On August 1 2022, the Federal Communications Commission (“FCC”) initiated an e-mail blast to “non-facilities-based” voice service providers (“VSPs”) that are not listed in the Robocall Mitigation Database as STIR/SHAKEN compliant; directing that they must be fully compliant by August 31, 2022. Those VSPs that are not compliant by that date will be subject to an investigation and possibly severe sanctions by the FCC’s Enforcement Bureau.
As stated in our March 22 client advisory, all non-facilities-based VSPs (i.e., those that offer voice services to end-users solely using connections that are not sold by the provider or its affiliates) are required to fully implement STIR/SHAKEN in the IP portions of their networks by June 30, 2022. The FCC is now prioritizing enforcement of that deadline.
The FCC’s subject emails state, in pertinent part, that “[b]ased on FCC Form 477 Data, we believe you meet the Commission’s definition of a non-facilities-based provider. Accordingly, we believe you were obligated to implement the STIR/SHAKEN caller ID authentication framework by June 30, 2022 and revise your filing in the Robocall Mitigation Database by July 15, 2022, indicating that you are no longer subject to an extension of the STIR/SHAKEN implementation requirement. Per our review of that Database, you have not done so.” The FCC further states that full STIR/SHAKEN compliance must be deployed by August 31, and the robocall mitigation database updated to show same or the matter will be turned over the Enforcement Bureau.
Consequently, it is critical that all non-facilities-based VSPs that have received these emails or are otherwise not in compliance with the STIR/SHAKEN rules commence action to ensure compliance immediately.