On April 29, 2025, the FCC released a Notice of Proposed Rulemaking (NPRM) aiming to close the caller ID authentication gap in non-Internet Protocol (non-IP) networks. The NPRM proposes to conclude that effective non-IP caller ID authentication frameworks – namely, In-Band Authentication (ATIS-1000095.v002) and Out-of-Band Multiple STI-CPS Authentication (ATIS-1000096) – are developed and reasonably available, and proposes to mandate that voice service providers, gateway providers, and non-gateway intermediate providers receiving calls directly from an originating provider implement one or more non-IP caller ID authentication frameworks in non-IP networks by a date certain.
In addition, the NPRM proposes to establish criteria for evaluating alternative caller ID authentication standards for non-IP networks, and proposes a two-year implementation deadline for providers to adopt the non-IP frameworks. It seeks to repeal prior compliance extensions and proposes to mandate that providers using non-IP technology must either transition to IP or implement an approved non-IP caller ID authentication framework.
The following notable changes were made from the draft item:
- ¶ 44 and fn. 151 – In response to the Competitive Carriers Association’s (CCA’s) ex parte, the Commission clarified that the proposed non-IP caller authentication obligations would apply to all “intermediate providers, including gateway providers,” in the call path, “except where necessary for technical reasons to complete the call and where the intermediate provider reasonably believes the non-IP caller ID authentication information presents an imminent threat to its network security, mirroring the requirement on intermediate providers for STIR/SHAKEN authentication information.” The FCC also made corresponding edits throughout the document to reflect this change.
- Appendix A, § 64.6303(d) – The FCC proposed adding a new section to ensure that all intermediate providers using non-IP networks are required to pass along non-IP caller ID authentication information unaltered, except where: (i) technically necessary to complete the call, or (ii) the intermediate provider reasonably believes the information poses an imminent threat to network security.
The NPRM was adopted at the April Open Meeting. Comments are due 30 days after publication in the Federal Register, and reply comments are due 60 days after publication.
Please Contact Us if you have any questions.