By September 18, 2025, voice providers with a STIR/SHAKEN obligation will be permitted to work with a third party to perform the “technological act” of assigning attestation levels – “signing” a call – only if the voice provider: (a) makes all attestation level decisions, consistent with the STIR/SHAKEN technical standards; and (b) ensures that all calls are signed using the provider’s own certificate obtained from a STIR/SHAKEN Certificate Authority – i.e., the voice provider is no longer permitted to rely on the certificate of the third party. The updated requirements follow the Federal Communications Commission’s adoption of the Call Authentication Trust Anchor Eighth Report and Order on November 21, 2024.
Voice providers that have certified to full or partial STIR/SHAKEN compliance in the Robocall Mitigation Database should ensure that they comply with the new requirements, including registering with the STIR/SHAKEN Policy Administrator, obtaining their own SPC token from the Policy Administrator, and using that token to generate a certificate with the Certificate Authority. Voice providers are also required to memorialize and maintain records of any third-party authentication agreement(s). Voice providers that are exempt from STIR/SHAKEN implementation requirements do not have to meet the new requirements.
If you have questions about the updated STIR/SHAKEN requirements, contact Rebecca Jacobs Goldman in our Broadband, Spectrum, and Communications Infrastructure Practice Group.
© 2025 Lerman Senter
Legal Disclaimer | Privacy Policy
Website design by Beth Singer Design | Website development by The Modern Firm