other_party: "המתנה להשלמה מצד הצד השני"
   view: תצוגה
   hi_there: שלום,
@@ -4875,6 +4925,11 @@ he:
   resend_code: שלח קוד מחדש
 
 nl:
+  require_phone_2fa_to_open: Vereis telefoon 2FA om te openen
+  the_sender_has_requested_a_two_factor_authentication_via_one_time_password_sent_to_your_html: De afzender heeft gevraagd om tweefactorauthenticatie via een eenmalig wachtwoord, verzonden naar uw <b>%{phone}</b> telefoonnummer.
+  send_verification_code: Verificatiecode verzenden
+  code_has_been_resent: Code is opnieuw verzonden
+  invalid_code: Invalid code
   awaiting_completion_by_the_other_party: "In afwachting van voltooiing door de andere partij"
   view: Bekijken
   hi_there: Hallo,
@@ -4934,6 +4989,11 @@ nl:
   resend_code: Code Opnieuw Verzenden
 
 ar:
+  require_phone_2fa_to_open: "تطلب فتح عبر تحقق الهاتف ذو العاملين"
+  the_sender_has_requested_a_two_factor_authentication_via_one_time_password_sent_to_your_html: "المرسل طلب تحقق ذو عاملين عبر كلمة مرور لمرة واحدة مرسل إلى رقم هاتفك <b>%{phone}</b>."
+  send_verification_code: "إرسال رمز التحقق"
+  code_has_been_resent: "تم إعادة إرسال الرمز"
+  invalid_code: "رمز غير صالح"
   awaiting_completion_by_the_other_party: "في انتظار إكتمال الطرف الآخر"
   view: عرض
   hi_there: مرحبا,
@@ -4993,6 +5053,11 @@ ar:
   resend_code: إعادة إرسال الرمز
 
 ko:
+  require_phone_2fa_to_open: 휴대폰 2FA를 열 때 요구함
+  the_sender_has_requested_a_two_factor_authentication_via_one_time_password_sent_to_your_html: 발신자가 <b>%{phone}</b> 전화번호로 보내진 일회용 비밀번호를 통해 이중 인증을 요청했습니다.
+  send_verification_code: 인증 코드 보내기
+  code_has_been_resent: 코드가 재전송되었습니다.
+  invalid_code: 잘못된 코드
   awaiting_completion_by_the_other_party: "다른 당사자의 완료를 기다리고 있습니다"
   view: 보기
   hi_there: 안녕하세요,
diff --git a/lib/api_path_consider_json_middleware.rb b/lib/api_path_consider_json_middleware.rb
index 48bb1b0a..013c2ee4 100644
--- a/lib/api_path_consider_json_middleware.rb
+++ b/lib/api_path_consider_json_middleware.rb
@@ -8,7 +8,9 @@ class ApiPathConsiderJsonMiddleware
   def call(env)
     if env['PATH_INFO'].starts_with?('/api') &&
        (!env['PATH_INFO'].ends_with?('/documents') || env['REQUEST_METHOD'] != 'POST') &&
-       !env['PATH_INFO'].ends_with?('/attachments')
+       !env['PATH_INFO'].ends_with?('/attachments') &&
+       !env['PATH_INFO'].ends_with?('/submitter_sms_clicks') &&
+       !env['PATH_INFO'].ends_with?('/submitter_email_clicks')
       env['CONTENT_TYPE'] = 'application/json'
     end