Written by
Molly Weis, VP Marketing
Mary Gonzalez, Brand & Content Manager
Published on
June 23, 2021
Updated on
June 30, 2025
With the FCC's June 30, 2021 deadline for STIR/SHAKEN implementation, voice service providers without full deployment were required to take action. In lieu of full STIR/SHAKEN authentication, providers needed to submit a Robocall Mitigation Plan (RMP) and certify their implementation status in the FCC's Robocall Mitigation Database. Here's a comprehensive look at what these plans entail, who needs to file, and why it matters.
The Robocall Mitigation Database (RMDB) was created as part of the FCC’s ongoing effort to curb illegal and unwanted robocalls. It tracks which voice service providers have fully implemented STIR/SHAKEN and which are relying on a mitigation plan. Providers must certify their status and detail their strategies for preventing illegal robocall traffic if they haven’t fully deployed STIR/SHAKEN.
If you are a provider of voice service, whether it’s wireless, cable, VoIP, interconnected VoIP, one-way VoIP, two-way VoIP, or any entity that enables two-way voice communications that interconnects to the PSTN and utilizes North American Numbering Plan (NANP) resources or numbers, you are required to register.
Transit or intermediate providers neither originate or terminate voice traffic. The FCC has imported intermediate providers into the database so that on September 28th, if you’re a voice service provider and are not listed in the Robocall Mitigation Database, any other voice service provider or intermediate provider is prohibited from accepting your traffic.
It is technically required for foreign voice service providers to register in the database, however the FCC recognizes that it doesn’t have jurisdiction over foreign service services. The FCC acknowledged this and stated that foreign voice service providers who are using NANP resources will not have their calls completed to the United States unless they file within the Robocall Mitigation Database. They either have to have deployed STIR/SHAKEN or have a Robocall Mitigation Plan that they are following.
The FCC framed this section to place the obligation on the intermediate providers, or else domestic service providers in the U.S. will not be able to accept their traffic, keeping in mind that this applies to foreign providers that are using NANP resources, which amounts to a small subset. The June 30th deadline also does not apply for foreign providers though they must register by September 28th or else risk their voice traffic being blocked once it reaches the U.S.
When the FCC established the framework for the Robocall Mitigation Plan, they did it in a non-prescriptive manner. They did not list what you had to do, how to do it, or what the details were, and instead, left that up to the service providers to decide. What they did make clear was the expectation of a detailed description of the measures being put in place that can reasonably be expected to significantly reduce the origination of illegal robocalls.
“The plan must be detailed, and it must be followed.”
— Kevin Wiley, Wiley Rein LLP
The plan is essentially your local policy and how you plan to assign A, B, or C attestation based on what you know about the traffic on your network. The STIR/SHAKEN standards were not designed to tell you whether a call is good, bad, indifferent, or illegal. They were designed to convey if a number is valid and where it came from can be validated. So even an A-Level attested call could be an illegal call, making it critical for a provider's Robocall Mitigation Plan to look beyond attestation level and concern itself with reducing illegal or bad traffic from originating on their network.
If a voice provider fails to do any of that or does not follow the necessary due diligence of making sure they are not originating bad traffic on their network, they could be opening themselves up to enforcement action, especially if their network is used as a platform for originating illegal robocalls. If the plan itself is only a few sentences and doesn’t have any detailed structure as to the actions they plan to take, the FCC will view this plan as insufficient in reasonably expecting to reduce the origination of illegal robocalls.
When plans are being written, providers must consider ways they can actually reduce these calls, whether it’s contractual terms, termination provisions, network monitoring, or implementing a local Know Your Customer (KYC) policy solution. The FCC has not addressed if they will be proactively reviewing the submitted plans for potential inadequacies, or what would happen if any are found, but they did flag it as a possibility. If the plans are not detailed enough or not having the desired effect, the FCC may review the entire plan’s framework, including through a rule-making.
With only a week left to file a Robocall Mitigation Plan, it’s officially go time!
The infamous June 30th date has resulted in a fair amount of misunderstanding and misconceptions. It is a certification and registration deadline for any provider of voice service to enter accurate and detailed information into the database as part of their implementation status or Robocall Mitigation Plan to the FCC under penalty of perjury.
Come July 1st, voice service providers that have deployed the standards will start signing calls with their according attestation levels. Early on, in the coming years, whether a call is labeled A, B, or C, will not have an impact on the ability of a legitimate enterprise caller to make outbound calls. Service providers are prohibited by FCC rules to block a call based on attestation level alone.
The September 28th deadline that has been softly mentioned, marks the prohibition on accepting traffic from service providers who are not in the database.
As of today (06/23/21) at 10:30 am EST, there are just over 1,600 certifications and registrations in the database, but as we get closer to the deadline, those numbers are likely to increase. Right now, there are 168 providers who have completely implemented STIR/SHAKEN. They don’t have to complete a Robocall Mitigation Plan because they have already deployed the standard. There are almost 900 providers that have either no STIR/SHAKEN implementation, or partial, which means they have implemented and should be following their Robocall Mitigation Plans. There is an N/A category in the database of about 400 intermediate providers. They are not under any current obligation to have a Robocall Mitigation Plan, they have no choice but to deploy the standard so they have been rolled into the database.
When the FCC established the STIR/SHAKEN mandate they realized there were certain voice providers that either couldn’t meet the deadline or could be subject to a reasonable extension for the certification deadline.
The following two categories that qualify for an extension are corner cases.
When those providers register in the database they will be given the opportunity to identify in which of the categories they can avail themselves of an extension. For those implementing a Robocall Mitigation Plan, you must disclose the category in your plan, which extension category you qualify for, and that you are certified to that extension category.
The Robocall Mitigation Database is accessible to the public, where an active listing of all voice service providers that have submitted sufficient filings can be reviewed, and voice service providers may submit their certifications.
As noted while viewing the Robocall Mitigation Database, if you believe there are errors with the content or function of the database, or if you require special assistance with submitting a filing, please email FCC staff at RobocallMitigationDatabase@FCC.gov.
As Wiley notes in this article on Expectations for Voice Service Providers, the filing of a robocall mitigation plan “applies to all voice service providers – not only those granted an extension – who will be required to file robocall certifications with the FCC.” With a special thanks to our friends at Kelley Drye, we recommend taking a look at the following helpful resources for service providers to further dive into the requirements set forth by the FCC to file a robocall mitigation plan:
Podcast: Robocall Mitigation Plans: understand when providers need to implement mitigation programs and what needs to be included. Review recommendations for customizing a program to fit a provider’s needs and how to build a program that is both effective and manageable.
As noted by the FCC, “Call authentication, based on STIR/SHAKEN technological standards, enables voice service providers to verify that the caller ID information transmitted with a call matches the caller’s phone number. Use of these standards will help combat scammers’ use of caller ID spoofing to mask their true identity and trick consumers by appearing to call from local or other trusted numbers. It will also allow law enforcement, the FCC, and industry to more quickly and effectively trace back scam calls to their source.”
The requirement of instituting a Robocall Mitigation Plan, simply put, ensures that we have a united front, across the full spectrum of service providers, large and small, to join together in the fight against illegal robocalls.
Whether it’s full STIR/SHAKEN implementation, or it’s an alternative or partial implementation as accompanied by a Robocall Mitigation Plan, service providers are expected to do their part in authenticating the legitimacy of the originating source of traffic as it relates to the authorized use of the phone numbers being displayed to the end user.
How exactly these authenticated calls will be displayed on the end user device leaves much room for question, but to directly answer the question asked by just about every legitimate business, “will my calls be blocked on July 1 in the aftermath of the June 30 deadline?,” the answer is “no.” Service providers are prohibited by FCC rules to block a call based on attestation level alone.
What and when service providers may choose to block down the line will be defined by STIR/SHAKEN local policy, individual plans outlined with a Robocall Mitigation Plan, or cooperation with the Industry Traceback Group (ITG) to prosecute known bad actors. And when September 28, 2021 rolls around, the FCC has mandated that phone companies must refuse to accept traffic from voice service providers not listed in the Robocall Mitigation Database.