The STIR/SHAKEN Landscape Is Shifting — Here’s What Providers Need to Know in 2026
Neptune Diversified | March 2026 | Compliance & Regulatory
If you’re a voice service provider, carrier, or high-volume call center operator, the last twelve months have brought the most consequential regulatory changes to caller ID authentication since STIR/SHAKEN’s initial rollout. New rules around third-party call signing, annual recertification, and proposed branded calling requirements are reshaping what compliance looks like — and raising the stakes for providers who fall behind.
Here’s a breakdown of the key developments and what they mean for your operations.
Third-Party Signing Rules Are Now in Effect
The FCC’s Eighth Report and Order, which took effect September 18, 2025, fundamentally changed how providers can use third parties to sign calls under the STIR/SHAKEN framework.
Previously, many providers relied on third-party services to handle the entire signing process, often using the third party’s certificate. That’s no longer permitted. Under the new rules, any provider with a STIR/SHAKEN implementation obligation that works with a third party to sign calls must now meet two hard requirements: the provider must independently make all attestation-level decisions, and all calls must be signed using the provider’s own SPC token and digital certificate obtained from a STIR/SHAKEN Certificate Authority.
Providers must also maintain written agreements with their third-party signers detailing the specific tasks being performed, and retain those agreements for a minimum of two years. The FCC has made clear that non-compliance constitutes a violation of its caller ID authentication rules and could result in Enforcement Bureau referral.
There’s a downstream financial impact as well. Providers obtaining their own SPC token for the first time are now required to file FCC Form 499-A, which triggers registration with USAC, revenue reporting obligations, and potentially Universal Service Fund contribution requirements. For providers that have been operating without a 499 filing, this creates retroactive exposure — including back-filings and potential late fees for all prior years of service.
Annual RMD Recertification Arrives in 2026
Beginning this year, all voice service providers must complete annual recertification in the FCC’s Robocall Mitigation Database. The first recertification window opened February 1, 2026, with a hard deadline of March 1, 2026.
This isn’t a formality. Providers that fail to recertify risk being delisted from the RMD, which directly impacts their ability to exchange traffic with downstream carriers. In an environment where interconnection partners are increasingly scrutinizing compliance status, a lapsed RMD certification can disrupt your business overnight.
Branded Calling and Rich Call Data: The Next Frontier
At its October 2025 Open Meeting, the FCC approved a sweeping Further Notice of Proposed Rulemaking that proposes to layer call branding requirements on top of the existing STIR/SHAKEN framework.
The core proposal: whenever a terminating provider displays an A-level attestation indicator on a consumer’s handset, it would also be required to present verified caller identity information — at minimum, the caller’s verified name. The FCC is seeking comment on whether to expand this to include business logos, call purpose, and caller location, delivered through Rich Call Data (RCD) technology built on top of STIR/SHAKEN’s existing PASSporT framework.
The FCC’s position is straightforward: attestation without identity provides limited value to consumers. A checkmark on a phone screen doesn’t tell you who is calling. Pairing authentication with verified identity information is the next step toward rebuilding trust in the voice network.
The proposal also includes a requirement for gateway providers to flag calls originating from outside the United States — targeting the international robocall traffic that continues to be one of the largest sources of illegal call activity entering domestic networks.
The FCC’s Triennial Report: What the Data Shows
In December 2025, the FCC’s Wireline Competition Bureau released its second triennial report on STIR/SHAKEN’s effectiveness, as required by the TRACED Act. The headline finding: the technology works. When properly implemented, STIR/SHAKEN effectively authenticates caller ID information and identifies illegal spoofing.
But the data also reveals persistent gaps. Industry analysis from August 2025 found that only about 38% of calls arrive at their destination with authentication information intact. The reasons are multiple — STIR/SHAKEN stripping across intermediate providers, TDM network segments that can’t carry authentication data, and bad actors deliberately removing signing information to evade analytics and blocking.
The report recognizes that STIR/SHAKEN is no longer just a standalone anti-spoofing tool. It’s become a foundational layer for the broader caller identity ecosystem, including Rich Call Data and branded calling services. The Commission signaled it will continue to push for closing enforcement gaps and eliminating remaining implementation exemptions.
What This Means for Your Operations
The compliance burden on voice service providers is growing — not shrinking. Between the third-party signing rules, annual recertification, potential branded calling mandates, and tighter enforcement, the operational surface area that needs to be monitored and managed is expanding significantly.
Providers that treat compliance as a one-time checkbox are going to find themselves exposed. The FCC has been clear that it views STIR/SHAKEN as an evolving framework, and the pace of new rulemaking shows no signs of slowing.
Neptune Diversified actively monitors and adapts to these regulatory shifts on behalf of our clients. Our compliance monitoring, number reputation management, and vendor oversight services are built to keep your operations ahead of FCC enforcement timelines — not scrambling to react after a deadline has already passed.
Not sure where your compliance stands heading into 2026?
Neptune Div can help you assess your STIR/SHAKEN posture, third-party signing arrangements, and RMD certification status. Contact us at Ryan@NeptuneDiv.com or request a proposal through our website.
