Government Affairs

Updated Deadlines for Gateway Provider Robocall Mitigation Rules

July 21, 2022

The FCC’s Gateway Order, released on May 20, 2022, was published in the Federal Register on Monday, July 18, 2022, thus triggering certain compliance deadlines linked to publication.  Deadlines for other new obligations remain open.

The Order imposes a number of new obligations on Gateway Providers designed to prevent foreign-originated illegal robocalls from entering U.S. networks.  The Order defines Gateway Providers as a U.S.-based intermediate provider that receives a call directly from a foreign originating provider or a foreign intermediate provider.  In other words, Gateway Providers are the entities whose U.S.-based facilities are the entry point into the U.S. for foreign-originated traffic.

The Order’s publication in the Federal Register sets the following implementation deadlines:

  • By September 16, 2022, Gateway Providers must block traffic that the FCC has notified the provider constitutes potentially illegal robocalls. Providers immediately downstream from the Gateway Provider must block all traffic from the identified Gateway Provider if notified by the FCC that the Gateway Provider failed to meet its obligation to block illegal traffic.
  • By October 16, 2022, Gateway Providers must have adopted and implemented a general mitigation standard requiring them to take reasonable steps to avoid carrying or processing illegal robocall traffic.
  • By January 14, 2023, Gateway Providers must implement a know-your-upstream provider obligation. Specifically, Gateway Providers must take reasonable steps to ensure that the immediate upstream foreign provider is not using the Gateway Provider to carry or process a high volume of illegal robocall traffic onto the U.S. network.

In addition, by June 30, 2023, Gateway Providers must implement STIR/SHAKEN in the IP portions of their network and authenticate unauthenticated foreign-originated calls using U.S. numbers in caller ID.

The additional obligations adopted in the Order are predicated on approval by the Office of Management and Budget (OMB) of the information collections required by the rule.  The following obligations become effective 30 days after Federal Register notice of OMB approval:

  • Gateway Providers must file in the robocall mitigation database (RMD) a certification regarding STIR/SHAKEN implementation and submit their robocall mitigation plans.
  • Gateway Providers must begin blocking calls to numbers on an established Do Not Call list.
  • Gateway Providers Respond to traceback requests within 24 business hours.

Within 90 days of the date that Gateway Providers must file in the RMD, two additional obligations take effect.  First, providers downstream of the Gateway Provider must block all traffic from any Gateway Provider that has not filed in the RMD. Second, foreign providers, either originating providers or foreign intermediate providers, that send calls to the U.S. using U.S. numbers in the caller ID must file in the RMD or their calls will be blocked by Gateway Providers to which they directly connect.

The FCC will issue a public notice of OMB approval and announce the deadline for these obligations.

If you have any questions or would like more information, please contact Michael Pryor, at

Back to all news