REMINDER: Small Voice Providers Must Implement STIR/SHAKEN for IP Portion of Network by June 30, 2023 Non-IP Networks Subject to Continuing Extension Also FCC Expands Call Authentication and Mitigation Requirements and Adopts Enforcement Mechanisms

This is a reminder that facilities-based small voice providers1 must implement the STIR/SHAKEN (S/S)2 caller ID framework in their Interconnected Protocol (IP) networks no later than June 30, 2023. The FCC continues to grant voice service providers an ongoing extension of the implementation deadline for the non-IP portions of their networks, subject to certain requirements, including implementing a robocall mitigation program and registering in the Robocall Mitigation Database (RMD). All voice service providers remain subject to the prohibition on accepting calls directly from domestic voice providers, foreign voice providers, and gateway providers that are not listed in the RMD.

In a 6th Report and Order, the FCC also expanded certain S/S authentication and mitigation requirements in its continuing effort to protect Americans from unwanted and illegal robocalls.

Expanded RMD Requirements: All providers will be required to report on and certify to additional information in the RMD. The deadline for compliance with these requirements will be 30 days following Federal Register publication of Office of Management and Budget approval of the information collection in the new requirements, or by any deadline set by the Wireline Competition Bureau in a Public Notice.

New Enforcement Provisions: All providers will become subject to new enforcement provisions for violation of the S/S requirements, specifically monetary forfeitures for failure to block traffic in accordance with FCC rules, expedited removal from the RMD for facially deficient certifications, and revocation of Section 214 authority and other authorizations for repeat offenders of the FCC’s robocall mitigation rules.

New Mitigation Requirements: Intermediate providers3 and voice service providers without the facilities to implement S/S (i.e., non-IP networks) must take reasonable steps to mitigate illegal robocalls and must report on and certify such mitigation techniques in the RMD. Providers subject to these requirements must comply within 60 days following the publication of the Order in the Federal Register.

New Authentication Requirements: The first non-gateway4 intermediate provider in a call path must capture and authenticate calls that are not authenticated by originating providers. Providers subject to this requirement must comply no later than December 31, 2023.

New Prohibitions: Non-gateway intermediate providers will become subject to the prohibition on accepting traffic from providers that are not listed in the RMD. The compliance deadline for this requirement will be no sooner than 90 days following the deadline for non-gateway intermediate providers to submit certification of their robocalling mitigation efforts in the RMD.

Please contact Robin Tuttle at [email protected] or Greg Whiteaker at [email protected] if you have any questions about the approaching June 30 deadline for small voice providers or if you would like additional detail on the new S/S requirements and enforcement provisions.
[1] Small voice providers are providers with fewer than 100,000 subscribers.
[2] Secure Telephony Identity Revisited / Signature-based Handling of Asserted information using toKENs.
[3] An “intermediate provider” is any entity that carries or processes traffic that traverses or will traverse the public switched telephone network at any point insofar as that entity neither originates nor terminates that traffic.
[4] A “gateway provider” is a U.S.-based intermediate provider that receives a call directly from a foreign originating provider or foreign intermediate provider at its U.S.-based facilities before transmitting the call downstream to another U.S.-based provider.