On November 21, 2025, the FCC released the adopted Order on Reconsideration (“Order”) rescinding a prior Declaratory Ruling and withdrawing the associated Notice of Proposed Rulemaking (“NPRM”) adopted in January 2025 pursuant to the Communications Assistance for Law Enforcement Act (“CALEA”). The prior Declaratory Ruling had concluded that CALEA affirmatively required telecommunications carriers to secure their networks against unlawful access or interception of communications and suggested that carriers could be in breach of statutory obligations if they failed to adopt certain cybersecurity practices.
The Order finds the Declaratory Ruling’s interpretation legally erroneous and ineffective, concluding that the FCC lacks authority to enforce CALEA’s statutory provisions without rulemaking and that the Declaratory Ruling improperly extended the statute beyond its text. It also determines that the NPRM, which proposed broad cybersecurity mandates for a wide range of communications providers, was unnecessary and would have imposed an inflexible, one-size-fits-all regulatory approach.
Instead, the Order emphasizes that the Commission will focus on a targeted, collaborative, and legally sound strategy to enhance cybersecurity, working with industry, other federal agencies, and existing programs to strengthen communications networks against threats such as the recent People’s Republic of China-sponsored Salt Typhoon attacks. The FCC reaffirms that agile public-private cooperation and focused rulemakings are more effective than expansive regulatory interpretations in promoting communications security.
There were no notable changes from the draft item.
The item was adopted at the November Open Meeting.
Please Contact Us if you have any questions.