Robocall Enforcement Continues Shift UpstreamFCC Pushes Responsibility for Mitigation Toward Providers
Over the past few months, the Federal Communications Commission (FCC) has taken a number of new steps to pursue what Chairman Brendan Carr first described in October 2025 as a “different approach” to illegal robocalls: targeting the problem “at every point of the call path” by placing more responsibility on voice service providers to police their networks and the traffic they accept from others. After historically focusing on the individual parties that make illegal robocalls, recent FCC rulemakings and enforcement actions are increasingly aimed at the providers that originate, transmit, authenticate, provide numbers for, or otherwise enable that traffic. This new focus is reflected in the FCC’s increased reliance on the Robocall Mitigation Database (RMD), its efforts to strengthen STIR/SHAKEN caller ID authentication, its proposed enhanced Know-Your-Customer (KYC) and Know-Your-Upstream-Provider (KYUP) obligations, and its proposed reforms to telephone numbering policies.
The FCC’s recent activity reflects the evolution of the RMD away from a simple filing repository and toward one of the FCC’s most important robocall mitigation tools, because providers cannot lawfully carry traffic from entities that do not have a valid RMD certification. Similarly, STIR/SHAKEN is no longer viewed only as a technical caller ID authentication framework, but as part of a broader accountability regime that requires providers to know the customers and upstream providers whose calls they authenticate or transmit.
The FCC’s latest proposals would significantly deepen that accountability framework and could require providers to implement more formal diligence, verification, monitoring, and documentation practices throughout the call path. We discuss these proposals below.
Expanding Carrier Responsibility Through KYC and KYUP
The Commission’s enhanced KYC Further Notice of Proposed Rulemaking, adopted April 30, 2026, is aimed at originating voice service providers, which the FCC views as best positioned to stop illegal calls before they enter the network. The proposal would build on the existing requirement that originating providers take “affirmative, effective” measures to prevent new and renewing customers from using their networks to originate illegal calls. The FCC is now considering whether to specify the information originating providers must collect from customers, how they must verify that information, how long they must retain records of the information and verification, and when they must re-verify customer information based on red flags or traffic-pattern changes.
The KYC proposal also would make the provider’s customer-vetting function more directly enforceable. The Commission asks whether originating providers should be required to include a specific KYC compliance certification in their RMD filings and whether independent verification of KYC compliance should be required. The FCC also proposes to assess fines for KYC violations on a per-call basis, with a proposed minimum fine of $2,500. If adopted, these rules would make deficient onboarding and customer monitoring a potentially significant enforcement risk for originating providers that allow bad actors to use their networks.
The FCC’s KYUP proposal applies the same basic concept one step deeper in the call path. In its KYUP Further Notice of Proposed Rulemaking, also adopted in May 2026, the FCC proposed requiring voice service providers to take more specific steps to “know” the upstream providers from which they receive traffic. These steps would include confirming that the upstream provider has an RMD filing, reviewing the filing and robocall mitigation plan for completeness, confirming the provider has obtained a Service Provider Code token where it claims full or partial STIR/SHAKEN implementation, and checking whether the upstream provider appears on certain national security or enforcement-related lists. The FCC also proposes to tie KYC and KYUP practices to STIR/SHAKEN attestation decisions, which would make the accuracy of an A- or B-level attestation depend in part on whether the provider actually knows the customer or upstream provider associated with the call.
The combined effect of the KYC and KYUP proposals would be to “deputize” providers to identify and exclude bad actors before unlawful traffic reaches consumers. The FCC has stated that RMD rules, traceback obligations, KYC and KYUP requirements, and call-blocking rules are intended to work together as a broader framework for combating illegal calls at every point in the call path. In practical terms, this means the FCC is moving toward a model in which providers are expected to identify suspicious customers, verify upstream providers, monitor traffic, respond quickly to tracebacks, and refuse or discontinue service when the evidence indicates that a customer or upstream provider is a bad actor.
Numbering Policies as Robocall Mitigation
The FCC is also looking at telephone numbering policy as another way to prevent bad actors from accessing the tools they need to place illegal robocalls. As we reported in April, the FCC adopted a Notice of Proposed Rulemaking proposing changes to its telephone numbering policies aimed at making it harder for bad actors to obtain and exploit numbering resources. The Commission’s numbering proposal would extend robocall-related certification obligations to all voice service providers that receive numbering resources directly from the North American Numbering Plan Administrator and to resellers of telephone numbers. Covered providers and resellers would have to certify that they will not knowingly facilitate illegal robocalls, illegal spoofing, or fraud, and that they have complied with applicable STIR/SHAKEN, robocall mitigation, and foreign ownership reporting requirements.
The numbering proposal also targets the wholesale and resale market for telephone numbers. The FCC is considering changes to Numbering Resource Utilization / Forecast reporting that would require wholesale providers to identify resellers and provide more granular information about number utilization. It also seeks to prohibit the resale of numbers beyond a single provider level because multilevel resale can obscure the entities responsible for illegal robocall campaigns. The Commission is also attempting to address “number cycling,” where callers churn through large quantities of numbers to evade analytics, labeling, and blocking.
The numbering proceeding fits within Chairman Carr’s broader shift in strategy because it treats provider and customer access to numbers as a robocall mitigation tool, like the KYC and KYUP proposals. In proposing these numbering changes, Chairman Carr emphasized that the Enforcement Bureau has found that the majority of its robocall investigations have involved resold numbers and that preventing bad actors from obtaining numbers makes it harder for them to generate illegal robocalls.
Recent Enforcement Bureau Actions Reinforce This Strategic Theme
Recent Enforcement Bureau actions show that the FCC is already applying this carrier-accountability framework in practice. In the SK Teleco matter, the Bureau ordered downstream providers to block and cease accepting SK Teleco’s traffic and removed the company from the RMD after finding that it failed to comply with the FCC’s robocall rules. The Bureau emphasized that the FCC’s rules impose “critical obligations” on originating and gateway providers to police their networks and to impose consequences when they fail to do so.
Other recent actions reflect the same approach. The FCC proposed a $4.5 million forfeiture against Voxbeam Telecommunications for allegedly accepting suspicious foreign call traffic from Axfone, a provider not listed in the RMD, which the FCC says resulted in financial institution impersonation robocalls reaching US consumers. The Bureau also sent an Order to Show Cause to Mexico IP Phone, asking the company why it should not be removed from the RMD after the provider allegedly sought direct numbering access using a fraudulent document purporting to be from the FCC, and separately issued suspected illegal traffic and RMD deficiency notices to Aspireistic and CallsTo, LLC for allegedly originating illegal robocalls to Public Safety Answering Points (i.e., the entities that answer calls to 911).
What to Expect
The FCC’s recent actions signal that carriers and other voice service providers should expect continued scrutiny of their robocall mitigation practices. Providers should continue to periodically review whether their RMD filings are accurate and complete, whether their robocall mitigation plans reflect actual operational practices, and whether they can respond to traceback requests within the time frames required by FCC rules. Originating providers should also evaluate whether their customer onboarding and monitoring processes would satisfy the more-specific KYC requirements the FCC is considering. Providers that accept traffic from other providers should similarly assess whether they have procedures to verify upstream providers’ RMD status, review robocall mitigation plans, monitor traffic, and discontinue service when appropriate.
Stakeholders should continue to monitor the open rulemakings. Comments on the KYC proposal are due June 25, 2026 and reply comments are due July 27, 2026. The KYUP and STIR/SHAKEN proposal will have comment and reply-comment deadlines of 30 and 60 days, respectively, after Federal Register publication. Reply comments on the numbering NPRM are due July 7, 2026.
But in general, the FCC’s message is clear: The agency expects that, going forward, providers will be active participants in preventing illegal robocalls, not simply conduits for traffic. The Commission’s recent proposals and enforcement actions suggest it will continue to use the RMD, STIR/SHAKEN, KYC, KYUP, traceback obligations, call-blocking requirements, and numbering policies to place greater responsibility on the carrier ecosystem. For providers, that means robocall mitigation compliance is becoming less about maintaining a filing or simply performing certain technical functions and more about demonstrating that they have taken an active role in vetting their customers and provider partners, understand their traffic, and are willing and able to take prompt action when illegal calls are identified.
Telephone and Texting Compliance News — June 2026
July 1, 2026| Article

