FCC Corrects Course, Outlines Improved Cybersecurity Measures Agency Revokes Unlawful Decision and Repositions Agency for Effective and Agile Cybersecurity Responsiveness WASHINGTON, November 20, 2025—The Federal Communications Commission today took action to correct course and rescind an unlawful and ineffective prior Declaratory Ruling misconstruing the Communications Assistance for Law Enforcement Act (CALEA). The Order also withdraws an NPRM that accompanied that Declaratory Ruling, which was based in part on the Declaratory Ruling’s flawed legal analysis and proposed ineffective cybersecurity requirements. Today’s action follows months-long engagement with communications service providers where they have demonstrated a strengthened cybersecurity posture following Salt Typhoon. Foreign adversaries and other bad actors have repeatedly launched cyberattacks targeting American communications networks. Over the past several months, the agency has engaged with providers that have agreed to take “extensive, urgent, and coordinated efforts to mitigate operational risks, protect consumers, and preserve national security interests” against the range of cyberattacks that target their networks. Today’s action reinforces this commitment going forward. Since January, the Commission has taken a series of actions to harden communications networks and improve their security posture to enhance the agency’s investigative process into communications networks outages that result from cyber incidents. The Commission established a Council on National Security to facilitate the Commission’s engagement with national security partners and mitigate America’s vulnerabilities to cyberattacks, espionage, and surveillance by foreign adversaries. It has also adopted targeted rules to address the greatest cybersecurity risks to critical communications infrastructure without imposing inflexible and ambiguous requirements, for example requiring submarine cable licensees to create and implement cybersecurity risk management plans. The FCC has also adopted rules to ban “bad labs” in the FCC’s equipment authorization program to ensure no such entities are subject to untrustworthy actors that pose a risk to national security. Action by the Commission November 20, 2025 by Order on Reconsideration (FCC 25-81). Chairman Carr and Commissioner Trusty approving. Commissioner Gomez dissenting. Chairman Carr, Commissioners Gomez and Trusty issuing separate statements. PS Docket No. 22-329 ### Media Contact: MediaRelations@fcc.gov / (202) 418-0500 @FCC / www.fcc.gov