Washington, DC – March 16, 2023 – The Federal Communications Commission today adopted its latest rules to combat illegal robocalls, including by enhancing and expanding provider obligations to implement the STIR/SHAKEN caller ID authentication framework. Today’s action will build on FCC and industry success in implementing the framework used to trace back, block, and/or identify originators of illegal spoofed robocalls.
The new rules will require intermediate providers that receive unauthenticated IP calls directly from domestic originating providers to use STIR/SHAKEN to authenticate those calls. Although STIR/SHAKEN has been widely implemented under FCC rules, some originating providers are not capable of using the framework. In other cases, unscrupulous originating providers may deliberately fail to authenticate calls. By requiring the next provider in the call path to authenticate those calls, the FCC closes a gap in the caller ID authentication regime and facilitates government and industry efforts to identify and block illegal robocalls.
In addition, the new rules will expand robocall mitigation requirements for all providers. All providers, regardless of their STIR/SHAKEN implementation status, will now be required to take “reasonable steps” to mitigate illegal robocall traffic and submit a certification and mitigation plan to the FCC’s Robocall Mitigation Database. These filings will now also include additional details on a provider’s role in the call chain, STIR/SHAKEN implementation obligations, and any recent formal law enforcement or regulatory action or investigation into suspected unlawful robocalling.
Lastly, the Report and Order adopted today will further improve the FCC’s robocall enforcement tools. Specifically, the FCC made clear that violations of its mandatory blocking rules could result in substantial fines using per call forfeiture calculations. The rules also apply procedures for removal from the Robocall Mitigation Database to all intermediate providers and an expedited removal process for providers submitting facially deficient certifications. The new rules also establish enforcement consequences for repeat offenders of robocall mitigation rules.
The Commission also adopted a Further Notice of Proposed Rulemaking today which seeks to continue to build a record on which the agency can take still further steps in the future to enhance its robocall protections for consumers.
The use of STIR/SHAKEN in FCC robocall efforts was initially raised in the 2016 report from a special strike force established at the time. From there, a rulemaking proceeding was launched in 2017 resulting in 2020 rules establishing a mandate for most types of voice service providers to use the standard in caller ID authentication. By July 2021, STIR/SHAKEN was broadly implemented by providers, subject to limited implementation extensions. The implementation extension for non-facilities-based small providers expired on June 30, 2022, and the implementation extension for facilities-based small providers will expire on June 30, 2023. In May 2022, the Commission adopted rules applying STIR/SHAKEN implementation obligations to gateway providers that serve as on-ramps for international call traffic into American networks. The Report and Order adopted today continues this impactful work. For more information, visit: https://www.fcc.gov/call-authentication.
Action by the Commission March 16, 2023 by Report and Order and Further Notice of Proposed Rulemaking (FCC 23-18). Chairwoman Rosenworcel, Commissioners Carr, Starks, and Simington approving. Chairwoman Rosenworcel and Commissioner Starks issuing separate statements.