(a) Authenticate caller identification information. The term “authenticate caller identification information” refers to the process by which a voice service provider attests to the accuracy of caller identification information transmitted with a call it originates.

(b) Caller identification information. The term “caller identification information” has the same meaning given the term “caller identification information” in 47 CFR 64.1600(c) as it currently exists or may hereafter be amended.

(c) Foreign voice service provider. The term “foreign voice service provider” refers to any entity providing voice service outside the United States that has the ability to originate voice service that terminates in a point outside that foreign country or terminate voice service that originates from points outside that foreign country.

(d) Gateway provider. The term “gateway provider” means a U.S.-based intermediate provider that receives a call directly from a foreign originating provider or foreign intermediate provider at its U.S.-based facilities before transmitting the call downstream to another U.S.-based provider. For purposes of this paragraph (d):

(1) U.S.-based means that the provider has facilities located in the United States, including a point of presence capable of processing the call; and

(2) Receives a call directly from a provider means the foreign provider directly upstream of the gateway provider in the call path sent the call to the gateway provider, with no providers in-between.

(e) Governance Authority. The term “Governance Authority” refers to the Secure Telephone Identity Governance Authority, the entity that establishes and governs the policies regarding the issuance, management, and revocation of Service Provider Code (SPC) tokens to intermediate providers and voice service providers.

(f) Industry traceback consortium. The term “industry traceback consortium” refers to the consortium that conducts private-led efforts to trace back the origin of suspected unlawful robocalls as selected by the Commission pursuant to § 64.1203.

(g) Intermediate provider. The term “intermediate provider” means any entity that carries or processes traffic that traverses or will traverse the public switched telephone network at any point insofar as that entity neither originates nor terminates that traffic.

(h) Non-facilities-based small voice service provider. The term “non-facilities-based small voice service provider” means a small voice service provider that is offering voice service to end-users solely using connections that are not sold by the provider or its affiliates.

(i) Non-gateway intermediate provider. The term “non-gateway intermediate provider” means any entity that is an intermediate provider as that term is defined by paragraph (g) of this section that is not a gateway provider as that term is defined by paragraph (d) of this section.

(j) Robocall Mitigation Database. The term “Robocall Mitigation Database” refers to a database accessible via the Commission's website that lists all entities that make filings pursuant to § 64.6305(b).

(k) SIP call. The term “SIP call” refers to calls initiated, maintained, and terminated using the Session Initiation Protocol signaling protocol.

(l) SPC token. The term “SPC token” refers to the Service Provider Code token, an authority token validly issued to an intermediate provider or voice service provider that allows the provider to authenticate and verify caller identification information consistent with the STIR/SHAKEN authentication framework in the United States.

(m) STIR/SHAKEN authentication framework. The term “STIR/SHAKEN authentication framework” means the secure telephone identity revisited and signature-based handling of asserted information using tokens standards.

(n) Verify caller identification information. The term “verify caller identification information” refers to the process by which a voice service provider confirms that the caller identification information transmitted with a call it terminates was properly authenticated.

(o) Voice service. The term “voice service”—

(1) Means any service that is interconnected with the public switched telephone network and that furnishes voice communications to an end user using resources from the North American Numbering Plan or any successor to the North American Numbering Plan adopted by the Commission under section 251(e)(1) of the Communications Act of 1934, as amended; and

(2) Includes—

(i) Transmissions from a telephone facsimile machine, computer, or other device to a telephone facsimile machine; and

(ii) Without limitation, any service that enables real-time, two-way voice communications, including any service that requires internet Protocol-compatible customer premises equipment and permits out-bound calling, whether or not the service is one-way or two-way voice over internet Protocol.

(a) STIR/SHAKEN implementation by voice service providers. Except as provided in §§ 64.6304 and 64.6306, not later than June 30, 2021, a voice service provider shall fully implement the STIR/SHAKEN authentication framework in its internet Protocol networks. To fulfill this obligation, a voice service provider shall:

(1) Authenticate and verify caller identification information for all SIP calls that exclusively transit its own network;

(2) Authenticate caller identification information for all SIP calls it originates and that it will exchange with another voice service provider or intermediate provider and, to the extent technically feasible, transmit that call with authenticated caller identification information to the next voice service provider or intermediate provider in the call path; and

(3) Verify caller identification information for all SIP calls it receives from another voice service provider or intermediate provider which it will terminate and for which the caller identification information has been authenticated.

(b) [Reserved].

Not later than June 30, 2021, each intermediate provider shall fully implement the STIR/SHAKEN authentication framework in its internet Protocol networks. To fulfill this obligation, an intermediate provider shall:

(a) Pass unaltered to the subsequent intermediate provider or voice service provider in the call path any authenticated caller identification information it receives with a SIP call, subject to the following exceptions under which it may remove the authenticated caller identification information:

(1) Where necessary for technical reasons to complete the call; or

(2) Where the intermediate provider reasonably believes the caller identification authentication information presents an imminent threat to its network security; and

(b) Authenticate caller identification information for all calls it receives for which the caller identification information has not been authenticated and which it will exchange with another provider as a SIP call, except that the intermediate provider is excused from such duty to authenticate if it:

(1) Cooperatively participates with the industry traceback consortium; and

(2) Responds fully and in a timely manner to all traceback requests it receives from the Commission, law enforcement, and the industry traceback consortium regarding calls for which it acts as an intermediate provider.

(c) Notwithstanding paragraph (b) of this section, a gateway provider must, not later than June 30, 2023, authenticate caller identification information for all calls it receives that use North American Numbering Plan resources that pertain to the United States in the caller ID field and for which the caller identification information has not been authenticated and which it will exchange with another provider as a SIP call, unless that gateway provider is subject to an applicable extension in § 64.6304.

(d) Notwithstanding paragraph (b) of this section, a non-gateway intermediate provider must, not later than December 31, 2023, authenticate caller identification information for all calls it receives directly from an originating provider and for which the caller identification information has not been authenticated and which it will exchange with another provider as a SIP call, unless that non-gateway intermediate provider is subject to an applicable extension in § 64.6304.

(a) Except as provided in §§ 64.6304 and 64.6306, not later than June 30, 2021, a voice service provider shall either:

(1) Upgrade its entire network to allow for the initiation, maintenance, and termination of SIP calls and fully implement the STIR/SHAKEN framework as required in § 64.6301 throughout its network; or

(2) Maintain and be ready to provide the Commission on request with documented proof that it is participating, either on its own or through a representative, including third party representatives, as a member of a working group, industry standards group, or consortium that is working to develop a non-internet Protocol caller identification authentication solution, or actively testing such a solution.

(b) Except as provided in § 64.6304, not later than June 30, 2023, a gateway provider shall either:

(1) Upgrade its entire network to allow for the processing and carrying of SIP calls and fully implement the STIR/SHAKEN framework as required in § 64.6302(c) throughout its network; or

(2) Maintain and be ready to provide the Commission on request with documented proof that it is participating, either on its own or through a representative, including third party representatives, as a member of a working group, industry standards group, or consortium that is working to develop a non-internet Protocol caller identification authentication solution, or actively testing such a solution.

(c) Except as provided in § 64.6304, not later than December 31, 2023, a non-gateway intermediate provider receiving a call directly from an originating provider shall either:

(1) Upgrade its entire network to allow for the processing and carrying of SIP calls and fully implement the STIR/SHAKEN framework as required in § 64.6302(d) throughout its network; or

(2) Maintain and be ready to provide the Commission on request with documented proof that it is participating, either on its own or through a representative, including third party representatives, as a member of a working group, industry standards group, or consortium that is working to develop a non-internet Protocol caller identification authentication solution, or actively testing such a solution.

(a) Small voice service providers. (1) Small voice service providers are exempt from the requirements of § 64.6301 through June 30, 2023, except that:

(i) A non-facilities-based small voice service provider is exempt from the requirements of § 64.6301 only until June 30, 2022;

(ii) A small voice service provider notified by the Enforcement Bureau pursuant to § 0.111(a)(27) of this chapter that fails to respond in a timely manner, fails to respond with the information requested by the Enforcement Bureau, including credible evidence that the robocall traffic identified in the notification is not illegal, fails to demonstrate that it taken steps to effectively mitigate the traffic, or if the Enforcement Bureau determines the provider violates § 64.1200(n)(2), will no longer be exempt from the requirements of § 64.6301 beginning 90 days following the date of the Enforcement Bureau's determination, unless the extension would otherwise terminate earlier pursuant to paragraph (a)(1) introductory text or (a)(1)(i), in which case the earlier deadline applies; and

(iii) Small voice service providers that originate calls via satellite using North American Numbering Plan numbers are deemed subject to a continuing extension of § 64.6301.

(2) For purposes of this paragraph (a), “small voice service provider” means a provider that has 100,000 or fewer voice service subscriber lines (counting the total of all business and residential fixed subscriber lines and mobile phones and aggregated over all of the provider's affiliates).

(b) Voice service providers, gateway providers, and non-gateway intermediate providers that cannot obtain an SPC token. Voice service providers that are incapable of obtaining an SPC token due to Governance Authority policy are exempt from the requirements of § 64.6301 until they are capable of obtaining an SPC token. Gateway providers that are incapable of obtaining an SPC token due to Governance Authority policy are exempt from the requirements of § 64.6302(c) regarding call authentication. Non-gateway intermediate providers that are incapable of obtaining an SPC token due to Governance Authority policy are exempt from the requirements of § 64.6302(d) regarding call authentication.

(c) Services scheduled for section 214 discontinuance. Services which are subject to a pending application for permanent discontinuance of service filed as of June 30, 2021, pursuant to the processes established in 47 CFR 63.60 through 63.100, as applicable, are exempt from the requirements of § 64.6301 through June 30, 2022.

(d) Non-IP networks. Those portions of a voice service provider, gateway provider, or non-gateway intermediate provider's network that rely on technology that cannot initiate, maintain, carry, process, and terminate SIP calls are deemed subject to a continuing extension. A voice service provider subject to the foregoing extension shall comply with the requirements of § 64.6303(a) as to the portion of its network subject to the extension, a gateway provider subject to the foregoing extension shall comply with the requirements of § 64.6303(b) as to the portion of its network subject to the extension, and a non-gateway intermediate provider receiving calls directly from an originating provider subject to the foregoing extension shall comply with the requirements of § 64.6303(c) as to the portion of its network subject to the extension.

(e) Provider-specific extensions. The Wireline Competition Bureau may extend the deadline for compliance with § 64.6301 for voice service providers that file individual petitions for extensions by November 20, 2020. The Bureau shall seek comment on any such petitions and issue an order determining whether to grant the voice service provider an extension no later than March 30, 2021.

(f) Annual reevaluation of granted extensions. The Wireline Competition Bureau shall, in conjunction with an assessment of burdens and barriers to implementation of caller identification authentication technology, annually review the scope of all previously granted extensions and, after issuing a Public Notice seeking comment, may extend or decline to extend each such extension, and may decrease the scope of entities subject to a further extension.

(a) Robocall mitigation program requirements for voice service providers. (1) Each voice service provider shall implement an appropriate robocall mitigation program.

(2) Any robocall mitigation program implemented pursuant to paragraph (a)(1) of this section shall include reasonable steps to avoid originating illegal robocall traffic and shall include a commitment to respond within 24 hours to all traceback requests from the Commission, law enforcement, and the industry traceback consortium, and to cooperate with such entities in investigating and stopping any illegal robocallers that use its service to originate calls.

(b) Robocall mitigation program requirements for gateway providers. (1) Each gateway provider shall implement an appropriate robocall mitigation program with respect to calls that use North American Numbering Plan resources that pertain to the United States in the caller ID field.

(2) Any robocall mitigation program implemented pursuant to paragraph (b)(1) of this section shall include reasonable steps to avoid carrying or processing illegal robocall traffic and shall include a commitment to respond fully and within 24 hours to all traceback requests from the Commission, law enforcement, and the industry traceback consortium, and to cooperate with such entities in investigating and stopping any illegal robocallers that use its service to carry or process calls.

(c) Robocall mitigation program requirements for non-gateway intermediate providers. (1) Each non-gateway intermediate provider shall implement an appropriate robocall mitigation program.

(2) Any robocall mitigation program implemented pursuant to paragraph (c)(1) of this section shall include reasonable steps to avoid carrying or processing illegal robocall traffic and shall include a commitment to respond within 24 hours to all traceback requests from the Commission, law enforcement, and the industry traceback consortium, and to cooperate with such entities in investigating and stopping any illegal robocallers that use its service to carry or process calls.

(d) Certification by voice service providers in the Robocall Mitigation Database. (1) A voice service provider shall certify that all of the calls that it originates on its network are subject to a robocall mitigation program consistent with paragraph (a) of this section, that any prior certification has not been removed by Commission action and it has not been prohibited from filing in the Robocall Mitigation Database by the Commission, and to one of the following:

(i) It has fully implemented the STIR/SHAKEN authentication framework across its entire network and all calls it originates are compliant with § 64.6301(a)(1) and (2);

(ii) It has implemented the STIR/SHAKEN authentication framework on a portion of its network and all calls it originates on that portion of its network are compliant with § 64.6301(a)(1) and (2); or

(iii) It has not implemented the STIR/SHAKEN authentication framework on any portion of its network.

(2) A voice service provider shall include the following information in its certification in English or with a certified English translation:

(i) Identification of the type of extension or extensions the voice service provider received under § 64.6304, if the voice service provider is not a foreign voice service provider, and the basis for the extension or extensions, or an explanation of why it is unable to implement STIR/SHAKEN due to a lack of control over the network infrastructure necessary to implement STIR/SHAKEN;

(ii) The specific reasonable steps the voice service provider has taken to avoid originating illegal robocall traffic as part of its robocall mitigation program, including a description of how it complies with its obligation to know its customers pursuant to § 64.1200(n)(4), any procedures in place to know its upstream providers, and the analytics system(s) it uses to identify and block illegal traffic, including whether it uses any third-party analytics vendor(s) and the name(s) of such vendor(s);

(iii) A statement of the voice service provider's commitment to respond within 24 hours to all traceback requests from the Commission, law enforcement, and the industry traceback consortium, and to cooperate with such entities in investigating and stopping any illegal robocallers that use its service to originate calls; and

(iv) State whether, at any time in the prior two years, the filing entity (and/or any entity for which the filing entity shares common ownership, management, directors, or control) has been the subject of a formal Commission, law enforcement, or regulatory agency action or investigation with accompanying findings of actual or suspected wrongdoing due to the filing entity transmitting, encouraging, assisting, or otherwise facilitating illegal robocalls or spoofing, or a deficient Robocall Mitigation Database certification or mitigation program description; and, if so, provide a description of any such action or investigation, including all law enforcement or regulatory agencies involved, the date that any action or investigation was commenced, the current status of the action or investigation, a summary of the findings of wrongdoing made in connection with the action or investigation, and whether any final determinations have been issued.

(3) All certifications made pursuant to paragraphs (d)(1) and (2) of this section shall:

(i) Be filed in the appropriate portal on the Commission's website; and

(ii) Be signed by an officer in conformity with 47 CFR 1.16.

(4) A voice service provider filing a certification shall submit the following information in the appropriate portal on the Commission's website:

(i) The voice service provider's business name(s) and primary address;

(ii) Other business names in use by the voice service provider;

(iii) All business names previously used by the voice service provider;

(iv) Whether the voice service provider is a foreign voice service provider;

(v) The name, title, department, business address, telephone number, and email address of one person within the company responsible for addressing robocall mitigation-related issues;

(vi) Whether the voice service provider is:

(A) A voice service provider with a STIR/SHAKEN implementation obligation directly serving end users;

(B) A voice service provider with a STIR/SHAKEN implementation obligation acting as a wholesale provider originating calls on behalf of another provider or providers; or

(C) A voice service provider without a STIR/SHAKEN implementation obligation; and

(vii) The voice service provider's OCN, if it has one.

(5) A voice service provider shall update its filings within 10 business days of any change to the information it must provide pursuant to paragraphs (d)(1) through (4) of this section.

(i) A voice service provider or intermediate provider that has been aggrieved by a Governance Authority decision to revoke that voice service provider's or intermediate provider's SPC token need not update its filing on the basis of that revocation until the sixty (60) day period to request Commission review, following completion of the Governance Authority's formal review process, pursuant to § 64.6308(b)(1) expires or, if the aggrieved voice service provider or intermediate provider files an appeal, until ten business days after the Wireline Competition Bureau releases a final decision pursuant to § 64.6308(d)(1).

(ii) If a voice service provider or intermediate provider elects not to file a formal appeal of the Governance Authority decision to revoke that voice service provider's or intermediate provider's SPC token, the provider need not update its filing on the basis of that revocation until the thirty (30) day period to file a formal appeal with the Governance Authority Board expires.

(e) Certification by gateway providers in the Robocall Mitigation Database. (1) A gateway provider shall certify that all of the calls that it carries or processes on its network are subject to a robocall mitigation program consistent with paragraph (b)(1) of this section, that any prior certification has not been removed by Commission action and it has not been prohibited from filing in the Robocall Mitigation Database by the Commission, and to one of the following:

(i) It has fully implemented the STIR/SHAKEN authentication framework across its entire network and all calls it carries or processes are compliant with § 64.6302(b);

(ii) It has implemented the STIR/SHAKEN authentication framework on a portion of its network and calls it carries or processes on that portion of its network are compliant with § 64.6302(b); or

(iii) It has not implemented the STIR/SHAKEN authentication framework on any portion of its network for carrying or processing calls.

(2) A gateway provider shall include the following information in its certification made pursuant to paragraph (e)(1) of this section, in English or with a certified English translation:

(i) Identification of the type of extension or extensions the gateway provider received under § 64.6304 and the basis for the extension or extensions, or an explanation of why it is unable to implement STIR/SHAKEN due to a lack of control over the network infrastructure necessary to implement STIR/SHAKEN;

(ii) The specific reasonable steps the gateway provider has taken to avoid carrying or processing illegal robocall traffic as part of its robocall mitigation program, including a description of how it complies with its obligation to know its upstream providers pursuant to § 64.1200(n)(5), the analytics system(s) it uses to identify and block illegal traffic, and whether it uses any third-party analytics vendor(s) and the name(s) of such vendor(s);

(iii) A statement of the gateway provider's commitment to respond fully and within 24 hours to all traceback requests from the Commission, law enforcement, and the industry traceback consortium, and to cooperate with such entities in investigating and stopping any illegal robocallers that use its service to carry or process calls; and

(iv) State whether, at any time in the prior two years, the filing entity (and/or any entity for which the filing entity shares common ownership, management, directors, or control) has been the subject of a formal Commission, law enforcement, or regulatory agency action or investigation with accompanying findings of actual or suspected wrongdoing due to the filing entity transmitting, encouraging, assisting, or otherwise facilitating illegal robocalls or spoofing, or a deficient Robocall Mitigation Database certification or mitigation program description; and, if so, provide a description of any such action or investigation, including all law enforcement or regulatory agencies involved, the date that any action or investigation was commenced, the current status of the action or investigation, a summary of the findings of wrongdoing made in connection with the action or investigation, and whether any final determinations have been issued.

(3) All certifications made pursuant to paragraphs (e)(1) and (2) of this section shall:

(i) Be filed in the appropriate portal on the Commission's website; and

(ii) Be signed by an officer in conformity with 47 CFR 1.16.

(4) A gateway provider filing a certification shall submit the following information in the appropriate portal on the Commission's website:

(i) The gateway provider's business name(s) and primary address;

(ii) Other business names in use by the gateway provider;

(iii) All business names previously used by the gateway provider;

(iv) Whether the gateway provider or any affiliate is also foreign voice service provider;

(v) The name, title, department, business address, telephone number, and email address of one person within the company responsible for addressing robocall mitigation-related issues;

(vi) Whether the gateway provider is:

(A) A gateway provider with a STIR/SHAKEN implementation obligation; or

(B) A gateway provider without a STIR/SHAKEN implementation obligation; and

(vii) The gateway provider's OCN, if it has one.

(5) A gateway provider shall update its filings within 10 business days to the information it must provide pursuant to paragraphs (e)(1) through (4) of this section, subject to the conditions set forth in paragraphs (d)(5)(i) and (ii) of this section.

(f) Certification by non-gateway intermediate providers in the Robocall Mitigation Database. (1) A non-gateway intermediate provider shall certify that all of the calls that it carries or processes on its network are subject to a robocall mitigation program consistent with paragraph (c) of this section, that any prior certification has not been removed by Commission action and it has not been prohibited from filing in the Robocall Mitigation Database by the Commission, and to one of the following:

(i) It has fully implemented the STIR/SHAKEN authentication framework across its entire network and all calls it carries or processes are compliant with § 64.6302(b);

(ii) It has implemented the STIR/SHAKEN authentication framework on a portion of its network and calls it carries or processes on that portion of its network are compliant with § 64.6302(b); or

(iii) It has not implemented the STIR/SHAKEN authentication framework on any portion of its network for carrying or processing calls.

(2) A non-gateway intermediate provider shall include the following information in its certification made pursuant to paragraph (f)(1) of this section in English or with a certified English translation:

(i) Identification of the type of extension or extensions the non-gateway intermediate provider received under § 64.6304, if the non-gateway intermediate provider is not a foreign provider, and the basis for the extension or extensions, or an explanation of why it is unable to implement STIR/SHAKEN due to a lack of control over the network infrastructure necessary to implement STIR/SHAKEN;

(ii) The specific reasonable steps the non-gateway intermediate provider has taken to avoid carrying or processing illegal robocall traffic as part of its robocall mitigation program, including a description of any procedures in place to know its upstream providers and the analytics system(s) it uses to identify and block illegal traffic, including whether it uses any third-party analytics vendor(s) and the name of such vendor(s);

(iii) A statement of the non-gateway intermediate provider's commitment to respond within 24 hours to all traceback requests from the Commission, law enforcement, and the industry traceback consortium, and to cooperate with such entities in investigating and stopping any illegal robocallers that use its service to carry or process calls; and

(iv) State whether, at any time in the prior two years, the filing entity (and/or any entity for which the filing entity shares common ownership, management, directors, or control) has been the subject of a formal Commission, law enforcement, or regulatory agency action or investigation with accompanying findings of actual or suspected wrongdoing due to the filing entity transmitting, encouraging, assisting, or otherwise facilitating illegal robocalls or spoofing, or a deficient Robocall Mitigation Database certification or mitigation program description; and, if so, provide a description of any such action or investigation, including all law enforcement or regulatory agencies involved, the date that any action or investigation was commenced, the current status of the action or investigation, a summary of the findings of wrongdoing made in connection with the action or investigation, and whether any final determinations have been issued.

(3) All certifications made pursuant to paragraphs (f)(1) and (2) of this section shall:

(i) Be filed in the appropriate portal on the Commission's website; and

(ii) Be signed by an officer in conformity with 47 CFR 1.16.

(4) A non-gateway intermediate provider filing a certification shall submit the following information in the appropriate portal on the Commission's website:

(i) The non-gateway intermediate provider's business name(s) and primary address;

(ii) Other business names in use by the non-gateway intermediate provider;

(iii) All business names previously used by the non-gateway intermediate provider;

(iv) Whether the non-gateway intermediate provider or any affiliate is also foreign voice service provider;

(v) The name, title, department, business address, telephone number, and email address of one person within the company responsible for addressing robocall mitigation-related issues;

(vi) Whether the non-gateway intermediate provider is:

(A) A non-gateway intermediate provider with a STIR/SHAKEN implementation obligation; or

(B) A non-gateway intermediate provider without a STIR/SHAKEN implementation obligation; and

(vii) The non-gateway intermediate service provider's OCN, if it has one.

(5) A non-gateway intermediate provider shall update its filings within 10 business days of any change to the information it must provide pursuant to this paragraph (f) subject to the conditions set forth in paragraphs (d)(5)(i) and (ii) of this section.

(g) Intermediate provider and voice service provider obligations—(1) Accepting traffic from domestic voice service providers. Intermediate providers and voice service providers shall accept calls directly from a domestic voice service provider only if that voice service provider's filing appears in the Robocall Mitigation Database in accordance with paragraph (d) of this section and that filing has not been de-listed pursuant to an enforcement action.

(2) Accepting traffic from foreign providers. Beginning April 11, 2023, intermediate providers and voice service providers shall accept calls directly from a foreign voice service provider or foreign intermediate provider that uses North American Numbering Plan resources that pertain to the United States in the caller ID field to send voice traffic to residential or business subscribers in the United States, only if that foreign provider's filing appears in the Robocall Mitigation Database in accordance with paragraph (d) of this section and that filing has not been de-listed pursuant to an enforcement action.

(3) Accepting traffic from gateway providers. Beginning April 11, 2023, intermediate providers and voice service providers shall accept calls directly from a gateway provider only if that gateway provider's filing appears in the Robocall Mitigation Database in accordance with paragraph (e) of this section, showing that the gateway provider has affirmatively submitted the filing, and that filing has not been de-listed pursuant to an enforcement action.

(4) Accepting traffic from non-gateway intermediate providers. Intermediate providers and voice service providers shall accept calls directly from a non-gateway intermediate provider only if that non-gateway intermediate provider's filing appears in the Robocall Mitigation Database in accordance with paragraph (f) of this section, showing that the non-gateway intermediate provider affirmatively submitted the filing, and that filing has not been de-listed pursuant to an enforcement action.

(5) Public safety safeguards. Notwithstanding paragraphs (g)(1) through (4) of this section:

(i) A provider may not block a voice call under any circumstances if the call is an emergency call placed to 911; and

(ii) A provider must make all reasonable efforts to ensure that it does not block any calls from public safety answering points and government emergency numbers.

(a) Exemption for IP networks. A voice service provider may seek an exemption from the requirements of § 64.6301 by certifying on or before December 1, 2020, that, for those portions of its network served by technology that allows for the transmission of SIP calls, it:

(1) Has adopted the STIR/SHAKEN authentication framework for calls on the Internet Protocol networks of the voice service provider, by completing the network preparations necessary to deploy the STIR/SHAKEN protocols on its network including but not limited to participation in test beds and lab testing, or completion of commensurate network adjustments to enable the authentication and validation of calls on its network consistent with the STIR/SHAKEN framework;

(2) Has agreed voluntarily to participate with other voice service providers in the STIR/SHAKEN authentication framework, as demonstrated by completing formal registration (including payment) and testing with the STI Policy Administrator;

(3) Has begun to implement the STIR/SHAKEN authentication framework by completing the necessary network upgrades to at least one network element—e.g., a single switch or session border controller—to enable the authentication and verification of caller identification information consistent with the STIR/SHAKEN standards; and

(4) Will be capable of fully implementing the STIR/SHAKEN authentication framework not later than June 30, 2021, which it may only determine if it reasonably foresees that it will have completed all necessary network upgrades to its network infrastructure to enable the authentication and verification of caller identification information for all SIP calls exchanged with STIR/SHAKEN-enabled partners by June 30, 2021.

(b) Exemption for non-IP networks. A voice service provider may seek an exemption from the requirement to upgrade its network to allow for the initiation, maintenance, and termination of SIP calls and fully implement the STIR/SHAKEN framework as required by § 64.6301 throughout its network by June 30, 2021, and from associated recordkeeping and reporting requirements, by certifying on or before December 1, 2020, that, for those portions of its network that do not allow for the transmission of SIP calls, it:

(1) Has taken reasonable measures to implement an effective call authentication framework by either:

(i) Upgrading its entire network to allow for the initiation, maintenance, and termination of SIP calls, and fully implementing the STIR/SHAKEN framework as required in § 64.6301 throughout its network; or

(ii) Maintaining and being ready to provide the Commission on request with documented proof that it is participating, either on its own or through a representative, including third party representatives, as a member of a working group, industry standards group, or consortium that is working to develop a non-internet Protocol caller identification authentication solution, or actively testing such a solution; and

(2) Will be capable of fully implementing an effective call authentication framework not later than June 30, 2021, because it reasonably foresees that it will have completed all necessary network upgrades to its network infrastructure to enable the authentication and verification of caller identification information for all non-internet Protocol calls originating or terminating on its network as provided by a standardized caller identification authentication framework for non-internet Protocol networks by June 30, 2021.

(c) Certification submission procedures. All certifications that a voice service provider is eligible for exemption shall be:

(1) Filed in the Commission's Electronic Comment Filing System (ECFS) in WC Docket No. 20-68, Exemption from Caller ID Authentication Requirements, no later than December 1, 2020;

(2) Signed by an officer in conformity with 47 CFR 1.16; and

(3) Accompanied by detailed support as to the assertions in the certification.

(d) Determination timing. The Wireline Competition Bureau shall determine whether to grant or deny timely requests for exemption on or before December 30, 2020.

(e) Implementation verification. All voice service providers granted an exemption under paragraphs (a) and (b) of this section shall file an additional certification consistent with the requirements of paragraph (c) of this section on or before October 4, 2021 that attests to whether the voice service provider fully implemented the STIR/SHAKEN authentication framework because it completed all necessary network upgrades to its network infrastructure to enable the authentication and verification of caller identification information for all SIP calls exchanged with STIR/SHAKEN-enabled partners by June 30, 2021. The Wireline Competition Bureau, after issuing a Public Notice seeking comment on the certifications, will, not later than four months after the deadline for filing of the certifications, issue a Public Notice identifying which voice service providers achieved complete implementation of the STIR/SHAKEN authentication framework.

Providers of voice service are prohibited from adding any additional line item charges to consumer or small business customer subscribers for the effective call authentication technology required by §§ 64.6301 and 64.6303.

(a) For purposes of this section, “consumer subscribers” means residential mass-market subscribers.

(b) For purposes of this section, “small business customer subscribers” means subscribers that are business entities that meet the size standards established in 13 CFR part 121, subpart A.

(a) Parties permitted to seek review of Governance Authority decision. (1) Any voice service provider or intermediate provider aggrieved by a Governance Authority decision to revoke that voice service provider's or intermediate provider's SPC token, must seek review from the Governance Authority and complete the appeals process established by the Governance Authority prior to seeking Commission review.

(2) Any voice service provider or intermediate provider aggrieved by an action to revoke its SPC token taken by the Governance Authority, after exhausting the appeals process provided by the Governance Authority, may then seek review from the Commission, as set forth in this section.

(b) Filing deadlines. (1) A voice service provider or intermediate provider requesting Commission review of a Governance Authority decision to revoke that voice service provider's or intermediate provider's SPC token by the Commission, shall file such a request electronically in the Electronic Comment Filing System (ECFS) in WC Docket No. 21-291, Appeals of the STIR/SHAKEN Governance Authority Token Revocation Decisions within sixty (60) days from the date the Governance Authority upholds it token revocation decision.

(2) Parties shall adhere to the time periods for filing oppositions and replies set forth in § 1.45.

(c) Filing requirements. (1) A request for review of a Governance Authority decision to revoke a voice service provider's or intermediate provider's SPC token by the Commission shall be filed in WC Docket No. 21-291, Appeals of the STIR/SHAKEN Governance Authority Token Revocation Decisions, in the Electronic Comment Filing System (ECFS). The request for review shall be captioned “In the matter of Request for Review by (name of party seeking review) of Decision of the Governance Authority to Revoke an SPC Token.”

(2) A request for review shall contain:

(i) A statement setting forth the voice service provider's or intermediate provider's asserted basis for appealing the Governance Authority's decision to revoke the SPC token;

(ii) A full statement of relevant, material facts with supporting affidavits and documentation, including any background information the voice service provider or intermediate provider deems useful to the Commission's review; and

(iii) The question presented for review, with reference, where appropriate, to any underlying Commission rule or Governance Authority policy.

(3) A copy of a request for review that is submitted to the Commission shall be served on the Governance Authority by the voice service provider requesting Commission review via [email protected] or in accordance with any alternative delivery mechanism the Governance Authority may establish in its operating procedures.

(d) Review by the Wireline Competition Bureau. (1) Except in extraordinary circumstances, final action on a request for review of a Governance Authority decision to revoke a voice service provider's or intermediate provider's SPC token should be expected no later than 180 days from the date the request for review is filed in the Electronic Comment Filing System (ECFS) pursuant to § 64.6308(b)(1). The Wireline Competition Bureau shall have the discretion to pause the 180-day review period in situations where actions outside the Wireline Competition Bureau's control are responsible for delaying review of a request for review.

(2) An affected party may seek review of a decision issued under delegated authority by the Wireline Competition Bureau pursuant to the rules set forth in § 1.115.

(e) Standard of review. The Wireline Competition Bureau shall conduct de novo review of Governance Authority decisions to revoke a voice service provider's or intermediate provider's SPC token.

(f) Status during pendency of a request for review and a Governance Authority decision. (1) A voice service provider or intermediate provider shall not be considered to be in violation of the Commission's caller ID authentication rules under § 64.6301 after revocation of its SPC token by the Governance Authority until the thirty (30) day period to file a formal appeal with the Governance Authority Board expires, or during the pendency of any formal appeal to the Governance Authority Board.

(2) A voice service provider or intermediate provider shall not be considered to be in violation of the Commission's caller ID authentication rules under § 64.6301 after the Governance Authority Board upholds the Governance Authority's SPC token revocation decision until the sixty (60) day period to file a request for review with the Commission expires.

(3) When a voice service provider or intermediate provider has sought timely Commission review of a Governance Authority decision to revoke a voice service provider's or intermediate provider's SPC token under this section, the voice service provider shall not be considered to be in violation of the Commission's caller ID authentication rules under § 64.6301 until and unless the Wireline Competition Bureau, pursuant to paragraph (d)(1) of this section, has upheld or otherwise decided not to overturn the Governance Authority's decision.

(4) In accordance with §§ 1.102(b) and 1.106(n), the effective date of any action pursuant to paragraph (d) shall not be stayed absent order by the Wireline Competition Bureau or the Commission.