# Central office code administration.
**AGENCY:**
Federal Communications Commission.
**ACTION:**
Final rule.
**SUMMARY:**
In this document, the Federal Communications Commission (Commission) adopts rules regarding direct access to numbers by providers of interconnected Voice over internet Protocol (VoIP) services. The Commission takes this action in furtherance of Congress' directive in the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act to examine ways to reduce access to telephone numbers by potential perpetrators of illegal robocalls. These actions continue to safeguard U.S. numbering resources and consumers, protect national security interests, promote public safety, and ensure compliance with other important Commission rules.
**DATES:**
*Effective date:* March 19, 2026.
*Compliance date:* Compliance will not be required for § 52.15(g)(3)(x)(E) until a document is published in the *Federal Register* announcing a compliance date and revising or removing § 52.15(g)(3)(x)(F).
**FOR FURTHER INFORMATION CONTACT:**
Jordan Reth, Attorney Advisor, Competition Policy Division, Wireline Competition Bureau at *[email protected]* or (202) 418-1418. For additional information concerning the Paperwork Reduction Act information collection requirements contained in this document, contact Nicole Ongele at (202) 418-2991, or send an email to *[email protected].*
**SUPPLEMENTARY INFORMATION:**
This is a summary of the Commission's *Third Report and Order* in WC Docket Nos. 13-97, 07-243, 20-67, FCC 25-86, adopted on December 18, 2025, and released on December 19, 2025. The complete text of this document is available for download at *https://docs.fcc.gov/public/attachments/FCC-25-86A1.pdf.* Alternative formats are available for people with disabilities (Braille, large print, electronic files, audio format) by sending an email to *[email protected]* or calling the Commission's Consumer and Government Affairs Bureau at (202) 418-0503.
*Regulatory Flexibility Act.* The Regulatory Flexibility Act of 1980, as amended (RFA) requires that an agency prepare a regulatory flexibility analysis for notice and comment rulemakings, unless the agency certifies that “the rule will not, if promulgated, have a significant economic impact on a substantial number of small entities.” Accordingly, the Commission has prepared a Final Regulatory Flexibility Analysis (FRFA) concerning the possible impact of the rule changes contained in the *Third Report and Order* on small entities. The FRFA is set forth in Appendix B, *https://www.fcc.gov/document/wcb-updates-numbering-requirements-providers.*
*Paperwork Reduction Act.* This document contains new information collection requirements. The Commission, as part of its continuing effort to reduce paperwork burdens, will invite the general public to comment on the information collection requirements contained in this R&O as required by the Paperwork Reduction Act of 1995, Public Law 104-13. In addition, the Commission notes that pursuant to the Small Business Paperwork Relief Act of 2002, Public Law 107-198, *see* 44 U.S.C. 3506(c)(4), we previously sought specific comment on how the Commission might further reduce the information collection burden for small business concerns with fewer than 25 employees.
*Congressional Review Act.* The Commission has determined, and the Administrator of the Office of Information and Regulatory Affairs, Office of Management and Budget, concurs, that this rule is “non-major” under the Congressional Review Act, 5 U.S.C. 804(2). The Commission will send a copy of the *Third Report and Order* to Congress and the Government Accountability Office pursuant to 5 U.S.C. 801(a)(1)(A).
*OPEN Government Data Act.* The OPEN Government Data Act, requires agencies to make “public data assets” available under an open license and as “open Government data assets,” *i.e.,* in machine-readable, open format, unencumbered by use restrictions other than intellectual property rights, and based on an open standard that is maintained by a standards organization. This requirement is to be implemented “in accordance with guidance by the Director” of OMB. The term “public data asset” means “a data asset, or part thereof, maintained by the Federal Government that has been, or may be, released to the public, including any data asset, or part thereof, subject to disclose under [the Freedom of Information Act (FOIA)].” A “data asset” is “a collection of data elements or data sets that may be grouped together,” and “data” is “recorded information, regardless of form or the media on which the data is recorded.” We delegate authority to the Wireline Competition Bureau (WCB), in consultation with the agency's Chief Data and Analytics Officer and after seeking public comment to the extent it deems appropriate, to determine whether any data assets maintained or created by the Commission pursuant to the rules adopted in the *Third Report and Order* are “public data assets” and if so, to determine when and to what extent such information should be published as “open Government data assets.” In doing so, WCB shall take into account the extent to which such data asserts should be made publicly available because they are not subject to disclosure under the FOIA. *See, e.g.,* 5 U.S.C. 552(B)(4), (6)-(7) (exemptions concerning confidential commercial information, personal privacy, and information compiled for law enforcement purposes, respectively).
**Synopsis**
**Introduction**
After nearly a decade, protections built into the VoIP numbering authorization remain a critical defense in mitigating the risks associated with bad actors accessing numbering resources. As we continue to examine the nexus between interconnected VoIP providers, robocalls, and direct access to numbers, we have identified further actions we can take to strengthen these protections. Although our current rules contain updated protections targeting illegal robocalling, spoofing, and fraud, they are only applicable to applicants seeking authorizations after the effective date of the rules appended by the 2023 *Second Report and Order.* The rule changes we adopt today make certain that *all* direct access authorization holders will be subject to the same set of rules, expanding the scope of our robocall-related, national security, and public safety protections. The Wireline Competition Bureau will release a best practices Public Notice outlining the required filings and process for existing authorization holders. Additionally, the *Second Further Notice* sought comment on a proposal to require direct access applicants to disclose a list of states in which they intend to provide initial service, and on a proposal to minimize harms that may arise from bad actors that access numbering resources indirectly by holding their direct access authorization holder “partners” accountable for their actions. These matters raised in the *Second Further Notice* are not addressed in this *Third Report and Order.*
**Ensuring That All Direct Access Authorizations Serve the Public Interest**
We revise § 52.15(g)(3) of the Commission's rules to include a new requirement for all authorization holders whose authorizations were issued prior to August 8, 2024, (that is, prior to the effective date of the updated certification and information disclosure requirements adopted in the *Second Report and Order* ), to file the updated required certifications and information disclosures. We also adopt a 30-day deadline for these existing authorization holders to comply with the updated filing requirements, *i.e.,* existing authorization holders must file the updated certifications and other information disclosures within 30 days of the effective date of the rule changes adopted herein. The certifications require that an officer or responsible official of the company attests under penalty of perjury, pursuant to § 1.16 of the Commission's rules, that all statements in the application are true and accurate. We also note that, by statute, any person that knowingly and willfully makes a false statement shall be fined or imprisoned or both.
Furthermore, if the new information submitted by the existing authorization holder warrants further review, or the grantee is non-compliant with filing the required information, the authorization may be suspended, terminated, or revoked. At this time, we will not require an interconnected VoIP provider to return its existing numbers if the Bureau revokes its VoIP numbering authorization. This creates a uniform framework for all authorization holders.
We require all authorization holders filing the updated requirements or any authorization holder filing corrected information to file in the Electronic Comment Filing System (ECFS) through the newly established Direct Access Authorization Holder Post-Grant Communications intake docket (Inbox 52.15 (X)) and via email to *[email protected],* unless the Bureau specifies another method. We note that the Bureau may request additional documentation as necessary.
**Certifying Compliance With Robocall-Related Rules**
More than just a nuisance, illegal robocalls continue to expose millions of American consumers to harmful risks. The Commission has estimated that $10.5 billion is lost annually by consumers due to illegal robocalls, not accounting for the non-quantifiable losses suffered by consumers and the erosion of confidence in the nation's telephone network. The Commission has also found that the potential benefits resulting from eliminating the wasted time and nuisances caused by illegal scam robocalls would exceed $3 billion annually. The Commission receives more complaints about such illegal calls than about anything else—approximately 120,000 last year alone. The Commission received approximately 193,000 such complaints in 2019, 157,000 in 2020, 164,000 in 2021, and 119,000 in 2022 and in 2023. We remain committed to protecting consumers and our communication networks from bad actors who would seek to exploit numbering resources for such purposes.
*Robocall-related certifications.* We revise § 52.15(g)(3) of the Commission's rules to require existing VoIP numbering authorization holders—those that obtained direct access numbering authorizations prior to August 8, 2024—to certify that:
• the authorization holder will not use the numbers obtained pursuant to an interconnected VoIP provider numbering authorization to knowingly transmit, encourage, assist, or facilitate illegal robocalls, illegal spoofing, or fraud, in violation of robocall, spoofing, and deceptive telemarketing obligations under 47 CFR 64.1200, 64.1604, 64.6300 *et seq.,* and 16 CFR 310.3(b);
• the authorization holder has fully complied with all applicable STIR/SHAKEN caller ID authentication and robocall mitigation program requirements and filed a certification in the Robocall Mitigation Database as required by 47 CFR 64.6301-64.6305; and
• neither the authorization holder nor any of its key personnel identified in the application are or have been subject to a Commission, law enforcement, or any regulatory agency investigation for failure to comply with any law, rule, or order, including the Commission's rules applicable to unlawful robocalls or unlawful spoofing.
As voice service providers, interconnected VoIP providers must comply with all regulations that target illegal robocalls that are generally applicable to all voice service providers. Additionally, interconnected VoIP providers acting as terminating, originating, intermediate, and/or gateway providers must accordingly also comply with the specific regulations targeting illegal robocalls that are applicable to each type of provider.
As with the *Second Report and Order,* we received broad support from governmental entities and other organizations for adding robocall-specific certifications for existing authorization holders.
One commenter observed that our proposal “would create a uniform understanding of the information reviewed by the Commission prior to approval and would prevent inadvertent competitive advantages for providers that were potentially subject to lower standards of review.” We agree. While other commenters opposed the robocall-related certifications, we did not receive new opposition based on extending the requirements to existing authorization holders, but a reiteration of the same grounds in the *Second Report and Order, e.g.,* that they are burdensome, ineffective, etc. We disagree. We are not placing new obligations on all direct access authorization holders, but instead are now creating parity with all authorization holders by requiring the former (pre-August 2024) VoIP numbering authorization holders to certify that they will comply, or have complied, with certain requirements. Importantly, as some of the authorizations date from 2016, it is important to ensure that all authorization holders are equally compliant with our requirements and fully aware of important robocall related obligations enacted since they first obtained their VoIP numbering authorizations. Additionally, since the adoption of these requirements for new applications in 2023, the Bureau has processed 17 applications containing these certification requirements, indicating that these applicants did not find the certifications overly burdensome, and that the requirements have not had an anticompetitive effect. Additionally, if these requirements have discouraged any applicants that could not meet the certification requirements from applying in the first place, that indicates the process is working as intended as the Commission could not reasonably grant authorizations to parties that could not meet such basic and necessary certifications.
**Enhanced Disclosure and Review of Ownership and Control of Applicants**
The Commission long has recognized that “[i]llegal robocalling often originates from sources outside the United States,” and that “illegal robocalls that originate abroad are a significant part of that robocall problem.” Particularly, “international gateway traffic is a significant source of fraudulent traffic.” In the *Second Report and Order,* we adopted rules requiring the disclosure of ownership and control of applicants for the VoIP numbering authorization, enabling greater transparency into who is seeking access to numbering resources and if foreign ownership is involved. We now extend those same requirements to all existing authorization holders, to provide a comprehensive view of the VoIP numbering authorization program and thwart foreign bad actors seeking to circumvent our rules. Extending these critical reporting and disclosure requirements to all VoIP numbering authorization holders will provide vital transparency into our oversight of international gateway traffic.
*Ownership and control information disclosures.* We revise § 52.15(g)(3) of the Commission's rules to require existing VoIP numbering authorization holders to update their filings by providing the same information, disclosures, and certifications required by 47 CFR 63.18(h) and (i). If the authorization holder does not have information required to be provided under § 63.18(h) and (i), the authorization holder must include a certified statement to that effect. If the updated ownership information submitted by an existing authorization holder indicates a material change or discloses new information such that additional investigation is necessary to confirm that the authorization still serves the public interest, the Bureau has delegated authority to direct the Numbering Administrator, pursuant to its applicable procedures, to suspend all pending and future requests for numbers while an investigation or referral for Executive Branch agencies' review is warranted. We reiterate that at this time, we will not require an interconnected VoIP provider to return its existing numbers if the Bureau revokes its VoIP numbering authorization. This creates a uniform framework for all authorization holders.
*Duty to update ownership information.* In the *Second Report and Order,* we adopted changes to our rules requiring interconnected VoIP providers that obtain direct access authorization under the revised rules to submit an update to the Commission and each applicable state within 30 days of any change to the reportable ownership information. An applicable state is each state where the provider has acquired or applied to receive numbers from the state at the time of the ownership change. This includes an ongoing duty to update information when there are changes in ownership or control of the authorization holder, as required under our rules. The Commission may use the updated contact information, certifications, or ownership or affiliation information to determine whether a change in authorization status is warranted.
Similar to the record for robocall-related certifications, many commenters support equal application of ownership and control disclosure requirements among all applicants and authorization holders. Some commenters maintain their general opposition to additional requirements, but do not distinguish a specific burden for existing authorization holders as opposed to applicants. We maintain that the public interest benefit of a requirement to keep all ownership data up to date across all VoIP numbering authorizations outweighs the minimal burden on existing grantees. We also continue to cross-reference the ownership and control information reporting requirements to ensure consistency with other Commission licensing applications ( *e.g.,* international section 214 applications), and to minimize confusion and administrative burden on filers. Strengthening our rules and empowering Commission staff with the necessary information to appropriately evaluate all VoIP numbering authorizations on an ongoing basis is critical to our mission and the ongoing fight against illegal calls.
**Certifying Compliance With Other Commission Rules**
In the *Second Report and Order,* we adopted additional certifications for applicants of the VoIP numbering authorization that were designed to illustrate the applicant's compliance with other important Commission rules enhancing public safety, preventing access stimulation and intercarrier compensation abuse, and ensuring that the Commission's broadband maps are accurate. By extending these additional certifications to existing authorization holders, we not only ensure grantees are aware of and complying with other important applicable Commission requirements but also increase our enforcement capabilities should authorization holders fall short of their obligations.
Consistent with the Commission's proposal in the *Second VoIP Direct Access Further Notice* to require existing interconnected VoIP direct access authorization holders to provide the same certification, acknowledgments, and disclosures as new applicants, we also require existing authorization holders to file an acknowledgement pursuant to 47 CFR 52.15(g)(3)(ii)(B) “that the authorization granted under this paragraph (g)(3) is subject to compliance with the applicable Commission numbering rules in this part; numbering authority delegated to the states, and the state laws, regulations, and registration requirements applicable to businesses operating in each state where the applicant seeks numbering resources; and industry guidelines and practices regarding numbering as applicable to telecommunications carriers[.]” Some commenters originally opposed requiring this acknowledgement in 2023, but have not raised new arguments about uniformly extending its applicability to existing authorization holders, and have instead reiterated the same arguments the Commission already rejected in the *Second Report and Order.* As the Commission noted in the *Second Report and Order,* “[b]y clarifying that all VoIP direct access authorization holders must comply with other applicable state laws, such as registration requirements, the new requirement will make it more difficult for interconnected VoIP providers to evade measures that enable states to generally address other consumer-protection issues, including unlawful robocalling.”
We revise § 52.15(g)(3) of the Commission's rules to require existing VoIP numbering authorization holders to update their filings with the following:
• a certification with accompanying evidence that the authorization holder complies with its 911 obligations under Part 9 of the Commission's rules—which include Next Generation 911 requirements—and that it complies with the provisions of the Communications Assistance with Law Enforcement Act, 47 U.S.C. 1001 *et seq.;*
• a certification that the authorization holder complies with the Access Stimulation rules under 47 CFR 51.914;
• proof that the authorization holder has filed FCC Forms 477 and 499, or a statement explaining why each such form is not yet applicable.
Regarding CALEA, we remind VoIP providers of their existing obligation to electronically file CALEA System Security and Integrity plans with the FCC before commencing service consistent with 47 CFR part 1, subpart Z. The FCC Form 477 filing system is no longer being used to collect new FCC Form 477 submissions and remains open only for filers to make corrections to existing FCC Form 477 filings for data as of June 30, 2022, and earlier.
We reiterate here that holders of all Commission authorizations, including the VoIP numbering authorization, have a clear and demonstrable duty to operate in the public interest. Where the Commission grants a right or privilege, it unquestionably has the right to revoke or deny that right or privilege in appropriate circumstances. In the *Second Report and Order,* we adopted rules concerning the grounds for revocation and/or termination of a VoIP numbering authorization. We also delegated authority to the Wireline and Enforcement Bureaus to direct the Numbering Administrator to suspend the authorization holder's access to new numbering resources in certain circumstances and following required procedures. Those same enforcement mechanisms apply to all VoIP numbering applicants and authorization holders, including the existing authorization holders submitting the updated requirements as adopted today. If, upon review, Commission staff determine that an existing authorization holder is non-compliant with submitting the updated requirements, or if the information submitted is deemed insufficient, or raises questions as to whether the authorization still serves the public interest, then the authorization status may be reviewed, leading to possible suspension, termination, and/or revocation, as necessary.
One commenter supported the denial of new numbering requests, but only in instances of material risk to national security or if it is likely to perpetuate the origination of illegal robocalling. We disagree and reaffirm that the Wireline and Enforcement Bureaus have delegated authority to suspend an authorization holder's access to new numbering resources in certain circumstances pending an investigation and following required procedures. While in the course of considering suspension, we should take into account specific concerns about national security or unlawful robocalling, but willful violations of Commission rules or other concerns to public health, interest or safety will also be evaluated and may warrant a suspension of VoIP numbering authorization.
**Costs and Benefits**
The rules we adopt in this *Third Report and Order* generally reflect a mandate from the TRACED Act to reduce access to numbers by potential perpetrators of illegal robocalls. We conclude that the expected benefits will exceed the costs, which are minimal. The Commission found in the *Caller ID Authentication First Report and Order* that widespread deployment of the STIR/SHAKEN framework will increase its effectiveness for both voice service providers and their subscribers, producing a potential annual benefit floor of $13.5 billion due to the reduction in nuisance calls and fraud. In addition, the Commission identified many non-quantifiable benefits, such as restoring confidence in incoming calls and ensuring reliable access to emergency and healthcare communications. Consistent with the TRACED Act, the rules we adopt in this *Third Report and Order* are intended to help unlock those benefits. As the Commission has noted, an overall reduction in illegal robocalls will greatly lower network costs by eliminating both the unwanted traffic and the labor costs of handling numerous customer complaints. The certifications and disclosures we adopt should place minimal burdens on interconnected VoIP providers, and our formalization of the application review process should impose small costs on Commission staff. We therefore conclude that the rules we adopt in this *Third Report and Order* will impose only a minimal cost on direct access applicants while having the overall effect of materially lowering network costs and raising consumer benefits.
**Legal Authority**
As established in the *Second Report and Order,* section 251(e) of the Act provides sufficient authority for the requirements adopted in this *Third Report and Order,* and section 6(a) of the TRACED Act provides both supplemental and independent authority for those requirements specifically related to fighting illegal robocalls. The *First VoIP Direct Access Further Notice* proposed concluding that our authority for adopting the new or revised direct access to numbers application requirements for interconnected VoIP providers arises from section 251(e) of the Act and section 6(a) of the TRACED Act.
Section 251(e)(1) of the Act grants the Commission “exclusive jurisdiction over those portions of the North American Numbering Plan that pertain to the United States.” Based on this grant, in the *VoIP Direct Access Order,* the Commission concluded that section 251(e)(1) provided it with authority “to extend to interconnected VoIP providers both the rights and obligations associated with using telephone numbers.” The Commission also has relied on section 251(e)(1) to require interconnected and one-way VoIP providers to implement the STIR/SHAKEN caller ID authentication framework and allow customers to reach the National Suicide Prevention Lifeline by dialing 988. Consistent with the Commission's well-established reliance on section 251(e) numbering authority with respect to interconnected VoIP providers, we conclude that section 251(e)(1) allows us to further refine our processes and requirements governing direct access to numbers by interconnected VoIP providers.
We further conclude that section 6(a) of the TRACED Act provides us with separate, additional authority to adopt our proposals related to fighting illegal robocalls. Section 6(a)(1) gives the Commission authority “to determine how Commission policies regarding access to number resources, including number resources for toll free and non-toll free telephone numbers, could be modified, including by establishing registration and compliance obligations,” and to “take sufficient steps to know the identity of the customers of such providers [of voice services], to help reduce access to numbers by potential perpetrators of violations of section 227(b) of the Communications Act of 1934 (47 U.S.C. 227(b)).”
The Commission commenced the required proceeding pursuant to the TRACED Act in March 2020 and expanded on those inquiries in the *VoIP Direct Access Further Notice.* Section 6(a)(2) of the TRACED Act states that “[i]f the Commission determines under paragraph (1) that modifying the policies described in that paragraph could help achieve the goal described in that paragraph, the Commission shall prescribe regulations to implement those policy modifications.” We conclude that section 6(a) of the TRACED Act, in directing us to prescribe regulations implementing policy changes to reduce access to numbers by potential perpetrators of illegal robocalls, provides an independent basis to adopt certain of the rule changes we are making to the direct access process with respect to fighting unlawful robocalls.
**Final Regulatory Flexibility Analysis**
As required by the Regulatory Flexibility Act of 1980, as amended (RFA), the Federal Communications Commission (Commission) incorporated an Initial Regulatory Flexibility Analysis (IRFA) in the *Numbering Policies for Modern Communications, et al., Second Further Notice of Proposed Rulemaking* ( *Second VoIP Direct Access Further Notice* ) released in September 2023. The Commission sought written public comment on the proposals in the *Second VoIP Direct Access Further Notice,* including comment on the IFRA. No comments were filed addressing the IRFA. This Final Regulatory Flexibility Analysis (FRFA) conforms to the RFA and it (or summaries thereof) will be published in the *Federal Register* .
**Need for, and Objectives of, the Rules**
The *Third Report and Order* takes important steps aimed at stemming the tide of illegal robocalls perpetrated by interconnected Voice over internet Protocol (VoIP) providers and protecting the nation's numbering resources from abuse by foreign bad actors by strategically updating the Commission's rules regarding how such providers obtain nationwide authorization for direct access to our nation's limited numbering resources.
The *Third Report and Order* requires existing interconnected VoIP providers with numbering authorizations that predate the rule change adopted in the *Second Report and Order* to make the updated robocall-related, public safety and national security certifications and information disclosures as adopted in the *Second Report and Order.* Specifically, the *Third Report and Order* will amend 47 CFR 52.15(g)(3)(x), which outlines conditions applicable to all interconnected VoIP providers with numbering authorizations to include a new subsection that requires the updated certifications and information disclosures. Similar in process to the new applications, filers submitting the required updates will be required to respond to requests for additional information regarding their updated filings.
**Summary of Significant Issues Raised by Public Comments in Response to the IRFA**
No comments were filed addressing the impact of the proposed rules on small entities.
**Response to Comments by the Chief Counsel for Advocacy of the Small Business Administration**
Pursuant to the Small Business Jobs Act of 2010, which amended the RFA, the Commission is required to respond to any comments filed by the Chief Counsel for the Small Business Administration (SBA) Office of Advocacy, and also provide a detailed statement of any change made to the proposed rules as a result of those comments. The Chief Counsel did not file any comments in response to the proposed rules in this proceeding.
**Description and Estimate of the Number of Small Entities to Which the Rules Will Apply**
The RFA directs agencies to provide a description of, and where feasible, an estimate of the number of small entities that may be affected by the adopted rules. The RFA generally defines the term “small entity” as having the same meaning as the terms “small business,” “small organization,” and “small governmental jurisdiction.” In addition, the term “small business” has the same meaning as the term “small business concern” under the Small Business Act (SBA). A “small business concern” is one which: (1) is independently owned and operated; (2) is not dominant in its field of operation; and (3) satisfies any additional criteria established by the SBA. The SBA establishes small business size standards that agencies are required to use when promulgating regulations relating to small businesses; agencies may establish alternative size standards for use in such programs, but must consult and obtain approval from SBA before doing so.
Our actions, over time, may affect small entities that are not easily categorized at present. We therefore describe three broad groups of small entities that could be directly affected by our actions. In general, a small business is an independent business having fewer than 500 employees. These types of small businesses represent 99.9% of all businesses in the United States, which translates to 34.75 million businesses. Next, “small organizations” are not-for-profit enterprises that are independently owned and operated and are not dominant in their field. While we do not have data regarding the number of non-profits that meet that criteria, over 99 percent of nonprofits have fewer than 500 employees. Finally, “small governmental jurisdictions” are defined as cities, counties, towns, townships, villages, school districts, or special districts with populations of less than fifty thousand. Based on the 2022 U.S. Census of Governments data, we estimate that at least 48,724 out of 90,835 local government jurisdictions have a population of less than 50,000.
The rules adopted in the *Third Report and Order* will apply to small entities in the industries identified in the chart below by their six-digit North American Industry Classification System (NAICS) codes and corresponding SBA size standard. Based on currently available U.S. Census data regarding the estimated number of small firms in each identified industry, we conclude that the adopted rules will impact a substantial number of small entities. Where available, we also provide additional information regarding the number of potentially affected entities in the identified industries below.
| Regulated industry | NAICS code | SBA size standard | Total firms | Total small firms | % Small firms |
| --- | --- | --- | --- | --- | --- |
| Wired Telecommunications Carriers | 517111 | 1,500 employees | 3,403 | 3,027 | 88.95 |
| Wireless Telecommunications Carriers (except Satellite) | 517112 | 1,500 employees | 1,184 | 1,081 | 91.30 |
| Telecommunications Resellers | 517121 | 1,500 employees | 955 | 847 | 88.69 |
| Satellite Telecommunications | 517410 | $44 million | 332 | 195 | 58.73 |
| All Other Telecommunications | 517810 | $40 million | 1,673 | 1,007 | 60.19 |
| 2024 Universal service monitoring report telecommunications service provider data | Affected entity | SBA size standard | Total # FCC | Small firms | % Small |
| --- | --- | --- | --- | --- | --- |
| Cable/Coax CLEC | 67 | 62 | 92.54 | | |
| Competitive Local Exchange Carriers (CLECs) | 3,729 | 3,576 | 95.90 | | |
| Incumbent Local Exchange Carriers (Incumbent LECs) | 1,175 | 917 | 78.04 | | |
| Interexchange Carriers (IXCs) | 113 | 95 | 84.07 | | |
| Local Exchange Carriers (LECs) | 4,904 | 4,493 | 91.62 | | |
| Local Resellers | 222 | 217 | 97.75 | | |
| Other Toll Carriers | 74 | 71 | 95.95 | | |
| Prepaid Card Providers | 47 | 47 | 100.00 | | |
| Toll Resellers | 411 | 398 | 96.84 | | |
| Wired Telecommunications Carriers | 4,682 | 4,276 | 91.33 | | |
| Wireless Telecommunications Carriers (except Satellite) | 585 | 498 | 85.13 | | |
**Description of Projected Reporting, Recordkeeping, and Other Compliance Requirements for Small Entities**
The RFA directs agencies to describe the economic impact of adopted rules on small entities, as well as projected reporting, recordkeeping and other compliance requirements, including an estimate of the classes of small entities which will be subject to the requirement and the type of professional skills necessary for preparation of the report or record.
In the *Third Report and Order,* the Commission adopts new certification and disclosure requirements for interconnected VoIP providers that have obtain a direct access numbering authorization from the Commission. Specifically, we require existing direct access authorization holders whose authorizations predate the updated requirements adopted in the *Second Report and Order* to file the updated requirements within 30 days of the rules we adopt today becoming effective. All existing authorization holders will be required to file the updated robocall-related certifications; file ownership and control disclosure information, reporting foreign ownership as outlined in the rules; and file the updated certifications related to their ongoing compliance with other important Commission rules designed to strengthen public safety, prevent fraud, and enhance transparency for consumers. By establishing this equal framework for all authorization holders, we ensure that our ongoing actions targeting illegal robocalling and spoofing, as well as safeguards for national security and public safety have a greater impact. The Commission anticipates the approaches it has taken to implement the requirements will have minimal or de minimis cost implications because many of these obligations are required to comply with existing Commission regulations.
After reviewing the record, we received no concerns about unique burdens from small businesses that would be impacted by the new certifications adopted in the *Third Report and Order.* As such, the Commission does not have sufficient information on the record to determine whether small entities will be required to hire professionals to comply with its decisions or to quantify the cost of compliance for small entities. Additional resources or personnel, however, should not be required to file these requirements because interconnected VoIP providers should already be familiar with how to make these certifications and disclosures as they are required to comply with existing Commission regulations.
**Discussion of Steps Taken To Minimize the Significant Economic Impact on Small Entities, and Significant Alternatives Considered**
The RFA requires an agency to provide, “a description of the steps the agency has taken to minimize the significant economic impact on small entities . . . including a statement of the factual, policy, and legal reasons for selecting the alternative adopted in the final rule and why each one of the other significant alternatives to the rule considered by the agency which affect the impact on small entities was rejected.”
The *Third Report and Order* considered alternatives that may reduce the impact of these rule changes on small entities. Some proposals were not adopted because the requirements already exist under other parts of the Commission's rules. New obligations regarding STIR/SHAKEN caller ID authentication or robocall mitigation specifically for interconnected VoIP providers were not adopted; instead applicants are required to certify compliance with preexisting rule sections. This reduces confusion and maintains accuracy should the Commission decide to revise the robocall-related dockets.
While some commenters believe these new requirements are burdensome and anticompetitive, as discussed above, the new certification requirements in the *Third Report and Order* require providers to certify that they are compliant with preexisting Commission rules, and are therefore minimally burdensome. Our public safety and CALEA documentation submission requirement formalizes existing Bureau practice of requesting such information from existing direct access numbering authorization holders. Our new ownership disclosure requirement tracks requirements already imposed on providers in the section 214 context. For these reasons, we believe that small and other interconnected VoIP providers will not face significantly increased compliance burdens when including these new certifications and disclosures in their direct access authorization applications.
**Report to Congress**
The Commission will send a copy of the *Third Report and Order,* including this Final Regulatory Flexibility Analysis, in a report to Congress pursuant to the Congressional Review Act. In addition, the Commission will send a copy of the *Third Report and Order,* including this Final Regulatory Flexibility Analysis, to the Chief Counsel for Advocacy of the SBA and will publish a copy of the *Third Report and Order* and this Final Regulatory Flexibility Analysis (or summaries thereof) in the *Federal Register* .
**Ordering Clauses**
Accordingly, * it is ordered* that pursuant to sections 1, 3, 4, 201-205, 251, and 303(r) of the Communications Act of 1934, as amended, 47 U.S.C. 151, 153, 154, 201-205, 251, 303(r), and section 6(a) of the TRACED Act, Public Law 116-105, section 6(a)(1)-(2), 133 Stat. 3274, 3277 (2019), 47 U.S.C. 227b-1, the *Third Report and Order and Third Further Notice of Proposed Rulemaking* hereby *is adopted* and part 52 of the Commission's rules, 47 CFR part 52, *is amended* as set forth in Appendix A of the *Third Report and Order.* Pursuant to Executive Order 14215, 90 FR 10447 (Feb. 20, 2025), this regulatory action has been determined to be not significant under Executive Order 12866, 58 FR 68708 (Dec. 28, 1993). The *Third Report and Order* shall become effective 30 days after publication in the *Federal Register* . The changes to § 52.15(g)(3)(x) adopted herein may contain new or modified information collection requirements subject to OMB review under the Paperwork Reduction Act. The Commission directs the Wireline Competition Bureau to announce the compliance date for those requirements in a document published in the *Federal Register* after the completion of OMB review and to cause § 52.15(g)(3)(x) to be revised accordingly.
*It is further ordered* that the Commission's Office of the Secretary, SHALL SEND a copy of this *Third Report and Order and Third Further Notice of Proposed Rulemaking,* including the Final and Initial Regulatory Flexibility Analyses, to the Chief Counsel for the Small Business Administration (SBA) Office of Advocacy.
*It is further ordered* that the Office of the Managing Director, Performance Evaluation and Records Management, *shall send* a copy of this *Third Report and Order* in a report to be sent to Congress and the Government Accountability Office pursuant to the Congressional Review Act, see 5 U.S.C. 801(a)(1)(A).
**List of Subjects in 47 CFR Part 52**
Communications common carriers, Interconnected VoIP providers, Telecommunications, Telephone.
Federal Communications Commission.
Marlene Dortch,
Secretary.
**Final Rules**
For the reasons discussed in the preamble, the Federal Communications Commission amends 47 CFR part 52 as follows:
**PART 52—NUMBERING**
**47 CFR Part 52**
1. The authority citation for part 52 is revised to read as follows:
**Authority:**
47 U.S.C. 151, 152, 153, 154, 155, 201-205, 207-209, 218, 225-227, 227b-1, 251-252, 271, 303, 332, unless otherwise noted.
**47 CFR Part 52**
2. Amend § 52.15 by:
a. Removing the word “and” at the end of paragraph (g)(3)(x)(C);
b. Revising paragraph (g)(3)(x)(D); and
c. Adding paragraphs (g)(3)(x)(E) and (F).
The additions read as follows:
§ 52.15
(g) * * *
(3) * * *
(x) * * *
(D) Provide accurate regulatory and numbering contact information to each state commission when requesting numbers in that state; and
(E) File updated certifications and ownership and control disclosures under paragraphs (g)(3)(ii)(B) through (F), (I), (K), (L), and (N) of this section if the authorization obtained under this section was granted before August 8, 2024.
(F) Paragraph (g)(3)(x)(E) of this section contains a new information-collection requirement. Compliance with paragraph (g)(3)(x)(E) will not be required until this paragraph (g)(3)(x)(F) is removed or contains a compliance date.