New Robocall Mitigation Rules Take Effect January 8, 2024 and FCC Releases Quarterly Traceback Reports; Compliance is Critical
As delineated in our previous client alert, the Federal Communications Commission (“FCC” or “Commission”) has promulgated new robocall mitigation requirements on U.S. voice service providers (“VSPs”). Most of the new rules will be effective as of January 8, 2024. Note that one of the rules – the FCC’s mandate for filing updated robocall mitigation plans – is not included in the January 8 deadline. We will publish a client alert when that deadline is announced.
Compliance with the Commission’s robocall mitigation rules is extremely important. The FCC actively investigates potential violations and does not hesitate to impose very substantial fines and other sanctions on entities that flout the law.
Rules Effective on January 8
- VSPs must respond to traceback requests within 24 hours;
- VSPs are required to block calls following FCC notification, and under certain circumstances, inform the FCC of the carrier that is responsible for originating any illegal traffic; and
- VSPs must implement “Know Your Upstream Provider” procedures.
24-Hour Traceback Requirement
The Commission requires all VSPs, regardless of their position in the call path, to fully respond to traceback requests from the Commission, civil and criminal law enforcement, and the industry traceback group (“ITG”) within 24 hours of receipt of such a request. The ITG may share with the FCC, enforcement entities, and the industry about which VSPs have met the 24-hour requirement and which have not. Further, the FCC publicly releases quarterly reports listing all the VSPs subject to traceback requests and the campaign names and labels that triggered the requests.
Mandatory Blocking Following FCC Notification
All originating VSPs must block traffic when notified by the FCC. While terminating and non-gateway intermediate providers are not generally required to block, they are required to respond and provide accurate information regarding the source from which they received the traffic. Also, the Commission requires VSPs immediately downstream from a bad-actor VSP that has failed to meet these obligations to block all traffic from the identified provider when notified by the FCC and/or inform the Commission as to the source of the traffic.
Obligations of a Terminating and Intermediate Providers
Any terminating or intermediate provider that is notified by the FCC of potentially illegal calls utilizing their networks must promptly inform the Commission that it is not the originating or gateway provider for the identified traffic, specify which upstream VSP with direct access to the U.S. public switched telephone network it received the traffic from, and, if possible, take lawful steps to mitigate this traffic. The FCC has implemented a safe harbor for call-blocking: once the upstream provider has been notified of the identified illegal traffic, the downstream provider may block all traffic from that upstream provider if the upstream provider fails to effectively mitigate the illegal traffic within 48 hours or fails to implement effective measures to prevent customers from using its network to originate illegal calls.
Downstream Provider Blocking
The Commission also requires blocking by VSPs immediately downstream from any voice service provider when notified by the FCC that the VSP has failed to satisfy its obligations under these rules. The deadline is 30 days from the release date of an order from the FCC’s Enforcement Bureau.
Know Your Upstream Provider
The Commission requires every VSP to take “reasonable and effective steps” to ensure that their immediate upstream provider is not using it to carry or process a high volume of illegal traffic. Hence, all VSPs in the call path are responsible for the traffic that transits their network. The FCC does not require VSPs to take specific, defined steps to meet this requirement; rather, it allows each VSP the flexibility to determine the best approach for its network, so long as the steps are effective.
In general, the FCC expects VSPs to exercise due diligence before accepting traffic from an upstream provider, and they may want to collect information such as obtaining the upstream VSP’s physical business location, contact person(s), state or country of incorporation, federal tax ID (if applicable), and the nature of that VSP’s business. The FCC does not specifically require the collection of this information, but it is helpful to demonstrate a good faith effort. The FCC also suggests that VSPs take additional steps, such as adopting contract terms that allow for termination and acting on those terms in the event that the upstream provider attempts to use the network to carry or process a high volume of illegal traffic.
NEED HELP WITH ROBOCALL MITIGATION, COMPLIANCE AND LITIGATION SUPPORT/DEFENSE AGAINST BUSINESS & LEGAL CHALLENGES?
The CommLaw Group Can Help!
Given the complexity and evolving nature of the FCC’s rules, regulations and industry policies & procedures around Robocall Mitigation and Compliance issues (e.g., STIR/SHAKEN, TRACED Act, FCC & FTC Rules & Regulations, US Telecom Industry group, ATIS, NECA, VoIP Numbering Waivers, Know Your Upstream Provider and the private sector ecosystem), as well as the increased risk of business disputes, consumer protection enforcement by state attorneys general, and even civil litigation, and anticipating the potential torrent of client questions and concerns, The CommLaw Group formed a “Robocall Mitigation Response Team” to help clients (old and new) tackle their unique responsibilities.
CONTACT US NOW, WE ARE STANDING BY TO GUIDE YOUR COMPANY’S COMPLIANCE EFFORTS
Michael Donahue — Tel: 703-714-1319 / E-mail: mpd@CommLawGroup.com
Rob Jackson – Tel: 703-714-1316 / E-mail: rhj@CommLawGroup.com
Ronald E. Quirk – Tel: 703-714-1305 / E-mail: req@CommLawGroup.com
Diana Bikbaeva – Tel: 703-663-6757 / E-mail: dab@CommLawGroup.com