SUMMARY

As a follow up to our December 19, 2024 Industry Alert, the Federal Communications Commission (FCC) has announced via Public Notice the effective date of September 18, 2025 for the FCC’s Order that was released November 22, 2024 limiting the use of Third Party STIR/SHAKEN Authentication practices. 

Specifically, carriers with a STIR/SHAKEN Implementation Obligation must make all attestation level decisions and ensure all calls are signed using the carriers own certificate, not the certificate of a third party. To support this effort, the FCC requires all providers certifying to partial or complete STIR/SHAKEN Implementation in the Robocall Mitigation Database obtain its own Service Provider Code (SPC) token from the Policy Administrator, use that token to generate a certificate with the Certificate Authority, and authenticate all IP calls with that certificate, either directly or via a third party.

THIS MAY APPLY TO YOU IF…

• You have a STIR/SHAKEN implementation obligation,
• You have IP portions of your network, and
• You do not currently authenticate the IP calls with your own certificate.

ACTION ITEMS & TIMELINE

• Obtain your own SPC token and work with your underlying provider to ensure all IP calls are authenticated with your certificate
• Update the Robocall Mitigation Database (if applicable)