FCC Tightens Direct Number Access Rules for VoIP Providers and Seeks Comment on Stronger Guardrails

At its December Open Meeting, the FCC adopted a Third Report and Order and a Third Further Notice of Proposed Rulemaking, which aim to close a gap in its numbering authorization framework to better combat illegal robocalls, fraud, and national security risks. Specifically, the new rules require interconnected VoIP providers that were granted direct-access numbering authorizations before August 8, 2024 (“Pre-existing Authorization Holders”) to comply with new requirements imposed on requests filed after that date. These new requirements include filing robocall-related certifications, ownership and foreign control disclosures, and attestations of compliance with other FCC rules such as 911 obligations and the Communications Assistance with Law Enforcement Act (CALEA), so that all VoIP providers directly assigned telephone numbers will have made the same disclosures, certifications, and attestations. By creating a uniform compliance standard, the FCC is trying to strengthen oversight, enhance transparency, and ensure consistent enforcement against bad-actor VoIP providers who seek to exploit numbering resources. Providers must submit these updates within 30 days of the rules’ effective date or risk suspension or revocation of their authorization. The rules will become effective after OMB review, after which the FCC will announce the effective date.

What’s the New Requirement for Pre-existing Authorization Holders Under the Third Report and Order?

Uniform certifications. The new rules require Pre-existing Authorization Holders to file the same certifications, attestations, and disclosures as new applicants, which were adopted in the Second Report and Order. Specifically, such Pre-existing Authorization Holders will need to file updated certifications attesting that they:

• will not use numbers obtained under their authorization to knowingly transmit, assist, or facilitate illegal robocalls, spoofing, or fraud;
• are fully compliant with STIR / SHAKEN and have filed in the Robocall Mitigation Database compliance; and
• have disclosed whether the company or any key personnel are, or have been, subject to investigations for related non-compliance (with an opportunity to explain).

These certifications require an officer or responsible official of the Pre-existing Authorization Holder to attest, under penalty of perjury, that all statements in the application are true and accurate.

Ownership and control disclosures. Pre-existing Authorization Holders must also report direct and indirect foreign ownership and provide updates on material changes. The disclosure must include a calculation of the international equity and voting interests, as well as a diagram illustrating the vertical ownership structure. The Wireline Competition Bureau may suspend pending / future number requests from foreign-controlled entities while it investigates or refers matters for Executive Branch national security review.

Other compliance attestations. Pre-existing Authorization Holders’ updated filings must also include evidence of compliance with several other rules, including 911 / NG911 obligations, CALEA, Access Stimulation rules, and the requirements to file FCC Forms 499 and 477.

Thirty-day deadline. Pre-existing Authorization Holders will be required to file the updated certifications and ownership disclosures within 30 days of the effective date of the rule. The FCC has clarified that the Wireline Competition Bureau will provide further guidance on the requirements and deadline for the new filing in a subsequent Public Notice, which will likely occur after OMB review.

What Does the Third Further Notice Ask?

The Third Further Notice seeks public input on additional measures to strengthen the FCC’s numbering policies and protect consumers from illegal robocalls and national security risks. It builds on the Third Report and Order by exploring future safeguards for VoIP numbering authorizations. In particular, the FCC seeks comment on:

• The feasibility and impact of reclaiming numbers obtained by VoIP providers whose authorizations were revoked, terminated, or abandoned, and on processes to minimize disruption to end users, such as porting numbers to alternative providers or designating numbering partners.
• Whether VoIP numbering authorizations should be restricted or reevaluated for entities identified on the FCC’s Covered List or those using “covered” equipment, and whether such restrictions should extend to affiliates or entities interconnecting with these providers.
• Requiring both new applicants and existing authorization holders to certify they do not use covered equipment or services, and whether providers should be prohibited from serving entities with such equipment to prevent indirect access to numbering resources.

The FCC also broadly seeks feedback on the costs, benefits, and potential unintended consequences, as well as alternative approaches it may take with regard to its numbering policies to ensure robust consumer protection, network security, and enforcement, without harming the current communications marketplace, legitimate VoIP providers, or consumers.

Comments and reply comments on the Third Further Notice will be due 30 and 60 days, respectively, after publication in the Federal Register, which has not happened, as noted above.

FCC Moving to a More Proactive Robocall Mitigation Posture

The FCC’s approach to robocall mitigation is evolving into a more proactive one. The Third Report and Order and Third Further Notice should therefore be viewed in conjunction with the FCC’s other recent robocalling actions, such as its Further Notice of Proposed Rulemaking on Branded Calling, and enforcement actions (as reported on here and here) removing a number of providers from the Robocall Mitigation Database. These actions signal that the FCC is moving from a reactive posture — i.e., addressing robocalls after they occur — to a proactive framework that attempts to close systemic gaps in how numbering resources are allocated and managed. By requiring all VoIP providers, not just new applicants, to meet uniform compliance standards, the FCC is trying to create a stronger gatekeeping mechanism. The FCC hopes to ensure that bad actors cannot exploit legacy authorizations to flood networks with illegal calls or introduce national security vulnerabilities.

As Chairman Carr noted, his administration’s goal is to stop robocalls “before they start — because if bad actors can’t get phone numbers, it’s a lot harder to generate illegal robocalls.”

This action also reflects a more holistic approach to FCC oversight — combining consumer protection, robocalling and scam prevention, and national security safeguards through modernization of its numbering policy to address recognized changes in the communications ecosystem. As Commissioner Trusty explained, the FCC’s action was an effort to reinforce and rebuild consumer trust in a foundational element of communications, noting that “traditional telephone numbers still remain a fundamental part of how we stay connected — provided we have the right policies in place.”

Subscribe To Viewpoints