[Federal Register Volume 87, Number 136 (Monday, July 18, 2022)]
[Proposed Rules]
[Pages 42670-42690]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-13878]


=======================================================================
-----------------------------------------------------------------------

FEDERAL COMMUNICATIONS COMMISSION

47 CFR Parts 0, 1, and 64

[CG Docket No. 17-59, WC Docket No. 17-97; FCC 22-37; FR ID 92926]


Advanced Methods To Target and Eliminate Unlawful Robocalls, Call 
Authentication Trust Anchor

AGENCY: Federal Communications Commission.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: In this document, the Federal Communications Commission 
(Commission or FCC) proposes and seeks comment on a number of actions 
aimed protecting consumers from illegal calls. The document proposes 
and seeks comment on a number of steps to protect American consumers 
from all illegal calls, whether they originate domestically or abroad. 
Specifically, this document proposes to require domestic intermediate 
providers that are not gateway providers in the call path to apply 
STIR/SHAKEN caller ID authentication to calls. It also seeks comment on 
a number of robocall mitigation requirements, enhancements to 
enforcement, clarifications on certain aspects of STIR/SHAKEN, and 
limitations on the use of U.S. North American Numbering Plan (NANP) 
numbers for foreign-originated calls and indirect number access.

DATES: Comments are due on or before August 17, 2022, and reply 
comments are due on or before September 16, 2022. Written comments on 
the Paperwork Reduction Act proposed information collection 
requirements must be submitted by the public, Office of Management and 
Budget (OMB), and other interested parties on or before September 16, 
2022.

ADDRESSES: Pursuant to Sec. Sec.  1.415 and 1.419 of the Commission's 
rules, 47 CFR 1.415, 1.419, interested parties may file comments and 
reply comments on or before the dates indicated in this document. 
Comments and reply comments may be filed using the Commission's 
Electronic Comment Filing System (ECFS). See Electronic Filing of 
Documents in Rulemaking Proceedings, 63 FR 24121 (1998). Interested 
parties may file comments or reply comments, identified by CG Docket 
No. 17-59 and WC Docket No. 17-97 by any of the following methods:
     Electronic Filers: Comments may be filed electronically 
using the internet by accessing ECFS: https://www.fcc.gov/ecfs/.
     Paper Filers: Parties who choose to file by paper must 
file an original and one copy of each filing.
     Filings can be sent by commercial overnight courier, or by 
first-class or overnight U.S. Postal Service mail. All filings must be 
addressed to the Commission's Secretary, Office of the Secretary, 
Federal Communications Commission.
     Commercial overnight mail (other than U.S. Postal Service 
Express Mail and Priority Mail) must be sent to 9050 Junction Drive, 
Annapolis Junction, MD 20701.
     U.S. Postal Service first-class, Express, and Priority 
mail must be addressed to 45 L Street NE, Washington, DC 20554.
     Effective March 19, 2020, and until further notice, the 
Commission no longer accepts any hand or messenger delivered filings. 
This is a temporary measure taken to help protect the health and safety 
of individuals, and to mitigate the transmission of COVID-19. See FCC 
Announces Closure of FCC Headquarters Open Window and Change in Hand-
Delivery Policy, Public Notice, 35 FCC Rcd 2788 (March 19, 2020), 
https://www.fcc.gov/document/fcc-closes-headquarters-open-window-and-changes-hand-delivery-policy.
     People with Disabilities: Contact the FCC to request 
reasonable accommodations (accessible format documents, sign language 
interpreters, CART, etc.) by email: [email protected] or phone: 202-418-
0530 or TTY: 202-418-0432.

[[Page 42671]]

    For detailed instructions for submitting comments and additional 
information on the rulemaking process, see the SUPPLEMENTARY 
INFORMATION section of this document.

FOR FURTHER INFORMATION CONTACT: For further information, please 
contact either Jonathan Lechter, Attorney Advisor, Competition Policy 
Division, Wireline Competition Bureau, at [email protected] or 
at (202) 418-0984, or Jerusha Burnett, Attorney Advisor, Consumer 
Policy Division, Consumer and Governmental Affairs Bureau, at 
[email protected] or at (202) 418-0526. For additional 
information concerning the Paperwork Reduction Act proposed information 
collection requirements contained in this document, send an email to 
[email protected] or contact Cathy Williams at (202) 418-2918.

SUPPLEMENTARY INFORMATION: You may submit comments, identified by the 
Commission's Seventh Further Notice of Proposed Rulemaking in CG Docket 
No. 17-59 and Fifth Further Notice of Proposed Rulemaking in WC Docket 
No. 17-97, FCC 22-37, adopted on May 19, 2022, and released on May 20, 
2022. The full text of this document is available for public inspection 
at the following internet address: https://docs.fcc.gov/public/attachments/FCC-22-37A1.pdf. To request materials in accessible formats 
for people with disabilities (e.g., Braille, large print, electronic 
files, audio format, etc.), send an email to [email protected] or call the 
Consumer & Governmental Affairs Bureau at (202) 418-0530 (voice), or 
(202) 418-0432 (TTY).
    In addition to filing comments with the Secretary, a copy of any 
comments on the Paperwork Reduction Act proposed information collection 
requirements contained herein should be submitted to the Federal 
Communications Commission via email to [email protected] and to Cathy 
Williams, FCC, via email to [email protected].

Initial Paperwork Reduction Act of 1995 Analysis

    This document contains proposed information collection 
requirements. The Commission, as part of its continuing effort to 
reduce paperwork burdens, invites the general public to comment on the 
information collection requirements contained in this document, as 
required by the Paperwork Reduction Act of 1995, Public Law 104-13. 
Public and agency comments are due September 16, 2022.
    Comments should address: (a) whether the proposed collection of 
information is necessary for the proper performance of the functions of 
the Commission, including whether the information shall have practical 
utility; (b) the accuracy of the Commission's burden estimates; (c) 
ways to enhance the quality, utility, and clarity of the information 
collected; (d) ways to minimize the burden of the collection of 
information on the respondents, including the use of automated 
collection techniques or other forms of information technology; and (e) 
way to further reduce the information collection burden on small 
business concerns with fewer than 25 employees. In addition, pursuant 
to the Small Business Paperwork Relief Act of 2002, Public Law 107-198, 
see 44 U.S.C. 3506(c)(4), the Commission seeks specific comment on how 
it might further reduce the information collection burden for small 
business concerns with fewer than 25 employees.

Synopsis

Seventh Further Notice of Proposed Rulemaking and Fifth Further Notice 
of Proposed Rulemaking

    1. In the final rule regarding gateway providers (Gateway Provider 
Order) (FCC 22-37), published elsewhere in this issue of the Federal 
Register, the Commission takes steps to protect American consumers from 
foreign-originated illegal calls by adopting a number of rules that 
focus on gateway providers as the entry point onto the U.S. network. In 
this further notice of proposed rulemaking (FNPRM), the Commission 
further proposes and seeks comment on expanding some of these rules to 
cover other providers in the call path, along with additional steps to 
protect American consumers from all illegal calls, whether they 
originate domestically or abroad.
    2. First, the Commission proposes to extend its caller ID 
authentication requirement to cover domestic intermediate providers 
that are not gateway providers in the call path. Second, the Commission 
seeks comment on extending some, but not all, of the robocall 
mitigation duties the Commission adopts in the Gateway Provider Order 
to all domestic providers in the call path. These mitigation duties 
include: expanding and modifying its existing affirmative obligations; 
requiring downstream providers to block calls from non-gateway 
providers when those providers fail to comply; the general mitigation 
standard; and filing a mitigation plan in the Robocall Mitigation 
Database regardless of STIR/SHAKEN implementation status. The 
Commission also seeks comment on additional measures to address illegal 
robocalls, including: ways to enhance the enforcement of its rules; 
clarifying certain aspects of its STIR/SHAKEN regime; and placing 
limitations on the use of U.S. NANP numbers for foreign-originated 
calls and indirect number access.
    3. Because the TRACED Act defines ``voice service'' in a manner 
that excludes intermediate providers, our authentication and Robocall 
Mitigation Database rules use ``voice service provider'' in this 
manner. Our call blocking rules, many of which the Commission adopted 
prior to adoption of the TRACED Act, use a definition of ``voice 
service provider'' that includes intermediate providers. In that 
context, use of the TRACED Act definition of ``voice service'' would 
create inconsistency with our existing rules. To avoid confusion, for 
purposes of this item, we use the term ``voice service provider'' 
consistent with the TRACED Act definition and where discussing caller 
ID authentication or the Robocall Mitigation Database. In all other 
instances, we use ``provider'' and specify the type of provider as 
appropriate. Unless otherwise specified, we mean any provider, 
regardless of its position in the call path.
    4. The Commission anticipates that the impact of its proposals will 
account for another large share of the annual $13.5 billion minimum 
benefit the Commission originally estimated in the First Caller ID 
Authentication Report and Order, 85 FR 22029 (April 21, 2020), and 
FNPRM, 85 FR 22099 (April 21, 2022), for eliminating unlawful 
robocalls, in addition to the collective impact of the rules the 
Commission adopts in the Gateway Provider Order and the rules adopted 
earlier in these proceedings. While each of the proposed requirements 
on their own may not fully accomplish that goal, viewed collectively, 
the Commission expects that they will achieve a large share of the 
annual $13.5 billion minimum benefit. The Commission also expects that 
this share of benefits will far exceed the costs imposed on providers. 
The Commission seeks comment on this analysis and on the possible 
benefits of the requirements the Commission proposes.

Extending Authentication Requirement to All Intermediate Providers

    5. To further combat illegal robocalls consistent with the rules 
the Commission adopts in the Gateway Provider Order, the Commission 
proposes to require that all U.S. intermediate providers authenticate 
caller ID information consistent with

[[Page 42672]]

STIR/SHAKEN for Session Initiation Protocol (SIP) calls that are 
carrying a U.S. number in the caller ID field and to require all 
providers to comply with the most recent version of the standards as 
they are released. The Commission seeks comment on these proposals.
    6. As the Commission has previously explained, application of 
caller ID authentication by intermediate providers ``will provide 
significant benefits in facilitating analytics, blocking, and traceback 
by offering all parties in the call ecosystem more information.'' At 
the time the Commission reached this conclusion, given the concerns 
that an authentication requirement on all intermediate providers ``was 
unduly burdensome in some cases,'' the Commission established that 
instead of authenticating unauthenticated calls, intermediate providers 
could ``register and participate with the industry traceback consortium 
as an alternative means of complying with [its] rules.''
    7. Since the Commission established those requirements in the 
Second Caller ID Authentication Report and Order, 85 FR 73360 (Nov. 17, 
2020), in the Fourth Call Blocking Order, 86 FR 17726 (April 6, 2021), 
the Commission subsequently required all providers in the call path--
including gateway providers and other intermediate providers--to 
respond fully and in a timely manner to traceback requests. This rule 
has effectively mooted the choice given to intermediate providers in 
the earlier Second Caller ID Authentication Report and Order to 
authenticate calls or cooperate with traceback requests. Evidence shows 
that robocalls are a significant and increasing problem. To further 
strengthen the STIR/SHAKEN regime and protect consumers and the 
integrity of the U.S. telephone network, the Commission proposes that 
all intermediate providers should be required to authenticate 
unauthenticated SIP calls that they receive. The Commission seeks 
comment on this proposal.
    8. Intermediate providers could play a crucial role in further 
promoting effective, network-wide caller ID authentication. Requiring 
all intermediate providers to authenticate caller ID information for 
all unauthenticated SIP calls will provide information to downstream 
providers that will facilitate analytics and promote traceback efforts. 
SHAKEN verification, even ``C-level'' attestation, provides relevant 
and helpful information to downstream providers, particularly as the 
STIR/SHAKEN regime becomes even more ubiquitous. Adopting this proposal 
would bring all U.S. providers within the STIR/SHAKEN regime and 
prevent gaming by providers, allowing ``for more robust abilities to 
either trust the caller or perform traceback because an illegal caller 
can be more easily identified.'' Indeed, STIR/SHAKEN becomes more 
useful the more providers there are that employ it.
    9. The Commission believes this proposal is in line with commenter 
assertions that expanding call authentication requirements will have a 
``significant impact in curtailing illegal robocalls'' and that 
imposing these obligations ``on more providers will promote fewer 
spoofed calls overall.'' The Commission anticipates that its expansion 
of the STIR/SHAKEN regime may spur other countries and regulators to 
develop and adopt STIR/SHAKEN, further increasing the standards' 
benefit. The Commission seeks comment on this analysis and on the 
possible benefits of the requirement the Commission proposes. Are there 
reasons the Commission should not require all intermediate providers to 
implement STIR/SHAKEN for SIP calls? Should the Commission specifically 
target providers that are most responsible for illegal robocalls? Are 
there any downsides to only targeting specific providers?
    10. The Commission also seeks comment on the proposal's 
implementation costs and burdens. Acknowledging that many intermediate 
providers are also gateway providers to some degree and are now 
required to implement STIR/SHAKEN per the Gateway Provider Order, do 
the benefits of an intermediate provider authentication requirement 
outweigh the costs and burdens? Certain commenters assert that gateway 
providers are in a unique position to ``arrest the flow of harmful scam 
calls and illegal robocalls.'' Would it be a greater burden to impose 
this obligation on non-gateway intermediate providers? Indeed, a 
majority of commenters oppose expanding authentication requirements, 
even to gateway providers, saying that the implementation costs would 
be significant without additional benefits. While the Commission 
previously acknowledged these claims and ``thus offer[ed] an 
alternative method of compliance,'' it further noted that ``[p]roviding 
this option . . . further allows for continued evaluation of the role 
intermediate providers play in authenticating the caller ID information 
of the unauthenticated calls that they receive amid the continued 
deployment of the STIR/SHAKEN framework.'' Has the intervening 
experience with the entirety of the Commission's caller ID 
authentication requirements and illegal robocalls shed further light on 
the role of intermediate providers in preventing these calls from 
reaching consumers?
    11. The Commission does not anticipate that its proposal to expand 
this requirement to the remaining intermediate providers will be 
unusually costly or unduly burdensome compared to gateway providers and 
voice service providers that are already required to authenticate 
unauthenticated SIP calls as commenters have not provided detailed 
support for assertions that such a requirement will cost significant 
time and resources to implement. Further, many of the remaining 
intermediate providers are also gateway providers that will have 
already implemented STIR/SHAKEN in at least some portion of their 
networks, likely lowering their compliance costs to meet the 
requirement the Commission proposes. Does this fact undercut the 
argument that expanding the authentication requirement would impose an 
undue burden on those providers? In the accompanying Gateway Provider 
Order, the Commission finds that the benefits of a gateway 
authentication requirement outweigh the burdens. Should the 
Commission's rationale differ regarding the remaining intermediate 
providers? The Commission reiterates that as more and more providers 
implement STIR/SHAKEN, the Commission anticipates that technology and 
solutions will be more widely available and less costly to implement. 
The Commission seeks comment on this analysis. Is there any reason to 
believe that authentication is more costly for the remaining 
intermediate providers as compared to other providers or that the 
benefit of lower-level attestations would be limited?
    12. Requirement. The Commission proposes that to comply with the 
requirement to authenticate calls, all intermediate providers must 
authenticate caller ID information for all SIP calls they receive with 
U.S. numbers in the caller ID field for which the caller ID information 
has not been authenticated and which they will exchange with another 
provider as a SIP call. This would replace the existing rule under 
which intermediate providers have the option to authenticate rather 
than cooperate with traceback efforts and supplement the rule for 
gateway providers the Commission adopts in the accompanying Gateway 
Provider Order. The Commission seeks comment on this approach, as well 
as on whether and how to modify this proposal.

[[Page 42673]]

    13. Consistent with the Commission's existing intermediate provider 
authentication obligation where such a provider chose the 
authentication route, and the rule adopted for gateway providers in the 
accompanying Gateway Provider Order, the Commission proposes that an 
intermediate provider satisfies its authentication requirement if it 
adheres to the three Alliance for Telecommunications Industry Solutions 
(ATIS) standards that are the foundation of STIR/SHAKEN--ATIS-1000074, 
ATIS-1000080, and ATIS-1000084--and all documents referenced therein. 
The Commission also proposes that compliance with the most current 
versions of these standards as of the compliance deadline set in the 
Gateway Provider Order released concurrently with this FNPRM, including 
any errata as of that date or earlier, represents the minimum 
requirement to satisfy its rules.
    14. Compliance Deadline. The Commission seeks comment on when the 
Commission should require all intermediate providers' authentication 
obligation to become effective, balancing the public interest of prompt 
implementation by these providers with the need for these providers to 
have sufficient time to implement the proposed obligations. The 
Commission notes that voice service providers were previously able to 
meet the 18-month deadline to authenticate all unauthenticated SIP 
calls carrying U.S. NANP numbers, but the Commission found a shorter 
deadline to be reasonable for gateway providers in the accompanying 
Gateway Provider Order. The Commission's rules adopted pursuant to the 
TRACED Act grant certain providers exemptions and extensions from this 
deadline. Should the Commission require all intermediate providers to 
authenticate all unauthenticated SIP calls carrying U.S. NANP numbers 
within six months after the Commission adopts an order released 
pursuant to this FNPRM? Given that there is only a small group of 
remaining providers that have not already been required to implement 
STIR/SHAKEN, can implementation be accomplished in six months? Is a 
shorter deadline reasonable because the industry has much more 
experience with implementation than when the Commission originally 
required voice service providers to implement STIR/SHAKEN, and there is 
evidence that STIR/SHAKEN implementation costs have dropped since the 
Commission first adopted the requirement for voice service providers? 
Would imposing a shorter deadline on all intermediate providers 
unnecessarily impose greater costs and burdens that would not be fully 
offset by associated benefits? Are there any reasons to impose a longer 
deadline?
    15. The Commission also anticipates that the current token access 
policy will not present a material barrier to intermediate providers 
meeting their authentication obligation and that the Secure Telephone 
Identity Governance Authority (STI-GA) can address any concerns before 
these providers are required to authenticate calls. Do commenters 
agree? Additionally, to ensure that these providers are not unfairly 
penalized and are eligible for the same relief, in line with the 
Commission's current rules for voice service providers, and now gateway 
providers, the Commission proposes to provide a STIR/SHAKEN extension 
to intermediate providers that are unable to obtain a token due to the 
STI-GA token access policy. Does this extension alleviate 
implementation concerns?
    16. The Commission also proposes, consistent with its requirement 
for voice service providers and gateway providers, that all 
intermediate providers have the flexibility to assign the level of 
attestation appropriate to the call based on the applicable version of 
the standards and the available call information. As discussed in the 
accompanying Gateway Provider Order, there are significant benefits to 
be gained from higher attestation levels. The Commission seeks comment 
on this proposal. Should the Commission modify this proposal? If so, 
how should the Commission change it and what would be the impacts on 
costs and benefits?
    17. Authentication Obligations for All Providers. The Commission 
also seeks comment on requiring all providers to comply with the 
current version of the STIR/SHAKEN standards (ATIS-1000074, ATIS-
1000080, and ATIS-1000084) and any other internet Protocol (IP) 
authentication standards adopted as of the compliance deadline. The 
Commission concludes that mandating a single version of the standards 
across providers will promote uniformity and ensure that providers are 
using the most up-to-date caller ID authentication tools. The 
Commission seeks comment on this conclusion. Is there any reason the 
Commission should not require providers to comply with updated versions 
of the standards? The Commission also seeks comment on a streamlined 
mechanism for the Wireline Competition Bureau or other appropriate 
Bureau to require providers to comply with future versions of the STIR/
SHAKEN standard as they are developed and made available. Should the 
Commission delegate to the Wireline Competition Bureau authority to 
require all providers to implement a newly available updated standard 
through notice and opportunity to comment? Should the Commission 
incorporate the most recent STIR/SHAKEN standards and any updates the 
Commission requires in its rules? What are the pros and cons of these 
approaches?
    18. The Commission seeks comment on whether it should require all 
providers to adopt a non-IP caller ID authentication solution. A number 
of commenters filed specific proposals in the record for authentication 
on non-IP networks for gateway providers as well as voice service 
providers, and some of these solutions work on both IP and non-IP 
networks. Should the Commission adopt any of these proposals as set 
forth in the comments or in some modified form? What are the respective 
benefits and burdens of these specific proposals? Should the Commission 
adopt any of the time division multiplex (TDM) call authentication 
solutions developed by ATIS? Are there any other alternative proposals 
that the Commission should consider for all domestic providers in the 
call path? Should the Commission require compliance with the most 
recent version of a non-IP standard available at the time an order is 
released pursuant to this FNPRM? Should the Commission delegate 
authority to the Wireline Competition Bureau or other Bureau to require 
compliance with newly available versions of the adopted standard 
through notice and comment and incorporate by reference that standard 
in its rules? Voice service providers and gateway providers currently 
have a choice whether to implement a non-IP caller ID authentication 
solution or, in the alternative, participate with a working group, 
standards group, or consortium to develop a solution. In the event the 
Commission moves forward with requiring a non-IP solution for all 
providers, the Commission seeks comment on eliminating this alternative 
obligation as moot because the selected standard would have been 
developed and its implementation required.

Extending Certain Mitigation Duties to All Domestic Providers

    19. The Commission seeks comment on broadening the classes of 
providers subject to certain mitigation obligations, including some of 
the obligations it adopts in the accompanying Gateway Provider Order 
for gateway providers. The Commission's existing rules, including the 
``reasonable steps''

[[Page 42674]]

robocall mitigation duty, the Robocall Mitigation Database 
certification and mitigation program adoption and submission 
requirements, and the affirmative obligations for providers, do not 
currently apply to all domestic providers, with the exception of the 
requirement to respond to traceback. Prior to the adoption of the 
Gateway Provider Order, the ``reasonable steps'' mitigation duty and 
the requirement to adopt and submit a mitigation plan and certification 
applied only to originating providers, and the mitigation duty and plan 
submission requirements only applied to the extent that those providers 
had not yet fully implemented STIR/SHAKEN. Similarly, the rules that 
require effective mitigation or blocking following Commission 
notification require any provider that receives such a notification to 
investigate and respond to the Commission, but only requires 
originating and gateway providers to take specific action to prevent 
illegal traffic.
    20. In the accompanying Gateway Provider Order, the Commission 
adopts several new or enhanced robocall mitigation obligations for 
gateway providers, as well as one for providers immediately downstream 
in the call path from the gateway provider. The Commission also extends 
the robocall mitigation program and certification requirements to 
gateway providers, regardless of whether they have implemented STIR/
SHAKEN. Once these rules become effective, some providers will remain 
outside the scope of these requirements. To close this loophole, the 
Commission seeks comment on requiring all domestic providers, 
regardless of whether they have implemented STIR/SHAKEN, to comply with 
certain robocall mitigation requirements.

Enhancing the Existing Affirmative Obligations for All Domestic 
Providers

    21. In the prior Fourth Call Blocking Order, the Commission adopted 
three affirmative obligations for providers to better protect consumers 
from illegal calls. In the Gateway Provider Order, the Commission 
enhanced two of these obligations for gateway providers and adopted a 
related know-your-upstream-provider requirement. Here, the Commission 
seeks comment on expanding two of those enhanced obligations, as well 
as enhancing the existing requirement for a provider to take 
affirmative, effective measures to prevent new and renewing customers 
from using its network to originate illegal calls.
    22. 24-hour Traceback Requirement. The Commission seeks comment on 
extending the requirement to respond to traceback requests from the 
Commission, civil and criminal law enforcement, and the industry 
traceback consortium within 24 hours of receipt of the request to all 
U.S.-based providers in the call path. In the Gateway Provider Order 
the Commission requires gateway providers to respond to traceback 
requests within 24 hours due to the need for quick responses when 
foreign providers are also involved. Would requiring all domestic 
providers to respond within 24 hours provide additional benefit? Are 
there alternative reasons to require a 24-hour response when calls are 
wholly domestic?
    23. If the Commission extends this requirement to cover all U.S-
based providers in the call path, how should it address situations 
where providers may not be able to respond within 24 hours? The 
Commission recognizes that providers that do not receive many requests 
may be less familiar with the process, and that smaller providers in 
particular may struggle to respond quickly. Are there alternative 
approaches to the Commission's standard waiver process that would 
better address the needs of providers that cannot reliably respond 
within 24 hours?
    24. In particular, the Commission seeks comment on whether it 
should adopt an approach to traceback based on volume of requests 
received, rather than position in the call path or size of provider. 
For example, should the Commission adopt a tiered approach that: 
requires providers with fewer than 10 traceback requests a month to 
respond ``fully and in a timely manner,'' without the need to respond 
within 24 hours; requires providers that receive from 10 to 99 
traceback requests a month to maintain an average 24-hour response 
time; and requires providers with 100 or more traceback requests a 
month to always respond within 24 hours, barring exceptional 
circumstances that warrant relief through a waiver under the ``good 
cause'' standard of Sec.  1.3 of the Commission's rules? These 
circumstances could include sudden unforeseen circumstances that 
prevent compliance for a limited period or for a limited number of 
calls. The Commission cautions that any applicant for waiver ``faces a 
high hurdle even at the starting gate.'' Would different thresholds be 
more appropriate for the tiers? Should the thresholds be based on the 
prior six months' average number of traceback requests or some other 
metric?
    25. The Commission believes that, at least with regard to smaller 
providers, the number of requests received is indicative of whether a 
particular provider contributes significantly to the illegal call 
problem. The Commission seeks comment on this belief. Are there 
instances where a smaller provider might receive a high volume of 
traceback requests despite that provider being a good actor in the 
calling ecosystem? The Commission acknowledges that adopting requests-
per-month thresholds will likely mean that larger providers will be 
required to respond within 24 hours even when those providers are good 
actors. However, the Commission believes that larger providers are well 
positioned to meet a 24-hour response requirement and, in fact, already 
generally do so. The Commission seeks comment on this belief. Are there 
any substantial cost issues or other issues the Commission should 
consider in adopting such a requirement?
    26. Blocking Following Commission Notification. The Commission 
seeks comment on requiring all domestic providers in the call path to 
block, rather than simply effectively mitigate, illegal traffic when 
notified of such traffic by the Commission, regardless of whether that 
traffic originates abroad or domestically. The Commission believes that 
having a single, uniform rule may provide additional benefits and 
reduce the overall burden. The Commission seeks comment on this belief. 
Are there benefits to having a single, uniform requirement for all 
domestic providers? Alternatively, are there benefits to maintaining 
the Commission's existing approach and allowing non-gateway providers 
to effectively mitigate, rather than block, such traffic?
    27. If the Commission extends this requirement and require non-
gateway providers to block, should it consider any modifications to the 
rule? The Commission's effective mitigation rule requires a different 
response if the provider is an originating provider than if the 
provider is an intermediate or terminating provider. Specifically, the 
originating provider must effectively mitigate the traffic, while an 
intermediate or terminating provider must only notify the Commission of 
the source of the traffic and then, if possible, take steps to mitigate 
the traffic. As a result, there are four possible ways in which the 
Commission could enhance this rule: (1) it could require all providers, 
regardless of position in the call path, to block illegal traffic when 
notified of such traffic by the Commission; (2) it could requiring 
originating providers to block traffic when notified by the Commission, 
but only require intermediate and terminating providers to effectively

[[Page 42675]]

mitigate that traffic; (3) it could require originating providers to 
block illegal traffic when notified, but only require intermediate and 
terminating providers to identify the source of the traffic and, if 
possible, block; or (4) it could require originating providers to 
effectively mitigate illegal traffic, and require intermediate and 
terminating providers to block. In all of these cases, gateway 
providers would be required to block consistent with the rule the 
Commission adopted in the Gateway Provider Order. Are there particular 
benefits to any of these approaches? Are there any other approaches the 
Commission could take? Are there any cost difficulties or other issues 
the Commission should consider?
    28. Effective Measures to Prevent New and Renewing Customers from 
Originating Illegal Calls. The Commission seeks comment on whether, and 
if so how, it should further clarify its rule requiring providers to 
take affirmative, effective measures to prevent new and renewing 
customers from using their network to originate illegal calls. In the 
Fourth Call Blocking Order, the Commission allowed providers 
flexibility to determine how best to comply with this requirement. 
Should the Commission now modify this approach? If so, what steps 
should the Commission require providers to take with regard to their 
customers? If the Commission should maintain its flexible approach, is 
there value in providing further guidance as to how providers can best 
comply? If so, what might this guidance include? Should the Commission 
extend a similar requirement to all providers in the call path, in 
place of or in addition to its existing requirement.
    29. The Commission seeks comment on requiring originating providers 
to ensure that customers originating non-conversational traffic only 
seek to originate lawful calls. For example, should the Commission 
require originating providers to investigate such customers prior to 
allowing them access to high-volume origination services? If so, should 
the Commission require originating providers to take certain, defined 
steps as part of this investigation, or allow flexibility? Should the 
Commission require originating providers to certify, either in the 
Robocall Mitigation Database or through some other means, that they 
have conducted these investigations and determined that their customers 
are originating illegal calls? If a customer nonetheless uses an 
originating provider's network to place illegal calls, should the 
Commission adopt a strict liability standard, or allow the provider to 
terminate or otherwise modify its relationship with the customer and 
prevent future illegal traffic?
    30. ZipDX states that ``non-conversational traffic'' is ``traffic 
that has an average call duration of less than two minutes.'' The 
Commission seeks comment on this proposed definition. While some 
illegal calls are ``conversational,'' many are not; the Commission 
believes that stopping non-conversational illegal calls would 
significantly reduce the number of illegal calls consumers receive. The 
Commission seeks comment on this belief. Is a focus on non-
conversational traffic appropriate, or should the Commission maintain 
its broader focus on illegal calls generally? Alternatively, could the 
Commission focus on both: maintaining its existing requirement as to 
illegal calls generally, but adding enhanced obligations for non-
conversational traffic?
    31. The Commission believes that originating providers, as the 
providers with a direct relationship to callers, are in the best 
position to know what traffic a caller seeks to originate. The 
Commission seeks comment on this belief. Is the Commission's focus on 
originating providers correct, or should it include other providers, 
such as intermediate providers, as ZipDX suggests? If the Commission 
includes intermediate or terminating providers, should the requirement 
be the same, or modified? The Commission notes that there is wanted, 
and even important, non-conversational traffic. The Commission does not 
want emergency alerts, post-release follow up calls by hospitals, 
credit card fraud alerts, or similar important communication to be 
prevented by an intermediate or terminating provider that is not 
comfortable with potential liability for carrying non-conversational 
traffic. How could the Commission tailor its rules to allow this 
traffic to continue while still preventing illegal non-conversational 
traffic? Finally, the Commission seeks comment on alternative 
approaches. Should the Commission adopt all or some of ZipDX's specific 
proposals, which would impose obligations across the network, including 
requiring providers that choose to accept non-conversational traffic to 
meet certain obligations such as requiring A-level attestation for such 
calls, limiting of transit routes for these calls, and Robocall 
Mitigation Database certification? Are there any other approaches the 
Commission should consider?

Downstream Provider Blocking

    32. The Commission seeks comment on requiring intermediate and 
terminating providers to block traffic from bad-actor providers, 
regardless of whether or not the bad actor is a gateway provider, 
pursuant to the Commission notification process it adopt in the Gateway 
Provider Order for providers downstream from the gateway. As discussed 
above, the Commission does not currently require any providers other 
than gateway or originating providers to block or effectively mitigate 
illegal traffic when notified by the Commission. In the Gateway 
Provider Order the Commission further requires the intermediate or 
terminating provider immediately downstream to block all traffic from 
the identified provider when notified by the Commission that the 
gateway provider failed to block. There is also an existing safe harbor 
for any provider to block traffic from a bad-actor provider. The 
Commission is concerned that the lack of consistency across all 
provider types could allow for unintended loopholes and it believes 
that having a single, uniform rule may provide additional benefits and 
reduce the overall burden. The Commission seeks comment on this belief. 
Are there any situations where the Commission should not require 
downstream providers to block all traffic from a bad-actor provider 
that has failed to meet its obligation to block or effectively 
mitigate? For example, if the Commission requires originating providers 
to block calls upon Commission notification, but only require 
intermediate and terminating providers to effectively mitigate such 
traffic, should its downstream provider blocking rule treat the 
originating provider for that traffic differently from an intermediate 
provider? If so, how? Are there risks to expanding this requirement to 
cover all domestic providers? If so, do the benefits justify these 
risks and their associated costs? If not, should the Commission take 
another approach to ensure that bad-actor providers cannot continue to 
send illegal traffic to American consumers? If the Commission extends 
the requirement, should it use the process described in the Gateway 
Provider Order or modify that process in some way? Are there any other 
issues the Commission should consider?

General Mitigation Standard

    33. In line with the rule for voice service providers that have not 
implemented STIR/SHAKEN due to an extension or exemption and the 
general mitigation standard the Commission adopts in the Gateway 
Provider Order for gateway providers, in addition to specific 
mitigation requirements for

[[Page 42676]]

which the Commission seeks comment above, the Commission proposes to 
extend a general mitigation standard to voice service providers that 
have implemented STIR/SHAKEN in the IP portions of their networks and 
to all intermediate providers. This standard would be the general duty 
to take ``reasonable steps'' to avoid originating or terminating (for 
voice service providers) or carrying or processing (for intermediate 
providers) illegal robocall traffic. This obligation would include 
filing a mitigation plan along with a certification in the Robocall 
Mitigation Database. In line with the Commission's rules for voice 
service providers and the rules it adopts for gateway providers in the 
accompanying Gateway Provider Order, the Commission proposes that such 
a plan is ``sufficient if it includes detailed practices that can 
reasonably be expected to substantially reduce the origination [or 
carrying or processing] of illegal robocalls.'' The Commission also 
proposes that a program is insufficient if a provider ``knowingly or 
through negligence'' serves as the originator or carries or processes 
calls for an illegal robocall campaign. Similar to the Commission's 
reasoning related to gateway providers, the Commission anticipates that 
a general mitigation obligation on all domestic providers would serve 
as ``an effective backstop to ensure robocallers cannot evade any 
granular requirements [the Commission] adopt[s].'' Are there reasons 
the Commission should not extend to all domestic providers the same 
general mitigation standard it adopts in the accompanying Gateway 
Provider Order? To the extent providers' networks are non-IP based, the 
Commission recognizes that they do not currently have an obligation to 
implement STIR/SHAKEN and thus already have an existing mitigation 
requirement. Should the Commission alter the general mitigation 
standard for all remaining providers in any way? If so, what should 
those modifications be?
    34. The Commission anticipates that extending these requirements to 
all domestic providers would ease administration because U.S.-based 
providers would then be subject to the same obligations for all calls, 
regardless of the providers' respective roles in the call path. 
Regulatory symmetry would obviate the need for a carrier to engage in a 
call-by-call analysis to determine the role the provider plays for any 
given call--e.g., an intermediate provider may serve as a gateway 
provider for some calls but not for others--and ``ensure the 
accountability of all providers that touch calls to U.S. consumers, 
regardless of whether they originate, serve as the gateway provider, or 
simply [carry or process] illegal robocalls.'' Some commenters have 
asserted this is very difficult and burdensome. Are there additional 
benefits of imposing these requirements on all domestic providers? Are 
there any significant burdens if the Commission imposes these 
requirements on all domestic providers?
    35. For the same reasons the Commission describes in the 
accompanying Gateway Provider Order, the Commission proposes adopting 
the ``reasonable steps'' standard for providers that have implemented 
STIR/SHAKEN in the IP portions of their networks rather than a standard 
building upon the obligation for providers to mitigate traffic by 
taking ``affirmative, effective measures to prevent new and renewing 
customers from using their network to originate illegal calls'' adopted 
in the Fourth Call Blocking Order. The Commission reiterates that the 
``affirmative, effective measures'' standard does not apply to existing 
customers and focuses on call origination. Regardless, under the 
current rules and the rules the Commission adopts in the Gateway 
Provider Order, providers must still comply with the requirements to 
know the upstream provider or to take affirmative, effective measures 
to prevent new and renewing customers from using the network to 
originate illegal calls, as applicable, and steps a provider takes to 
meet one standard could meet the other, and vice versa.
    36. Strengthening the Definition of ``Reasonable Steps.'' Rather 
than encouraging providers to regularly consider whether their current 
measures are effective and make adjustments accordingly to comply with 
the ``reasonable steps'' standard, the Commission seeks comment on 
whether it should instead define ``reasonable steps'' to require all 
domestic providers to take specific mitigation actions. What would such 
a definition look like? Is the Commission's standards-based approach 
sufficient? If not, what, if any, are specific ``reasonable steps'' the 
Commission can prescribe to avoid origination, carrying, and processing 
of illegal robocall traffic other than prohibiting providers from 
accepting traffic from providers that have not submitted a 
certification in the Robocall Mitigation Database or have been de-
listed from the Robocall Mitigation Database pursuant to enforcement 
action?
    37. Certain commenters assert that more prescriptive rules will 
ensure that providers take reasonable steps to stop illegal robocalls. 
For example, should the Commission require traffic monitoring for 
upstream service or any other specific type of traffic monitoring? 
Should any particular traffic monitoring metrics be used? Should 
providers be required to take any other specific actions to show 
compliance with their robocall mitigation plan to meet this standard? 
Should there be a higher burden for voice over internet protocol (VoIP) 
providers to meet the ``reasonable steps'' standard? If so, what would 
such a higher burden look like? Are other specific modifications to the 
``reasonable steps'' standard appropriate?
    38. The Commission believes it is important to close any existing 
loopholes and ensure that all domestic providers are subject to the 
same requirements regardless of their place in the call path, even 
though the Commission previously declined to follow a ``one-size-fits-
all'' approach to mitigation. The Commission believes the benefits of 
such an approach would outweigh any burdens on providers. Are these 
expectations correct? What are the benefits of clarifying and expanding 
the Commission's requirements to all domestic providers? What are the 
costs or burdens associated with doing so?
    39. Compliance Deadline. The Commission seeks comment on an 
appropriate deadline for all domestic providers not covered by the 
existing requirements for voice service providers or the requirements 
it adopts in the accompanying Gateway Provider Order for gateway 
providers to comply with the proposed ``reasonable steps'' standard. 
Would 30 or 60 days after the effective date of any order the 
Commission may adopt imposing this requirement on these providers be 
sufficient? Are there any reasons the Commission should subject any 
remaining providers to a longer or shorter deadline? The Commission 
seeks comment on an appropriate deadline that is consistent with the 
time and effort necessary to implement the standard, balanced against 
the public benefit that will result in rapid implementation of the 
standard. What, if any, are the benefits and drawbacks of a shorter 
deadline? What, if any, are the benefits and drawbacks of a longer 
deadline?

Robocall Mitigation Database

    40. Robocall Mitigation Database Filing Obligation. In line with 
the requirement the Commission adopts in the Gateway Provider Order for 
gateway providers, it proposes to require all intermediate providers to 
submit a certification to the Robocall Mitigation

[[Page 42677]]

Database describing their robocall mitigation practices and stating 
that they are adhering to those practices, regardless of whether they 
have fully implemented STIR/SHAKEN. The Commission notes that all 
intermediate providers previously were imported into the Robocall 
Mitigation Database from the rural call completion database's 
Intermediate Provider Registry. The Commission now proposes to have 
these imported intermediate providers affirmatively file in the 
Robocall Mitigation Database. The Commission also proposes to require 
voice service providers that have already filed a certification to 
submit a robocall mitigation plan to the extent they previously were 
not required to do so due to fully implementing STIR/SHAKEN.
    41. The Commission proposes to conclude that certification, 
operating in conjunction with the previous rules and new robocall 
mitigation obligations it adopts in the Gateway Provider Order, would 
encourage compliance and facilitate enforcement efforts and industry 
cooperation to address problems. A number of commenters recommended 
this proposal. Similar to the Commission's findings for gateway 
providers above, the Commission does not anticipate that a filing 
requirement would be more costly for other providers than it is for 
voice service providers that already have an obligation to file in the 
Robocall Mitigation Database. Are there reasons that all intermediate 
providers should not be required to submit a certification? Do the 
remaining providers face additional costs as compared to providers 
already subject to this requirement under the Commission's existing 
rules and the rule it adopts in the Gateway Provider Order that the 
Commission should consider? Are there other possible filing obligations 
that the Commission should impose instead of the requirement to file a 
certification in the Robocall Mitigation Database?
    42. The Commission also proposes that all intermediate providers 
submit the same information that voice service providers, and now 
gateway providers, are required to submit under the Commission's rules. 
Specifically, the Commission proposes that all intermediate providers 
must certify to the status of STIR/SHAKEN implementation and robocall 
mitigation on their networks; submit contact information for a person 
responsible for addressing robocall mitigation-related issues; and 
describe in detail their robocall mitigation practices. The Commission 
proposes that voice service providers that were not previously required 
to submit a robocall mitigation plan describe in detail their robocall 
mitigation practices. Should these providers be subject to the 
additional obligation that the Commission adopts for gateway providers 
in the Gateway Provider Order, i.e., should the Commission require all 
domestic providers to explain what steps they are taking to ensure that 
the immediate upstream provider is not using their network to transmit 
illegal calls? Is it useful for all remaining providers to include this 
information? Should the Commission modify the identifying information 
that all domestic providers must file (both providers with a current 
certification obligation and those without)? The Commission anticipates 
that the burden is limited if it does not adopt a requirement for how 
detailed this explanation must be. Are there any reasons the Commission 
should require a more detailed explanation of the steps a provider has 
taken to meet their robocall mitigation obligations? Again, the 
Commission anticipates the Commission and public will benefit from 
understanding how these providers choose to comply with this specific 
duty because compliance is critical to stopping the carrying or 
processing of illegal robocalls.
    43. In line with the new rules applicable to gateway providers, the 
Commission proposes to delegate to the Wireline Competition Bureau the 
authority to specify the form and format of any submissions. The 
Commission further proposes that this would include whether providers 
with more than one role in the call path may either submit a separate 
certification and plan or amend their current certification and any 
plan and that providers amending their current plan to cover different 
roles in the call path explain the mitigation steps they undertake as 
one type of provider and what mitigation steps they undertake as a 
different type of provider, to the extent they are different.
    44. The Commission also proposes to extend to all domestic 
providers the duty to update their certification within 10 business 
days of ``any change in the information'' submitted, ensuring that the 
information is kept up to date, in line with the existing and new 
requirements for voice service providers and gateway providers, 
respectively. Is another time period appropriate for some or all of the 
information the Commission requires? Should the Commission establish a 
materiality threshold for circumstances in which an update is necessary 
for remaining providers, and, if so, what threshold should it set? In 
the Gateway Provider FNPRM, 86 FR 59084 (Oct. 26, 2021), the Commission 
sought comment regarding whether it should require gateway providers to 
inform the Commission through an update to the Robocall Mitigation 
Database filing if the provider is subject to a Commission, law 
enforcement, or regulatory agency action, investigation, or inquiry due 
to its robocall mitigation plan being deemed insufficient or 
problematic, or due to suspected unlawful robocalling or spoofing 
activity. In the Gateway Provider Order, the Commission declines to 
adopt this proposal so that it may more broadly ask the question 
regarding all domestic providers. Thus, the Commission now seeks 
comment on this proposal for all domestic providers.
    45. Compliance Deadline. The Commission also seeks comment on an 
appropriate deadline for all domestic providers to submit a 
certification and mitigation plan to the Robocall Mitigation Database 
attesting to compliance with the proposed ``reasonable steps'' 
standard. Is 30 days following publication in the Federal Register of 
notice of approval by OMB of any associated Paperwork Reduction Act 
(PRA) obligations sufficient, as many intermediate providers are 
already required to mitigate call traffic? What are the benefits and 
drawbacks of a longer deadline? The Commission seeks comment on an 
appropriate deadline that is consistent with the time and effort 
necessary to implement this requirement, balanced against the public 
benefit that will result in rapid implementation of the requirement. If 
the Commission adopts an earlier deadline than the requirement to 
implement STIR/SHAKEN, should it require that, if a provider has not 
yet implemented STIR/SHAKEN at that time, the provider must file its 
certification by the deadline and indicate that it has not yet fully 
implemented STIR/SHAKEN and that it then update the filing within 10 
business days of STIR/SHAKEN implementation, in line with its existing 
rule for updating such a filing? Are there any other filing deadline 
issues the Commission should consider? The Commission seeks comment on 
any modifications it should make to the filing process for these 
remaining providers.
    46. Additional Identifying Information. While the Commission sought 
comment in the Gateway Provider FNPRM on whether all Robocall 
Mitigation Database filers should submit additional identifying 
information, the Commission does not act on this issue in the 
accompanying Gateway Provider Order so that it may

[[Page 42678]]

both develop a more fulsome record at the same time it considers 
imposing other obligations on all domestic providers, including the 
obligation for all intermediate providers to file a certification in 
the Robocall Mitigation Database. The Commission thus seeks further 
comment on requiring all filers to include additional identifying 
information. While the Commission sought comment in the Gateway 
Provider FNPRM on including information such as a Carrier 
Identification Code, Operating Company Number, and/or Access Customer 
Name Abbreviation, is this information still relevant given that the 
September 2021 blocking deadline has now passed? Is there other 
additional information the Commission should require? For example, the 
Commission proposes to require filers to add information regarding 
principals, known affiliates, subsidiaries, and parent companies. The 
Commission seeks comment on this proposal. Will such information help 
identify bad actors and further the Commission's enforcement efforts, 
such as by identifying bad actors previously removed from the Robocall 
Mitigation Database that continue to be affiliated with other entities 
filing in the Robocall Mitigation Database? Will such information ease 
and enhance compliance by facilitating searches within the Robocall 
Mitigation Database and cross-checking information within the Robocall 
Mitigation Database against other sources? If the Commission requires 
all domestic providers to submit additional identifying information, 
how long should providers already in the database have to update 
information, or should such a requirement be applied on a prospective-
only basis? Does the benefit of additional information outweigh the 
burden of asking a high number of providers to refile? What are the 
benefits of a prospective-only approach? Would this approach still be 
beneficial if only some filers submitted this information? Are there 
any categories of filer, such as foreign voice service providers that 
use NANP resources that pertain to the United States in the caller ID 
field, that are unlikely to have this identifying information? If so, 
how should any new requirements address these filers? Should the 
Commission require providers to submit information demonstrating that 
they are foreign or domestic, and should the Commission modify its 
provider definitions to address this issue? Alternatively, should the 
Commission consider making the submission of this additional 
information voluntary to avoid a refiling requirement and account for 
filers that do not possess the information? Or would submission on a 
voluntary basis provide little benefit? If the Commission requires 
submission of additional information by some or all filers, what 
deadline for filing should it set?
    47. The Commission also seeks comment on any potential changes it 
should make to the Robocall Mitigation Database to make the filing 
process easier for providers and to facilitate searches by the 
Commission. For example, should the Commission allow providers who 
indicate they are ``fully compliant with STIR/SHAKEN'' to still submit 
additional information regarding their compliance (e.g., if they 
obtained their own token or if they are relying on another 
arrangement)? Should the database allow for any other explanations or 
voluntary information submissions? What other changes to the database 
or filing process would make compliance easier or more efficient for 
providers? If revising a filing is burdensome, what steps can the 
Commission take to reduce that burden? Is the burden of requiring 
revisions outweighed by the benefits to be obtained from the additional 
information?
    48. Specific Areas to Be Described in Robocall Mitigation Plan. The 
Commission seeks comment on whether a robocall mitigation program 
should be considered sufficient if it only ``includes detailed 
practices that can reasonably be expected to significantly reduce the 
origination of illegal robocalls. Does this requirement need to be 
further articulated? The Commission seeks comment on specific areas or 
topics to be described in the mitigation plan submitted to the Robocall 
Mitigation Database. What, if any, specific types of mitigation must be 
described in plans submitted to the database? For example, should 
providers be required to ``describe with particularity'' in their 
robocall mitigation plans the processes providers follow ``to know the 
identities of the upstream service providers they accept traffic from 
and to monitor those service providers for illegal robocall traffic''? 
That is, should the Commission require all domestic providers to 
describe their ``know-your-upstream provider'' processes? Should 
providers indicate whether they use analytics providers and/or describe 
the analytics they use? Should all domestic providers describe any 
contractual requirements for upstream providers? Should all domestic 
providers include ``the process and the actions'' they take when they 
``become aware of it, including when alerted of such traffic by the 
Commission or the traceback consortium'' regarding illegal traffic on 
their network, as suggested by USTelecom? Would taking any or all of 
these actions better protect U.S. consumers from illegal robocalls?
    49. Certifications and Data from Intermediate Providers Previously 
Imported into the Robocall Mitigation Database. The Commission proposes 
to delegate decisions regarding the certifications and data of 
intermediate providers previously imported into the Robocall Mitigation 
Database to the Wireline Competition Bureau, as the Commission does for 
gateway providers that were previously imported into the database as 
intermediate providers in the accompanying Gateway Provider Order. If 
the Commission takes this approach, should it provide any additional 
guidance to the Wireline Competition Bureau and what would such 
additional guidance look like? Some commenters indicate that 
intermediate providers previously imported into the Robocall Mitigation 
Database should only have to ``supplement their [Robocall Mitigation 
Database] entry by submitting a mitigation plan without having to 
completely refile,'' while others assert that intermediate providers' 
imported data should be deleted from the database. Should the 
Commission instead adopt one of these proposals and direct the Wireline 
Competition Bureau to remove or update these imported certifications 
and data from the database? What are the benefits and burdens of 
allowing these providers to update their data versus having them 
completely refile?
    50. Intermediate Provider Blocking Obligation. The Commission 
proposes to require downstream providers to block traffic received 
directly from all intermediate providers that are not listed and have 
not affirmatively filed a certification in the Robocall Mitigation 
Database or have been removed through enforcement action. Doing so will 
close a loophole in the Commission's rules by ensuring that any 
provider's traffic will be blocked if its certification does not appear 
in the Robocall Mitigation Database. It will also obviate any concerns 
regarding how downstream providers can determine if an upstream 
provider is a voice service provider, gateway provider, or other 
domestic intermediate provider. There was record support for this 
approach, which will equalize treatment of all domestic providers. The 
Commission seeks comment on doing so. What, if any, are the unique 
costs and benefits to applying this rule to domestic intermediate 
providers' traffic? Are there any modifications the Commission

[[Page 42679]]

should make when applying this rule to intermediate providers other 
than gateway providers? In the Order, the Commission requires 
downstream providers to block traffic from an immediate upstream 
provider where the upstream provider had not affirmatively filed in the 
Robocall Mitigation Database and they had a reasonable basis to believe 
that the immediate upstream provider was either a voice service 
provider or a gateway provider for some calls. The Commission proposes 
to eliminate this requirement as moot if it adopts the proposed 
requirement for downstream providers to block traffic from domestic 
intermediate providers that have not affirmatively filed in the 
Robocall Mitigation Database; downstream providers will no longer need 
to determine the upstream provider type before making a blocking 
determination. The Commission seeks comment on this approach.
    51. The Commission proposes that downstream providers be required 
to block traffic from non-gateway intermediate providers that have not 
submitted a certification in the Robocall Mitigation Database 90 days 
following the deadline for intermediate providers to file a 
certification. This proposed deadline is consistent with both the rule 
the Commission adopted in the accompanying Gateway Provider Order and 
the rule for voice service providers. The Commission seeks comment on 
this proposal and whether an alternative deadline is appropriate.

Enforcement

    52. The Commission's rules are only as effective as its 
enforcement. To that end, the Commission proposes to: (1) impose 
forfeitures for failures to block calls on a per-call basis and 
establish a maximum forfeiture amount for such violations; (2) impose 
the highest available forfeiture for failures to appropriately certify 
in the Robocall Mitigation Database; (3) establish additional bases for 
removal from the Robocall Mitigation Database, including by 
establishing a ``red light'' feature to notify the Commission when a 
newly-filed certification lists a known bad actor as a principal, 
parent company, subsidiary, or affiliate; and (4) subject repeat 
offenders to proceedings to revoke their section 214 operating 
authority and to ban offending companies and/or their individual 
company owners, directors, officers, and principals from future 
significant association with entities regulated by the Commission.
    53. Failure to Block Calls. Mandatory blocking is an important tool 
for protecting American consumers from illegal robocalls. Penalties for 
failure to comply with the Commission's existing or newly adopted 
mandatory blocking requirements must be sufficient to ensure that 
entities subject to its mandatory blocking requirements suffer a 
demonstrable economic impact. Given that bad actors profit from illegal 
robocalls, the Commission tentatively concludes that it should impose 
forfeitures for failure to block after Commission notice on a per-call 
basis. For example, if ABC Provider fails to block 100 calls, it will 
be subject to the maximum forfeiture amount for each of those 100 
calls. The Commission seeks comment on this proposal. What are the pros 
and cons of the Commission's proposal? If adopted, should it be 
applicable to all domestic providers? Should the Commission exclude 
certain types of mandatory blocking from this approach? For example, 
should the Commission take a different approach for blocking based on a 
reasonable do-not-originate (DNO) list? Is there any reason why this 
last approach would be impracticable or unreasonable?
    54. The Commission proposes to authorize that forfeitures for 
violations of its mandatory blocking rules be imposed on a per-call 
basis, with a maximum forfeiture amount for each violation of the 
proposed mandatory blocking requirements of $22,021 per violation. This 
is the maximum forfeiture amount the Commission's rules permit it to 
impose on non-common carriers. While common carriers may be assessed a 
maximum forfeiture of $220,213 for each violation, the Commission 
proposes to find that it should not impose a greater penalty on one 
class of providers than another for purposes of the mandatory blocking 
requirements. The Commission seeks comment on this proposal. Is there 
any reason to permit a higher maximum forfeiture for violation of the 
blocking requirements by providers that the Commission has determined 
to qualify as common carriers? Is one class of providers more likely 
than another to violate these rules? If so, is that a basis for 
imposing different forfeiture amounts? Are there particular aggravating 
or mitigating factors the Commission should take into consideration 
when determining the amount of a forfeiture penalty? Are the 
aggravating and mitigating factors set forth in the Commission's rules 
sufficient? Should failure to block calls to emergency services 
providers or public safety answering points (PSAPs) or to numbers on a 
reasonable DNO list constitute aggravating factors to be considered in 
calculating a forfeiture amount?
    55. Provider Removal from the Robocall Mitigation Database. The 
Commission's voice service provider rules provide that if the 
Commission ``finds a certification is deficient in some way, such as if 
the certification describes a robocall mitigation program that is 
ineffective'' or ``that a provider nonetheless knowingly or negligently 
originates illegal robocall campaigns,'' the Commission ``may take 
enforcement action as appropriate.'' These enforcement actions may 
include, among others, removing a defective certification from the 
database after providing notice to the voice service provider and an 
opportunity to cure the filing. The Commission may, of course, impose a 
forfeiture in addition to removing the provider from the Robocall 
Mitigation Database. The Commission seeks comment on whether 
intermediate providers (other than gateway providers), in addition to 
voice service providers and gateway providers, should be subject to the 
removal of provider certifications from the Robocall Mitigation 
Database. Are there any other reasons the Commission should de-list or 
exclude providers from the Robocall Mitigation Database? The Commission 
proposes to expand its delegation of authority to the Enforcement 
Bureau codified in the Gateway Provider Order to de-list or exclude a 
provider from the Robocall Mitigation Database so that it applies to 
all providers. The Commission seeks comment on this proposal. Should 
the Commission automatically exclude providers or start an enforcement 
action for providers that look suspicious due to multiple traceback 
requests? Should the Commission automatically remove a provider from 
the database for its prior illegal or bad actions related to and/or 
unrelated to robocalling? Should the Commission automatically remove a 
provider from the database for bad actions by an affiliate provider 
related or unrelated to robocalling? What other provider actions would 
warrant removal from the Robocall Mitigation Database? Under the 
Commission's current rules, when a voice service provider is removed 
from the Robocall Mitigation Database, downstream providers must block 
that provider's traffic. Should the Commission deviate from this 
approach?
    56. Continued violations. The Commission proposes to find that 
individuals and entities that engage in continued violations of its 
robocall mitigation rules raise substantial questions regarding their 
basic qualifications to engage in the provision

[[Page 42680]]

of interstate common carrier services. The Commission thus proposes 
that such entities be subject to possible revocation of their section 
214 operating authority, where applicable, and that any principals 
(either individuals or entities) of the bad actor entity be banned from 
serving, either directly or indirectly, as an attributable principal or 
as an officer or director in any entity that applies for or already 
holds any FCC license or instrument of authorization for the provision 
of a regulated service subject to Title II of the Communications Act of 
1934 (the Act) or of any entity otherwise engaged in the provision of 
voice service for a period of time to be determined. For purposes of 
any such revocation, the Commission proposes to define ``attributable 
principal'' as: (1) in the case of a corporation, a party holding 5% or 
more of stock, whether voting or nonvoting, common or preferred; (2) in 
the case of a limited partnership, a limited partner whose interest is 
5% or greater (as calculated according to the percentage of equity paid 
in or the percentage of distribution of profits and losses); (3) in the 
case of a general partnership, a general partner; and (4) in the case 
of a limited liability company, a member whose interest is 5% or 
greater. The Commission seeks comment on these proposals and on any 
alternative proposals or attribution criteria. For purposes of the 
definition of ``attributable principal,'' is 5% stock ownership or 
interest an appropriate threshold? For purposes of determining foreign 
ownership limits under section 310(b)(4) of the Act (regarding common 
carrier wireless licenses or media licenses), an applicant must 
disclose any individual foreign investor or group acquiring a greater 
than 5% voting or equity interest in the licensee. This reflects ``the 
Commission's longstanding determination, in both the broadcast and 
common carrier contexts, that a shareholder with a less than five 
percent interest does not have the ability to influence or control core 
decisions of the licensee.'' Would 10% stock ownership or interest or 
some lesser or higher threshold be more appropriate?
    57. Many of the providers that would come within the purview of 
this proposed rule may not be classified as common carriers and thus 
may not operate subject to the blanket section 214 authority applicable 
to domestic interstate common carriers under Sec.  63.01 of the 
Commission's rules. Interconnected VoIP providers are required to file 
applications to discontinue service under section 214 of the Act and 
Sec.  63.71 of the Commission's rules. Providers not classified as 
common carriers may hold other Commission-issued authorizations or 
certifications. The Commission proposes to find that such carriers that 
have an international section 214 authorization, have applied for and 
received authorization for direct access to numbering resources, or are 
designated as eligible telecommunications carriers under section 214(e) 
of the Act in order to receive federal universal service support hold a 
Commission authorization sufficient to subject them to the Commission's 
jurisdiction for purposes of enforcing its rules pertaining to 
preventing illegal robocalls. Finally, The Commission proposes to find 
that providers not classified as common carriers registered in the 
Robocall Mitigation Database hold a Commission certification such that 
they are subject to the Commission's jurisdiction. The Commission seeks 
comment on these proposed findings and whether they serve as sufficient 
legal authority for the Commission to seek either revocation of an 
individual or entity's section 214 operating authority or to impose a 
ban on an individual or entity from operating in the telecommunications 
space as described above. Are there any other bases for jurisdiction or 
legal authority for the Commission to take such action?

Obligations for Providers Unable To Implement STIR/SHAKEN

    58. The Commission seeks comment on whether additional clarity is 
needed regarding the Commission's rules applicable to certain providers 
lacking facilities necessary to implement STIR/SHAKEN. The Commission 
has previously clarified that the STIR/SHAKEN implementation 
requirement ``do[es] not apply to providers that lack control of the 
network infrastructure necessary to implement STIR/SHAKEN.'' The 
Commission notes that it accelerated the STIR/SHAKEN implementation 
deadline for another class of providers (i.e., non-facilities-based 
small voice service providers). A provider is non-facilities-based if 
it ``offers voice service to end-users solely using connections that 
are not sold by the provider or its affiliates.'' The Commission 
clarifies that some ``non-facilities-based'' small providers may also 
meet the definition of a provider that does not have control of the 
necessary infrastructure to implement STIR/SHAKEN. If so, that provider 
does not have a STIR/SHAKEN implementation obligation. The Small 
Provider Order, 87 FR 3684 (Jan. 25, 2022), did not expand or contract 
the universe of providers required to implement STIR/SHAKEN on the IP 
portions of their network; it only accelerated the implementation 
deadline for a subset of providers already subject to an implementation 
obligation. In the time since, however, the Commission has granted 
certain providers extensions, as well as established the Robocall 
Mitigation Database filing requirement. Should the Commission further 
clarify to whom the STIR/SHAKEN implementation requirement does not 
apply?
    59. Given that providers must block traffic from originating 
providers not listed in the Robocall Mitigation Database, some 
providers, including resellers, have filed, irrespective of any 
obligation to do so. The Commission observes that the Robocall 
Mitigation Database portal does not prevent these providers from 
filing. To address this issue, should the Commission amend its rules to 
deem providers that lack control of the necessary infrastructure to 
implement STIR/SHAKEN as instead having a continuing extension? The 
Commission's rules require that voice service providers granted an 
extension perform robocall mitigation. Should the providers identified 
above be required to perform robocall mitigation, at least to the 
extent that they are able despite their lack of control over network 
infrastructure? If not, why not?
    60. These providers may possess information about their customers 
that the underlying provider (in the case of resellers) may not be 
aware of or privy to. Should the Commission impose a know-your-customer 
obligation on these providers, even though they do not have an 
obligation to implement STIR/SHAKEN, or are its existing requirements 
outside of the STIR/SHAKEN context sufficient? Is the Commission's 
existing flexible approach sufficient, or should the Commission impose 
more specific requirements? Should such providers be required to 
communicate relevant information about their customers to underlying 
providers, and to what extent?

Satellite Providers

    61. The Commission seeks comment on whether the TRACED Act applies 
to satellite providers, and, if so, whether it should grant such 
providers an extension for implementing STIR/SHAKEN. The Commission's 
rules, consistent with the TRACED Act, provide that a ``voice service'' 
is ``any service that . . . furnishes voice communications to an end 
user using resources from the North American Numbering Plan.'' The 
Satellite Industry Association (SIA) argues that the

[[Page 42681]]

Commission's STIR/SHAKEN rules should not apply to satellite providers 
because their voice services do not satisfy the definition set out in 
its rules and in the TRACED Act. SIA asserts that their services ``rely 
on non-NANP resources for their originating numbers'' and that they use 
U.S. NANP resources only ``to forward calls to a small satellite 
[provider] subscriber's non-NANP number, or direct assignment of NANP 
numbers to a very small subset of small satellite customers.'' Does the 
Commission's authority under the TRACED Act extend to satellite 
providers that do not use NANP resources? Does the Commission's 
authority to require satellite providers to implement STIR/SHAKEN apply 
to all satellite providers regardless of the scope of the TRACED Act? 
What about to the extent any satellite providers use NANP numbers for 
the limited purposes described by SIA? Does use of NANP resources for 
forwarding calls to non-NANP numbers render that service a ``voice 
service'' within the TRACED Act's? Do a de minimis number of satellite 
provider subscribers use NANP resources only as SIA describes above, or 
are there ways these subscribers use NANP resources that SIA does not 
describe? Should there be a de minimis exception to the Commission's 
rules? If so, how should the Commission define de minimis for this 
purpose?
    62. In addition to satellite providers' apparently limited use of 
U.S. NANP resources that SIA argues is generally outside the scope of 
the TRACED Act, SIA contends that requiring implementation of STIR/
SHAKEN would pose an undue hardship due to unique economic and 
technological challenges the industry faces. Would requiring satellite 
providers, irrespective of their use of U.S. NANP resources, to 
implement STIR/SHAKEN pose an undue hardship? Is it technically 
feasible for satellite providers to implement STIR/SHAKEN? To what 
extent are satellite providers the source of illegal robocalls? Do they 
account for enough of the $13.5 billion cost to American consumers to 
outweigh the burden on them posed by having to implement STIR/SHAKEN? 
The Commission has previously provided small voice services providers, 
including satellite providers, an extension from STIR/SHAKEN 
implementation until June 30, 2023. When the Wireline Competition 
Bureau reevaluated this extension in 2021, it declined to grant a 
request from SIA for an indefinite extension and stated that it would 
seek further comment on SIA's request before the June 30, 2023 
extension expires. The TRACED Act requires that the Commission, 12 
months after the date of the TRACED Act's enactment, and thereafter 
``as appropriate,'' assess burdens or barriers to implementation of 
STIR/SHAKEN. The TRACED Act further provides the Commission discretion 
to extend compliance with the implementation mandate ``upon a public 
finding of undue hardship.'' Not less than annually thereafter, the 
Commission must consider revising or extending any delay of compliance 
previously granted and issue a public notice regarding whether such 
delay of compliance remains necessary. The Commission directed the 
Wireline Competition Bureau to make these annual assessments and to 
reevaluate the Commission's granted extensions and revise or extend 
them as necessary. The Commission seeks comment on whether it should 
grant SIA's request for an indefinite extension for satellite 
providers. In the alternative, should satellite providers be granted a 
continuing extension? If so, how long should such an extension be?

Restrictions on Number Usage and Indirect Access

    63. The Commission seeks comment on possible changes to its 
numbering rules to prevent the misuse of numbering resources to 
originate illegal robocalls, particularly calls originating abroad. In 
the Direct Access FNPRM, 86 FR 51081 (Sept. 14, 2021), the Commission 
sought comment placing limitations on interconnected VoIP providers' 
use of numbering resources obtained pursuant to direct access 
authorizations the Commission grants. The Commission now seeks comment 
on whether it should implement broader limitations in order to prevent 
illegal robocalls and whether other countries' regulations may provide 
a useful roadmap for its own.
    64. Restrictions on Use of U.S. NANP Numbers for Foreign-Originated 
Calls. The Commission seeks comment on whether it should adopt 
restrictions on the use of domestic numbering resources for calls that 
originate outside of the United States for termination in the United 
States. The Commission notes that, according to providers and foreign 
regulators, other countries, such as Singapore and South Korea, have 
placed limitations on the use of domestic numbering resources for 
foreign-originated calls that terminate domestically. The Infocomm 
Media Development Authority of Singapore (IMDA) has required operators 
to add a ``+'' prefix to international incoming calls, and IMDA is 
working with operators to block known numbers with the new prefix used 
for scams, especially +65 (Singapore's country code). Australia has a 
similar rule. Should the Commission adopt a similar restriction? Should 
the Commission, as YouMail argues, establish a specific area code for 
foreign-originated calls? If so, should the Commission require 
providers block or otherwise restrict calls from all other area codes 
or place heightened due diligence or mitigation obligations on gateway 
providers receiving calls from such an area code? Is assignment of a 
valuable numbering resource--an area code--an efficient use of such 
resource? The Commission seeks comment on the approach taken in 
Germany, where if a call originating outside of Germany carries a 
German number, the number must not be displayed to a German end user 
unless the call is an international mobile roaming call. According to 
providers, Japan has similar restrictions. Would this or a similar 
mandated call-labelling approach be appropriate for some or all 
foreign-originated calls carrying U.S. numbers?
    65. Should the Commission only impose restrictions in those cases 
where the call is not authenticated? For example, France requires that 
operators block calls with a French number in the caller ID from an 
operator outside of France unless the operator assigning, depositing, 
or receiving the number is able to guarantee the authenticity of the 
caller ID or the call is an international mobile roaming call of a 
French operator's end user. Under a similar approach, any calls 
carrying a U.S. NANP number that arrive in the United States with a 
STIR/SHAKEN authentication would not be automatically blocked. The 
Commission seeks comment on such an approach.
    66. The Commission seeks comment on the effect that any of these 
restrictions or limitations would have on foreign call centers of U.S. 
corporations that make foreign-originated calls to U.S. customers. In 
particular, how do call centers operate when calling into countries 
that bar the foreign origination of calls into the domestic market 
carrying domestic caller ID information? The Commission seeks comment 
on the burden that these restrictions may have on providers and other 
entities such as call centers as well as the benefit that would result 
from bright-line restrictions on the use of U.S. NANP numbers for 
foreign-originated calls.
    67. Indirect Access Restrictions. The Commission seeks comment on 
whether it should impose any restrictions on indirect access to U.S. 
NANP numbers

[[Page 42682]]

to prevent their use by foreign or domestic robocallers. In the Direct 
Access FNPRM, the Commission sought comment on steps it could take to 
ensure that VoIP providers obtaining direct access to numbers did not 
use those numbers to facilitate illegal robocalls. It also asked 
whether the Commission should require applicants for direct access to 
numbers to certify that the numbers they apply for will only be used to 
provide interconnected VoIP services and whether interconnected VoIP 
providers that receive direct access to numbers must use those numbers 
for interconnected VoIP services. Some commenters in that proceeding 
noted that indirect access is common and that unscrupulous providers 
may be doing so for nefarious purposes, including illegal robocalling. 
The Commission notes that some illegal robocallers do not spoof numbers 
but instead obtain numbers from providers that themselves either 
obtained the number directly from the North American Numbering Plan 
Administrator (NANPA) or from another provider.
    68. While the Commission does not prejudge the outcome of the 
Direct Access FNPRM, it seeks comment here on a broader bar on indirect 
access. Should the Commission adopt any restrictions on indirect access 
to numbers by interconnected VoIP providers and carriers or 
specifically for use in foreign-originated calls to reduce the ability 
of robocallers to do so? If so, what should those restrictions be? 
Should they be modeled after limitations other countries have put in 
place? The Commission notes that some countries limit the number of 
times a number can be transferred after it is obtained directly from 
the numbering administrator or completely bar number sub-assignment 
(indirect access). Would a similar rule be appropriate here? Does a 
less restrictive approach make sense? For example, in Portugal, further 
sub-assignment is permitted, but only if the provider that obtained the 
initial sub-assignment has allocated 60% of the numbers received to its 
end users. Instead of or in addition to limiting indirect access, could 
the Commission hold providers that obtain numbers directly from NANPA 
strictly liable for illegal robocalling undertaken by any entity that 
obtains the number through indirect access? Would such an approach be 
enforceable and, if so, how would the Commission enforce it? Does 
direct access to numbers by VoIP providers reduce or eliminate the need 
for numbers to be readily available through indirect access? Should the 
Commission, on its own or in concert with NANPA, instead establish a 
system for tracking the number of times that a number has been 
transferred via indirect access, to whom, and who has the right to use 
a number at a particular time? The Commission seeks comment on the 
costs and administrative hurdles of establishing such a system, as well 
as the benefits and burdens. Could such a tracking system also assist 
in the enforcement of the Commission's robocall rules generally? For 
example, like STIR/SHAKEN, it would allow a downstream provider to 
determine whether the originating party (or at least the upstream 
provider) was authorized to use a number. How could providers use that 
information, particularly in concert with STIR/SHAKEN data?

STIR/SHAKEN by Third Parties

    69. The Commission seeks comment on whether certain of its rules 
regarding caller ID authentication and attestation in the Robocall 
Mitigation Database require clarification. The Commission's rules 
require that a voice service provider ``[a]uthenticate caller 
identification information for all SIP calls it originates and . . . 
transmit that call with authenticated caller identification information 
to the next voice service provider or intermediate provider in the call 
path.'' TransNexus asserts that some originating providers have had 
underlying (in the case of resellers) or downstream providers 
authenticate calls on the originating provider's behalf. Should the 
Commission allow a third party to authenticate caller identification 
information to satisfy the originating provider's obligation? 
Conversely, should the Commission amend its rules regarding filing in 
the Robocall Mitigation Database to require attestation of STIR/SHAKEN 
implementation by the originating provider itself--i.e., require all 
domestic providers to have their own token from the STI-GA for purposes 
of authentication? As to both questions, why or why not? Is third-party 
authentication proper in certain circumstances but improper in others? 
Is third-party authentication consistent with the standards underlying 
the STIR/SHAKEN framework? And does authentication by someone other 
than the originating provider undercut STIR/SHAKEN? The Commission 
seeks comment on whether the Commission needs to amend its current 
rules in order to account for this practice, whether to prohibit or 
allow it.

Differential Treatment of Conversational Traffic

    70. The Commission seeks comment on stakeholders' argument that 
certain traffic is unlikely to carry illegal robocalls and thus should 
be treated differently under its rules from other voice traffic. 
Specifically, the Commission seeks comment on whether cellular roaming 
traffic (i.e., traffic originated abroad from U.S. mobile subscribers 
carrying U.S. NANP numbers terminated in the U.S.) should be treated 
with a lighter touch. The Commission does not adopt a rule in the 
Gateway Provider Order regarding this traffic because the record is not 
sufficiently developed on this point. Are these commenters' concerns 
valid? Is cellular roaming traffic unlikely to carry illegal robocalls? 
What percentage of cellular roaming traffic is signed? What percentage 
of unsigned cellular roaming traffic consists of illegal calls? If the 
Commission treats cellular roaming differently, could robocallers 
disguise traffic as cellular roaming traffic in order to take advantage 
of any ``lighter touch'' regulatory regime the Commission adopts? Is it 
technically feasible for the gateway provider or downstream providers 
to clearly identify legitimate cellular roaming traffic for compliance 
purposes? Several commenters suggest that they are able to do so, but 
is that true for all domestic providers in the call path and is it 
realistic for them to do so? For example, ZipDX implies that roaming 
traffic would need to be placed on separate trunks for it to be 
practically subject to a different set of rules from other traffic and 
that segregation currently does not occur in all cases. The Commission 
seeks comment on this assertion and cellular roaming routing practices 
in general. Should the Commission modify its rules applicable to some 
or all domestic providers to take these differences in traffic into 
account? What, if any, regulatory carve-outs for the Commission's 
robocalling rules would be appropriate for any traffic that falls 
within this category? What would be the costs of distinguishing 
legitimate roaming traffic from illegal robocalls subject to the 
Commission's robocall protection requirements? Should the Commission 
treat calls originated from domestic cellular customers carrying U.S. 
NANP numbers with a similarly light touch? Are there other categories 
of traffic that should be subject to greater or lesser scrutiny than 
other voice traffic under the Commission's rules? If so, what are those 
categories of traffic and what rules should apply?

[[Page 42683]]

Legal Authority

    71. The Commission proposes to adopt any of the foregoing 
obligations largely pursuant to the legal authority it relied upon in 
prior caller ID authentication and call blocking orders, including 
authority it relied upon in the accompanying Gateway Provider Order. 
The Commission seeks comment on this approach.
    72. Caller ID Authentication. Gateway providers are a subset of 
intermediate providers. In the Gateway Provider Order, the Commission 
relies upon 251(e) of the Act and the Truth in Caller ID Act to require 
gateway providers to authenticate unauthenticated calls. In the Second 
Caller ID Authentication Report and Order, the Commission relied on 
this authority when requiring intermediate providers to either 
authenticate unauthenticated calls or cooperate with the industry 
traceback consortium and respond to traceback requests. The Commission 
therefore proposes to rely upon the same authority to require all 
intermediate providers to authenticate unauthenticated calls. The 
Commission seeks comment on this approach; is there any reason it may 
not rely on the same authority here? The Commission also seeks comment 
on whether there are alternative sources of authority it should rely 
on.
    73. Robocall Mitigation and Call Blocking. In adopting the 
Commission's robocall mitigation and call blocking rules for gateway 
providers in the accompanying Gateway Provider Order, the Commission 
relied upon sections 201(b), 202(a), 251(e); the Truth in Caller ID 
Act; and its ancillary authority. The Commission proposes to rely on 
this same authority in adopting additional robocall mitigation and call 
blocking requirements for all domestic providers, as described above. 
The Commission seeks comment on this approach and whether there are 
other sources of authority it should consider.
    74. The Commission seeks specific comment on its ancillary 
authority. The Commission anticipates that the proposed regulations 
applicable to all domestic providers are ``reasonably ancillary to the 
Commission's effective performance of its . . . responsibilities.'' 
Providers not classified as common carriers interconnect with the 
public switched telephone network and exchange IP traffic, which 
clearly constitutes ``communication by wire and radio.'' The Commission 
believes that requiring these providers to comply with its proposed 
rules is reasonably ancillary to the Commission's effective performance 
of its statutory responsibilities under sections 201(b), 202(a), 
251(e), and the Truth in Caller ID Act as described above. With respect 
to sections 201(b) and 202(a), absent application of the Commission's 
proposed rules to providers not classified as common carriers, 
originators of robocalls could circumvent the Commission's proposed 
regulatory scheme by sending calls only to providers not classified as 
common carriers to reach their destination. The Commission seeks 
comment on this analysis and any other basis of its ancillary authority 
here.
    75. Enforcement. The Commission also proposes to adopt its 
additional enforcement rules above pursuant to sections 501, 502, and 
503 of the Act. These provisions allow the Commission to take 
enforcement action against common carriers as well as providers not 
classified as common carriers following a citation. The Commission also 
proposes to rely on the existing authority in Sec.  1.80 of its rules 
regarding forfeiture amounts. The Commission seeks comment on this 
proposed authority and any other sources of its enforcement authority.
    76. Numbering Restrictions. To adopt any of the foregoing numbering 
restrictions, the Commission proposes to rely on section 251(e) and its 
grant to the Commission of authority over numbering resources as well 
as sections 201 and 251(b). The Commission has repeatedly relied on 
these sections in adopting its numbering rules. The Commission also 
proposes to rely on its ancillary authority. The Commission believes 
that placing restrictions on numbering access for providers not 
classified as common carriers would be reasonably ancillary to the 
Commissions' performance under these three sections. Access to numbers 
is necessary to ensure a level playing field and foster competition by 
eliminating barriers to, and incenting development of, innovative IP 
services. The Commission thus proposes to conclude that, for these or 
other reasons, imposing numbering restrictions on providers not 
classified as common carriers is reasonably ancillary to the 
Commission's responsibilities to ensure that numbers are made available 
on an ``equitable'' basis, to advance the number-portability 
requirements of section 251(b), or to help ensure just and reasonable 
rates and practices for telecommunications services regulated under 
section 201. The Commission also seeks comment on other possible bases 
for the Commission to exercise ancillary authority here.

Digital Equity and Inclusion

    77. The Commission, as part of its continuing effort to advance 
digital equity for all, including people of color and others who have 
been historically underserved, marginalized, and adversely affected by 
persistent poverty and inequality, invites comment on any equity-
related considerations and benefits (if any) that may be associated 
with the proposals and issues discussed herein. The Commission defines 
the term ``equity'' consistent with Executive Order 13985 as the 
consistent and systematic fair, just, and impartial treatment of all 
individuals, including individuals who belong to underserved 
communities that have been denied such treatment, such as Black, 
Latino, and Indigenous and Native American persons, Asian Americans and 
Pacific Islanders and other persons of color; members of religious 
minorities; lesbian, gay, bisexual, transgender, and queer (LGBTQ+) 
persons; persons with disabilities; persons who live in rural areas; 
and persons otherwise adversely affected by persistent poverty or 
inequality. Specifically, the Commission seeks comment on how its 
proposals may promote or inhibit advances in diversity, equity, 
inclusion, and accessibility.
    78. Initial Regulatory Flexibility Analysis as required by the 
Regulatory Flexibility Act of 1980, as amended (RFA), the Commission 
has prepared this Initial Regulatory Flexibility Analysis (IRFA) of the 
possible significant economic impact on small entities by the policies 
and rules proposed in this FNPRM. The Commission requests written 
public comments on this IRFA. Comments must be identified as responses 
to the IRFA and must be filed by the deadlines for comments provided in 
the DATES section of the FNPRM. The Commission will send a copy of the 
FNPRM, including this IRFA, to the Chief Counsel for Advocacy of the 
Small Business Administration (SBA). In addition, the FNPRM and IRFA 
(or summaries thereof) will be published in the Federal Register.

Need for, and Objectives of, the Proposed Rules

    79. In order to continue the Commission's work of protecting 
American consumers from illegal calls, regardless of their provenance, 
the FNPRM proposes to expand some of the Commission's existing rules to 
cover other providers in the call path and provides additional options 
to further protect American consumers, regardless of whether illegal 
calls originate

[[Page 42684]]

domestically or abroad. Specifically, the FNPRM proposes to extend the 
Commission's STIR/SHAKEN authentication requirement to cover all 
domestic providers in the call path. The FNPRM also seeks comment on 
extending some of the robocall mitigation duties the Commission adopts 
in the Gateway Provider Order to all domestic providers in the call 
path. These mitigation duties include: expanding and modifying the 
Commission's existing affirmative obligations; requiring downstream 
providers to block calls from non-gateway providers when those 
providers fail to comply; the general mitigation standard; and filing a 
mitigation plan in the Robocall Mitigation Database regardless of STIR/
SHAKEN implementation status. The FNPRM also seeks comment on 
additional measures to address illegal robocalls, including: ways to 
enhance the enforcement of the Commission's rules; clarifying certain 
aspects of its STIR/SHAKEN regime; placing limitations on the use of 
U.S. NANP numbers for foreign-originated calls and indirect number 
access, and treating cellular roaming traffic differently.

Legal Basis

    80. The FNPRM proposes to find authority largely under those 
provisions through which it has previously adopted rules to stem the 
tide of robocalls. Specifically, the FNPRM proposes to find authority 
under sections 201(b), 202(a), 251(b) and (e), 501, 502, and 503 of the 
Act, Sec.  1.80 of the Commission's rules regarding forfeiture amounts, 
the Truth in Caller ID Act, and, where appropriate, ancillary 
authority. The FNPRM solicits comment on these proposals.

Description and Estimate of the Number of Small Entities to Which the 
Proposed Rules Will Apply

    81. The RFA directs agencies to provide a description of and, where 
feasible, an estimate of the number of small entities that may be 
affected by the proposed rules and by the rule revisions on which the 
FNPRM seeks comment, if adopted. The RFA generally defines the term 
``small entity'' as having the same meaning as the terms ``small 
business,'' ``small organization,'' and ``small governmental 
jurisdiction.'' In addition, the term ``small business'' has the same 
meaning as the term ``small-business concern'' under the Small Business 
Act. A ``small-business concern'' is one which: (1) is independently 
owned and operated; (2) is not dominant in its field of operation; and 
(3) satisfies any additional criteria established by the SBA.
    82. Small Businesses, Small Organizations, Small Governmental 
Jurisdictions. The Commission's actions, over time, may affect small 
entities that are not easily categorized at present. The Commission 
therefore describes here, at the outset, three broad groups of small 
entities that could be directly affected herein. First, while there are 
industry specific size standards for small businesses that are used in 
the regulatory flexibility analysis, according to data from the Small 
Business Administration's (SBA) Office of Advocacy, in general a small 
business is an independent business having fewer than 500 employees. 
These types of small businesses represent 99.9% of all businesses in 
the United States, which translates to 32.5 million businesses.
    83. Next, the type of small entity described as a ``small 
organization'' is generally ``any not-for-profit enterprise which is 
independently owned and operated and is not dominant in its field.'' 
The Internal Revenue Service (IRS) uses a revenue benchmark of $50,000 
or less to delineate its annual electronic filing requirements for 
small exempt organizations. Nationwide, for tax year 2020, there were 
approximately 447,689 small exempt organizations in the U.S. reporting 
revenues of $50,000 or less according to the registration and tax data 
for exempt organizations available from the IRS.
    84. Finally, the small entity described as a ``small governmental 
jurisdiction'' is defined generally as ``governments of cities, 
counties, towns, townships, villages, school districts, or special 
districts, with a population of less than fifty thousand.'' U.S. Census 
Bureau data from the 2017 Census of Governments indicate that there 
were 90,075 local governmental jurisdictions consisting of general 
purpose governments and special purpose governments in the United 
States. Of this number there were 36,931 general purpose governments 
(county, municipal and town or township) with populations of less than 
50,000 and 12,040 special purpose governments--independent school 
districts with enrollment populations of less than 50,000. Accordingly, 
based on the 2017 U.S. Census of Governments data, the Commission 
estimates that at least 48,971 entities fall into the category of 
``small governmental jurisdictions.''

Wireline Carriers

    85. Wired Telecommunications Carriers. The U.S. Census Bureau 
defines this industry as establishments primarily engaged in operating 
and/or providing access to transmission facilities and infrastructure 
that they own and/or lease for the transmission of voice, data, text, 
sound, and video using wired communications networks. Transmission 
facilities may be based on a single technology or a combination of 
technologies. Establishments in this industry use the wired 
telecommunications network facilities that they operate to provide a 
variety of services, such as wired telephony services, including VoIP 
services, wired (cable) audio and video programming distribution, and 
wired broadband internet services. By exception, establishments 
providing satellite television distribution services using facilities 
and infrastructure that they operate are included in this industry. 
Wired Telecommunications Carriers are also referred to as wireline 
carriers or fixed local service providers.
    86. The SBA small business size standard for Wired 
Telecommunications Carriers classifies firms having 1,500 or fewer 
employees as small. U.S. Census Bureau data for 2017 show that there 
were 3,054 firms that operated in this industry for the entire year. Of 
this number, 2,964 firms operated with fewer than 250 employees. 
Additionally, based on Commission data in the 2021 Universal Service 
Monitoring Report, as of December 31, 2020, there were 5,183 providers 
that reported they were engaged in the provision of fixed local 
services. Of these providers, the Commission estimates that 4,737 
providers have 1,500 or fewer employees. Consequently, using the SBA's 
small business size standard, most of these providers can be considered 
small entities
    87. Local Exchange Carriers (LECs). Neither the Commission nor the 
SBA has developed a size standard for small businesses specifically 
applicable to local exchange services. Providers of these services 
include both incumbent and competitive local exchange service 
providers. Wired Telecommunications Carriers is the closest industry 
with an SBA small business size standard. Wired Telecommunications 
Carriers are also referred to as wireline carriers or fixed local 
service providers. The SBA small business size standard for Wired 
Telecommunications Carriers classifies firms having 1,500 or fewer 
employees as small. U.S. Census Bureau data for 2017 show that there 
were 3,054 firms that operated in this industry for the entire year. Of 
this number, 2,964 firms operated with fewer than 250 employees. 
Additionally, based on Commission data in the 2021 Universal Service 
Monitoring Report, as of

[[Page 42685]]

December 31, 2020, there were 5,183 providers that reported they were 
fixed local exchange service providers. Of these providers, the 
Commission estimates that 4,737 providers have 1,500 or fewer 
employees. Consequently, using the SBA's small business size standard, 
most of these providers can be considered small entities.
    88. Incumbent Local Exchange Carriers (Incumbent LECs). Neither the 
Commission nor the SBA have developed a small business size standard 
specifically for incumbent local exchange carriers. Wired 
Telecommunications Carriers is the closest industry with an SBA small 
business size standard. The SBA small business size standard for Wired 
Telecommunications Carriers classifies firms having 1,500 or fewer 
employees as small. U.S. Census Bureau data for 2017 show that there 
were 3,054 firms in this industry that operated for the entire year. Of 
this number, 2,964 firms operated with fewer than 250 employees. 
Additionally, based on Commission data in the 2021 Universal Service 
Monitoring Report, as of December 31, 2020, there were 1,227 providers 
that reported they were incumbent local exchange service providers. Of 
these providers, the Commission estimates that 929 providers have 1,500 
or fewer employees. Consequently, using the SBA's small business size 
standard, the Commission estimates that the majority of incumbent local 
exchange carriers can be considered small entities.
    89. Competitive Local Exchange Carriers (Competitive LECs). Neither 
the Commission nor the SBA has developed a size standard for small 
businesses specifically applicable to local exchange services. 
Providers of these services include several types of competitive local 
exchange service providers. Wired Telecommunications Carriers is the 
closest industry with an SBA small business size standard. The SBA 
small business size standard for Wired Telecommunications Carriers 
classifies firms having 1,500 or fewer employees as small. U.S. Census 
Bureau data for 2017 show that there were 3,054 firms that operated in 
this industry for the entire year. Of this number, 2,964 firms operated 
with fewer than 250 employees. Additionally, based on Commission data 
in the 2021 Universal Service Monitoring Report, as of December 31, 
2020, there were 3,956 providers that reported they were competitive 
local exchange service providers. Of these providers, the Commission 
estimates that 3,808 providers have 1,500 or fewer employees. 
Consequently, using the SBA's small business size standard, most of 
these providers can be considered small entities.
    90. The Commission has included small incumbent LECs in this 
present RFA analysis. As noted above, a ``small business'' under the 
RFA is one that, inter alia, meets the pertinent small-business size 
standard (e.g., a telephone communications business having 1,500 or 
fewer employees) and ``is not dominant in its field of operation.'' The 
SBA's Office of Advocacy contends that, for RFA purposes, small 
incumbent LECs are not dominant in their field of operation because any 
such dominance is not ``national'' in scope. The Commission has 
therefore included small incumbent LECs in this RFA analysis, although 
it emphasizes that this RFA action has no effect on Commission analyses 
and determinations in other, non-RFA contexts.
    91. Interexchange Carriers (IXCs). Neither the Commission nor the 
SBA have developed a small business size standard specifically for 
Interexchange Carriers. Wired Telecommunications Carriers is the 
closest industry with an SBA small business size standard. The SBA 
small business size standard for Wired Telecommunications Carriers 
classifies firms having 1,500 or fewer employees as small. U.S. Census 
Bureau data for 2017 show that there were 3,054 firms that operated in 
this industry for the entire year. Of this number, 2,964 firms operated 
with fewer than 250 employees. Additionally, based on Commission data 
in the 2021 Universal Service Monitoring Report, as of December 31, 
2020, there were 151 providers that reported they were engaged in the 
provision of interexchange services. Of these providers, the Commission 
estimates that 131 providers have 1,500 or fewer employees. 
Consequently, using the SBA's small business size standard, the 
Commission estimates that the majority of providers in this industry 
can be considered small entities.
    92. Cable System Operators (Telecom Act Standard). The 
Communications Act of 1934, as amended, contains a size standard for 
small cable system operators, which classifies ``a cable operator that, 
directly or through an affiliate, serves in the aggregate fewer than 
one percent of all subscribers in the United States and is not 
affiliated with any entity or entities whose gross annual revenues in 
the aggregate exceed $250,000,000,'' as small. As of December 2020, 
there were approximately 45,308,192 basic cable video subscribers in 
the top Cable multiple system operators (MSOs) in the United States. 
Accordingly, an operator serving fewer than 453,082 subscribers shall 
be deemed a small operator if its annual revenues, when combined with 
the total annual revenues of all its affiliates, do not exceed $250 
million in the aggregate. Based on available data, all but five of the 
cable operators in the Top Cable MSOs have less than 453,082 
subscribers and can be considered small entities under this size 
standard. The Commission notes however, that the Commission neither 
requests nor collects information on whether cable system operators are 
affiliated with entities whose gross annual revenues exceed $250 
million. Therefore, the Commission is unable at this time to estimate 
with greater precision the number of cable system operators that would 
qualify as small cable operators under the definition in the 
Communications Act.
    93. Other Toll Carriers. Neither the Commission nor the SBA has 
developed a definition for small businesses specifically applicable to 
Other Toll Carriers. This category includes toll carriers that do not 
fall within the categories of interexchange carriers, operator service 
providers, prepaid calling card providers, satellite service carriers, 
or toll resellers. Wired Telecommunications Carriers is the closest 
industry with an SBA small business size standard. The SBA small 
business size standard for Wired Telecommunications Carriers classifies 
firms having 1,500 or fewer employees as small. U.S. Census Bureau data 
for 2017 show that there were 3,054 firms in this industry that 
operated for the entire year. Of this number, 2,964 firms operated with 
fewer than 250 employees. Additionally, based on Commission data in the 
2021 Universal Service Monitoring Report, as of December 31, 2020, 
there were 115 providers that reported they were engaged in the 
provision of other toll services. Of these providers, the Commission 
estimates that 113 providers have 1,500 or fewer employees. 
Consequently, using the SBA's small business size standard, most of 
these providers can be considered small entities.

Wireless Carriers

    94. Wireless Telecommunications Carriers (except Satellite). This 
industry comprises establishments engaged in operating and maintaining 
switching and transmission facilities to provide communications via the 
airwaves. Establishments in this industry have spectrum licenses and 
provide services using that spectrum, such as cellular

[[Page 42686]]

services, paging services, wireless internet access, and wireless video 
services. The SBA size standard for this industry classifies a business 
as small if it has 1,500 or fewer employees. U.S. Census Bureau data 
for 2017 show that there were 2,893 firms in this industry that 
operated for the entire year. Of that number, 2,837 firms employed 
fewer than 250 employees. Additionally, based on Commission data in the 
2021 Universal Service Monitoring Report, as of December 31, 2020, 
there were 797 providers that reported they were engaged in the 
provision of wireless services. Of these providers, the Commission 
estimates that 715 providers have 1,500 or fewer employees. 
Consequently, using the SBA's small business size standard, most of 
these providers can be considered small entities.
    95. Satellite Telecommunications. This industry comprises firms 
``primarily engaged in providing telecommunications services to other 
establishments in the telecommunications and broadcasting industries by 
forwarding and receiving communications signals via a system of 
satellites or reselling satellite telecommunications.'' Satellite 
telecommunications service providers include satellite and earth 
station operators. The SBA small business size standard for this 
industry classifies a business with $35 million or less in annual 
receipts as small. U.S. Census Bureau data for 2017 show that 275 firms 
in this industry operated for the entire year. Of this number, 242 
firms had revenue of less than $25 million. Additionally, based on 
Commission data in the 2021 Universal Service Monitoring Report, as of 
December 31, 2020, there were 71 providers that reported they were 
engaged in the provision of satellite telecommunications services. Of 
these providers, the Commission estimates that approximately 48 
providers have 1,500 or fewer employees. Consequently, using the SBA's 
small business size standard, a little more than of these providers can 
be considered small entities.

Resellers

    96. Local Resellers. Neither the Commission nor the SBA have 
developed a small business size standard specifically for Local 
Resellers. Telecommunications Resellers is the closest industry with an 
SBA small business size standard. The Telecommunications Resellers 
industry comprises establishments engaged in purchasing access and 
network capacity from owners and operators of telecommunications 
networks and reselling wired and wireless telecommunications services 
(except satellite) to businesses and households. Establishments in this 
industry resell telecommunications; they do not operate transmission 
facilities and infrastructure. Mobile virtual network operators (MVNOs) 
are included in this industry. The SBA small business size standard for 
Telecommunications Resellers classifies a business as small if it has 
1,500 or fewer employees. U.S. Census Bureau data for 2017 show that 
1,386 firms in this industry provided resale services for the entire 
year. Of that number, 1,375 firms operated with fewer than 250 
employees. Additionally, based on Commission data in the 2021 Universal 
Service Monitoring Report, as of December 31, 2020, there were 293 
providers that reported they were engaged in the provision of local 
resale services. Of these providers, the Commission estimates that 289 
providers have 1,500 or fewer employees. Consequently, using the SBA's 
small business size standard, most of these providers can be considered 
small entities.
    97. Toll Resellers. Neither the Commission nor the SBA have 
developed a small business size standard specifically for Toll 
Resellers. Telecommunications Resellers is the closest industry with an 
SBA small business size standard. The Telecommunications Resellers 
industry comprises establishments engaged in purchasing access and 
network capacity from owners and operators of telecommunications 
networks and reselling wired and wireless telecommunications services 
(except satellite) to businesses and households. Establishments in this 
industry resell telecommunications; they do not operate transmission 
facilities and infrastructure. Mobile virtual network operators (MVNOs) 
are included in this industry. The SBA small business size standard for 
Telecommunications Resellers classifies a business as small if it has 
1,500 or fewer employees. U.S. Census Bureau data for 2017 show that 
1,386 firms in this industry provided resale services for the entire 
year. Of that number, 1,375 firms operated with fewer than 250 
employees. Additionally, based on Commission data in the 2021 Universal 
Service Monitoring Report, as of December 31, 2020, there were 518 
providers that reported they were engaged in the provision of toll 
services. Of these providers, the Commission estimates that 495 
providers have 1,500 or fewer employees. Consequently, using the SBA's 
small business size standard, most of these providers can be considered 
small entities.
    98. Prepaid Calling Card Providers. Neither the Commission nor the 
SBA has developed a small business size standard specifically for 
prepaid calling card providers. Telecommunications Resellers is the 
closest industry with an SBA small business size standard. The 
Telecommunications Resellers industry comprises establishments engaged 
in purchasing access and network capacity from owners and operators of 
telecommunications networks and reselling wired and wireless 
telecommunications services (except satellite) to businesses and 
households. Establishments in this industry resell telecommunications; 
they do not operate transmission facilities and infrastructure. Mobile 
virtual network operators (MVNOs) are included in this industry. The 
SBA small business size standard for Telecommunications Resellers 
classifies a business as small if it has 1,500 or fewer employees. U.S. 
Census Bureau data for 2017 show that 1,386 firms in this industry 
provided resale services for the entire year. Of that number, 1,375 
firms operated with fewer than 250 employees. Additionally, based on 
Commission data in the 2021 Universal Service Monitoring Report, as of 
December 31, 2020, there were 58 providers that reported they were 
engaged in the provision of payphone services. Of these providers, the 
Commission estimates that 57 providers have 1,500 or fewer employees. 
Consequently, using the SBA's small business size standard, most of 
these providers can be considered small entities.

Other Entities

    99. All Other Telecommunications. This industry is comprised of 
establishments primarily engaged in providing specialized 
telecommunications services, such as satellite tracking, communications 
telemetry, and radar station operation. This industry also includes 
establishments primarily engaged in providing satellite terminal 
stations and associated facilities connected with one or more 
terrestrial systems and capable of transmitting telecommunications to, 
and receiving telecommunications from, satellite systems. Providers of 
internet services (e.g. dial-up internet service providers (ISPs)) or 
voice over internet protocol (VoIP) services, via client-supplied 
telecommunications connections are also included in this industry. The 
SBA small business size standard for this industry classifies firms 
with annual receipts of $35

[[Page 42687]]

million or less as small. U.S. Census Bureau data for 2017 show that 
there were 1,079 firms in this industry that operated for the entire 
year. Of those firms, 1,039 had revenue of less than $25 million. Based 
on this data, the Commission estimates that the majority of ``All Other 
Telecommunications'' firms can be considered small.

Description of Projected Reporting, Recordkeeping, and Other Compliance 
Requirements for Small Entities

    100. The FNPRM proposes to impose several obligations on various 
providers, many of whom may be small entities. Specifically, the FNPRM 
proposes to require all U.S. intermediate providers to authenticate 
caller ID information consistent with STIR/SHAKEN for SIP calls that 
are carrying a U.S. number in the caller ID field and to require all 
providers to comply with the most recent version of the standards as 
they are released. The FNPRM also seeks comment on extending certain 
mitigation duties to all domestic providers, including: (1) extending 
the requirement to respond to traceback requests from the Commission, 
civil and criminal law enforcement, and the industry traceback 
consortium within 24 hours of receipt of the request to all U.S.-based 
providers in the call path; (2) requiring all domestic providers in the 
call path to block, rather than simply effectively mitigate, illegal 
traffic when notified of such traffic by the Commission; and (3) 
requiring the intermediate provider or terminating provider immediately 
downstream from an upstream provider that fails to block, or 
effectively mitigate if the Commission declines to extend the blocking 
requirement further, illegal traffic when notified by the Commission. 
It also seeks comment on whether and how to clarify the Commission's 
rule requiring providers to take affirmative, effective measures to 
prevent new and renewing customers from using their network to 
originate illegal calls. The FNPRM also proposes to extend a general 
mitigation standard to voice service providers that have implemented 
STIR/SHAKEN in the IP portions of their networks and to all domestic 
intermediate providers. The FNPRM also proposes to require all domestic 
intermediate providers to submit a certification to the Robocall 
Mitigation Database describing their robocall mitigation practices and 
stating that they are adhering to those practices, regardless of 
whether they have fully implemented STIR/SHAKEN.
    101. With regard to the Commission's enforcement of these proposed 
rules, the FNPRM proposes to: (1) impose forfeitures for failures to 
block calls on a per-call basis and establish a maximum forfeiture 
amount for such violations; (2) impose the highest available forfeiture 
for failures to appropriately certify in the Robocall Mitigation 
Database; (3) establish additional bases for removal from the Robocall 
Mitigation Database, including by establishing a ``red light'' feature 
to notify the Commission when a newly-filed certification lists a known 
bad actor as a principal, parent company, subsidiary, or affiliate; and 
(4) subject repeat offenders to proceedings to revoke their section 214 
operating authority and to ban offending companies and/or their 
individual company owners, directors, officers, and principals from 
future significant association with entities regulated by the 
Commission.
    102. The FNPRM seeks comment on whether certain of the Commission's 
rules regarding caller ID authentication and attestation in the 
Robocall Mitigation Database require clarification, specifically 
whether the Commission should allow a third party to authenticate 
caller identification information to satisfy the originating provider's 
obligation, and whether the Commission's rules regarding filing in the 
Robocall Mitigation Database should be amended to require attestation 
of STIR/SHAKEN implementation by the originating provider itself. The 
FNPRM also seeks comment on whether additional clarity is needed 
regarding the Commission's rules about certain providers lacking 
facilities to implement STIR/SHAKEN.
    103. The FNPRM also seeks comment on whether the TRACED Act applies 
to satellite providers, and, if so, whether the Commission should grant 
such providers an extension for implementing STIR/SHAKEN.
    104. The FNPRM seeks comment on possible changes to the 
Commission's numbering rules to prevent the misuse of numbering 
resources to originate illegal robocalls, particularly those 
originating abroad, including: (1) whether the Commission should adopt 
restrictions on the use of domestic numbering resources for calls that 
originate outside of the United States for termination in the United 
States; and (2) whether the Commission should impose any restrictions 
on indirect access to U.S. NANP numbers to prevent their use by foreign 
or domestic robocallers.
    105. Lastly, the FNPRM seeks comment on stakeholders' argument that 
cellular roaming traffic (i.e., traffic originated abroad from U.S. 
mobile subscribers carrying U.S. NANP numbers terminated in the U.S.) 
should be treated with a ``lighter touch'' because it is unlikely to 
carry illegal robocalls.

Steps Taken To Minimize the Significant Economic Impact on Small 
Entities, and Significant Alternatives Considered

    106. The RFA requires an agency to describe any significant 
alternatives that it has considered in reaching its proposed approach, 
which may include the following four alternatives (among others): (1) 
the establishment of differing compliance or reporting requirements or 
timetables that take into account the resources available to small 
entities; (2) the clarification, consolidation, or simplification of 
compliance and reporting requirements under the rules for such small 
entities; (3) the use of performance rather than design standards; and 
(4) an exemption from coverage of the rule, or any part thereof, for 
such small entities.
    107. The FNPRM seeks comment on the particular impacts that the 
proposed rules may have on small entities. In particular, it seeks 
comment on the impact on small providers of extending the requirement 
to respond to traceback requests from the Commission, civil and 
criminal law enforcement, and the industry traceback consortium within 
24 hours of receipt of the request to all U.S.-based providers in the 
call path. The FNPRM recognizes that providers that do not receive many 
requests may be less familiar with the process, and that smaller 
providers in particular may struggle to respond quickly, and it seeks 
comment on whether the waiver process established in the Gateway 
Provider Order is sufficient to address the needs of all providers, or 
whether it should be modified to allow greater flexibility. In 
particular, the FNPRM seeks comment on whether the Commission should 
adopt an approach to traceback based on volume of requests received, 
rather than position in the call path or size of provider. For example, 
the FNPRM asks whether the Commission should adopt a tiered approach 
that requires providers with fewer than 10 traceback requests a month 
to respond ``fully and timely,'' without the need to maintain an 
average response time of 24 hours; requires providers that receive from 
10 to 99 traceback requests a month to respond within 24 hours or 
request a waiver and maintain an average response time of 24 hours; and 
requires providers with 100 or more traceback requests a month to 
always respond within 24 hours, barring exceptional circumstances. The 
FNPRM also seeks comment on whether the TRACED Act applies to satellite 
providers and, if so, whether the Commission should grant

[[Page 42688]]

such providers an extension for implementing STIR/SHAKEN. The FNPRM 
seeks comment on whether a de minimis number of satellite provider 
subscribers use NANP resources, and whether there should thus be a de 
minimis exception to the Commission's rules. The FNPRM notes that the 
Commission has previously provided small voice services providers, 
including satellite providers, an extension from STIR/SHAKEN 
implementation until June 30, 2023, and seeks comment on whether the 
Commission should grant an indefinite extension for satellite providers 
or, in the alternative, a defined continuing extension.

Federal Rules That May Duplicate, Overlap, or Conflict With the 
Proposed Rules

    108. None.

Procedural Matters

    109. Initial Regulatory Flexibility Analysis. As required by the 
RFA, the Commission has prepared an IRFA of the possible significant 
economic impact on small entities of the policies and rules addressed 
in this FNPRM. The IRFA is set forth above. Written public comments are 
requested on the IRFA. Comments must be filed by the deadlines for 
comments on the FNPRM indicated on the first page of this document and 
must have a separate and distinct heading designating them as responses 
to the IRFA. The Commission's Consumer and Governmental Affairs Bureau, 
Reference Information Center, will send a copy of this FNPRM, including 
the IRFA, to the Chief Counsel for Advocacy of the SBA.
    110. Paperwork Reduction Act. The FNPRM contains proposed new and 
revised information collection requirements. The Commission, as part of 
its continuing effort to reduce paperwork burdens, invites the general 
public and OMB to comment on the information collection requirements 
contained in this document, as required by the Paperwork Reduction Act 
of 1995, Public Law 104-13. In addition, pursuant to the Small Business 
Paperwork Relief Act of 2002, Public Law 107-198, see 44 U.S.C 
3506(c)(4), the Commission seeks specific comment on how it might 
further reduce the information collection burden for small business 
concerns with fewer than 25 employees.
    111. Ex Parte Presentations--Permit-But-Disclose. The proceeding 
this FNPRM initiates shall be treated as a ``permit-but-disclose'' 
proceeding in accordance with the Commission's ex parte rules. Persons 
making ex parte presentations must file a copy of any written 
presentation or a memorandum summarizing any oral presentation within 
two business days after the presentation (unless a different deadline 
applicable to the Sunshine period applies). Persons making oral ex 
parte presentations are reminded that memoranda summarizing the 
presentation must (1) list all persons attending or otherwise 
participating in the meeting at which the ex parte presentation was 
made, and (2) summarize all data presented and arguments made during 
the presentation. If the presentation consisted in whole or in part of 
the presentation of data or arguments already reflected in the 
presenter's written comments, memoranda or other filings in the 
proceeding, the presenter may provide citations to such data or 
arguments in his or her prior comments, memoranda, or other filings 
(specifying the relevant page and/or paragraph numbers where such data 
or arguments can be found) in lieu of summarizing them in the 
memorandum. Documents shown or given to Commission staff during ex 
parte meetings are deemed to be written ex parte presentations and must 
be filed consistent with Sec.  1.1206(b) of the Commission's rules. In 
proceedings governed by Sec.  1.49(f) of the Commission's rules or for 
which the Commission has made available a method of electronic filing, 
written ex parte presentations and memoranda summarizing oral ex parte 
presentations, and all attachments thereto, must be filed through the 
electronic comment filing system available for that proceeding, and 
must be filed in their native format (e.g., .doc, .xml, .ppt, 
searchable .pdf). Participants in this proceeding should familiarize 
themselves with the Commission's ex parte rules.

Ordering Clauses

    112. Accordingly, it is ordered, pursuant to sections 4(i), 4(j), 
201, 202, 217, 227, 227b, 251(b), 251(e), 303(r), 501, 502, and 503 of 
the Communications Act of 1934, as amended, 47 U.S.C. 154(i), 154(j), 
201, 202, 217, 227, 227b, 251(b) 251(e), 303(r), 501, 502, and 503, 
this FNPRM is adopted.
    113. It is further ordered that the Commission's Consumer and 
Governmental Affairs Bureau, Reference information Center, shall send a 
copy of this FNPRM, including the Initial Regulatory Flexibility 
Analysis (IRFA), to the Chief Counsel for Advocacy of the Small 
Business Administration.

List of Subjects

47 CFR Part 0

    Authority delegations (Government agencies), Communications, 
Communications common carriers, Classified information, Freedom of 
information, Government publications, Infants and children, 
Organization and functions (Government agencies), Postal Service, 
Privacy, Reporting and recordkeeping requirements, Sunshine Act, 
Telecommunications.

47 CFR Part 1

    Administrative practice and Procedure, Civil rights, Claims, 
Communications, Communications common carriers, Communications 
equipment, Cuba, Drug abuse, Environmental impact statements, Equal 
access to justice, Equal employment opportunity, Federal buildings and 
facilities, Government employees, Historic preservation, Income taxes, 
Indemnity payments, Individuals with disabilities, internet, 
Investigations, Lawyers, Metric system, Penalties, Radio, Reporting and 
recordkeeping requirements, Satellites, Security measures, 
Telecommunications, Telephone, Television, Wages.

47 CFR Part 64

    Carrier equipment, Communications common carriers, Reporting and 
recordkeeping requirements, Telecommunications, Telephone.

Federal Communications Commission.
Marlene Dortch,
Secretary.

Proposed Rules

    The Federal Communications Commission proposes to amend parts 0, 1, 
and 64 of title 47 of the Code of Federal Regulations as follows:

PART 0--COMMISSION ORGANIZATION

Subpart A--Organization

0
1. The authority citation for part 0, subpart A, continues to read as 
follows:

    Authority: 47 U.S.C. 151, 154(i), 154(j), 155, 225, and 409, 
unless otherwise noted.

0
2. Amend Sec.  0.111 by revising paragraph (a)(28) to read as follows:


Sec.  0.111   Functions of the Bureau.

    (a) * * *
    (28) Take enforcement action, including de-listing from the 
Robocall Mitigation Database, against any provider:
    (i) Whose certification described in Sec.  64.6305(c) through (e) 
of this chapter is deficient after giving that provider

[[Page 42689]]

notice and an opportunity to cure the deficiency; or
    (ii) Who accepts calls directly from a domestic voice service 
provider, domestic intermediate provider, gateway provider, or foreign 
provider not listed in the Robocall Mitigation Database in violation of 
Sec.  64.6305(f) of this chapter.
* * * * *

PART 1--PRACTICE AND PROCEDURE

0
3. The authority citation for part 1 continues to read as follows:

    Authority: 47 U.S.C. chs. 2, 5, 9, 13; 28 U.S.C. 2461 note, 
unless otherwise noted.

Subpart A--General Rules of Practice and Procedure

0
4. Amend Sec.  1.80 by:
0
a. Redesignating paragraphs (b)(9) through (11) as paragraphs (b)(10) 
through (12);
0
b. Adding a new paragraph (b)(9);
0
c. In newly redesignated paragraph (b)(10), removing ``paragraphs 
(b)(1) through (8) of this section'' and adding ``paragraphs (b)(1) 
through (9) of this section'' in its place;
0
d. In newly redesignated paragraph (b)(11):
0
i. Redesignating tables 1 through 4 to paragraph (b)(10) as tables 1 
through 4 to paragraph (b)(11);
0
ii. In footnote 1 of newly redesignated table 4 to paragraph (b)(11), 
removing ``paragraph (b)(10)'' and adding ``paragraph (b)(11)'' in its 
place;
0
iii. Redesignating note 2 to paragraph (b)(10) as note 2 to paragraph 
(b)(11); and
0
iv. In newly redesignated note 2 to paragraph (b)(11), removing ``this 
paragraph (b)(10)'' everywhere it appears and adding ``this paragraph 
(b)(11)'' in its place and removing ``paragraph (b)(11)'' and adding 
``paragraph (b)(12)'' in its place; and
0
e. In newly redesignated paragraph (b)(12), redesignating table 5 to 
paragraph (b)(11)(ii) as table 5 to paragraph (b)(12)(ii) and note 3 to 
paragraph (b)(11) as note 3 to paragraph (b)(12).
    The addition reads as follows:


Sec.  1.80  Forfeiture proceedings.

* * * * *
    (b) * * *
    (9) Forfeiture penalty for a failure to block. Any person 
determined to have failed to block illegal robocalls pursuant to Sec.  
64.6305(e) of this chapter shall be liable to the United States for a 
forfeiture penalty of no more than $22,021 for each violation, to be 
assessed on a per-call basis. In addition to the mitigating and 
aggravating factors set forth in table 1 to paragraph (b)(11) of this 
section, other factors to be considered in calculating a forfeiture 
amount under this paragraph shall include whether the violation 
includes failure to block calls to emergency services providers or 
public safety answering points or to numbers on a reasonable do-not-
originate list.
* * * * *

PART 64--MISCELLANEOUS RULES RELATING TO COMMON CARRIERS

0
5. The authority citation for part 64 continues to read as follows:

    Authority: 47 U.S.C. 151, 152, 154, 201, 202, 217, 218, 220, 
222, 225, 226, 227, 227b, 228, 251(a), 251(e), 254(k), 255, 262, 
276, 403(b)(2)(B), (c), 616, 620, 716, 1401-1473, unless otherwise 
noted; Pub. L. 115-141, Div. P, sec. 503, 132 Stat. 348, 1091.

Subpart HH--Caller ID Authentication

0
6. Amend Sec.  64.6302 by revising paragraph (b) to read as follows:


Sec.  64.6302  Caller ID authentication by intermediate providers.

* * * * *
    (b) Authenticate caller identification information for all calls it 
receives that use North American Numbering Plan resources that pertain 
to the United States in the caller ID field and for which the caller 
identification information has not been authenticated and which it will 
exchange with another provider as a SIP call.
0
7. Amend Sec.  64.6304 by revising paragraph (b) to read as follows:


Sec.  64.6304  Extension of implementation deadline.

* * * * *
    (b) Voice service providers and intermediate providers that cannot 
obtain an SPC token. Voice service providers that are incapable of 
obtaining an SPC token due to Governance Authority policy are exempt 
from the requirements of Sec.  64.6301 until they are capable of 
obtaining a SPC token. Intermediate providers, including gateway 
providers, that are incapable of obtaining an SPC token due to 
Governance Authority policy are exempt from the requirements of Sec.  
64.6302(b) regarding call authentication.
* * * * *
0
8. Amend Sec.  64.6305 by:
0
a. Revising the heading of paragraph (a) and paragraphs (a)(1) and 
(c)(2) introductory text;
0
b. Redesignating paragraphs (c)(4)(iv) and (v) as paragraphs (c)(4)(v) 
and (vi);
0
c. Adding a new paragraph (c)(4)(iv);
0
d. Redesignating paragraphs (d)(4)(iv) and (v) as paragraphs (d)(4)(v) 
and (vi);
0
e. Adding a new paragraph (d)(4)(iv);
0
f. Redesignating paragraph (e) as paragraph (f);
0
g. Adding a new paragraph (e); and
0
h. Revising newly redesignated paragraph (f).
    The revisions and additions read as follows:


Sec.  64.6305  Robocall mitigation and certification.

    (a) Robocall mitigation program requirements for voice service 
providers and intermediate providers (other than gateway providers). 
(1) Except those subject to an extension granted under Sec.  
64.6304(b), any voice service provider and intermediate provider, not 
including gateway providers, shall implement an appropriate robocall 
mitigation program with respect to calls that use North American 
Numbering Plan resources that pertain to the United States in the 
caller ID field.
* * * * *
    (c) * * *
    (2) A voice service provider shall include a robocall mitigation 
program consistent with paragraph (a) of this section and shall include 
the following information in its certification in English or with a 
certified English translation:
* * * * *
    (4) * * *
    (iv) All known principals, affiliates, subsidiaries, and parent 
companies of the intermediate provider;
* * * * *
    (d) * * *
    (4) * * *
    (iv) All known principals, affiliates, subsidiaries, and parent 
companies of the intermediate provider;
* * * * *
    (e) Certification by intermediate providers (other than gateway 
providers) in the Robocall Mitigation Database. (1) An intermediate 
provider shall certify to one of the following:
    (i) It has fully implemented the STIR/SHAKEN authentication 
framework across its entire network and all calls it carries or 
processes are compliant with Sec.  64.6302(b);
    (ii) It has implemented the STIR/SHAKEN authentication framework on 
a portion of its network and calls it carries or processes on that 
portion of its network are compliant with Sec.  64.6302(b); or
    (iii) It has not implemented the STIR/SHAKEN authentication 
framework on any portion of its network for carrying or processing 
calls.
    (2) An intermediate provider shall include the following 
information in its

[[Page 42690]]

certification, in English or with a certified English translation:
    (i) The specific reasonable steps the intermediate provider has 
taken to avoid carrying or processing illegal robocall traffic as part 
of its robocall mitigation program, including a description of how it 
has complied with the know-your-upstream provider requirement in Sec.  
64.1200(n)(4).
    (ii) A statement of the intermediate provider's commitment to 
respond fully and in a timely manner to all traceback requests from the 
Commission, law enforcement, and the industry traceback consortium, and 
to cooperate with such entities in investigating and stopping any 
illegal robocallers that use its service to carry or process calls.
    (3) All certifications made pursuant to paragraph (e)(1) of this 
section shall:
    (i) Be filed in the appropriate portal on the Commission's website; 
and
    (ii) Be signed by an officer in conformity with 47 CFR 1.16.
    (4) An intermediate provider filing a certification shall submit 
the following information in the appropriate portal on the Commission's 
website:
    (i) The intermediate provider's business name(s) and primary 
address;
    (ii) Other business names in use by the intermediate provider;
    (iii) All business names previously used by the intermediate 
provider;
    (iv) All known principals, affiliates, subsidiaries, and parent 
companies of the intermediate provider;
    (v) Whether the intermediate provider or any affiliate is also a 
foreign voice service provider; and
    (vi) The name, title, department, business address, telephone 
number, and email address of one person within the company responsible 
for addressing robocall mitigation-related issues.
    (5) An intermediate provider shall update its filings within 10 
business days of any change to the information it must provide pursuant 
to paragraphs (e)(1) through (4) of this section, subject to the 
conditions set forth in paragraphs (c)(5)(i) and (ii) of this section.
    (f) Intermediate provider and voice service provider obligations--
(1) Accepting traffic from domestic voice service providers. 
Intermediate providers and voice service providers shall accept calls 
directly from a domestic voice service provider only if that provider's 
filing appears in the Robocall Mitigation Database in accordance with 
paragraphs (c) of this section and that filing has not been de-listed 
pursuant to an enforcement action.
    (2) Accepting traffic from foreign providers. Beginning 90 days 
after the deadline for filing certifications pursuant to paragraph 
(d)(1) of this section, intermediate providers and voice service 
providers shall accept calls directly from a foreign voice service 
provider or foreign intermediate provider that uses North American 
Numbering Plan resources that pertain to the United States in the 
caller ID field to send voice traffic to residential or business 
subscribers in the United States, only if that foreign provider's 
filing appears in the Robocall Mitigation Database in accordance with 
paragraph (c) of this section and that filing has not been de-listed 
pursuant to an enforcement action.
    (3) Accepting traffic from domestic intermediate providers. 
Intermediate providers and voice service providers shall accept calls 
directly from:
    (i) A gateway provider, only if that provider's filing appears in 
the Robocall Mitigation Database in accordance with paragraph (d) of 
this section, showing that the gateway provider has affirmatively 
submitted the filing, and that the filing has not been de-listed 
pursuant to an enforcement action.
    (ii) Beginning 90 days after the deadline for filing certifications 
pursuant to paragraph (e) of this section, a domestic intermediate 
provider, only if that provider's filing appears in the Robocall 
Mitigation Database in accordance with paragraph (e) of this section, 
showing that the intermediate provider has affirmatively submitted the 
filing, and that the filing has not been de-listed pursuant to an 
enforcement action.

[FR Doc. 2022-13878 Filed 7-15-22; 8:45 am]
BILLING CODE 6712-01-P