STIR/SHAKEN in 2025: New Rules, Higher Stakes for Voice Providers

The fight against robocalls and spoofed caller IDs has entered a new phase with the release of the Federal Communications Commission’s (FCC) Eighth Report and Order. This latest update builds on the existing STIR/SHAKEN framework and introduces more rigorous standards for service providers involved in the delivery of voice calls across U.S. networks. As fraudsters evolve their tactics, so too must the industry and its regulations.

STIR/SHAKEN—short for Secure Telephone Identity Revisited and Signature-based Handling of Asserted Information Using toKENs—is designed to authenticate caller ID information on IP-based networks. The framework plays a critical role in the FCC's broader effort to stop illegal robocalls and protect consumers from scams and fraudulent calls.

Third-Party Authentication Rules Have Tightened

One of the most significant updates in the Eighth Report and Order is the clarification and restriction around third-party authentication. Previously, some service providers delegated the responsibility of digitally signing calls to third parties. While this arrangement is still permitted, the FCC now imposes stricter conditions to ensure accountability.

Under the updated rules, the originating service provider must retain full responsibility for the calls signed in their name—even if the signing is technically performed by a third party. This means providers must:

• Ensure their third-party partners are fully compliant with STIR/SHAKEN requirements
• Maintain detailed oversight of all signed calls
• Be prepared to demonstrate compliance upon FCC inquiry

This change is designed to eliminate a potential loophole where calls could be signed without adequate verification, undermining the intent of STIR/SHAKEN.

More Oversight of Intermediate and Gateway Providers

Intermediate and gateway providers—those who transmit calls between networks or from international sources—are now under increased scrutiny. These providers were previously seen as a weak link in the fight against illegal robocalls, as bad actors could route traffic through them to avoid authentication checks.

The FCC now requires these providers to implement STIR/SHAKEN where technically feasible, block calls that use invalid, unallocated, or unassigned numbers, and establish and enforce robust robocall mitigation programs. These expectations are aimed at closing existing loopholes in call authentication and reducing the ability of malicious actors to exploit less-regulated points of entry into the network.

For gateway providers handling international traffic into the U.S., the stakes are especially high. These providers must certify their compliance or face being blocked by downstream carriers. The new requirements help ensure that calls entering the U.S. network are subject to the same level of authentication and scrutiny as domestic calls.

Attestation Accuracy is Now in the Spotlight

Attestation is the process by which a service provider signals its confidence in the caller's identity and right to use the displayed number. The FCC’s framework includes three attestation levels:

• Full (A-level): The provider knows the caller and can verify their right to use the number
• Partial (B-level): The caller is known, but the provider cannot verify number ownership
• Gateway (C-level): The provider cannot verify the caller or the number

The Eighth Report and Order underscores that incorrect or careless use of attestation levels—especially assigning A-level to unverified callers—can have serious consequences. The FCC expects providers to:

• Use clear, documented criteria for attestation
• Conduct periodic audits
• Avoid "rubber-stamping" A-level attestation for convenience or customer appeasement

By improving the precision and reliability of attestation, the FCC aims to preserve the integrity of the call authentication ecosystem.

Greater Enforcement Power and Penalties

The FCC is backing up these changes with stronger enforcement mechanisms that make compliance no longer optional. Service providers that fail to meet their obligations could face a range of serious consequences. These include removal from the Robocall Mitigation Database—which effectively prohibits other carriers from completing their traffic—along with call blocking by downstream carriers. This can lead to major business disruptions and missed communication opportunities with customers. In addition, providers may be subject to significant fines and potential legal action, both of which can damage reputation and impact long-term viability.

This intensified enforcement approach marks a shift from earlier, more guidance-based efforts to a stricter, accountability-focused regime. Providers who may have previously operated in regulatory gray areas are now under heightened scrutiny. They must take proactive steps to demonstrate adherence to the rules or risk falling out of compliance in an increasingly regulated telecom environment.

The move signals a shift from a guidance-driven approach to one based on enforcement. Providers that previously operated in gray areas are now under pressure to act decisively.

What This Means for Service Providers

The Eighth Report and Order marks a turning point for service providers. Compliance is no longer optional, and the expectations for transparency, accuracy, and accountability are higher than ever. Providers must:

• Conduct internal reviews of their STIR/SHAKEN implementation
• Reevaluate relationships with third-party authenticators
• Ensure attestation levels are applied consistently and correctly
• Keep detailed records of compliance efforts

These efforts are not just about avoiding penalties—they’re essential for preserving customer trust, maintaining access to carrier networks, and ensuring the deliverability of calls.

For providers serving enterprise clients, the pressure is even greater. Their customers expect high-quality, reliable communication—and disruptions due to authentication failures or call blocking can have real business consequences.

Looking Ahead

The Eighth Report and Order reflects the FCC’s commitment to evolving the STIR/SHAKEN framework in response to emerging threats. As voice fraud becomes more sophisticated, the FCC is likely to continue tightening regulations and closing loopholes.

Future updates could include:

• Requirements for cross-border STIR/SHAKEN compliance
• Expanded obligations for non-IP networks
• Increased coordination with global telecom regulators

Service providers that invest in long-term compliance strategies, including continuous monitoring and call path testing, will be best positioned to navigate these changes. In doing so, they can not only avoid disruption but also differentiate themselves as trusted partners in the fight against call fraud.

How Klearcom Supports Provider Readiness

At Klearcom, we help organizations ensure that their voice infrastructure is operating as expected under STIR/SHAKEN regulations. Our platform enables service providers and enterprises to:

• Monitor call quality and delivery performance
• Detect routing or authentication issues
• Test international and domestic call flows
• Maintain regulatory alignment

As the telecom landscape becomes more complex, having full visibility into your voice environment isn’t just helpful—it’s necessary.

Have questions about how these changes could impact your call delivery and compliance? Contact Klearcom to learn more about monitoring and testing strategies.