FCC Tightens Rules Against Robocalls, Shifts Pressure to Carriers

The Federal Communications Commission is advancing a set of measures that represent a paradigm shift in combating robocalls in the United States. The previous approach focused mainly on punishing call originators, who frequently operated from jurisdictions difficult to reach. The new strategy targets the infrastructure that makes these operations possible: the telecom carriers themselves. New rules require carriers to significantly strengthen customer identification processes (KYC), increase call traceability across the entire transmission chain, and store data for longer periods for use in criminal and administrative investigations. ## What Changes in Practice The heart of the new regulation is the accountability of intermediate carriers. In the current model, a robocall often passes through multiple carriers before reaching its destination, and each hop dilutes responsibility. The FCC is requiring every link in that chain to implement the STIR/SHAKEN protocol, which authenticates caller identity and prevents caller ID spoofing. Carriers failing to implement required controls become liable not only for calls they originate but also for those transiting their infrastructure without proper verification. The per-call fine model is particularly significant: US robocall volume is measured in billions of calls per year, and individually small fines scale rapidly into financial exposures that threaten the viability of negligent operators. ## Beyond Financial Fraud What made the issue urgent is the extension of the problem beyond financial scams and commercial spam. Recent DOJ and FBI investigations documented the use of robocall networks in drug trafficking operations, internationally organized scams, coordinated violent crimes, and human trafficking cases. The calls are used both for recruiting and controlling victims and for coordination among criminal group members who avoid more monitored communication channels. In Brazil, Anatel already operates similar mechanisms: the "Não Me Perturbe" program, abusive call blocking systems, and call authentication advances following the same logic as STIR/SHAKEN. Brazilian regulation hasn't yet reached the granularity level the FCC is implementing for KYC of corporate customers using high-volume calling services, which represents a gap worth watching. Robocalls and voice-based social engineering are underestimated attack vectors. Vishing grew 550% between 2021 and 2025 according to APWG data, driven by AI voice cloning tools that make fraudulent calls difficult to distinguish from legitimate ones. Regulating this infrastructure is, ultimately, regulating part of the attack surface that organizations of all sizes face.