Voice service providers have the ability to stop illegal robocalls by keeping dishonest and fraudulent customers from reaching their networks. Current FCC rules require an originating voice provider to take “affirmative, effective measures to prevent new and renewing customers from using its network to originate illegal calls, including knowing its customers and exercising due diligence in ensuring that its services are not used to originate illegal traffic.” However, these general requirements for providers to evaluate their customers have not been enough to stop the continued plague of illegal robocalls. Thus, the Commission is prepared to go further with specific new “Know-Your-Customer” (KYC) requirements.
In a Further Notice of Proposed Rulemaking (Further Notice) in Dockets 17-59 and 02-278 that is expected to be approved at its April 30, 2026, meeting, the agency is not only proposing specific KYC requirements for voice service providers but also specific penalties for those providers who do not comply with these rules. The new requirements include:
That originating voice service providers including traditional voice service, commercial mobile radio service (CMRS), and interconnected Voice over Internet Protocol (VoIP) service providers be assessed penalties for violations of the KYC rule on a per call basis to best correlate penalties to the volume of illegal calls made, and thus the harm caused by any one caller.
Requiring originating providers to obtain the name, physical address, government issued identification number, and alternative telephone number of any new and renewing customer before granting access to its services and, for high volume customers, also obtain the intended use of the service (e.g., marketing, education, political campaign) and the customer’s IP address from which each call will be placed (if applicable);
Requiring originating providers to obtain supporting records to verify the customer’s identity, such as copies of government issued identification;
Requiring originating providers to retain KYC information and supporting records for a minimum of four years following termination of the customer relationship to allow an opportunity to investigate and potentially take enforcement actions relating to illegal calls before expiration of the statute of limitations;
Considering whether re-verification of KYC customer information should be triggered by unusual activity or changes in traffic patterns or other red flags that arise during the customer relationship regarding the making of illegal calls;
Considering whether the Commission should require collection of more customer information from certain customers based on certain risk factors;
Considering whether KYC information standards should vary for prepaid and postpaid services; and,
Whether enhanced KYC requirements can prevent or deter other criminal uses of communications networks.
As an alternative to adopting specific KYC requirements, the Commission asks whether it should issue baseline KYC guidance or expectations that act as a regulatory safe harbor. Specifically, should it deem compliance with baseline KYC expectations as a safe harbor from any enforcement action against the originating provider? Would such a safe harbor approach sufficiently incent better KYC practices while giving originating providers flexibility to develop innovative KYC protections and react to evolving tactics used by bad actors to gain access to voice networks?
Considering whether to make any rules adopted in this Further Notice applicable primarily only to new and renewing customers that originating providers acquire after the effective date of any new rules and to any customers that renew service with such providers after the effective date;
And finally, whether the new rules should take effect six months after they are approved by the Office of Management and Budget.
Industry comments on the Further Notice are due 30 days after it appears in the Federal Register. Reply comments are due 30 days later.