FCC's May 2026 Know-Your-Upstream-Provider FNPRM: What Lead-Gen Call Centers and Outbound Platforms Inherit

The carrier audit chain is no longer a problem that ends at the SIP trunk – it now reaches into every outbound lead-gen operation that signs calls with someone else’s certificate.

---

The May 20 Adoption: What Actually Changed at the FCC

On May 20, 2026, the Federal Communications Commission adopted a Further Notice of Proposed Rulemaking on caller ID authentication and robocall mitigation. The release number is FCC-26-32. The underlying fact sheet, DOC-421205A1, circulated three weeks earlier on April 29, 2026, and the FNPRM dropped into dockets WC No. 17-97 (Call Authentication Trust Anchor) and CG No. 17-59 (Advanced Methods to Target and Eliminate Unlawful Robocalls). Comments are due 30 days after Federal Register publication; replies 60 days after.

The FNPRM does three things lead-gen operators should treat as one combined shift. First, it rewrites the Know-Your-Upstream-Provider (KYUP) rule from a one-paragraph principle into five prescriptive baseline duty categories. Second, it codifies the STIR/SHAKEN A-level, B-level, and C-level attestation criteria that until now lived only in the ATIS-1000074 technical standard, while expressly prohibiting improper attestations and repealing the last two undue-hardship implementation extensions. Third, it pulls the Secure Telephone Identity Governance Authority (STI-GA) – the ATIS-administered body that issues Service Provider Code (SPC) tokens – under direct FCC visibility, with a six-month deadline to refresh policies and quarterly enforcement reports to the Commission.

Wiley Rein’s published alert frames the FNPRM as “a significant expansion” of KYUP. Womble Bond Dickinson reads it as a “shift toward prescriptive robocall compliance obligations.” Davis Wright Tremaine highlights that originating providers must now perform Know-Your-Customer diligence before assigning A-level or B-level attestation, with delegate certificates as one of the allowed verification mechanisms. Kelley Drye, Scale LLP, and the CommLaw Group each issued client advisories. The consistent reading across the bar is that the FCC is closing the spread between what good-faith voice service providers (VSPs) already do and what bad actors get away with – and the closing happens through prescription, not principle.

The mistake to avoid: reading this as a carrier-only proceeding. Lead-gen call centers, outbound dialers, hosted dialer platforms, and CCaaS providers are not VSPs in the regulatory sense. They do not file in the Robocall Mitigation Database (RMD) and do not hold SPC tokens directly. But they sit one or two hops upstream of an entity that does, and the FNPRM’s new KYC posture forces that entity to underwrite them. Operators who run unauthenticated traffic, mix consented and unconsented lists, or hide behind a third-party signing arrangement are about to find their attestation level cut, their service terminated, or their RMD-filed VSP cited.

---

STIR/SHAKEN and Attestation: A Refresher Through the New Rule

STIR/SHAKEN is the caller ID authentication framework Congress mandated through the TRACED Act in 2019 and the FCC implemented under 47 CFR § 64.6301 et seq. The acronym pair covers two layers: STIR (Secure Telephone Identity Revisited) is the IETF protocol suite for digitally signing SIP call setup messages; SHAKEN (Signature-based Handling of Asserted information using toKENs) is the ATIS deployment profile that defines how US voice providers exchange those signatures across interconnected networks.

When an originating provider places a call onto the network, it generates a SIP INVITE and attaches an Identity header containing a JSON Web Token signed with a private key. The corresponding public-key certificate is issued by an approved Certification Authority (CA) and validated against an SPC token that ties the certificate to a registered voice service provider. Downstream providers – transit carriers, terminating providers – verify the signature, evaluate the attestation claim, and present a verified result to the called party’s device or call analytics engine.

A, B, C: What Each Attestation Level Actually Asserts

The originating provider, not the terminating provider, makes the attestation decision. ATIS-1000074 defines three levels. The FNPRM proposes to codify them in FCC rules with the following criteria:

Under the FNPRM’s codification, A-level attestation requires both KYC on the customer and verification of the customer’s right to use the calling number. The Commission proposes delegate certificates as one of two acceptable verification mechanisms – the other being number assignment records – for the right-to-use check. B-level still requires customer-side KYC but releases the originator from verifying the calling number. C-level is for traffic without a direct customer relationship, which under the prior regime was the typical default for resold or wholesale traffic.

The operational change for lead-gen operators: under the FNPRM’s KYC posture, an originating VSP that has not verified the lead-gen call center’s corporate information, traffic mix, and consent posture cannot assign A-level. A call center that ports DIDs (Direct Inward Dialing numbers) the VSP cannot trace to a number-assignment record will not get the right-to-use check needed for A-level either. Both gaps push the call into B-level or lower – which downstream analytics engines treat as elevated risk and which terminating providers can label, block, or annotate.

What “Improper Attestation” Now Means

The current regime has no explicit FCC prohibition against attesting at the wrong level. The FNPRM proposes to make improper attestation a violation in its own right – not just a defect in the authentication chain but an enforceable wrong. The cited examples in the FCC’s fact sheet and in the Wiley Rein and CommLaw Group analyses include: assigning A-level without performing the underlying KYC, attaching A-level to numbers the originator cannot verify, and using attestation as a “rubber stamp” workflow rather than a per-call determination.

For originating providers that pay third-party signing services (Numeracle, TransNexus, NetNumber and similar) to sign on their behalf, the responsibility for the attestation claim remains with the originator. The third party can mechanize the signing; it cannot mechanize the KYC.

Repeal of Undue-Hardship Extensions

The Commission previously granted two categories of undue-hardship extensions: one for small voice service providers and one for satellite providers and providers unable to obtain SPC tokens. The FNPRM proposes to repeal both. Every VSP that participates in the call ecosystem will be on the hook for STIR/SHAKEN implementation under the new regime, with no further extensions. The Commission frames this as closing loopholes; the practical effect is that lead-gen operators routing traffic through providers that previously relied on extensions will have to re-document those arrangements or move traffic.

---

The Five KYUP Baseline Categories – Translated for Operators

The current KYUP rule is short. It tells VSPs to take “affirmative, effective measures” to prevent transmission of illegal calls from upstream providers. The FNPRM replaces this with five categories, each with specific sub-duties. Lawyers writing client alerts treat them as a checklist; operators should treat them as five separate workstreams that the upstream VSP will run on the lead-gen operation.

1. Information Collection

The upstream VSP must collect from the lead-gen call center (and from every other downstream customer): business and corporate registration details, ownership and affiliate relationships, operational records, financial information, online presence, and service descriptions. For a multi-brand lead-gen operation running outbound campaigns under several DBAs and through several call centers, this is not a one-document exchange. Expect VSP onboarding to demand an entity chart, beneficial-ownership disclosures, traffic-volume forecasts, dialer configuration, and the campaign-by-campaign use case for each pool of numbers.

2. Compliance Review

The upstream VSP must verify that any downstream provider it works with maintains an active RMD filing (when applicable), holds valid SPC tokens (when claiming STIR/SHAKEN signing), and has no active FCC enforcement actions or national-security designations. For a non-VSP call center, this maps to: confirmation that the operator is not on any FCC Public Notice (cease-and-desist letters, traceback-target lists), that the underlying corporate entity is in good standing, and that none of the named officers appear in adverse government lists. A history of Industry Traceback Group (ITG) responses also lands here.

3. Information Verification

The compliance-review step takes the upstream VSP’s records at face value. The information-verification step pressure-tests them. The FCC fact sheet and CommLaw Group analysis describe “basic diligence steps” including validating physical addresses, speaking with company principals, reviewing the operator’s website, and investigating inconsistencies between the operator’s claims and observable behavior. The fact sheet specifically calls out red flags such as suspicious physical addresses and AI-generated photos on websites – a signal of how the bad-actor pattern has evolved. Lead-gen operations with thin web presence, virtual-office addresses, or stock-image leadership pages should expect upstream VSPs to slow-walk onboarding until those gaps close.

4. Monitoring

KYUP is not a one-time event. The FNPRM expects VSPs to monitor downstream and upstream relationships continuously: periodic regulatory-status rechecks, ongoing call-analytics review, traceback evaluation, and detection of suspicious calling patterns. For lead-gen operations that already meet the upstream VSP’s bar at onboarding, the ongoing tax is the analytics relationship. Call-analytics engines (Hiya, TNS, First Orion, YouMail, RoboKiller) feed both consumer-side labeling and provider-side risk scoring. A spike in “Scam Likely” labels, a sudden complaint cluster, or a missed-window pattern on outbound campaigns will surface in the VSP’s monitoring dashboard whether the call center wants it surfaced or not.

5. Responsive Action

When KYUP signals turn red, the VSP is expected to act: refuse new agreements with non-compliant downstreams, suspend service, or terminate. The FNPRM elevates “responsive action” from a discretionary safety valve to a baseline duty. VSPs that ignore the signals their own monitoring produces become enforcement targets themselves – which is the structural innovation the FCC is deploying. Bad-actor calling cannot survive without VSP enablement, so the proposed rule makes VSP enablement a violation.

The Four-Year Record Retention Layer

Across the five categories, the FNPRM proposes a four-year minimum record retention period for KYUP documentation. This matches the recordkeeping window the FCC’s existing Robocall Mitigation Database rules already require for mitigation plan substantiation and lines up with the statute of limitations for many state-law TCPA claims. Lead-gen operations that already retain consent artifacts for TCPA defense – TrustedForm certificates, Jornaya LeadiD tokens, SMS double opt-in logs – now have a parallel evidentiary obligation flowing upstream to the VSP.

---

What Happens to the Robocall Mitigation Database

The Robocall Mitigation Database, established by the TRACED Act and codified at 47 CFR § 64.6305, is the FCC’s central registry where every US voice service provider must file (a) a STIR/SHAKEN implementation certification and (b) a robocall mitigation plan describing how the provider prevents illegal traffic. RMD filings are public. They are also evidentiary anchors: when the FCC sends a 24-hour cease-and-desist letter to a provider for transmitting illegal traffic, the letter cites the provider’s RMD filing as evidence the provider knew or should have known.

The FNPRM proposes that RMD filings must accurately reflect actual KYUP practices, STIR/SHAKEN implementation, traceback cooperation, and mitigation measures. The Commission has previously stripped providers from the RMD for misleading filings – a 2023 enforcement wave hit dozens of small providers – and the new rule formalizes that practice as ongoing. A mismatch between what the RMD says and what enforcement reviewers find is itself a violation under the proposed regime.

For lead-gen operations, the RMD filing of every voice service provider in the call path becomes evidentiary in TCPA defense and offense. A plaintiff’s lawyer can pull the upstream VSP’s RMD filing, compare its KYUP-practice claims against what the call center actually went through during onboarding, and use the gap as evidence of constructive knowledge. The reverse is also true: a clean RMD filing from a VSP that performed real KYUP diligence on the call center supports the call center’s defense that the calls were properly attested and the consent record was reviewed before the call was placed.

This article complements the operational playbook in the LeadGen Economy article on TCPA-compliant dialer and IVR configuration, which covers the per-call enforcement layer (consent records, time-zone rules, abandonment-rate caps, internal DNC). The KYUP layer sits one level above: even a perfectly configured dialer can be cut off if the upstream VSP’s KYUP diligence rejects the operator.

How the Industry Traceback Group Fits In

The Industry Traceback Group, administered by USTelecom under FCC designation, is the consortium that traces suspected illegal robocall traffic back through the carrier chain to the originating provider. When the FCC, a state attorney general, or a private analytics engine identifies a high-volume illegal campaign, the ITG sends traceback requests to each provider in the chain, asks each to identify the next upstream hop, and assembles a complete originator-to-terminator map. Providers that fail to respond within the ITG’s expected window – typically 24 to 48 hours for active campaigns – get cited in FCC enforcement orders.

The FNPRM proposes that the STI-GA coordinate with the ITG and with call-analytics providers on enforcement. Practically, this means an unanswered traceback is no longer just an ITG-side problem; it becomes a KYUP failure on the part of every VSP in the chain. Lead-gen operations whose VSP has a slow traceback response history will increasingly find themselves the subject of the next traceback – and the upstream VSP increasingly motivated to terminate the relationship before it gets cited.

---

STI-GA and the Service Provider Code Token Layer

The Secure Telephone Identity Governance Authority (STI-GA) is the policy body that sits at the top of the STIR/SHAKEN trust hierarchy. STI-GA was established by ATIS in 2019 with FCC blessing under the TRACED Act. It issues SPC tokens to qualified voice service providers, approves the Certification Authorities that issue the public-key certificates VSPs actually use to sign calls, and manages the trust list that downstream providers consult to validate signatures.

Until now, the FCC has stayed largely hands-off on STI-GA internal policy. The FNPRM proposes the most significant shift in that posture since STIR/SHAKEN went into effect. The Commission would require STI-GA to:

• Update its SPC token access policies within six months of any final rule, incorporating KYUP-style diligence into the token issuance and renewal decision
• Establish written criteria for selecting and approving Certification Authorities
• Report enforcement activity to the FCC quarterly, including token revocations, denials, and provider misuse cases
• Take a more active role in identifying SPC token misuse
• Coordinate with the Industry Traceback Group and with call-analytics providers on enforcement

The token-revocation point matters operationally. Once a VSP loses its SPC token, the corresponding certificates become invalid and downstream providers reject signed calls. For a lead-gen operation whose upstream VSP loses its token, the practical effect is overnight loss of A-level or B-level attestation across the entire calling footprint – typically resulting in widespread “Scam Likely” labeling, terminating-provider blocking, and complete answer-rate collapse.

The originator-side mitigation is to maintain visibility into the upstream VSP’s STI-GA standing. Operators with TCPA programs mature enough to run a self-assessment audit should add an upstream-provider KYUP-readiness section to that audit: confirm the VSP’s RMD filing is current, confirm the SPC token has not been flagged, confirm the VSP can produce a written KYUP procedure that the operator’s own onboarding actually went through.

---

What Lead-Gen Call Originators Should Do in the Next 90 Days

The FNPRM is a proposal, not a final rule. The thirty-day initial comment window and sixty-day reply window mean a final rule is unlikely before late Q4 2026 at the earliest, and the FCC’s pattern on STIR/SHAKEN matters has been to phase in implementation requirements with multi-quarter effective dates. The compliance horizon for lead-gen operations is 2027 at the soonest. But the underlying VSP-side behavior is already shifting, because the upstream providers know the rule is coming and have begun pre-positioning. The 90-day operational program below is what serious lead-gen operations should run now, ahead of the rule.

Week 1-2: Upstream Audit

Identify every voice service provider in the call path. For most lead-gen operations this is one or two: the SIP trunk provider, the CCaaS or hosted-dialer platform, and (occasionally) a third-party signing service such as Numeracle or TransNexus. For each, document: the legal entity name, the RMD filing reference, the SPC token status, the attestation level currently assigned to the operator’s traffic, and the contractual terms for service termination.

Week 3-4: KYC Readiness Pack

Build the documentation pack the upstream VSP will demand under the new KYUP regime. Components: corporate registration documents, beneficial-ownership disclosure, multi-year traffic-volume history, dialer configuration summary, campaign-level use-case description for each pool of DIDs, consent management practices (with reference to existing TrustedForm or Jornaya integrations), traceback response history if any, and any existing TCPA or state-AG matter disclosures. This pack is the deliverable when the VSP slows down a renewal or initiates a new agreement.

Week 5-6: Attestation Decision Mapping

For each campaign and each pool of DIDs in use, map the attestation level the operator believes should apply and the evidence that supports it. A-level traffic should have number-assignment or delegate-certificate proof; B-level traffic should have customer-relationship documentation but acknowledge the number gap; C-level traffic – typically resold or transit – should be flagged for migration to a higher-attestation arrangement. Mismatches between current attestation and the new criteria are the single biggest answer-rate risk for the next 18 months.

Week 7-8: Traceback Response Drill

Run a tabletop ITG traceback drill. Suppose USTelecom sends a traceback on a campaign launched 72 hours ago. Who responds? Within what time window? With what records? The exercise will surface whether the operator has a single point of failure (one compliance lead, one VPN account), whether call records are available for the relevant period, and whether the upstream VSP’s response posture aligns with the operator’s. A bad result here is more dangerous than the FNPRM itself – it’s a near-term FCC enforcement risk under current rules, not just a future-rule risk.

Week 9-12: Comment Filing or Trade-Association Participation

The 30-day initial comment window and 60-day reply window are real opportunities. Comments from lead-gen operators that can credibly speak to onboarding burden, RMD cost, KYC reasonableness, and traceback response capacity are valuable to the Commission. Direct filings are typically the territory of large operators; smaller operators participate through trade associations (LeadsCouncil, the Performance Marketing Association, or industry-specific groups) that aggregate operator input. Operators with active relationships at law firms such as Wiley Rein, Womble Bond Dickinson, Kelley Drye & Warren, or Davis Wright Tremaine can also flow input through those channels.

---

Where This Sits Relative to the Other 2026 FCC TCPA Moves

The KYUP FNPRM is not the only FCC robocall move in 2026, and operators reading it in isolation will miss the layered effect. Three other proceedings interact directly.

First, the FCC pushed the global revocation rule under 47 CFR § 64.1200(a)(10) – the “revoke once, revoke for all unrelated matters” requirement – to a January 31, 2027 effective date in a January 6, 2026 order. The global revocation rule pushed to January 2027 is the back-end consent-handling change. The KYUP FNPRM is the front-end authentication-and-vetting change. A lead-gen operation that solves one without the other is exposed: the call gets signed correctly but the revocation chain breaks, or the revocation chain works but the call is C-attested and gets blocked.

Second, the FCC’s existing enforcement bureau remains active. The enforcement bureau’s TCPA penalty pattern shows the Commission willing to issue Notices of Apparent Liability with multi-million-dollar forfeitures against providers and originators that ignore traceback or operate with falsified RMD filings. The KYUP FNPRM gives that enforcement bureau a wider rulebook to cite. Operators should expect the next enforcement wave to lean heavily on KYUP failures alongside the traditional TCPA consent violations.

Third, the consent-side regime is evolving in parallel with state-level moves (Florida’s FTSA, Oklahoma’s OTSA, the broader state mini-TCPA wave) and with the post-McLaughlin Supreme Court landscape, where district courts can now reinterpret FCC TCPA orders. The KYUP rule is a federal-level structural move that does not depend on the consent landscape – it operates at the carrier authentication layer, one step removed from consent – but the layered effect is what determines the cost of doing outbound lead-gen calling in 2027 and beyond. Operations that depend on structured call center conversion workflows for insurance, Medicare, or solar verticals should plan the KYUP readiness program as part of the same operational stack as TCPA consent management and state-law compliance.

---

Edge Cases and Open Questions

A few categories of operator deserve specific treatment.

Hosted dialer / CCaaS platforms. Platforms like Five9, NICE CXone, Genesys Cloud, and Talkdesk are voice service providers in many jurisdictions and file in the RMD. Their KYUP duties to the lead-gen operations using their platform are a direct match for the FNPRM’s proposed regime. Operators on these platforms should expect platform-side KYC and use-case review to tighten over the next two quarters. Some platforms are likely to impose campaign-level vertical restrictions (no debt-relief outbound, no warranty calling) regardless of consent posture.

Operators that bring their own SIP trunking. Lead-gen operations that route through a wholesale SIP trunk provider and place calls from on-premises dialers have an additional KYUP layer: the wholesale provider’s KYC will determine what attestation level the operator’s calls can carry. Wholesale providers are increasingly demanding the same documentation pack outlined above. Operators that have historically run on commodity SIP trunks may face significant repricing or termination.

Third-party signing services. Numeracle, TransNexus, NetNumber, and similar services sign calls on behalf of voice service providers that lack the technical capability to operate STIR/SHAKEN in-house. Under the FNPRM, the attestation decision remains the responsibility of the originating provider. Operators using a third-party signing arrangement should confirm the agreement specifies who runs the KYC and where the attestation determination logic lives. A signing service that mechanizes A-level attestation without underlying KYC is the exact failure mode the FNPRM is designed to eliminate.

International transit / call centers offshore. Calls originating outside the US that enter through a US gateway have historically been C-attested by default. The FNPRM proposes that gateway providers must perform KYUP on the foreign upstream, which materially raises the documentation burden on offshore call centers serving US lead-gen campaigns. Operators that rely on offshore agent labor for consented outbound should expect both the call center and the gateway provider to demand fuller US-side compliance documentation than was historically required.

SMS and 10DLC. STIR/SHAKEN authentication applies to voice calls, not SMS. The 10DLC (10-digit long code) regime managed by The Campaign Registry handles SMS-side carrier vetting. The two regimes are increasingly aligned in intent – vet the upstream, label the misuse, terminate the bad actors – but operationally separate. Lead-gen operations running both voice and SMS should treat KYUP and 10DLC as parallel compliance programs, not a single program.

---

What “Compliance Theater” Looks Like Under the New Rule

A useful diagnostic for operators is to ask which of the following the operation can produce in 48 hours if the upstream VSP requests them:

• A current corporate organization chart with beneficial-ownership disclosure
• A 12-month call volume report by campaign and DID pool
• A copy of the operator’s TCPA consent management procedure with sample TrustedForm certificates
• A traceback response from the last ITG request (or evidence none received)
• A current internal DNC suppression report
• A campaign-level use-case description for every active outbound campaign
• A roster of the supervisors and compliance lead with current contact information
• A copy of the operator’s RMD filing reference (if applicable) or the upstream VSP’s RMD reference
• A statement that no officer is named in an active FCC enforcement matter

Operators that cannot produce this pack are running compliance theater. The current regime tolerated theater because KYUP was a vague principle and most VSPs treated it as one. The proposed regime makes the pack a precondition of the upstream VSP’s ability to defend itself in the next enforcement review. Theater stops working when the audience starts taking attendance.

---

Key Takeaways

• The FCC adopted FCC-26-32 on May 20, 2026, a Further Notice of Proposed Rulemaking that rewrites the Know-Your-Upstream-Provider rule, codifies STIR/SHAKEN A/B/C attestation criteria, and tightens governance of the Service Provider Code token system. Comments are due 30 days after Federal Register publication.
• KYUP is now five baseline duty categories – information collection, compliance review, information verification, monitoring, and responsive action – performed before every new agreement, every renewal, and any time a risk indicator surfaces. A four-year record retention period applies.
• Codified A-level attestation requires the originating VSP to know the customer (KYC) and verify the customer’s right to use the calling number, with number-assignment records or delegate certificates as the acceptable verification mechanisms. B-level keeps KYC but releases the number-verification requirement. C-level covers transit and gateway traffic without a direct customer relationship.
• Improper attestation becomes a violation in its own right. Operators using third-party signing services should confirm the upstream VSP, not the signing service, retains responsibility for the attestation determination.
• The two remaining undue-hardship STIR/SHAKEN extensions are slated for repeal. Operators routing through providers that previously relied on extensions face renegotiation or termination.
• The STI-GA must update SPC token policies within six months, establish written CA selection criteria, and report enforcement activity to the FCC quarterly. Token revocation now flows faster through the system and produces faster downstream attestation collapse.
• Robocall Mitigation Database filings become evidentiary anchors in both FCC enforcement and private TCPA litigation. A mismatch between an upstream VSP’s RMD-claimed KYUP practice and the actual onboarding the lead-gen operator experienced is itself a fact in dispute.
• The Industry Traceback Group’s role expands. STI-GA, ITG, and call-analytics providers will coordinate enforcement, meaning a slow traceback response moves from an ITG-side problem to a KYUP failure for every VSP in the chain.
• Lead-gen call centers, hosted dialers, and CCaaS platforms are not VSPs but inherit the KYUP regime through their upstream provider. The KYC documentation pack (entity chart, ownership, traffic mix, consent posture, traceback history) becomes a precondition for service.
• The KYUP FNPRM stacks with the January 2027 global revocation rule, the ongoing FCC enforcement bureau pattern, and the post-McLaughlin private litigation landscape. Operators that solve only one layer leave the others exposed.

---

Sources

• FCC Fact Sheet DOC-421205A1 – Advanced Methods to Target and Eliminate Robocalls (April 29, 2026)
• FCC-26-32A1 – Further Notice of Proposed Rulemaking (Adopted May 20, 2026)
• FCC – Combating Spoofed Robocalls with Caller ID Authentication
• FCC May 2026 Open Commission Meeting agenda
• Wiley Rein – FCC Proposes Significant Expansion of Know-Your-Upstream Provider and STIR/SHAKEN Requirements
• Womble Bond Dickinson – FCC’s KYUP FNPRM Signals a Further Shift Toward Prescriptive Robocall Compliance Obligations
• Davis Wright Tremaine – FCC Proposes Expanded KYUP Rules, Enhanced STIR/SHAKEN Standards for Voice Providers
• CommLaw Group – FCC Targets Robocall Bad Actor Providers with New KYUP and STIR/SHAKEN Proposals
• TransNexus – FCC Know-Your-Upstream-Provider and SHAKEN rules adopted
• Telecom Reseller – The FCC’s Know Your Upstream Provider Proposal Explained (May 22, 2026)
• Federal Register – Advanced Methods to Target and Eliminate Robocalls

Last updated June 26, 2026