STI-GA Announces Update of SPC Token Access Policy: Voice Service Providers Without Direct Access to Telephone Numbers May Now Apply for STIR/SHAKEN Certificate

On May 10, 2021, the FCC issued a Public Notice stating that the Secure Telephone Identity Governance Authority (“STI-GA”) has issued a change in its Service Provider Code (“SPC”) Token Access Policy. Under the new policy, effective immediately, a voice service provider (“VSP”) that lacks the certificate necessary for participation in STIR/SHAKEN caller ID authentication program does not need direct access to telephone numbers to obtain that certificate and instead must, among other things, be listed in the Commission’s Robocall Mitigation Database. Under the previous policy, an entity seeking a certificate must “have direct access to telephone numbers from the North American Numbering Plan Administrator . . . and National Pooling Administrator.”

The revised SPC Token Access Policy requires that VSPs seeking to register with the STI-Policy Administrator (“STI-PA”) for certification meet three criteria:

  1. Have a current form 499A on file with the FCC;
  2. Have been assigned an Operating Company Number (“OCN”); and
  3. Have certified with the FCC that they have implemented STIR/SHAKEN or comply with the Robocall Mitigation Program requirements and are listed in the FCC’s Robocall Mitigation Database.

The STI-GA has further determined that the initial SPC token Access Policy, which required “direct access to telephone numbers from the North American Number Plan Administrator (“NANPA”) and National Pooling Administrator (“NPA”), will also remain in effect until June 30, 2021. What this means is that VSPs that have already obtained SPC tokens under the initial SPC Token Access Policy must meet the revised criteria within 30 days of the FCC certification filing deadline. Any such previously authorized service provider that has not certified with the FCC by June 30, 2021, risks having its SPC token revoked.

As a result of the STI-GA’s policy change, VSPs that previously were unable to obtain a certificate due to a lack of direct access to numbers must now “diligently pursue” a certificate by registering in the Robocall Mitigation Database and then seeking a certificate from a Secure Telephone Identity Certification Authority (“STI-CA”). 


The CommLaw Group Can Help!

Given the complexity and evolving nature of the FCC’s rules, regulations and industry policies & procedures around Robocall Mitigation and Compliance issues (e.g., Stir/Shaken, TRACED Act, FCC Rules & Regulations, US Telecom Industry group, ATIS, NECA, VoIP Numbering Waivers, Know Your Customer (effective May 6, 2021) and the private sector ecosystem), and anticipating the potential torrent of client questions and concerns, The CommLaw Group formed a “Robocall Mitigation Response Team” to help clients (old and new) tackle their unique responsibilities.  The potential blocking of your company’s voice (and other) traffic due to non-compliance is very real, and very scary.  Your company must be certain it achieves sufficient comfort knowing that it is doing everything it can, as efficiently and intelligently as it can, to achieve the level of compliance needed to avoid sleepless nights as the June 30, 2021 deadline approaches.   


Rob Jackson – Tel: 703-714-1316 / E-mail:
Ron Quirk – Tel: (703) 714-1305 / E-mail: 


ATTORNEY ADVERTISING DISCLAIMER: This information may be considered advertising in some jurisdictions under the applicable law and ethical rules. The determination of the need for legal services and the choice of a lawyer are extremely important decisions and should not be based solely upon advertisements or self-proclaimed expertise. No representation is made that the quality of the legal services to be performed is greater than the quality of legal services performed by other lawyers