Final gateway provider SHAKEN rules published

The new STIR/SHAKEN and robocall rules for gateway providers are now published and final. Here’s an overview of the final version.

Gateway provider definition

The rule defines the gateway provider as a U.S.-based provider that receive a call directly from a foreign provider. The foreign provider can be any intermediate or originating provider.

If you’re a U.S.-based provider and you receive a call with a U.S.-NANP calling number directly from a foreign provider, then you are subject to these rules. (Note: a foreign affiliate of a U.S.-based provider is not a foreign provider under this definition.)

Gateway provider rules

1.Implement STIR/SHAKEN and authenticate unsigned calls with a U.S. calling number received from foreign providers.
2.Register in the Robocall Mitigation Database (RMD).
3.Implement a Robocall Mitigation Program, including:
 a.24-hour traceback response
 b.Mandatory blocking of illegal traffic when notified by the Commission and calls with calling numbers that appear on a reasonable DNO (Do Not Originate) list
 c.Know Your Upstream Provider—take reasonable and effective steps to ensure that the immediate upstream foreign provider is not using the gateway provider to carry illegal traffic
 d.Mitigate illegal robocalls—a “general mitigation standard” that requires gateway providers to mitigate illegal robocalls regardless of whether they have fully implemented STIR/SHAKEN


The SHAKEN implementation deadline is June 30, 2023. (The robocall mitigation rules deadline was later set at December 19, 2022.)

Noteworthy highlights

There are a few items in the final order that deserve special mention.

Gateway, or intermediate?

Intermediate and terminating service providers are prohibited from accepting traffic from gateway providers that do not have a RMD filing.

Some providers act as a gateway provider for some calls and an intermediate provider for others. How does a downstream provider know whether the provider was acting as a gateway provider or as an intermediate provider for a particular call?

The final rule says downstream providers are required to block calls from providers that act as gateway providers for some calls. The downstream provider doesn’t have to know whether the provider was acting as a gateway provider for a particular call.

In a related ruling, intermediate provider RMD listings imported from the Rural Call Completion Intermediate Provider Registry are not sufficient to meet gateway provider filing requirements.

DNO blocking

The final rule requires gateway providers to block calls based upon a reasonable Do-Not-Originate (DNO) list. It does not mandate a specific list. The rule says the current list maintained by the Industry Traceback Group is reasonable. However, since this list is not under the Commission’s control, the rule does not make the ITG DNO list presumptively reasonable going forward.

The FCC had been urged to allow providers to satisfy the DNO mandate if they already use a DNO list somewhere else in their network, but not at their gateways. The final rule does not allow this. Such providers will have to use a reasonable DNO list at their gateways too.

Know your upstream provider

The final rule kept the know your upstream provider robocall mitigation requirement. However, it does not specify how this must be done. The proposed ruling had asked about requiring contractual provisions to satisfy the know your upstream provider mandate, but the final rule does not include such a requirement.

The full text of the Gateway Provider Rule is available online.

paragraph section

TransNexus solutions

TransNexus is a leader in developing innovative software to manage and protect telecommunications networks. The company has over 20 years’ experience in providing telecom software solutions including toll fraud prevention, robocall mitigation and prevention, TDoS prevention, analytics, routing, billing support, STIR/SHAKEN and SHAKEN certificate services.

Contact us today to learn more.

Request information

* required

This information will only be used to respond to your inquiry. TransNexus will not share your data with any third parties. We will retain your information for as long as needed to retain a record of your inquiry. For more information about how we use personal data, please see our privacy statement.

This article was updated on May 26, 2022 as follows:

  • The deadline for RMD registration was 30 days after publication in the Federal Register. This was changed to 30 days after Federal Register notice of OMB approval.