"Some originating providers are not doing enough to vet their customers, allowing bad actors to infiltrate our U.S. phone networks," FCC Chair Brendan Carr said, criticizing current industry practices as the agency moved Wednesday to tighten verification and supply-chain rules for telecommunications.
Brendan Carr on verification failures and robocalls
The Federal Communications Commission opened its session with a sharply worded diagnosis: under current rules, some carriers “do the bare minimum” to verify callers and have “become complicit in illegal robocalling schemes,” Chair Brendan Carr said ahead of the vote. The commission noted that existing regulations require telecoms to take “affirmative, effective” measures to verify callers and block illegal calls, but that the practice has often relied on self-attestation by carriers and on identity checks performed by other providers down the call path.
The agency cited a concrete example in which a telecom that transmitted thousands of false robocalls imitating then‑President Joe Biden during the 2024 New Hampshire presidential primary initially reported to the FCC that it had the highest level of confidence in the identity of those using the phone numbers. That assessment later proved false after robocallers spoofed a well-known former state Democratic Party official.
Strengthening “Know Your Customer” requirements for telecoms
Commissioners unanimously approved a measure to strengthen telecoms’ Know Your Customer (KYC) obligations. The order lays out potential solutions the FCC is considering, including requiring carriers to verify a customer’s name, address, government ID and alternative phone numbers prior to enabling service.
Alongside new verification standards, the commission signaled interest in firmer enforcement tools — including tying penalties to the number of illegal calls placed — to make KYC rules more than a paper obligation.
Ending blanket authorization for covered foreign entities
Since 1999 the FCC has traditionally granted blanket authorization for domestic carriers to operate interstate telecommunications services within U.S. borders. The commission adopted a second rule Wednesday that would end that practice for foreign companies on the FCC’s covered entity list.
The covered entity list, the order notes, bans a small number of foreign companies based in Russia or China from selling their equipment in the U.S. on national security grounds. Chair Carr flagged a related concern: equipment from those companies can still “wind up in U.S. products” by providing services that do not fit the current legal definition of international telecommunications authority, a loophole the new rule aims to close.
Reciprocity for overseas testing labs and the 23 withdrawn certifications
The FCC’s third action refuses to recognize any testing or equipment lab based overseas that does not have a reciprocity agreement in place with U.S.-based labs. The rule builds on a campaign begun last year to prohibit telecoms from relying on testing and certification labs owned or operated by foreign adversarial countries like China or Russia.
That prior effort led the FCC to withdraw or deny certification for 23 overseas labs, and the new reciprocity requirement formalizes a higher bar for recognizing foreign labs’ work.
How telecom carriers, testing labs, and end users are affected
- Telecom carriers: Will face stronger verification requirements before enabling service—potentially requiring name, address, government ID and alternate numbers—and could be exposed to enforcement tied to the number of illegal calls traced to them.
- Testing and certification labs (overseas): Must secure reciprocity agreements with U.S.-based labs to have their testing recognized; the FCC’s prior actions already resulted in 23 overseas lab certifications being withdrawn or denied.
- End users and election stakeholders: The commission’s decisions respond directly to incidents such as the thousands of false robocalls that imitated then‑President Joe Biden in the 2024 New Hampshire primary, signaling an intent to reduce opportunities for caller‑ID spoofing and large-scale illegal robocalling that can affect voters and campaigns.
Commissioner Olivia Trusty framed the package as a modernization of safeguards, saying cybersecurity threats facing telecom networks today “exceed those of any recent era” and arguing that policies originally designed to promote economic growth must be re‑examined “to ensure that frameworks ... are not exploited in ways that jeopardize our national and economic security.” The measures passed unanimously.
The FCC has now moved on three fronts—tighter KYC, narrower authorization for covered foreign entities, and reciprocity for foreign testing labs—leaving enforcement design and implementation as the next, practical questions: how carriers will operationalize identity checks and how penalties will be calibrated to deter illegal calls. The commission’s references to specific verification items and the possible linkage of penalties to call volume show it is preparing rules that reach beyond guidance and toward measurable obligations.
Original reporting: https://cyberscoop.com/fcc-know-your-customer-supply-chain-security-rules/
