FCC to vote on new robocall rules for gateway providers

The FCC announced that they will vote in their next meeting to require gateway providers to implement STIR/SHAKEN and perform robocall mitigation. Let’s review the specific rules, proposed deadlines, and possible last-minute changes.

Proposed rules

In these rules, which were introduced on October 1, 2021, gateway providers must:

  1. Authenticate caller ID information using STIR/SHAKEN for SIP calls with U.S. calling numbers
  2. Implement a robocall mitigation plan, which includes:
    1. Respond to traceback requests within 24 hours
    2. Mandatory call blocking when notified the Enforcement Bureau
    3. Implement “Know Your Customer” policies
    4. Adopt contractual provisions for robocall mitigation
    5. Adhere to a general mitigation standard for illegal robocalls
  3. File a certification in the Robocall Mitigation Database (RMD)

The rules apply to gateway service providers. A gateway provider is defined as:

The first U.S.-based intermediate provider in the call path of a foreign-originated call that transmits the call directly to another intermediate provider or a terminating voice service provider in the United States.

The Commission has scheduled a vote on these rules during their open meeting on May 19, 2022.

Compliance deadlines

The proposed compliance deadlines were:

  • STIR/SHAKEN implementation by March 1, 2023
  • Robocall mitigation plan and RMD filing, 30 days after publication of the adopted rules in the Federal Register.
    • For example, if the rules are adopted on May 19, 2022, and published in the Federal Register on June 10, then the compliance deadline for the robocall mitigation rules would be July 10, 2022. (This is hypothetical—there’s no fixed timeline for publication of new rules in the Federal Register.)

Which rules will survive?

There has been an ongoing debate on the proposed rules. Here are a few examples, along with our guesses for what might happen. Place your bets.

  • Several argued that there would be little benefit to having gateway providers sign calls. Since gateway providers don’t know the call originators or their calling numbers, the calls would be signed with C attestation.
    • From the press release, it appears that the STIR/SHAKEN requirement will survive.
  • Several argued that Know-Your-Customer is impossible if the customer is the call originator. It would work, however, if the customer is the next upstream provider.
    • The proposed rules suggested the customer could be either the call originator or next upstream provider. It seems likely that this provision would survive with the customer defined as the next upstream provider.
  • Several objected to the 24-hour traceback requirement. They argued that that isn’t enough time for international call traceback.
    • Since the traceback process only requires a provider to identify the next upstream provider, it seems unlikely that this object will hold up.
question mark lit up

What about the compliance deadlines?

Will the adopted rules require STIR/SHAKEN implementation by March 23, 2023?

We have no idea. It’s certainly possible for a provider to implement STIR/SHAKEN in much less time. We have lots of experience helping providers do this.

However, the Commission has been very accommodating in allowing more than ample time to implement STIR/SHAKEN. They’re worried about imposing an undue burden on providers, especially small providers.

So, we don’t know when the final SHAKEN compliance deadline will land.

The 30-day deadlines for robocall mitigation might seem fast. However, we must allow another three weeks or so for the rules to be published. Providers could be looking at a two-month runway to robocall mitigation compliance. That seems doable, except for new contractual provisions, which might take some time.

TransNexus solutions

TransNexus is a leader in developing innovative software to manage and protect telecommunications networks. The company has over 20 years’ experience in providing telecom software solutions including toll fraud prevention, robocall mitigation and prevention, TDoS prevention, analytics, routing, billing support, STIR/SHAKEN and SHAKEN certificate services.

Contact us today to learn more.

Request information

* required

This information will only be used to respond to your inquiry. TransNexus will not share your data with any third parties. We will retain your information for as long as needed to retain a record of your inquiry. For more information about how we use personal data, please see our privacy statement.