Improving the Effectiveness of the Robocall Mitigation Database; CORES Registration System

#  Robocall mitigation and certification.

**AGENCY:**

Federal Communications Commission.

**ACTION:**

Final rule.

**SUMMARY:**

In this document, the Federal Communications Commission (FCC or Commission) adopts rules requiring Robocall Mitigation Database (RMD or Database) filers to take additional steps to ensure the accuracy, completeness, and currentness of submitted information. The rules also establish a base forfeiture of $10,000 for each violation for filers that submit false or inaccurate information to the Database, as well as a base forfeiture of $1,000 for failure to update information that has changed in the Database within 10 days. Further, the Wireline Competition Bureau is directed to establish a dedicated reporting mechanism for deficient filings in the Database, as well as to issue additional guidance and “best practices” for filers. Additionally, the Wireline Competition Bureau and Office of the Managing Director are directed to develop a two-factor (or more) authentication solution for accessing the Database.

**DATES:**

*Effective date:* This rule is effective February 5, 2026, except for the amendments to §§ 1.8002(b)(2) and 64.6305(h), which may contain modifications to existing information collection requirements that require review by the Office of Management and Budget (OMB) under the Paperwork Reduction Act; and § 1.1105, which requires notice to Congress pursuant to section 9A(b)(2) of the Communications Act, 47 U.S.C. 159A(b)(2), and also requires certain updates to the FCC's information technology systems and internal procedures to ensure efficient and effective implementation. The Commission will publish a document in the *Federal Register* announcing the effective dates for these rules.

**FOR FURTHER INFORMATION CONTACT:**

Erik Beith, Attorney Advisor, Competition Policy Division, Wireline Competition Bureau, at *[email protected].* For additional information concerning the Paperwork Reduction Act proposed information collection requirements contained in this document, send an email to *[email protected]* or contact Nicole Ongele at (202) 418-2991.

**SUPPLEMENTARY INFORMATION:**

This is a summary of the Commission's *Report and Order* in WC Docket No. 24-213, MD Docket No. 10-234, FCC 24-135, adopted on December 30, 2024, and released on January 8, 2025. The complete text of this document is available for download at *https://docs.fcc.gov/public/attachments/FCC-24-135A1.pdf.*

**Synopsis**

**I. Discussion**

The Robocall Mitigation Database is a key tool for ensuring compliance with our STIR/SHAKEN and robocall mitigation rules and provides critical support for efforts by the Commission and outside stakeholders to combat illegal robocalling campaigns. This includes its use by other federal and state enforcement bodies for their own investigations of suspected illegal activity as well by downstream providers, which rely on the Database to determine the permissibility of traffic carried on their networks. Voice service providers, including terminating providers, and intermediate providers must refuse traffic sent directly from any provider that does not appear in the Robocall Mitigation Database. Its continued effectiveness relies on information submitted by providers being complete, accurate, and up to date. Yet a review of filings in the Database indicates a lack of thoroughness and diligence by some providers and, in some cases, malfeasance by bad actors. Given the Database's importance, we act today to promote accuracy, completeness, and currentness of submissions; to increase accountability by accurately identifying providers; to increase enforcement consequences for providers that submit false information; and to establish a reporting mechanism for shared oversight among all stakeholders. We also establish an application processing fee for initial filings, and, importantly, require providers to re-certify annually to the accuracy of their submissions. Additionally, we direct that a two-factor authentication solution for accessing the Database be developed. On balance, these steps impose minimal burden on providers while strengthening the Database's effectiveness as a compliance and consumer protection tool.

**A. Requiring Filers To Update Information in CORES**

To ensure that the Robocall Mitigation Database reflects up-to-date information, we adopt our proposal in the *Notice of Proposed Rulemaking* ( *NPRM* ), 89 FR 74184 (Sept. 12, 2024), that all entities and individuals that register in CORES in order to submit filings to the Database or that register for any other purpose be required to update any information  submitted to CORES within 10 business days of any change to that information. The *NPRM* also asked, given that Database filers must obtain a business-type FRN, whether we should apply this requirement only to business-type FRNs. No commenters urged the Commission to adopt this approach. We therefore apply this requirement to all filers, including those with individual FRNs. As explained above, the Database automatically populates a filer's contact information, *i.e.,* the entity's name and business address, using CORES. Although § 1.8002 of the Commission's rules requires that information submitted by CORES registrants “be kept current,” it provides no deadline for submitting updates after a change in information occurs. This risks the possibility of out-of-date information being imported into the Database at the time the provider submits a certification and robocall mitigation plan. We agree with the State AGs that “[h]armonizing the information in CORES and the RMD will reduce confusion by improving the accuracy of information in both databases, which will benefit both providers and law enforcement agencies” that rely on the Database. In so doing, we align § 1.8002 with § 64.6305 of the Commission's rules, which requires providers to update submissions to the Database within 10 business days of any changes to required content. Consistent with our view stated in the *NPRM* that such a rule would impose no significant costs on CORES users or present any significant countervailing burdens, no commenters opposed our proposal. Additionally, keeping information in CORES up to date may have benefits outside the robocall proceeding as well. As we stated in the *NPRM,* this procedural improvement will also benefit other Commission databases beyond the Database that make use of contact information imported from CORES. We therefore implement a 10-business day deadline for all CORES registrants to submit updates after a change in information occurs. EPIC observes that the *NPRM* placed particular emphasis on the importance of updating contact information, urging the Commission to clarify “that the enforceable requirement to update an RMD entry within 10 days is not limited to contact information updates.” Our changes today do not affect 47 CFR 64.6305(d)(5)'s existing mandate that changes to a provider's certification information, including the implementation status of STIR/SHAKEN, must be updated within 10 business days.

**B. Establishing Forfeiture for Submitting Inaccurate or False Certification Data**

Consistent with our proposal in the *NPRM,* we adopt a base forfeiture for submitting false or inaccurate information to the Robocall Mitigation Database. Specifically, we establish a base forfeiture of $10,000 for each violation for filers that submit false or inaccurate information to the Database. Robocall Mitigation Database filings are Commission authorizations. The Commission may impose a forfeiture against any person found to have willfully or repeatedly failed to comply substantially with the terms and conditions of any authorization issued by the Commission. In addition, and as proposed in the *NPRM,* we establish a base forfeiture of $1,000 for failure to update information that has changed in the Robocall Mitigation Database within 10 business days. Finally, consistent with the Commission's approach in other contexts involving failure to file required forms or information to the FCC, we find that these violations continue until cured; accordingly, forfeitures shall be assessed on a daily basis up to the statutory maximum for continuing violations.

*$10,000 Base Forfeiture for Filing False or Inaccurate Information.* In the *NPRM,* we tentatively concluded that submitting false or inaccurate information to the Robocall Mitigation Database warrants a significantly higher penalty than the existing $3,000 base forfeiture for failure to file required forms or information. In order to determine the appropriate punishment for such actions, we look to prior Commission precedent in similar circumstances. The act of filing false or inaccurate information in the Database has broad similarities to the types of violations found in two contexts: (1) failure to file required forms/information; and (2) misrepresentation/lack of candor.

Accordingly, we sought comment on two alternative forfeiture proposals for filers that submit false or inaccurate information to the Robocall Mitigation Database. For the first option, we sought comment on a proposal to set the base forfeiture for filing false or inaccurate information to the Database at $10,000. This option would make the penalty for filing false/inaccurate information to the Database somewhat less than, but similar to, forfeitures the Commission has proposed/imposed in cases involving a licensee or authorization holder's failure to file required forms or information to the Commission. For the second option, we sought comment on a proposal to impose the statutory maximum forfeiture amount allowable under section 503 of the Communications Act as the base forfeiture—the same approach that the Commission takes for violations of § 1.17 of our rules related to misrepresentation and lack of candor in investigatory or adjudicatory matters.

The comments in the record are mixed. The State AGs and ZipDX each express strong support for treating the filing of false or inaccurate information in the Robocall Mitigation Database akin to misrepresentation/lack of candor, arguing that such actions should elicit the statutory maximum penalty. NTCA, VAFR, and Ravnitzky support a set base forfeiture below the statutory maximum, akin to forfeitures assessed in failure-to-file cases. USTelecom does not argue in favor of either proposal specifically, but generally supports fines to deter bad faith submissions to the RMD. Finally, NCTA as well as INCOMPAS and CCA reject both options, each arguing against imposing any fines for filing false or inaccurate information unless (1) the Commission first grants the filer an opportunity to correct, or (2) the Commission makes a finding that the submission of false/inaccurate data was willful.

We find that the first option—setting a base forfeiture below the statutory maximum—is sufficient to accomplish the Commission's goals of deterrence and punishment for filing false or inaccurate information in the Robocall Mitigation Database. That said, and consistent with the Commission's prior statements on the critical nature of accurate information in the Database, we find that submitting false or inaccurate information to the Database warrants a significantly higher base forfeiture amount than the Commission's $3,000 base forfeiture for failure to file required forms or information. Accordingly, we adopt a base forfeiture of $10,000 for each violation for filers that submit false or inaccurate information to the Robocall Mitigation Database. The record contains comments advocating for both ends of the minimum/maximum spectrum; some commenters recommend imposing the statutory maximum in order to dissuade bad actors from profiting from deliberate wrongdoing, while others express concern that fines may lead to unintended harmful effects on small companies and thus reduce competition. We find that the amount of $10,000 serves as an appropriate middle ground between these competing views, while providing an added deterrent against false or inaccurate filings. Moreover, we note that section 503 of  the Act allows calibration of the penalty depending on the specific facts and circumstances of each individual case. Application of section 503's adjustment factors permit the Commission to assess penalties upward to the statutory maximum (in cases of egregious or deliberate malfeasance, for example) or reduce the penalty below the base when application of the factors justifies a lighter touch (such as minor/limited violations or the violator's inability to pay). Adjusting forfeiture penalties this way allows the Commission to ensure that it meets it obligation to enforce the statutes and regulations that protect consumers from abuses as well as its duty to promote and protect competition in the telecommunications industry.

*$1,000 Base Forfeiture for Failure to Update.* All filers in the Robocall Mitigation Database are required to update their filings within 10 business days if any information they are required to submit has changed. In the *NPRM,* we sought comment on a proposal to adopt a base forfeiture of $1,000, similar to the base forfeiture set forth in in § 1.80 of the Commission's rules for failure to maintain required records. We find that a $1,000 base forfeiture for failure to update Database filings within 10 business days is appropriate and adopt it here.

None of the commenters specifically addressed the Commission's proposal to implement a $1,000 base forfeiture for failure to update filings in the Robocall Mitigation Database. That said, four commenters expressed concern about the possibility that they could find themselves subject to hefty fines for inadvertent lapses or minor errors. NTCA specifically raises a failure to update after a change in company board membership as an example of an oversized penalty that should be differentiated from cases involving false claims of robocall mitigation efforts. Conversely, the State AGs, iconectiv, EPIC, and ZipDX argue that the accuracy of the data in the Database is critically important, and that failure to ensure that the information is accurate and up-to-date significantly undermines the Commission's efforts to curb illegal robocalls.

We find merit in both perspectives. We agree with commenters that inadvertent errors or minor lapses in compliance should not result in the same penalties as willful misconduct. We therefore find that the base forfeiture should be significantly lower than the $10,000 base forfeiture we set for submitting false or inaccurate information. That said, we agree with commenters who point out that inaccurate information in the Robocall Mitigation Database is still harmful—regardless of whether the inaccuracy results from malfeasance or neglect. Finally, we look to the penalties assessed in similar circumstances and note that the Commission has already established a $1,000 base forfeiture for failure to maintain required records. A base forfeiture in the amount of $1,000 in this instance creates a meaningful distinction between willful/malicious misconduct and inadvertent error. We find that a separate penalty for failure to update information in the RMD after a change has occurred is a necessary addition in order to ensure that filers make accuracy a priority. Finally, we hold that the integrity of the data in the RMD is no less critical than other records that licensees/authorization holders must maintain; accordingly, we apply a penalty, consistent with the fines applied in analogous circumstances. We therefore adopt a $1,000 base forfeiture for failure to update Database information within 10 business days.

*Forfeitures Assessed on a Continuing Violation Basis.* In the *NPRM,* we sought comment whether to assess the base forfeitures for filing false/inaccurate information and failure to update Robocall Mitigation Database information within 10 business days on a single violation basis or a continuing violation basis.

Only one commenter directly addressed this issue. The State AGs support assessing forfeitures on a continuing basis so that penalties do not merely become the so-called “cost of doing business” for bad actors. Further, the record in this proceeding shows broad agreement that accurate information in the Robocall Mitigation Database is critically important to government and industry's shared efforts to combat illegal robocalls. Information in the Database may be consulted at any time; accordingly, each day that false or inaccurate information remains in the Database without detection or correction necessarily harms the integrity of the Database and degrades its usefulness. We hold that entities that file in the Database have a continuing obligation to file truthful and accurate information in the Database, and that the filing of false or inaccurate information in the Robocall Mitigation Database is a violation that continues until the false or inaccurate information is corrected. But this is not the end of the filer's responsibility. The integrity of the data in the Database must be maintained over time because it is relied upon by other service providers, industry traceback and mitigation groups, and government investigators. Its value as a resource is not limited to the date of filing, but rather continues each day that the information is available to persons and entities who rely upon it. As such, we hold that filing entities have an explicit continuing obligation to update information within 10 business days of any change. Violations of these obligations are necessarily continuing in nature until the errors or omissions are cured. Accordingly, we find that forfeitures assessed for such violations should be assessed on a continuing violation basis.

**C. Establishing a Dedicated Reporting Mechanism for Deficient Filings**

In order to enhance the integrity of the Robocall Mitigation Database and better combat bad actors, we direct the Wireline Competition Bureau to establish a dedicated reporting mechanism for deficient filings. We invited general comment in the *NPRM* on any procedures that we could adopt to facilitate the goal of accurate compliance with Database requirements, and based on the record in response, find that a reporting mechanism is a procedural resource that can help achieve this goal. Although the Commission did not seek comment on establishing a dedicated reporting portal for deficient filings in the *NPRM,* several commenters urged the Commission to adopt such a mechanism. Despite the severe penalties associated with making noncompliant submissions, the Database evinces among some providers a lack of diligence and, in certain cases, malfeasance. Deficiencies identified range from failures to provide accurate contact information to submission of robocall mitigation plans that do not in any way describe reasonable robocall mitigation practices. Offering a reporting resource that allows stakeholders to notify the Commission if they identify deficiencies in the RMD will improve its usefulness.

Although the Commission continues to review and address such filings through enforcement actions, we agree with USTelecom that the Commission need not “carry this burden alone.” We envision that creating a public reporting resource available to state and local regulators and attorneys general, consumers, public interest groups, providers, and others could allow them to easily notify the Commission that it may need to re-check certain filings and take action to require prompt corrections from providers. Enabling outside parties to flag suspicious filings via a streamlined process would “encourag[e] reporting on a more  consistent basis” and “facilitate expedient Commission action.” Comments submitted jointly by CTIA, USTelecom, EPIC, the National Consumers League, and Public Knowledge also observe that in so doing, “industry and public stakeholders” can “bolster strained Commission resources.” Other benefits may inure from additional scrutiny, such as the potential ability to identify “recurring themes” in deficient filings. One commenter suggests that the Commission should collaborate more closely with providers and harness technologies, such as real-time data sharing, to enhance robocall mitigation. By establishing a dedicated reporting line, we provide one such mechanism for enhanced cooperation and data sharing. Offering outside parties a dedicated channel for reporting deficient filings would therefore facilitate improvements to the Robocall Mitigation Database. In addition, we expect that a more effective Database will reduce robocall volumes, the benefits of which we explain in the Call Authentication Trust Anchor Eighth Report and Order. Moreover, we believe that the costs of establishing and maintaining such a portal would be minimal and easily outweighed by the benefits to the Commission and stakeholders in ensuring accurate submissions to the Database.

As with previous delegations of authority concerning the Robocall Mitigation Database, we direct the Wireline Competition Bureau, in consultation with the Office of the Managing Director (OMD) and the Enforcement Bureau, to determine the appropriate mechanism for the Commission to receive reports of deficient filings. We delegate to the Wireline Competition Bureau the authority, in consultation with OCIO and the Senior Agency Official for Privacy (SAOP), to specify the form and format of any such submissions and to make any necessary changes to the Robocall Mitigation Database portal and interface in connection with the reporting portal. For example, the Joint Commenters suggest developing a “separate RMD referral portal that would allow providers and the public to assist the FCC in identifying bad actors abusing the RMD.” In making this delegation, we also direct the Wireline Competition Bureau, in consultation with the SAOP, to consider any Privacy Act implications associated with any user data or Personally Identifiable Information that may be collected through the reporting interface. We further direct the Wireline Competition Bureau, prior to implementing the reporting mechanism, to complete any review by the Office of Management and Budget that may be required under the Paperwork Reduction Act, to the extent the reporting mechanism involves identical questions posed to reporting entities. In carrying out its delegated authority, the Wireline Competition Bureau shall consult with the Commission's Chief Data and Analytics Officer regarding any applicable OPEN Government Data Act requirements. We further direct the Wireline Competition Bureau to develop materials to educate outside parties on how to file reports and to announce the availability of the reporting portal by Public Notice. As part of its delegated authority to implement the dedicated reporting mechanism, we direct the Bureau, in consultation with OCIO and the SAOP, to make changes to the portal and accompanying procedures as necessary to ensure the efficient and effective operation of this important new tool. In addition, we direct the Enforcement Bureau to work with the Wireline Competition Bureau to ensure that reports submitted through this portal are referred to the Enforcement Bureau as quickly and effectively as possible. We direct the Enforcement Bureau to investigate potential violations expeditiously and enforce our rules using the Commission's full suite of enforcement mechanisms.

**D. Issuing Substantive Guidance and Filer Education**

To assist filers with their robocall mitigation compliance obligations, we direct the Wireline Competition Bureau to issue additional guidance, educational materials, and “best practices” for filing in the Robocall Mitigation Database. Among other things, we sought general comment in the *NPRM* on measures we could take to improve and ensure the accuracy of information contained in the Database. The State AGs suggest that providing interpretive guidance regarding the meaning of undefined terms, and in applying the Commission's definitions, “could improve the accuracy of the RMD and other robocall mitigation efforts.” We agree that “embedding clarifying information into the process of creating RMD entries” may assist those, particularly less sophisticated, providers experiencing difficulty interpreting the Commission's forms and rules. For instance, a provider unsure of how to interpret either Commission-defined terms (such as what constitutes a “foreign voice service provider”) or general language (for example, which address serves as an entity's “business address”) when certifying may benefit from such guidance. Doing so may also obviate the need to later cure discovered deficiencies, saving both time and resources for the Commission and providers.

We delegate to the Wireline Competition Bureau the authority to determine what form such guidance should take and how it should be promulgated, consistent with this *Report and Order.* We note that, in other contexts, such guidance has been provided through “Frequently Asked Questions,” user guides and other similar documents posted to the Commission's website. We expect that providers filing in the Database will benefit from similar types of guidance, leading to overall improvements in Database submissions.

In connection with this delegation, we direct the Wireline Competition Bureau to respond to a specific request in the record from the State AGs regarding how we can guide providers toward consistently identifying themselves as “foreign voice service providers” in their RMD certifications. In this regard, we note that providers completing their RMD certification form must indicate whether they are a foreign voice service provider. The State AGs indicate that they have seen providers who may be foreign voice service providers failing to identify themselves as required. They ask the Commission to provide interpretative guidance to assist providers in completing this portion of the RMD certification form. We agree that this guidance would be informative and lead to more transparent information and accurate filings.

CTIA also asks that the Commission clarify that when a provider certifies whether it has been the subject of a previous robocall investigation or enforcement action, that it certifies not only for the registrant specifically but also for its affiliates and principals. CTIA suggests that on the Database certification form, the language should reference “affiliates or principals” in addition to the “filing entity” itself. In this regard, we note here that our rules obligate providers to certify whether “at any time in the prior two years, the filing entity (and/or any entity for which the filing entity shares common ownership, management, directors, or control)” has been the subject of an agency or law enforcement action or investigation. Nevertheless, we direct the Wireline Competition Bureau to issue guidance clarifying this or any other rule related to Robocall Mitigation Database filings it deems appropriate.

In addition, we direct the Wireline Competition Bureau to consider whether any changes to the Robocall Mitigation Database are necessary to provide greater guidance to filers, including, for instance, through the use of webtools, pop-up windows, or similar user-interface enhancements. To this end, we also delegate to the Wireline Competition Bureau the authority to make any necessary changes to the Robocall Mitigation Database submission interface. By providing flexibility to best address stakeholder confusion and concerns—both through improved communications and Database enhancements—we expect that the Wireline Competition Bureau will be able to provide timely and targeted guidance that will, in turn, help to improve the accuracy and effectiveness of the Database.

**E. Requiring Providers To Remit a Filing Fee**

We adopt our tentative conclusion that Robocall Mitigation Database filings are “applications” within the meaning of section 8 of the Communications Act, and we therefore adopt an application fee for initial submissions, and annually thereafter, and initially set the fee for both filings at $100. Under the Commission's red-light rules, applications and other requests for benefits by parties that owe non-tax debt to the Commission will not be processed. Section 8(a) of the Communications Act mandates that the Commission assess and collect application fees based on the Commission's costs to process applications. Fees assessed pursuant to our section 8 authority are deposited in the general fund of the U.S. Treasury. Thus, while the determination of the fee amount will be based on the cost of processing, the collected fees are not used to fund Commission activities. Section 8(c) also requires the Commission to amend the application fee schedule if the Commission determines that the schedule requires amendment to ensure that: (1) such fees reflect increases or decreases in the costs of processing applications at the Commission or (2) such schedule reflects the consolidation or addition of new categories of applications.

The Commission processes a wide range of applications, as well as many filings that are not applications for spectrum licenses or authorizations. The *NPRM* stated that the Commission has applied our section 8 fee authority to a range of filings. NCTA disputes the status of Robocall Mitigation Database filings as “applications,” contending that “an RMD filing is not `applying' for anything” by highlighting the mandatory nature of the filings and claiming that no benefits otherwise inure to the provider. We disagree. Like tariff filings, to which we analogized the fee here in the *NPRM,* the filing is required; and providers benefit from their filing as doing so enables downstream providers to carry their traffic. Tariff filings were included in the original statutory fee schedule. The statutory fee schedule, as amended by Congress and incorporated into our rules, is the baseline from which the Commission worked in 2020. Thus, filings included in the statutory schedule, that were still extant in 2020, are helpful examples of the types of filings encompassed by the Congressional directive to assess and collect application fees pursuant to Section 8 of the Communications Act.

Commission review of Robocall Mitigation Database submissions represents a considerable investment of labor hours that continues to rise. Over 2,600 submissions required review after implementing the original requirement for voice service providers to file certifications and robocall mitigation plans. After expanding the scope of providers required to file in the Database, this number jumped to approximately 9,000 filings. These filings necessitate a significant expenditure of Commission resources to process, including review of the specific steps providers undertake to mitigate illegal robocall traffic. We find a $100 filing fee an appropriate amount to cover this cost, based on calculations made by the Wireline Competition Bureau regarding direct labor costs, as detailed in the *NPRM.* In the *NPRM,* the Wireline Competition Bureau estimated that each filing will require 40 minutes of analyst review at the GS-12 level; 20 minutes of attorney review at the GS-14 level; and 15 minutes of attorney supervisory review at the GS-15 level. The estimated total labor costs (including 20% overhead) for the analyst review (GS-12, step 5) of each filing was $43 (0.66 hours * $64.64 = $43). The estimated labor costs (including 20% overhead) for the attorney review (GS-14, step 5) for each filing was $32.95 (0.33 hours * $98.84 = $32.95). The estimated total labor costs (including 20% overhead) for the attorney supervisory review (GS-15, step 5) for each filing was $26.71 (0.25 hours * $106.85 = $26.71). The total labor costs per filing review was $102.66 ($43 + $32.95 + $26.71). Salary data was sourced from the Office of Personnel Management and include overhead costs based on 2,087 annual hours. Based on these hourly rates and the estimated time for processing each filing, the Bureau proposed a filing fee of $100 per filing.

The record supports our determination that a $100 fee for Robocall Mitigation Database filings is appropriate. Several commenters support remittance of a filing fee. Although we do not rely on the rationales suggested by some commenters that a fee would provide financial incentive for providers to be more circumspect in their filings or act as a deterrent to bad actors, we nevertheless acknowledge their support for remittance of a fee. Our approach to the filing fee, meanwhile, should allay the concerns of those commenters opposed. For instance, INCOMPAS and CCA argue that “[r]equiring providers to submit a new filing fee every time a provider makes a minor adjustment to its RMD filing or corrects inaccurate (or readily curable) information” would be excessive. On the contrary, under the approach we adopt today, assessment of the fee will occur only at the time of initial submission and annually thereafter, limiting concerns that filers would find it cost prohibitive to update filings. Indeed, we agree with ZipDX that, against the backdrop of expenses a legitimate filer faces, a “$100 fee is negligible.” Thus, we conclude that these fees are fair, administrable, and sustainable. The Commission's adopted goals that our section 8 fees be “fair, administrable, and sustainable,” which “is the same overarching set of goals we employ in the context of our regulatory fee collections.” Application of our overarching program goals, however, must comport with the language of the statute. Moreover, we recognize other general limits of fee authority. Though the IOAA no longer applies to the Commission, we remain cognizant of broader legal issues raised by user-fee and regulatory-fee precedent. We therefore adopt the $100 application processing fee for initial RMD submissions and annual certifications described below and revise the schedule of charges for wireline competition services in 47 CFR 1.1105. We direct the Wireline Competition Bureau, working in conjunction with OMD, to implement the RMD application processing fee and to include instructions for how to pay the fee in the Wireline Competition Bureau Fee Filing Guide. In its implementation of the filing fee, we direct the Wireline Competition Bureau to consider whether and how to account for filings submitted on behalf of multiple affiliated entities.

We also apply the Commission's red-light rule to Robocall Mitigation  Database filings. Under the red-light rule, the Commission will not process applications and other requests for benefits by parties that owe non-tax debt to the Commission. In the *NPRM,* we sought comment on whether to conduct a red-light check for RMD filings. We agree with the State AGs that application of our red-light rules to RMD submissions may “prevent unscrupulous providers from filing RMD entries and transmitting robocalls.” Even if filings with the Commission go into effect immediately “thus precluding a check to determine if the filer is a delinquent debtor before the request goes into effect,” we find that conducting a red-light check at any point after filing allows the Commission to spot delinquent debtors. A delinquent debt could arise for failure to pay the $100 application processing fee or for other debts owed to the Commission. In the context of the RMD, this could lead to removal of certification, which the Commission has found to be an appropriate consequence in the context of the Intermediate Provider Registry, which similarly maintains ongoing certification filings. Under the red-light rule, we will consider acceptance of filings into the Robocall Mitigation Database conditional and subject to rescission in the event a filer fails the red-light check. The Intermediate Provider Registry is a registry compiled for purposes ensuring calls are completed in rural and remote areas. It is made publicly available on the Commission's website at *https://fccprod.servicenowservices.com/ipr_ext,* and contains information that intermediate providers are required to submit, including their contact information, the states in which they provide service, and a point of contact.

*Requiring Annual Recertification with Associated Filing Fee.* In connection with the foregoing change, we require that providers recertify annually in the Robocall Mitigation Database, at the time they submit their annual filing fee. As the State AGs observe “the RMD contains entries which have not been updated in years,” in spite of new filing requirements for all providers. We find that imposing an annual recertification requirement would facilitate the Commission's goals of keeping the Database up to date and improve the overall quality of submissions over time. We also agree with commenters that such a requirement is analogous to other annual filing requirements, demonstrating the feasibility of such an approach. For example, EPIC notes that carriers are required to submit annual certifications to the Commission regarding their Customer Proprietary Network Information (CPNI) obligations, while the State AGs compare an annual recertification requirement to the “annual renewal of access to the Federal Do Not Call Registry,” arguing that this precedent “demonstrate[s] the feasibility of requiring a periodic application or renewal fee in this context.” We agree. We find that requiring annual recertification by providers will ensure that information in the Database remains current and will promote greater diligence by filers while imposing minimal burdens on providers. Failure to fulfill the annual recertification requirement will result in referral to the Enforcement Bureau, which may subject the filer to forfeiture or removal from the Database.

This annual recertification obligation will necessarily require staff to review Robocall Mitigation Database filings to determine whether providers have complied with the Commission's rules. As is true of initial filing submissions, this process will require staff to conduct outreach to providers that fail to recertify, evaluate whether any changes to filings satisfy the Commission's Robocall Mitigation Database filing requirements, and refer deficient filers to the Enforcement Bureau. We therefore set the same filing fee of $100 per filing in connection with the annual recertification requirement. In order to facilitate administration of the fee and provide certainty to Database filers, we set an annual deadline of March 1 for recertification of existing Robocall Mitigation Database filings.

**F. Measures To Improve the Security of the Robocall Mitigation Database**

To better secure the Robocall Mitigation Database, we direct the Wireline Competition Bureau and OMD to develop a two-factor (or more) authentication solution for accessing the Database. Multi-factor authentication requires the use of multiple authentication protocols, as opposed to simply a username and password, in order to grant access to an account. For example, a two-factor authentication solution may require both use of a password and a one-time verification code. We sought comment in the *NPRM* on the benefits of additional security afforded by multi-factor authentication. Both ZipDX and the State AGs support the use of multi-factor authentication. In addition to preventing access by unauthorized users, ZipDX also observes that an added authentication layer “is useful not just as an added security measure but also to validate provided email addresses.” The State AGs further note that use of multi-factor authentication tools “helps to provide a connection between corporate policies and individuals, which will contribute to effective enforcement.” We agree with these commenters that the added security afforded by a two-factor authentication solution merits its use. Given its critical role in defending America's voice networks, protecting the integrity of information hosted by the Robocall Mitigation Database necessitates—at minimum—use of protocols deployed elsewhere by the Commission, such as CORES. Although some commenters characterize multi-factor authentication as unnecessary and cumbersome, we do not agree that deploying a two-factor authentication solution would be costly or unduly burdensome, especially given the possible benefits that would redound from such a requirement. We nevertheless acknowledge that such a requirement could present logistical problems that would need to be resolved upon implementation. For example, although USTelecom does not dispute the successful use of an added authentication layer in CORES, they argue that if a similar approach were taken for its use in the Robocall Mitigation Database, it would necessitate changes to how the Database functions. We therefore direct the Wireline Competition Bureau and OMD to develop a two-factor authentication solution with these potential issues and solutions in mind. In doing so, we direct that “[t]his solution must offer users the *option* of using phishing-resistant authentication— *i.e.,* it must provide support for Web-Authentication-based approaches, such as security keys.”

**G. Other Issues**

In the *NPRM,* we proposed and sought comment on several additional procedural and other steps the Commission could take to improve the effectiveness of the Robocall Mitigation Database. Specifically, we sought comment on requiring filers to obtain a PIN in order to submit a filing and whether and how leveraging software and other technical solutions could help to flag potential discrepancies in Database filings. We also proposed to authorize providers to engage in permissive blocking of “voice traffic by Robocall Mitigation Database filers that have been given notice that their robocall mitigation plans are facially deficient and that fail to correct those deficiencies within 48 hours.” Upon review of the record in response to the *NPRM,* we decline to take these steps in this *Report and Order* . Nevertheless, we believe many of these initiatives may have merit, and may revisit these  solutions in the future if warranted, including those suggested by commenters. We therefore direct the Wireline Competition Bureau to explore many of these issues further, as discussed below.

*Requiring Filers to Obtain a PIN to File in the Robocall Mitigation Database.* We similarly decline to require that filers obtain a PIN to make filings in the Robocall Mitigation Database. In the *NPRM,* we sought comment on whether, in addition to or as an alternative to multi-factor authentication, an officer, owner, or other principal of a provider should be required to obtain and enter a PIN before a submission is accepted by the filing system. While some commenters support such a measure, they generally do so on the grounds that the PIN could serve as an accountability measure that would create a point of contact directly familiar with and responsible for the provider's filings. However, we note that our certification provisions already require that an officer declare as “true and correct” the information contained in the provider's submission, doing so “under penalty of perjury.” Although we signaled concern that such officers need not “provide their own direct contact information or . . . make more specific certifications with respect to their role in ensuring that the provider submits and maintains accurate information,” we agree with ZipDX that—at this time—the benefits of requiring filers to obtain a PIN do not outweigh the burdens involved. While we disagree with NCTA's claim that references in the *NPRM* to “consultants and provider employees . . . completing RMD submissions without diligence” are “without evidence,” we acknowledge the logistical burdens cited by NCTA and agree with ZipDX that the goals cited by the *NPRM* may be better served through other approaches, particularly the procedural protections we adopt above.

ZipDX proposes that the Commission require, as part of a provider's Robocall Mitigation Database filing, affirmation that the entity has filed a Beneficial Ownership Information (BOI) with the Federal Crimes Enforcement Network (FinCEN). Failing that, ZipDX suggests that a registrant be required to provide an explanation and require the uploading of a government-issued ID, to be kept confidential by the Commission. While we acknowledge the potential merits of ZipDX's proposals, we find the record insufficient to adequately assess their viability. While we decline to adopt the specific proposals advanced by ZipDX at this time, we nevertheless direct the Wireline Competition Bureau, in coordination with the Enforcement Bureau, to investigate these and other measures and procedures to achieve such ends, consistent with privacy and other requirements.

*Data Validation Tools.* We decline at this time to adopt any specific software or other technical solutions that would validate the data entered into an RMD filing against an external source and flag discrepancies for Commission staff to review. In the *NPRM,* we sought broad comment on the use of such tools to improve the quality of the information being input into the Database, including the availability, cost, and feasibility of various solutions. While commenters generally support the use of data validation tools to enhance the accuracy and completeness of data submitted in the Database, there was a lack of consensus and specificity about what solutions could prove most effective, and no data regarding the cost of implementation. We therefore find the record is insufficient to support adoption of a specific method at this time. Given unanimous interest in leveraging technical solutions to improve the Database, however, we direct the Bureau to further investigate the feasibility and costs associated with those solutions offered in the record, as well as any others that could achieve substantially the same goal. We delegate to the Wireline Competition Bureau the authority to implement any technical data validation solution that it determines, through its investigation, is likely to produce benefits that outweigh the solution's costs.

*Authorizing Permissive Blocking for Facially Deficient Filings.* We decline to adopt our proposal to authorize downstream providers to permissively block traffic by providers that have submitted facially deficient filings and failed to correct them. The *NPRM* sought comment on various aspects of this proposal, including the process for identifying facially deficient filings, providing deficient filers a reasonable opportunity to cure, and implementing a permissive blocking scheme. The *NPRM* also sought comment on the risks and costs of authorizing permissive blocking, and whether the standard associated with the issuance of cease-and-desist letters provides any guidance regarding the appropriate approach to take here. Commenters' views varied, but most opposed permissive blocking, or supported it only if significant modifications were implemented. For example, the VAFR argues that any such rule would exceed the Commission's statutory authority and prove “unreasonable and potentially devastating for small [voice service providers],” claiming that the period proposed by the *NPRM* for responding to alleged deficiencies would need to be lengthened to at least 30 days. While we agree with the State AGs and USTelecom that it is important to address facially deficient filings and block traffic that is “likely to be illegitimate,” given the severe consequences of being blocked, we are persuaded that the Commission should first focus on our “existing authority to clean up the RMD and remove bad actors who file deliberately false or misleading information under its existing two-step “facially deficient' removal process.”

Instead of pursuing a permissive blocking scheme, CTIA suggests that the Commission take further action to remove providers subject to mandatory blocking from the Robocall Mitigation Database. Specifically, CTIA urges the Commission to, within 30 days of the issuance of a blocking order made pursuant to § 64.1200(n)(3) of our rules, remove a provider from the Robocall Mitigation Database. CTIA contends that doing so represents “a logical step” consistent with our existing rules and additionally argues that the Commission “should prioritize its implementation of blocking orders on . . . flagrant offenders who have refused to address issues with their RMD filings despite Commission outreach.” As noted by CTIA, Commission rules already speak to the subject. We therefore find that additional action is unnecessary. Moreover, we note that the Commission balances a variety of factors in establishing enforcement priorities and decline to elaborate further on our internal review and enforcement processes, to the extent that CTIA and EPIC requests that the Commission prioritize certain enforcement actions over others.

*Limiting the Scope of Confidentiality Requests.* Because our existing rules discourage broad requests for confidentiality, we decline at this time to further limit the scope of confidentiality requests. In response to our request for general comment regarding improvements to the Database, CTIA and USTelecom urge the Commission to reject overly broad confidentiality requests pertaining to robocall mitigation plans. They contend that failure to do so would undermine the usefulness of the Robocall Mitigation Database, including its ability to promote transparency and accountability. ZipDX claims that some providers “redact the entire substance of their [robocall mitigation plan] from public inspection, depriving other stakeholders from evaluating the plan  and making appropriate decisions.” USTelecom further asserts that such sweeping redactions enable bad actors to abuse confidentiality protections to avoid public scrutiny. However, as USTelecom itself observes, the Commission has already adopted a protective order delineating the strict terms of any confidentiality request. Indeed, the Commission addressed these very concerns at the time of its issuance and noted that it would “not hesitate to act should we identify improper confidentiality requests.” The other measures we adopt today, including establishing a dedicated reporting mechanism for deficient filings, will better enable the Commission to identify and address overly redacted robocall mitigation plans. As such, while we heed commenters' calls to be strict in our review of confidentiality requests, we do not formalize any such action today. However, as part of the filer education initiative discussed above, we direct the Wireline Competition Bureau to consider whether it would be helpful to provide additional guidance to filers that wish to submit requests for confidential treatment of their Robocall Mitigation Database filings, consistent with the terms of the *RMD Protective Order* .

*Heightened Scrutiny of Certain Filings.* We do not at this time adopt rules that would formally modify the level of scrutiny a given provider receives in certain cases. Responding to our broad request for comment on potential improvements to the Database, USTelecom proposes that when individuals “associated with a certain number of apparently unaffiliated entities submits a new filing, the Commission should elevate [that] filing for additional review.” The Joint Commenters agree, stating that such scrutiny would deter “bad actors from creating new entities to refile after being kicked out of the Database.” They further argue that the Commission can “best promote the quality and accuracy of information . . . by using its existing authority to closely analyze the substance of [robocall mitigation plan] filings and to remove facially deficient filings submitted by providers.” We decline to discuss here our internal investigatory processes, including the extent to which the Commission already applies additional scrutiny to certain types of applications. Moreover, the Commission has already developed an expedited two-step procedure for removing facially deficient filings. CTIA urges the Commission to set a 30-day deadline for removal of deficient filings after completion of this process, so as to “provide much-needed certainty.” However, as outlined in the *Sixth Caller ID Authentication Report and Order,* removal already occurs immediately following the second step. To the extent that CTIA expresses concerns about the timing of enforcement actions, we again decline to discuss internal processes and find that such concerns are outside the scope of this proceeding. We therefore see no need to make additional adjustments to address certain types of filings identified by commenters.

EPIC additionally argues that the Commission should expand its expedited removal process for facially deficient filings to providers who are non-responsive to tracebacks or who continually connect illegal calls. We note that such a suggestion falls outside the scope of this proceeding. Nevertheless, failure to respond to traceback requests and transmission of illegal calls represent serious violations of our rules that warrant a swift response. We will continue to monitor the deterrent effect of our enforcement actions on such behaviors and consider further changes to improve the effectiveness thereof.

*Additional Enhancements to the Database and Submission Form.* Although we do not adopt additional changes to the Robocall Mitigation Database portal and its submission form, we direct the Wireline Competition Bureau to investigate whether recommendations made in the record warrant further improvements. USTelecom, for instance, suggests enabling filers to include more than one attachment in their submissions so as to avoid “having to rewrite and refile everything” when providing updates. USTelecom also proposes to allow a parent company to submit filings on behalf of an affiliated entity, arguing that doing so would streamline the process for providing updates to the Database and cites to other licensing regimes that allow affiliates to share authorizations. CTIA requests that the Commission overhaul the Database's architecture to allow for more granular searches and a download option for those results, asserting that doing so would make fake or falsified information more easily identifiable by legitimate providers. CTIA further states that the Commission should amend the Database filing form to require selection of a state or territory from a dropdown list to improve searchability, and USTelecom similarly requests that the search page include an entity's OCN to streamline a provider's evaluation of potential partners. We recognize the value of these and other potential changes to the Database. EPIC also suggests that we reject entries from being created when a filer does not enter all required basic information. However, the Database presently requires completion of all fields before submission. Moreover, the Commission has already implemented an expedited procedure for removing facially deficient filing. As such, we direct the Wireline Competition Bureau to explore the potential for these and any other modifications to the Database that would improve the user experience of filers.

*IP Transition.* We do not at this time adopt recommendations made in the record seeking to facilitate the IP transition. NTCA requests that the Commission examine how the persistent use of TDM facilities and routing have on robocall mitigation efforts and consider whether standards that enable call authentication over non-IP facilities should be used by voice providers to ensure that STIR/SHAKEN is, at minimum, more effective than otherwise. ZipDX, acknowledging that such suggestions are only “marginally within the scope of the *NPRM,* nevertheless recommends that we collect data on STIR/SHAKEN implementation by revising the filing process to require providers to indicate the number of calls in the month prior to the filing date affected by delays in IP implementation and to annually update such filings with recent data if deficiencies in implementation exist. These recommendations, irrespective of their merits, fall outside the scope of this proceeding. The Commission is also separately examining this issue in its *Notice of Inquiry* on this matter, and we otherwise decline to adopt additional filing requirements at this time.

**II. Legal Authority**

Consistent with our proposal, we adopt the foregoing revisions to the Robocall Mitigation Database requirements pursuant to the legal authorities that the Commission relied on in its caller ID authentication and call blocking orders, namely sections 201(b), 202(a), and 251(e) of the Communications Act, the Truth in Caller ID Act, and our ancillary authority. We conclude that the Commission has authority under 31 U.S.C. 3512(b) and Part 1, Subpart O of the Commission's rules to make administrative enhancements pertaining to CORES. We further conclude that sections 501, 502, and 503 of the Communications Act provide authority to establish forfeiture amounts for submitting inaccurate or false certification data to the Robocall  Mitigation Database. We note that no commenter questioned our proposed legal authority. One commenter argues that the Commission's proposed forfeiture amounts exceed its statutory authority under the TRACED Act. However, we conclude that sections 501, 502, and 503 of the Act provide independent legal authority to establish forfeiture amounts, and therefore, we need not rely on the TRACED Act.

As explained above, we rely on our authority under section 8 of the Communications Act to add Robocall Mitigation Database filings to the Commission's Schedule of Application Fees. We adopt our tentative conclusion from the *NPRM* that submissions to the Robocall Mitigation Database constitute “applications” within the meaning of the RAY BAUM's Act, consistent with our prior implementation of our section 8 authority. The statute requires that our section 8 fees be deposited in the general fund of the Treasury. That Congressional requirement does not change the fact that Congress also directs that the fees be keyed to our processing costs. Thus, INCOMPAS's and CCA's arguments do not alter the statutory requirements or our analysis of our section 8 obligations. With the additional exception of NCTA, whose arguments we address above, commenters otherwise do not dispute our legal authority to impose a filing fee. We therefore adopt our tentative conclusions from the *NPRM* and find that section 8 of the Act authorizes the imposition of a filing fee.

**III. Final Regulatory Flexibility Analysis**

The Regulatory Flexibility Act of 1980, as amended (RFA), requires that an agency prepare a regulatory flexibility analysis for notice and comment rulemakings, unless the agency certifies that “the rule will not, if promulgated, have a significant economic impact on a substantial number of small entities.” Accordingly, we have prepared a Final Regulatory Flexibility Analysis (FRFA) concerning the possible impact of the rule changes contained in this *Report and Order* on small entities. This Final Regulatory Flexibility Analysis (FRFA) conforms to the RFA.

**A. Need for, and Objectives of, the Report and Order**

The *Report and Order* takes important steps in the fight against illegal robocalls by adopting rules to improve the overall quality of Robocall Mitigation Database (RMD) submissions and strengthen the procedures providers must follow to submit, update, and maintain accurate filings. Specifically, the *Report and Order:* (1) requires providers to update any information submitted to the Commission Registration System (CORES) within 10 business days of any change to that information; (2) adopts base forfeiture amounts for submitting false or inaccurate information to the RMD; (3) directs the Wireline Competition Bureau (Bureau) to establish a dedicated reporting mechanism for deficient filings; (4) directs the Bureau to issue additional guidance, educational materials, and “best practices” for filing in the RMD; (5) and concludes that RMD submissions are “applications” within the meaning of the RAY BAUM's Act and requires that providers remit a $100 application processing fee for initial submissions and annually thereafter. Through these actions, the *Report and Order* strengthens the RMD as a compliance and consumer protection tool.

**B. Summary of Significant Issues Raised by Public Comments in Response to the IRFA**

Though there were no comments raised that specifically addressed the proposed rules and policies presented in the IRFA, the Commission did receive comments addressing the burdens on small providers in response to the *NPRM.* Specifically, one commenter opposed the Commission's proposals to: (1) authorize downstream providers to permissively block traffic by RMD filers that have been given notice that their robocall mitigation plans are facially deficient and that fail to correct those deficiencies within 48 hours; (2) establish a separate base forfeiture amount for submitting false or inaccurate information to the RMD; and (3) require providers to remit a filing fee for RMD submissions, arguing that such proposals would be unduly burdensome and potentially devastating to small voice service providers. The Commission was persuaded by commenter's arguments regarding the severe consequences of being blocked, and declined to adopt its proposal to authorize permissive blocking. Regarding the proposal to establish a separate base forfeiture, the Commission found that the amount of $10,000—below the statutory maximum—serves as an appropriate middle ground between competing commenters' views regarding the appropriateness and amount of a forfeiture. Finally, the Commission concluded that a $100 filing fee is appropriate and manageable, and further determined that assessment of the fee will occur only at the time of initial submission and annually thereafter, thereby limiting concerns that filers would find it cost prohibitive to update filings.

**C. Response to Comments by the Chief Counsel for Advocacy of the Small Business Administration**

Pursuant to the Small Business Jobs Act of 2010, which amended the RFA, the Commission is required to respond to any comments filed by the Chief Counsel for Advocacy of the Small Business Administration (SBA), and to provide a detailed statement of any change made to the proposed rules as a result of those comments. The Chief Counsel did not file any comments in response to the proposed rules in this proceeding.

**D. Description and Estimate of the Number of Small Entities to Which Rules Will Apply**

The RFA directs agencies to provide a description of, and where feasible, an estimate of the number of small entities that may be affected by the rules adopted herein. The RFA generally defines the term “small entity” as having the same meaning as the terms “small business,” “small organization,” and “mall governmental jurisdiction.” In addition, the term “small business” has the same meaning as the term “small-business concern” under the Small Business Act. A “small-business concern” is one which: (1) is independently owned and operated; (2) is not dominant in its field of operation; and (3) satisfies any additional criteria established by the SBA.

*Small Businesses, Small Organizations, Small Governmental Jurisdictions.* Our actions, over time, may affect small entities that are not easily categorized at present. We therefore describe, at the outset, three broad groups of small entities that could be directly affected herein. First, while there are industry specific size standards for small businesses that are used in the regulatory flexibility analysis, according to data from the Small Business Administration's (SBA) Office of Advocacy, in general a small business is an independent business having fewer than 500 employees. These types of small businesses represent 99.9% of all businesses in the United States, which translates to 33.2 million businesses. Next, the type of small entity described as a “small organization” is generally “any not-for-profit enterprise which is independently owned and operated and is not dominant in its field.” The Internal Revenue Service (IRS) uses a revenue benchmark of $50,000 or less to delineate its annual electronic filing  requirements for small exempt organizations. Nationwide, for tax year 2022, there were approximately 530,109 small exempt organizations in the U.S. reporting revenues of $50,000 or less according to the registration and tax data for exempt organizations available from the IRS.

Finally, the small entity described as a “small governmental jurisdiction” is defined generally as “governments of cities, counties, towns, townships, villages, school districts, or special districts, with a population of less than fifty thousand.” U.S. Census Bureau data from the 2022 Census of Governments indicate there were 90,837 local governmental jurisdictions consisting of general purpose governments and special purpose governments in the United States. Of this number, there were 36,845 general purpose governments (county, municipal, and town or township) with populations of less than 50,000 and 11,879 special purpose governments (independent school districts) with enrollment populations of less than 50,000. Accordingly, based on the 2022 U.S. Census of Governments data, we estimate that at least 48,724 entities fall into the category of “small governmental jurisdictions.”

*Wired Telecommunications Carriers.* The U.S. Census Bureau defines this industry as establishments primarily engaged in operating and/or providing access to transmission facilities and infrastructure that they own and/or lease for the transmission of voice, data, text, sound, and video using wired communications networks. Transmission facilities may be based on a single technology or a combination of technologies. Establishments in this industry use the wired telecommunications network facilities that they operate to provide a variety of services, such as wired telephony services, including VoIP services, wired (cable) audio and video programming distribution, and wired broadband internet services. By exception, establishments providing satellite television distribution services using facilities and infrastructure that they operate are included in this industry. Wired Telecommunications Carriers are also referred to as wireline carriers or fixed local service providers.

The SBA small business size standard for Wired Telecommunications Carriers classifies firms having 1,500 or fewer employees as small. U.S. Census Bureau data for 2017 show that there were 3,054 firms that operated in this industry for the entire year. Of this number, 2,964 firms operated with fewer than 250 employees. Additionally, based on Commission data in the 2022 Universal Service Monitoring Report, as of December 31, 2021, there were 4,590 providers that reported they were engaged in the provision of fixed local services. Of these providers, the Commission estimates that 4,146 providers have 1,500 or fewer employees. Consequently, using the SBA's small business size standard, most of these providers can be considered small entities.

*Local Exchange Carriers* ( *LECs* ). Neither the Commission nor the SBA has developed a size standard for small businesses specifically applicable to local exchange services. Providers of these services include both incumbent and competitive local exchange service providers. Wired Telecommunications Carriers is the closest industry with an SBA small business size standard. Wired Telecommunications Carriers are also referred to as wireline carriers or fixed local service providers. The SBA small business size standard for Wired Telecommunications Carriers classifies firms having 1,500 or fewer employees as small. U.S. Census Bureau data for 2017 show that there were 3,054 firms that operated in this industry for the entire year. Of this number, 2,964 firms operated with fewer than 250 employees. Additionally, based on Commission data in the 2022 Universal Service Monitoring Report, as of December 31, 2021, there were 4,590 providers that reported they were fixed local exchange service providers. Of these providers, the Commission estimates that 4,146 providers have 1,500 or fewer employees. Consequently, using the SBA's small business size standard, most of these providers can be considered small entities.

*Incumbent Local Exchange Carriers (Incumbent LECs).* Neither the Commission nor the SBA have developed a small business size standard specifically for incumbent local exchange carriers. Wired Telecommunications Carriers is the closest industry with an SBA small business size standard. The SBA small business size standard for Wired Telecommunications Carriers classifies firms having 1,500 or fewer employees as small. U.S. Census Bureau data for 2017 show that there were 3,054 firms in this industry that operated for the entire year. Of this number, 2,964 firms operated with fewer than 250 employees. Additionally, based on Commission data in the 2022 Universal Service Monitoring Report, as of December 31, 2021, there were 1,212 providers that reported they were incumbent local exchange service providers. Of these providers, the Commission estimates that 916 providers have 1,500 or fewer employees. Consequently, using the SBA's small business size standard, the Commission estimates that the majority of incumbent local exchange carriers can be considered small entities.

*Competitive Local Exchange Carriers (LECs).* Neither the Commission nor the SBA has developed a size standard for small businesses specifically applicable to local exchange services. Providers of these services include several types of competitive local exchange service providers. Wired Telecommunications Carriers is the closest industry with a SBA small business size standard. The SBA small business size standard for Wired Telecommunications Carriers classifies firms having 1,500 or fewer employees as small. U.S. Census Bureau data for 2017 show that there were 3,054 firms that operated in this industry for the entire year. Of this number, 2,964 firms operated with fewer than 250 employees. Additionally, based on Commission data in the 2022 Universal Service Monitoring Report, as of December 31, 2021, there were 3,378 providers that reported they were competitive local service providers. Of these providers, the Commission estimates that 3,230 providers have 1,500 or fewer employees. Consequently, using the SBA's small business size standard, most of these providers can be considered small entities.

*Interexchange Carriers (IXCs).* Neither the Commission nor the SBA have developed a small business size standard specifically for Interexchange Carriers. Wired Telecommunications Carriers is the closest industry with a SBA small business size standard. The SBA small business size standard for Wired Telecommunications Carriers classifies firms having 1,500 or fewer employees as small. U.S. Census Bureau data for 2017 show that there were 3,054 firms that operated in this industry for the entire year. Of this number, 2,964 firms operated with fewer than 250 employees. Additionally, based on Commission data in the 2022 Universal Service Monitoring Report, as of December 31, 2021, there were 127 providers that reported they were engaged in the provision of interexchange services. Of these providers, the Commission estimates that 109 providers have 1,500 or fewer employees. Consequently, using the SBA's small business size standard, the Commission estimates that the majority of providers in this industry can be considered small entities.

*Cable System Operators (Telecom Act Standard).* The Communications Act of 1934, as amended, contains a size standard for a “small cable operator,” which is “a cable operator that, directly or through an affiliate, serves in the aggregate fewer than one percent of all subscribers in the United States and is not affiliated with any entity or entities whose gross annual revenues in the aggregate exceed $250,000,000.” For purposes of the Telecom Act Standard, the Commission determined that a cable system operator that serves fewer than 498,000 subscribers, either directly or through affiliates, will meet the definition of a small cable operator. Based on industry data, only six cable system operators have more than 498,000 subscribers. Accordingly, the Commission estimates that the majority of cable system operators are small under this size standard. We note however, that the Commission neither requests nor collects information on whether cable system operators are affiliated with entities whose gross annual revenues exceed $250 million. Therefore, we are unable at this time to estimate with greater precision the number of cable system operators that would qualify as small cable operators under the definition in the Communications Act.

*Other Toll Carriers.* Neither the Commission nor the SBA has developed a definition for small businesses specifically applicable to Other Toll Carriers. This category includes toll carriers that do not fall within the categories of interexchange carriers, operator service providers, prepaid calling card providers, satellite service carriers, or toll resellers. Wired Telecommunications Carriers is the closest industry with a SBA small business size standard. The SBA small business size standard for Wired Telecommunications Carriers classifies firms having 1,500 or fewer employees as small. U.S. Census Bureau data for 2017 show that there were 3,054 firms in this industry that operated for the entire year. Of this number, 2,964 firms operated with fewer than 250 employees. Additionally, based on Commission data in the 2022 Universal Service Monitoring Report, as of December 31, 2021, there were 90 providers that reported they were engaged in the provision of other toll services. Of these providers, the Commission estimates that 87 providers have 1,500 or fewer employees. Consequently, using the SBA's small business size standard, most of these providers can be considered small entities.

*Wireless Telecommunications Carriers (except Satellite).* This industry comprises establishments engaged in operating and maintaining switching and transmission facilities to provide communications via the airwaves. Establishments in this industry have spectrum licenses and provide services using that spectrum, such as cellular services, paging services, wireless internet access, and wireless video services. The SBA size standard for this industry classifies a business as small if it has 1,500 or fewer employees. U.S. Census Bureau data for 2017 show that there were 2,893 firms in this industry that operated for the entire year. Of that number, 2,837 firms employed fewer than 250 employees. Additionally, based on Commission data in the 2022 Universal Service Monitoring Report, as of December 31, 2021, there were 594 providers that reported they were engaged in the provision of wireless services. Of these providers, the Commission estimates that 511 providers have 1,500 or fewer employees. Consequently, using the SBA's small business size standard, most of these providers can be considered small entities.

*Satellite Telecommunications.* This industry comprises firms “primarily engaged in providing telecommunications services to other establishments in the telecommunications and broadcasting industries by forwarding and receiving communications signals via a system of satellites or reselling satellite telecommunications.” Satellite telecommunications service providers include satellite and earth station operators. The SBA small business size standard for this industry classifies a business with $44 million or less in annual receipts as small. U.S. Census Bureau data for 2017 show that 275 firms in this industry operated for the entire year. Of this number, 242 firms had revenue of less than $25 million. Consequently, using the SBA's small business size standard most satellite telecommunications service providers can be considered small entities. The Commission notes however, that the SBA's revenue small business size standard is applicable to a broad scope of satellite telecommunications providers included in the U.S. Census Bureau's Satellite Telecommunications industry definition. Additionally, the Commission neither requests nor collects annual revenue information from satellite telecommunications providers, and is therefore unable to more accurately estimate the number of satellite telecommunications providers that would be classified as a small business under the SBA size standard.

*Local Resellers.* Neither the Commission nor the SBA have developed a small business size standard specifically for Local Resellers. Telecommunications Resellers is the closest industry with a SBA small business size standard. The Telecommunications Resellers industry comprises establishments engaged in purchasing access and network capacity from owners and operators of telecommunications networks and reselling wired and wireless telecommunications services (except satellite) to businesses and households. Establishments in this industry resell telecommunications; they do not operate transmission facilities and infrastructure. Mobile virtual network operators (MVNOs) are included in this industry. The SBA small business size standard for Telecommunications Resellers classifies a business as small if it has 1,500 or fewer employees. U.S. Census Bureau data for 2017 show that 1,386 firms in this industry provided resale services for the entire year. Of that number, 1,375 firms operated with fewer than 250 employees. Additionally, based on Commission data in the 2021 Universal Service Monitoring Report, as of December 31, 2021, there were 207 providers that reported they were engaged in the provision of local resale services. Of these providers, the Commission estimates that 202 providers have 1,500 or fewer employees. Consequently, using the SBA's small business size standard, most of these providers can be considered small entities.

*Toll Resellers.* Neither the Commission nor the SBA have developed a small business size standard specifically for Toll Resellers. Telecommunications Resellers is the closest industry with a SBA small business size standard. The Telecommunications Resellers industry comprises establishments engaged in purchasing access and network capacity from owners and operators of telecommunications networks and reselling wired and wireless telecommunications services (except satellite) to businesses and households. Establishments in this industry resell telecommunications; they do not operate transmission facilities and infrastructure. Mobile virtual network operators (MVNOs) are included in this industry. The SBA small business size standard for Telecommunications Resellers classifies a business as small if it has 1,500 or fewer employees. U.S. Census Bureau data for 2017 show that 1,386 firms in this industry provided  resale services for the entire year. Of that number, 1,375 firms operated with fewer than 250 employees. Additionally, based on Commission data in the 2022 Universal Service Monitoring Report, as of December 31, 2021, there were 457 providers that reported they were engaged in the provision of toll services. Of these providers, the Commission estimates that 438 providers have 1,500 or fewer employees. Consequently, using the SBA's small business size standard, most of these providers can be considered small entities.

*Prepaid Calling Card Providers.* Neither the Commission nor the SBA has developed a small business size standard specifically for prepaid calling card providers. Telecommunications Resellers is the closest industry with a SBA small business size standard. The Telecommunications Resellers industry comprises establishments engaged in purchasing access and network capacity from owners and operators of telecommunications networks and reselling wired and wireless telecommunications services (except satellite) to businesses and households. Establishments in this industry resell telecommunications; they do not operate transmission facilities and infrastructure. Mobile virtual network operators (MVNOs) are included in this industry. The SBA small business size standard for Telecommunications Resellers classifies a business as small if it has 1,500 or fewer employees. U.S. Census Bureau data for 2017 show that 1,386 firms in this industry provided resale services for the entire year. Of that number, 1,375 firms operated with fewer than 250 employees. Additionally, based on Commission data in the 2022 Universal Service Monitoring Report, as of December 31, 2021, there were 62 providers that reported they were engaged in the provision of prepaid card services. Of these providers, the Commission estimates that 61 providers have 1,500 or fewer employees. Consequently, using the SBA's small business size standard, most of these providers can be considered small entities.

*All Other Telecommunications.* This industry is comprised of establishments primarily engaged in providing specialized telecommunications services, such as satellite tracking, communications telemetry, and radar station operation. This industry also includes establishments primarily engaged in providing satellite terminal stations and associated facilities connected with one or more terrestrial systems and capable of transmitting telecommunications to, and receiving telecommunications from, satellite systems. Providers of internet services ( *e.g.* dial-up ISPs) or Voice over internet Protocol (VoIP) services, via client-supplied telecommunications connections are also included in this industry. The SBA small business size standard for this industry classifies firms with annual receipts of $40 million or less as small. U.S. Census Bureau data for 2017 show that there were 1,079 firms in this industry that operated for the entire year. Of those firms, 1,039 had revenue of less than $25 million. Based on this data, the Commission estimates that the majority of “All Other Telecommunications” firms can be considered small.

**E. Description of Projected Reporting, Recordkeeping, and Other Compliance Requirements for Small Entities**

The *Report and Order* creates new compliance obligations for small and other entities by requiring providers to follow additional procedures to submit, update, and maintain accurate filings in the RMD. These changes affect small and other companies, and apply to all the classes of regulated entities identified above. Specifically, the *Report and Order* requires providers to update any information submitted to CORES within 10 business days of any change to that information; establishes a base forfeiture of $10,000 for each violation for filers that submit false or inaccurate information to the Database, and a base forfeiture of $1,000 for failure to update information that has changed in the RMD within 10 business days; and requires providers to recertify their RMD filings annually. Attendant with this final change, the *Report and Order* also requires providers to remit a $100 filing fee for initial and subsequent annual submissions, and applies the Commission's red-light rule to RMD filings, whereby the Commission will not process applications and other requests for benefits by parties that owe non-tax debt to the Commission.

While there is not detailed information currently on the record to determine whether small entities will be required to hire professionals to comply with its decisions in the *Report and Order,* we find that the forfeiture fees and additional obligations are not overly burdensome, and take necessary steps to strengthen the RMD's effectiveness as a compliance and consumer protection tool. Further, section 503 of the Act allows for penalties to be adjusted depending on the specific circumstances of each case. New obligations to update information in CORES within 10 days are aligned with existing obligations to update the RMD in a similar timeframe, and therefore should not be overly burdensome to small providers.

**F. Steps Taken To Minimize the Significant Economic Impact on Small Entities, and Significant Alternatives Considered**

The RFA requires an agency to provide, “a description of the steps the agency has taken to minimize the significant economic impact on small entities . . . including a statement of the factual, policy, and legal reasons for selecting the alternative adopted in the final rule and why each one of the other significant alternatives to the rule considered by the agency which affect the impact on small entities was rejected.”

The *Report and Order* considered alternatives that may minimize the economic impact on small providers. In adopting its proposal to require providers to update any information submitted to CORES within 10 business days of any change to that information, the Commission assumed the rule would impose no significant costs on CORES users or present any significant countervailing burdens, including for small providers because it aligns with existing obligations to update the RMD, and no commenters disagreed or otherwise opposed the proposal. Recognizing arguments in the record that fines may lead to unintended harmful effects on small companies, the Commission established a base forfeiture amount below the statutory maximum for submitting false or inaccurate information to the RMD. The Commission also agreed with commenters that inadvertent errors or minor lapses in compliance should not result in the same penalties as willful misconduct, and adopted a base forfeiture amount of $1000 for failure to update RMD filings within 10 business days—significantly lower than the $10,000 base forfeiture amount for submitting false or inaccurate data in the first instance. The Commission considered comments disputing the RMD filing fee as an application fee, but found it to be analogous to other filing requirements. The Commission found that a $100 filing fee is an appropriate amount to cover the cost of processing RMD filings, and, along with an annual recertification requirement, is minimally burdensome for small providers, as evidenced by the record. Nevertheless, the Commission adopted an approach whereby the assessment of the fee will occur only at the time of initial submission and annually thereafter, as opposed to each time a provider makes minor corrections to  RMD filings, reducing the cost of updating filings for small and other providers. In adopting a two-factor authentication solution for accessing the Database, the Commission disagreed with commenters that characterized multi-factor authentication as costly and burdensome, concluding that the added security afforded by a two-factor authentication solution merits its use. The Commission nevertheless acknowledged that such a solution could present logistical problems, and directed the Wireline Competition Bureau and OMD to develop a two-factor authentication solution with these potential issues in mind.

Finally, the Commission considered and declined to adopt a number of proposals described in the *NPRM,* including requiring filers to obtain a PIN in order to submit a filing and implementing any technical data validation solutions, citing the potential burden on providers, including small providers, and a lack of clear, countervailing benefits. The Commission also declined to adopt its proposal to authorize providers to engage in permissive blocking of voice traffic by RMD filers that have been given notice that their robocall mitigation plans are facially deficient and that fail to correct those deficiencies within 48 hours, thereby reducing the risk and potential burden of being blocked for small and other providers. The Commission found other proposals, such as increasing the Commission's scrutiny of certain filings and recommendations to facilitate the IP transition, to be outside the scope of this proceeding.

**G. Report to Congress**

The Commission will send a copy of the *Report and Order,* including this FRFA, in a report to be sent to Congress pursuant to the Congressional Review Act. In addition, the Commission will send a copy of the *Report and Order,* including this FRFA, to the Chief Counsel for Advocacy of the SBA. A copy of the *Report and Order* (or summaries thereof) will also be published in the *Federal Register* .

**IV. Procedural Matters**

*Paperwork Reduction Act.* The *Report and Order* does not contain new or substantively modified information collection requirements subject to the Paperwork Reduction Act of 1995 (PRA), Public Law 104-13. In addition, therefore, it does not contain any new or modified information collection burden for small business concerns with fewer than 25 employees, pursuant to the Small Business Paperwork Relief Act of 2002, Public Law 107-198, see 44 U.S.C. 3506(c)(4). This document may contain non-substantive modifications to an approved information collection. Any such modifications will be submitted to the Office of Management and Budget (OMB) for review pursuant to OMB's non-substantive modification process.

*Congressional Review Act.* The Commission believes, and the Administrator of the Office of Information and Regulatory Affairs, OMB, concurs that these rules are non-major. As such, the rules are non-major under the Congressional Review Act, section 251 of the Contract with America Advancement Act of 1996, Public Law 104-121. The Commission will send a copy of this *Report and Order* to Congress and the Government Accountability Office pursuant to 5 U.S.C. 801(a)(1)(A).

**V. Ordering Clauses**

Accordingly, pursuant to sections 4(i), 8, 201, 202, 227, 227b, 227(e), 251(e), 501, 502, and 503 of the Communications Act of 1934, as amended, 47 U.S.C. 154(i), 158, 201, 202, 227(e), 251(e), 501, 502, and 503, and 31 U.S.C. 3512(b), *it is ordered* that this *Report and Order**is adopted* .

*It is further ordered* that parts 1 and 64 of the Commission's rules *are amended* as set forth in the *Report and Order,* Final Rules.

*It is further ordered* that, pursuant to §§ 1.4(b)(1) and 1.103(a) of the Commission's rules, 47 CFR 1.4(b)(1), 1.103(a), this *Report and Order,* including the rule revisions and redesignations described in the Final Rules, *shall be effective* 30 days after publication in the *Federal Register* , except for: (a) 47 CFR 1.8002(b)(2) and 47 CFR 64.6305(h), which may contain modifications to existing information collection requirements that require review by the OMB under the Paperwork Reduction Act; and (b) 47 CFR 1.1105, which requires notice to Congress pursuant to section 9A(b)(2) of the Communications Act, 47 U.S.C. 159A(b)(2), and also requires certain updates to the FCC's information technology systems and internal procedures to ensure efficient and effective implementation. Sections 1.8002(b)(2) and 64.6305(h) will not become effective until any necessary OMB review is complete. Section 1.1105 will not take effect until the requisite notice has been provided to Congress, the FCC's information technology systems and internal procedures have been updated, and the Commission publishes notice(s) in the *Federal Register* announcing the effective date of such rules.

*It is further ordered* that the Office of the Managing Director, Performance Evaluation and Records Management, *shall send* a copy of this *Report and Order* in a report to be sent to Congress and the Government Accountability Office pursuant to the Congressional Review Act, see 5 U.S.C. 801(a)(1)(A).

*It is further ordered* that the Commission's Office of the Secretary, *shall send* a copy of this *Report and Order,* including the Final Regulatory Flexibility Analysis, to the Chief Counsel for Advocacy of the Small Business Administration.

**List of Subjects**

Claims, Communications, Communications common carriers, Communications equipment, Environmental impact statements, Equal access to justice, Equal employment opportunity, Federal buildings and facilities, Government employees, Individuals with disabilities, Internet, Investigations, Penalties, Radio, Reporting and recordkeeping requirements, Satellites, Security measures, Telecommunications, and Television.

Carrier equipment, Communications common carriers, Reporting and recordkeeping requirements, and Telecommunications.

Federal Communications Commission.

Aleta Bowers,

Federal Register Liaison Officer, Office of the Secretary.

**Final Rules**

For the reasons discussed in the preamble, the Federal Communications Commission amends 47 CFR parts 1 and 64 as follows:

**PART 1—PRACTICE AND PROCEDURE**

**Subpart A—General Rules of Practice and Procedure**

**47 CFR Part 1**

1. The authority citation for part 1 continues to read as follows:

**Authority:**

47 U.S.C. chs. 2, 5, 9, 13; 28 U.S.C. 2461 note; 47 U.S.C. 1754, unless otherwise noted.

**47 CFR Part 1**

2. Amend § 1.80 by revising “Table 1 to Paragraph (b)(11)” in paragraph (b)(11) to read as follows:

§ 1.80

(b) * * *

(11) * * *

| Forfeitures | Violation amount |
| --- | --- |
| Misrepresentation/lack of candor | (1) |
| Failure to file required DODC required forms, and/or filing materially inaccurate or incomplete DODC information | $15,000 |
| Construction and/or operation without an instrument of authorization for the service | 10,000 |
| Failure to comply with prescribed lighting and/or marking | 10,000 |
| Violation of public file rules | 10,000 |
| Submitting inaccurate or false information to the Robocall Mitigation Database (Continuing violation until cured) | 10,000 |
| Violation of political rules: Reasonable access, lowest unit charge, equal opportunity, and discrimination | 9,000 |
| Unauthorized substantial transfer of control | 8,000 |
| Violation of children's television commercialization or programming requirements | 8,000 |
| Violations of rules relating to distress and safety frequencies | 8,000 |
| False distress communications | 8,000 |
| EAS equipment not installed or operational | 8,000 |
| Alien ownership violation | 8,000 |
| Failure to permit inspection | 7,000 |
| Transmission of indecent/obscene materials | 7,000 |
| Interference | 7,000 |
| Importation or marketing of unauthorized equipment | 7,000 |
| Exceeding of authorized antenna height | 5,000 |
| Fraud by wire, radio or television | 5,000 |
| Unauthorized discontinuance of service | 5,000 |
| Use of unauthorized equipment | 5,000 |
| Exceeding power limits | 4,000 |
| Failure to Respond to Commission communications | 4,000 |
| Violation of sponsorship ID requirements | 4,000 |
| Unauthorized emissions | 4,000 |
| Using unauthorized frequency | 4,000 |
| Failure to engage in required frequency coordination | 4,000 |
| Construction or operation at unauthorized location | 4,000 |
| Violation of requirements pertaining to broadcasting of lotteries or contests | 4,000 |
| Violation of transmitter control and metering requirements | 3,000 |
| Failure to file required forms or information | 3,000 |
| Per call violations of the robocall blocking rules | 2,500 |
| Failure to make required measurements or conduct required monitoring | 2,000 |
| Failure to provide station ID | 1,000 |
| Unauthorized pro forma transfer of control | 1,000 |
| Failure to maintain required records | 1,000 |
| Failure to update Robocall Mitigation Database within 10 business days (Continuing violation until cured) | 1,000 |

**Subpart G—Schedule of Statutory Charges and Procedures for Payment**

**47 CFR Part 1**

3. Delayed indefinitely, amend § 1.1105 by revising the “Table to § 1.1105” to read as follows:

§ 1.1105

| Type of application | Payment | Fee |
| --- | --- | --- |
| Domestic 214 Applications—Part 63, Transfers of Control | CDU | $1,445 |
| Domestic 214 Applications—Special Temporary Authority | CDV | 755 |
| Domestic 214 Applications—Part 63 Discontinuances (Non-Standard Review) (Technology Transition Filings Subject to § 63.71(f)(2)(i) or Not Subject to Streamlined Automatic Grant, and Filings From Dominant Carriers Subject to 60-Day Automatic Grant | CDW | 1,445 |
| Domestic 214 Applications—Part 63 Discontinuances (Standard Streamlined Review) (All Other Domestic 214 Discontinuance Fillings) | CDX | 375 |
| VoIP Numbering | CDY | 1,560 |
| Standard Tariff Filing | CQK | 1,040 |
| Complex Tariff Filing (annual access charge tariffs, new or restructured rate plans) (Large—all price cap LECs and entities involving more than 100 LECs) | CQL | 7,680 |
| Complex Tariff Filing (annual access charge tariffs, new or restructured rate plans) (Small—other entities) | CQM | 3,840 |
| Application for Special Permission for Waiver of Tariff Rules | CQN | 420 |
| Waiver of Accounting Rules | CQP | 5,185 |
| Universal Service Fund Auction (combined long-form and short-form fee, paid only by winning bidder) | CQQ | 3,480 |
| Initial Robocall Mitigation Database Filing | CEA | 100 |
| Annual Robocall Mitigation Database Recertification | CEB | 100 |

**Subpart W—FCC Registration Number (FRN)**

**47 CFR Part 1**

4. Delayed indefinitely, amend § 1.8002 by revising paragraph (b)(2) to read as follows:

§ 1.8002

(b) * * *

(2) Registrants shall update the information listed in paragraph (b)(1) of this section within 10 business days of any change to that information either by updating the information on-line at the CORES link at *www.fcc.gov* or by filing FCC Form 161 (CORES Update/Change Form).

**PART 64—MISCELLANEOUS RULES RELATING TO COMMON CARRIERS**

**Subpart HH—Caller ID Authentication**

**47 CFR Part 64**

5. The authority citation for part 64 continues to read as follows:

**Authority:**

47 U.S.C. 151, 152, 154, 201, 202, 217, 218, 220, 222, 225, 226, 227, 227b, 228, 251(a), 251(e), 254(k), 255, 262, 276, 403(b)(2)(B), (c), 616, 620, 716, 1401-1473, unless otherwise noted; Pub. L. 115-141, Div. P, sec. 503, 132 Stat. 348, 1091; Pub. L. 117-338, 136 Stat. 6156.

**47 CFR Part 64**

6. Delayed indefinitely, amend § 64.6305 by adding paragraph (h) to read as follows:

§ 64.6305

(h) *Annual Recertification Requirement.* In accordance with this section and 47 CFR 1.16, all providers shall certify annually, on or before March 1, that any information submitted to the Robocall Mitigation Database is true and correct.