Federal Communications Commission DA 23-458 DA 23-458 Released: May 30, 2023 WIRELINE COMPETITION BUREAU REMINDS FACILITIES-BASED SMALL VOICE SERVICE PROVIDERS AND GATEWAY PROVIDERS OF STIR/SHAKEN IMPLEMENTATION DEADLINES WC Docket No. 17-97 This Public Notice reminds facilities-based small voice service providers and gateway providers not subject to an extension that they must implement the STIR/SHAKEN caller ID authentication framework in their Internet Protocol (IP) networks no later than June 30, 2023. See 47 CFR §§ 64.6302(c); 64.6304(a)(1); Call Authentication Trust Anchor, WC Docket No. 17-97, Fourth Report and Order, FCC 21-122, at 7, para. 14 (Dec. 10, 2021) (Small Provider Order); Advanced Methods to Target and Eliminate Unlawful Robocalls, Call Authentication Trust Anchor, CG Docket No. 17-59, WC Docket No. 17-97, Sixth Report and Order, Fifth Report and Order, Order on Reconsideration, Order, Seventh Further Notice of Proposed Rulemaking, Fifth Further Notice of Proposed Rulemaking, FCC 22-37, at 28, para. 59 (May 20, 2022) (Gateway Provider Order). Like voice service providers, gateway providers must either upgrade non-IP portions of their networks to IP and fully implement STIR/SHAKEN, or work with a working group, standards group, or consortium to develop a non-IP caller ID authentication solution. See 47 CFR § 64.6303; Gateway Provider Order at 29, para. 62. In March 2020, the Commission adopted rules pursuant to the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act, Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act, Pub. L. No. 116-105, 133 Stat. 3274 (codified at 47 U.S.C. § 227(b)) (2019). requiring voice service providers to implement STIR/SHAKEN caller ID authentication technology in the IP portions of their networks by June 30, 2021. Call Authentication Trust Anchor; Implementation of TRACED Act Section 6(a)—Knowledge of Customers by Entities with Access to Numbering Resources, WC Docket Nos. 17-97 and 20-67, Report and Order and Further Notice of Proposed Rulemaking, 35 FCC Rcd 3241, 3252, 3257-58, paras. 24, 32-35 (2020); see 47 CFR § 64.6301. In September 2020, the Commission granted extensions for compliance with this deadline to certain classes of providers, Call Authentication Trust Anchor, WC Docket No. 17-97, Second Report and Order, 36 FCC Rcd 1859, 1876, para. 38 (2020) (Second Caller ID Authentication Report and Order). The Commission granted the following implementation extensions: (1) a two-year extension to small voice service providers; (2) an extension to voice service providers that cannot obtain a digital certificate needed to authenticate caller ID information due to the Governance Authority’s Service Provider Code (SPC) token access policy until such provider is able to obtain a certificate; (3) a one-year extension to services scheduled for section 214 discontinuance; and (4) as required by the TRACED Act, an extension for the parts of a voice service provider’s network that rely on technology that cannot initiate, maintain, and terminate SIP calls until a solution for such calls is reasonably available. Id. including a two-year extension for small voice service providers (those with 100,000 or fewer voice subscriber lines), Second Caller ID Authentication Report and Order, 36 FCC Rcd at 1877, para. 40. and required providers with an extension to implement robocall mitigation programs. Id. at 1897, para. 74. Based on “overwhelming record support and available evidence showing that non-facilities-based small voice service providers are originating a large and disproportionate amount of robocalls,” Small Provider Order at 5, para. 9. The Commission defines a voice service provider as “non-facilities based” if it offers voice service to end-users solely using connections that are not sold by the provider or its affiliates. Id. at 9, para. 19; see also 47 CFR 64.6300(h). the Commission subsequently shortened the extension for this subset of small voice service providers by one year to June 30, 2022, while maintaining the full extension until June 30, 2023 for those small voice service providers that are facilities-based. In May 2022, the Commission extended caller ID authentication and robocall mitigation obligations to gateway providers. Gateway Provider Order at 28, para. 59; see also 47 CFR § 64.6300(d) (defining “gateway provider” as a “U.S.-based intermediate provider that receives a call directly from a foreign originating provider or foreign intermediate provider at its U.S.-based facilities before transmitting the call downstream to another U.S.-based provider”). Pursuant to these rules, as of January 11, 2023, gateway providers were required to develop and implement robocall mitigation programs with respect to calls that are carrying a U.S. number in the caller ID field. See 47 CFR § 64.6305(b); Gateway Provider Order at 15, 16, paras. 32, 34; Wireline Competition Bureau Announces Deadlines for Gateway Provider Robocall Mitigation Requirements and Additional Compliance Dates and Filing Instructions, WC Docket No. 17-97, Public Notice, DA 22-1303, at 2 (WCB Dec. 12, 2022). By June 30, 2023, gateway providers must use STIR/SHAKEN to authenticate unauthenticated Session Initiation Protocol (SIP) traffic carrying a U.S. North American Numbering Plan (NANP) number in the caller ID field. 47 CFR § 64.6302(c); see also Gateway Provider Order at 28, para. 59. The Commission granted extensions for compliance with this deadline to two classes of gateway providers—those that cannot obtain a SPC token, and those whose networks, or parts thereof, rely on non-IP technology. See Gateway Provider Order at 29, paras. 61-62; 47 CFR § 64.6304(b), (d). Facilities-based small voice service providers and gateway providers must update their certifications and associated filings in the Robocall Mitigation Database within 10 business days of completion of STIR/SHAKEN implementation. 47 CFR § 64.6305(c)(5), (d)(5); see also Second Caller ID Authentication Report and Order, 36 FCC Rcd at 1903, para. 85 (“We also require voice service providers to submit to the Commission via the appropriate portal any necessary updates to the information they filed in the certification process within 10 business days.”); Small Provider Order at 12, para. 24; Gateway Provider Order at 19, para. 41. Facilities-based small voice service providers and gateway providers that fail to implement the STIR/SHAKEN authentication framework by June 30, 2023, or to update their certifications and associated filings in the Robocall Mitigation Database accordingly, may be subject to appropriate enforcement action. 47 U.S.C. § 503(b); see also Second Caller ID Authentication Report and Order, 36 FCC Rcd at 1903, para. 83 (“If we find that a certification is deficient in some way . . . we may take enforcement action as appropriate. Enforcement actions may include, among others . . . imposition of a forfeiture.”); Small Provider Order at 14, para. 26; Gateway Provider Order at 18, para. 40. Contact Information. For further information, please contact Erik Beith, Wireline Competition Bureau, Competition Policy Division, at (202) 418-0756 or by email at Erik.Beith@fcc.gov. - FCC - 2