Download: docx | pdf

Compliance with the Non-IP Call Authentication Solution Rules;

Robocall Mitigation Database (RMD);

Use of Third Parties for Authentication

SUPPORTING STATEMENT

This revised information collection is being submitted to obtain approval from the Office of Management and Budget (OMB) for new and revised information collection requirements due to two recent Federal Communications Commission (Commission or FCC) Orders, as explained below. The title of this information collection is being changed from Compliance with the Non-IP Call Authentication Solution Rules; Robocall Mitigation Database (RMD) to Compliance with the Non-IP Call Authentication Solution Rules; Robocall Mitigation Database (RMD); Use of Third Parties for Authentication to reflect the additional information collection requirements.

1. Justification

1. Circumstances that make the collection necessary. On December 30, 2019, Congress enacted the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act. The TRACED Act directs the Commission to require all voice service providers to implement STIR/SHAKEN in the IP portions of their networks and to take reasonable measures to implement an effective caller ID authentication framework in the non-IP portions of their networks. Among other provisions, the TRACED Act also directs the Commission to create extension and exemption mechanisms for voice service providers. To implement the TRACED Act’s provisions, the Commission adopted a Report and Order and Further Notice of Proposed Rulemaking on March 30, 2020 and a Second Report and Order on September 29, 2020. See Call Authentication Trust Anchor, Implementation of TRACED Act Section 6(a)—Knowledge of Customers by Entities with Access to Numbering Resources, WC Docket Nos. 17-97 and 20-67, Report and Order and Further Notice of Proposed Rulemaking, 35 FCC Rcd 3241 (Mar. 31, 2020) (Report and Order and Further Notice); Call Authentication Trust Anchor, WC Docket No. 17-97, Second Report and Order, 36 FCC Rcd 1859 (Sept. 30, 2020) (Second Report and Order). In the Second Report and Order, the Commission also established the Robocall Mitigation Database (RMD) to track providers’ compliance with their caller ID authentication obligations.
   
   The Commission subsequently proposed and sought comment on imposing similar and additional obligations on gateway providers on September 30, 2021. See Advanced Methods to Target and Eliminate Unlawful Robocalls, Call Authentication Trust Anchor, WC Docket No. 17-97 et al., Fourth Further Notice of Proposed Rulemaking et al., 36 FCC Rcd 14971 (2021) (Fourth Further Notice et al.). On May 19, 2022, it adopted many of these proposed obligations for gateway providers, while also seeking comment on expanding these obligations and applying them to all providers, including intermediate providers other than gateway providers. Advanced Methods to Target and Eliminate Unlawful Robocalls, Call Authentication Trust Anchor, WC Docket No. 17-97 et al., Fifth Report and Order and Fifth Further Notice of Proposed Rulemaking et al., 37 FCC Rcd 6865 (adopted May 19, 2022) (Fifth Report and Order et al.). On March 16, 2023, the Commission adopted many of the obligations about which it sought comment in the Fifth Report and Order et al. See Call Authentication Trust Anchor, WC Docket No. 17-97, Sixth Report and Order and Further Notice of Proposed Rulemaking, 38 FCC 2573 (adopted March 16, 2023) (Sixth Report and Order et al.). On May 19, 2023, the Commission adopted its Seventh Report and Order, modifying some of these requirements. See Advanced Methods to Target and Eliminate Unlawful Robocalls, et al., WC Docket No. 17-97 et al., Seventh Report and Order et al., 38 FCC Rcd 5404 (adopted May 18, 2023) (Seventh Report and Order et al.). On November 21, 2024, the Commission strengthened these requirements by establishing rules for the use of third parties in the caller ID authentication process. Call Authentication Trust Anchor, WC Docket No. 17-97, Eighth Report and Order, FCC 24-120 (adopted Nov. 21, 2024) (Eighth Report and Order). In a separate proceeding, the Commission proposed and sought comment on various procedural measures and technical solutions to ensure and improve the overall quality of submissions in the RMD. See Improving the Effectiveness of the Robocall Mitigation Database, Amendment of Part 1 of the Commission’s Rules, Concerning Practice and Procedure, Amendment of CORES Registration System, WC Docket No. 24-213, MD Docket No. 10-234, Notice of Proposed Rulemaking, FCC 24-85 (adopted Aug. 7, 2024) (RMD Notice). On December 30, 2024, the Commission adopted some of the proposals it sought comment on in the RMD Notice, while reserving others for future consideration pending further investigation by the Wireline Competition Bureau (Bureau). See Improving the Effectiveness of the Robocall Mitigation Database, Amendment of Part 1 of the Commission’s Rules, Concerning Practice and Procedure, Amendment of CORES Registration System, WC Docket No. 24-213, MD Docket No. 10-234, Report and Order, FCC 24-135 (adopted December 30, 2024) (RMD Report and Order).

The new and revised requirements for which the Commission is seeking approval in this collection (3060-1285) described herein arise out of the actions it took in the Eighth Report and Order and the RMD Report and Order.

TRACED Act. Section 4(b)(1)(B) of the TRACED Act directs the Commission to require that providers of voice service, no later than June 30, 2021, take reasonable measures to implement an effective caller ID authentication framework in the non-IP portions of their networks. In the September 2020 Second Report and Order, adopting the proposal from the March 2020 Report and Order and Further Notice, the Commission interpreted this language to require that a voice service provider actively work to implement a caller ID authentication framework on the non-IP portions of its network, either by (1) upgrading its non-IP networks to IP so that the STIR/SHAKEN authentication framework may be implemented, or (2) by working to develop a non-IP authentication solution. To satisfy this latter option, a voice service provider would have to, upon request, provide the Commission documented proof that it is participating, either on its own or through a representative, as a member of a working group or consortium that is working to develop a non-IP solution, or actively testing such a solution.

Second Report and Order. Section 4(b)(5) of the TRACED Act requires the Commission to provide extensions of the June 30, 2021 STIR/SHAKEN implementation deadline to certain categories of providers. In the Second Report and Order, the Commission provided: (1) a two-year extension to small, including small rural, voice service providers; (2) an extension to voice service providers that cannot obtain a certificate due to the Governance Authority’s token access policy until such provider is able to obtain a certificate; (3) a one-year extension to services scheduled for section 214 discontinuance; and (4) an extension for the parts of a voice service provider’s network that rely on technology that cannot initiate, maintain, and terminate SIP calls until a solution for such calls is reasonably available. The STIR/SHAKEN implementation extensions for services scheduled for section 214 discontinuance ended on June 30, 2022, and the implementation extensions for non-facilities-based and facilities-based small voice service providers ended on June 30, 2022, and June 30, 2023, respectively. As required by section 4(b)(5)(C)(i) of the TRACED Act, the Commission further adopted rules that require those voice service providers that receive an extension to implement a robocall mitigation program to protect their customers on the parts of their networks not subject to protection from STIR/SHAKEN.

The Commission required that voice service providers file certifications with the Commission in the RMD, stating that: (i) the voice service provider has fully implemented the STIR/SHAKEN authentication framework across its entire network and all calls it originates are compliant with 47 CFR 64.6301(a)(1)-(2); (ii) the voice service provider has implemented the STIR/SHAKEN authentication framework on a portion of its network and calls it originates on that portion are compliant with paragraphs 47 CFR 64.6301(a)(1)-(2), and the remainder of the calls that originate on its network are subject to a robocall mitigation program; or (iii) the voice provider has not implemented the STIR/SHAKEN authentication framework on any portion of its network, and all of the calls that originate on its network are subject to a robocall mitigation program. Each voice service provider must also include in its filing: (i) the voice service provider’s business name(s) and primary address; (ii) other business names in use by the voice service provider; (iii) all business names previously used by the voice service provider; (iv) whether the voice service provider is a foreign voice service provider; and (v) the name, title, department, business address, telephone number, and email address of one person within the company responsible for addressing robocall mitigation-related issues. Voice service providers are required to update any of the data in the RMD within 10 business days of any change to the information filed. The certification must be signed by an officer of the voice service provider. The Second Report and Order did not explicitly required voice service providers that lack control over the network infrastructure necessary to implement STIR/SHAKEN to file in the RMD.

The Second Report and Order further required that any voice service provider certifying all or part of its network is covered by a robocall mitigation program include in its certification: (i) identification of the type of extension or extensions the voice service provider received under 47 CFR 64.6304, if the voice service provider is not a foreign voice service provider; (ii) the specific reasonable steps the voice service provider has taken to avoid originating illegal robocall traffic as part of its robocall mitigation program; and (iii) a statement of the voice service provider’s commitment to respond fully and in a timely manner to all traceback requests from the Commission, law enforcement, and the industry traceback consortium, and to cooperate with such entities in investigating and stopping any illegal robocallers that use its service to originate calls.

Fifth Report and Order et al. The Fifth Report and Order et al. extended many of the foregoing voice service provider obligations to gateway providers and, in some cases, imposed additional requirements on gateway providers. For example, all gateway providers, and not just those that have not yet fully implemented STIR/SHAKEN, are required to describe in the RMD the specific reasonable steps taken to avoid carrying or processing illegal robocalls. Pursuant to the rules adopted in the Fifth Report and Order, each gateway provider must either: (1) upgrade its non-IP networks to IP so that the STIR/SHAKEN authentication framework may be implemented, or (2) work to develop a non-IP authentication solution. To satisfy the latter option, a gateway provider must, upon request, provide the Commission documented proof that it is participating, either on its own or through a representative, as a member of a working group or consortium that is working to develop a non-IP solution, or actively testing such a solution. The Commission also clarified that voice service providers and gateway providers are required to submit all information in English or with a certified English translation.

Sixth Report and Order et al. and Seventh Report and Order et al. The Sixth Report and Order et al. extended RMD filing requirements to all voice service providers, regardless of whether a provider has implemented STIR/SHAKEN or whether it lacks control over the network infrastructure necessary to implement STIR/SHAKEN. It also extended these obligations to a new class of providers: non-gateway intermediate providers. In addition, it required all voice service providers, gateway providers and intermediate providers, including those that had already submitted a mitigation plan and certification to the RMD, to provide additional information with their RMD filings. The Seventh Report and Order et al. also modified some of these RMD filing requirements.

Like the existing requirements for voice service providers and gateway providers, the Sixth Report and Order et al. required non-gateway intermediate providers to actively work to implement a caller ID authentication framework on the non-IP portions of their networks, either by: (1) upgrading their non-IP networks to IP so that the STIR/SHAKEN authentication framework may be implemented, or (2) by working to develop a non-IP authentication solution. Furthermore, to satisfy this latter option, a non-gateway intermediate provider would have to, upon request, provide the Commission documented proof that it is participating, either on its own or through a representative, as a member of a working group or consortium that is working to develop a non-IP solution, or actively testing such a solution.

Pursuant to these rules, all non-gateway intermediate providers must file a certification with the Commission describing whether it has fully, partially, or not implemented STIR/SHAKEN on its network. All non-gateway intermediate providers, regardless of whether they have fully implemented STIR/SHAKEN, must also certify in the RMD that all calls that it processes or carries are subject to a robocall mitigation program and describe the specific reasonable steps taken to mitigate illegal robocalls. The Sixth Report and Order et al. also imposes this same obligation on all voice service providers.

Each non-gateway intermediate provider, like other entities already obligated to file in the RMD, must also include in its certification baseline information previously required of other providers. Non-gateway intermediate providers, like other entities already obligated to file, are also required to update any data submitted to the RMD within 10 business days of any change to the information filed and certifications must be filed in English or with a certified English translation and signed by an officer of the non-gateway intermediate provider.

The Sixth Report and Order et al. further required non-gateway intermediate providers to include in their certifications and robocall mitigation plans: (i) identification of the type of extension or extensions the provider received under 47 CFR 64.6304; (ii) the specific reasonable steps the provider has taken to avoid carrying or processing illegal robocall traffic as part of its robocall mitigation program, including any “know your upstream provider” processes in place; and (iii) a statement of the provider’s commitment to respond fully and in a timely manner to all traceback requests from the Commission, law enforcement, and the industry traceback consortium, and to cooperate with such entities in investigating and stopping any illegal robocallers that use its service to carry or process calls. The Seventh Report and Order et al. modified this new traceback response commitment requirement for non-gateway intermediate providers and the existing traceback response commitment requirement for voice service providers, requiring both classes of providers to commit to respond to traceback requests “fully and within 24 hours.”

The Sixth Report and Order et al. also required voice service providers, gateway providers, and non-gateway intermediate providers to provide additional information to the RMD and delegated to the Wireline Competition Bureau the authority to specify the form and format of provider submissions to the RMD.

Finally, pursuant to the TRACED Act’s undue hardship provisions, the Sixth Report and Order et al. adopted an ongoing extension from STIR/SHAKEN implementation obligations for satellite providers that are small voice service providers and use North American Numbering Plan (NANP) numbers to originate calls.

Eighth Report and Order. The Eighth Report and Order strengthened the Commission’s caller ID authentication requirements by establishing clear rules of the road for providers that rely on third parties to fulfill their STIR/SHAKEN implementation obligations. The Eighth Report and Order did so by first defining “third-party authentication” for the purposes of the STIR/SHAKEN rules. Next, it authorized providers with a STIR/SHAKEN implementation obligation to engage third parties to perform the technological act of digitally “signing” calls consistent with the requirements of the STIR/SHAKEN technical standards so long as: (1) the provider with the implementation obligation itself makes the critical “attestation-level” decisions for authenticating caller ID information associated with its calls; and (2) all calls are signed using the certificate of the provider with the implementation obligation—not the certificate of a third party. The Eighth Report and Order also explicitly required all providers with an implementation obligation to obtain a Service Provider Code token from the Policy Administrator and present that token to a STIR/SHAKEN Certificate Authority to obtain a digital certificate, and require any provider certifying to partial or complete STIR/SHAKEN implementation in the RMD to have obtained an SPC token and digital certificate and sign all its calls with that certificate, either themselves or when working with a third party to perform the technological act of signing calls. Finally, the Eighth Report and Order adopted recordkeeping requirements for third-party authentication arrangements to monitor compliance with and enforce the Commission’s rules.

RMD Report and Order. The RMD Report and Order strengthened the RMD as a compliance and consumer protection tool by adopting rules to improve the overall quality of RMD submissions and strengthen the procedures providers must follow to submit, update, and maintain accurate filings. Specifically, the RMD Report and Order: (1) required providers to update any information submitted to the Commission Registration System (CORES) within 10 business days of any change to that information; (2) adopted base forfeiture amounts for submitting false or inaccurate information to the RMD; (3) directed the Bureau to establish a dedicated reporting mechanism for deficient filings; (4) directed the Bureau to issue additional guidance, educational materials, and “best practices” for filing in the RMD; (5) concluded that RMD submissions are “applications” within the meaning of the RAY BAUM’s Act and required that providers remit a $100 application processing fee for initial submissions and annual recertifications thereafter; and (6) established a requirement that providers recertify their submissions annually.

New requirements for which we are seeking OMB approval:

The new information collection requirements created under the newly adopted rules of the Eighth Report and Order and RMD Report and Order are as follows:¹

In order to ensure compliance with the requirements adopted in the Eighth Report and Order, providers that choose to work with a third party to perform the technological act of signing calls must do so pursuant to a written agreement. The agreement must specify the specific tasks that the third party will perform on the provider’s behalf and confirm that the provider will: (1) make all attestation-level decisions for calls signed pursuant to the agreement, and (2) ensure that all calls will be signed using the provider’s certificate. Voice service providers, non-gateway intermediate providers, and gateway providers may be required to submit a copy of the agreement to the Commission in connection with a review of the provider’s compliance with the Commission’s rules or an investigation by the Enforcement Bureau. The Commission requires that a current agreement be in place for as long as any third-party authentication arrangement exists, and that all copies of third-party agreements be maintained for a period of two years from the end or termination of the agreement.

Any provider with a STIR/SHAKEN implementation obligation is prohibited from certifying to complete or partial implementation in the RMD unless they have obtained an SPC token and digital certificate, and sign calls with their certificate, either themselves or when working with a third party to perform the technological act of signing calls having met the necessary conditions imposed in the Eighth Report and Order. Providers that do not obtain and use an SPC token and certificate must update their RMD certifications to state that they have not fully or partially implemented STIR/SHAKEN.

In order to comply with the annual recertification requirement adopted in the RMD Report and Order, all providers are required to recertify their existing RMD filings annually on March 1st and submit their $100 annual filing fee at the same time.

Statutory authority for this information collection is contained in 47 U.S.C. §§ 227b, 251(e), and 227(e) of the Communications Act of 1934.

This information collection does not affect individuals or households; thus there is no impact under the Privacy Act.

2. Use of information. The Commission will use the information to determine which voice service providers, gateway providers, and non-gateway intermediate providers: (1) satisfy the requirement that they take reasonable measures to implement an effective call authentication system in the non-IP portions of their networks; (2) fulfill the requirements for using third parties in the caller ID authentication process; and (3) comply with the requirements of the RMD.

2. Technology collection techniques. First, regarding a request under section 64.6303(a), (b), and (c) for a provider to submit to the Commission documented proof that it is participating, either on its own or through a representative, including third party representatives, as a member of a working group, industry standards group, or consortium that is working to develop a non-Internet Protocol caller identification authentication solution, the applicable provider will respond to the Commission in the method specified in the Commission’s request. Second, all agreements between providers and a third-party authentication service entered into and retained under sections 64.6301(b)(3)-(b)(5) and 64.6302(f)(3)-(f)(5) will be in writing. Third, all submissions to the RMD under section 64.6305 will be made electronically into a database set up specifically for this purpose.

2. Efforts to identify duplication. For each of these requirements, the information to be collected is unique to each provider, and there are no similar collection requirements.

2. Impact on small entities. The Commission worked to minimize the amount of information each certification will require.

2. Consequences if information is not collected. If this information is not collected from voice service providers, the Commission will be unable to meet its statutory obligations under the TRACED Act. If the information is not collected from gateway providers, significant foreign sources of illegal robocalls will continue to be able to reach and harm U.S. consumers. If this information is not collected from non-gateway intermediate providers, a critical gap will exist in the Commission’s rules and protections against illegal robocalls which could be exploited by bad actors.

2. Special circumstances. We do not foresee any special circumstances with this information collection.

2. Federal Register notice; efforts to consult with persons outside the Commission. The Commission published a 60-day notice on April 21, 2025 (90 FR 16678), seeking comments from the public on the information collection requirements. The Commission received one comment in response to this notice. The comment did not address the questions on which the Commission sought comment, specifically, whether the proposed collection of information is necessary for the proper performance of the functions of the Commission, including whether the information shall have practical utility; the accuracy of the Commission’s burden estimate; ways to enhance the quality, utility, and clarity of the information collected; ways to minimize the burden of the collection of information on the respondents, including the use of automated collection techniques or other forms of information technology; and ways to further reduce the information collection burden on small business concerns with fewer than 25 employees. As such, the comment did not provide a basis on which to revise the information collection.

2. Payments or gifts to respondents. The Commission does not anticipate providing any payment or gifts to respondents.

2. Assurances of confidentiality. The Commission will consider the potential confidentiality of any information submitted, particularly where public release of such information could raise security concerns (e.g., granular location information). Respondents may request that materials or information submitted to the Commission or to the Administrator be withheld from public inspection under 47 C.F.R. § 0.459 of the Commission’s rules.

2. Questions of a sensitive nature. There are no questions of a sensitive nature with respect to the information collection described herein.

2. Estimates of the hour burden of the collection to respondents. The following represents the hour burden on the collection of information:

1. Compliance with the requirement under section 64.6301(b) that all agreements between voice service providers and a third-party authentication service are in writing and be maintained

1. Number of Respondents: Approximately 2,600 voice service providers.

2. Frequency of Response: Upon request by the Commission.

3. Total number of responses per respondent: 1.

4. Estimated time per response: 30 minutes (0.5 hours).

5. Total hour burden: 1,300 hours.

0.5 hours per response per respondent for 2,600 voice service providers. Total annual hour burden is calculated as follows:

2,600 respondents x 1 response per respondent = 2,600 responses x 0.5 hours = 1,300 total hours.

6. Total estimate of in-house cost to respondents: $85,124 (1,300 hours x $65.48/hr.).

7. Explanation of calculation: We estimate that each voice service provider will take, on average, 0.5 hours per response. We estimate that respondents use mid- to senior-level personnel to comply with the requirements comparable in pay to the Federal Government, approximately $65.48 per hour (equivalent to a GS-13, step 5 federal employee).

2,600 (number of respondents) x 0.5 (hours to prepare response) x 1 (responses per respondent) x $65.48/hr. = $85,124.

2. Compliance with the requirement under section 64.6302(f) that all agreements between non-gateway intermediate providers or gateway providers and a third-party authentication service are in writing and be maintained

1. Number of Respondents: Approximately 900 gateway and non-gateway intermediate providers.

2. Frequency of Response: Upon request by the Commission.

3. Total number of responses per respondent: 1.

4. Estimated time per response: 30 minutes (0.5 hours).

5. Total hour burden: 450 hours.

0.5 hours per response per respondent for 900 non-gateway intermediate and gateway providers. Total annual hour burden is calculated as follows:

800 respondents x 1 response per respondent = 900 responses x 0.5 hours = 450 total hours.

6. Total estimate of in-house cost to respondents: $29,466 (400 hours x $65.48/hr.).

7. Explanation of calculation: We estimate that each non-gateway intermediate provider and gateway provider will take, on average, 0.5 hours per response. We estimate that respondents use mid- to senior-level personnel to comply with the requirements comparable in pay to the Federal Government, approximately $65.48 per hour (equivalent to a GS-13, step 5 federal employee).

900 (number of respondents) x 0.5 (hours to prepare response) x 1 (responses per respondent) x $65.48/hr. = $29,466.

3. Compliance with requirement under section 64.6303(a) that a voice service provider have documented proof that it is working towards a solution for non-IP caller ID authentication

1. Number of Respondents: Approximately 2,800 voice service providers.

2. Frequency of Response: Upon request by the Commission.

3. Total number of responses per respondent: 1.

4. Estimated time per response: 30 minutes (0.5 hours).

5. Total hour burden: 1,400 hours.

0.5 hours per response per respondent for 2,800 voice service providers. Total annual hour burden is calculated as follows:

2,800 respondents x 1 response per respondent = 2,800 responses x 0.5 hours = 1,400 total hours.

6. Total estimate of in-house cost to respondents: $91,672 (1,400 hours x $65.48/hr.).

7. Explanation of calculation: We estimate that each voice service provider will take, on average, 0.5 hours per response. We estimate that respondents use mid- to senior-level personnel to comply with the requirements comparable in pay to the Federal Government, approximately $65.48 per hour (equivalent to a GS-13, step 5 federal employee).

2,800 (number of respondents) x 0.5 (hours to prepare response) x 1 (responses per respondent) x $65.48/hr. = $91,672.

4. Compliance with requirement under section 64.6303(b) that a gateway provider have documented proof that it is working towards a solution for non-IP caller ID authentication

1. Number of Respondents: Approximately 150 gateway providers.

2. Frequency of Response: Upon request by the Commission.

3. Total number of responses per respondent: 1.

4. Estimated time per response: 30 minutes (0.5 hours).

5. Total hour burden: 75 hours.

0.5 hours per response per respondent for 150 gateway providers. Total annual hour burden is calculated as follows:

150 respondents x 1 response per respondent = 150 responses x 0.5 hours = 75 total hours.

6. Total estimate of in-house cost to respondents: $4,911 (75 hours x $65.48/hr.).

7. Explanation of calculation: We estimate that each voice service provider will take, on average, 0.5 hours per response. We estimate that respondents use mid- to senior-level personnel to comply with the requirements comparable in pay to the Federal Government, approximately $65.48 per hour (equivalent to a GS-13, step 5 federal employee).

150 (number of respondents) x 0.5 (hours to prepare response) x 1 (responses per respondent) x $65.48/hr. = $4,911.

5. Compliance with requirement under section 64.6303(c) that a non-gateway intermediate provider have documented proof that it is working towards a solution for non-IP caller ID authentication

1. Number of Respondents: Approximately 350 non-gateway intermediate providers.

2. Frequency of Response: Upon request by the Commission.

3. Total number of responses per respondent: 1.

4. Estimated time per response: 30 minutes (0.5 hours).

5. Total hour burden: 175 hours.

0.5 hours per response per respondent for 350 non-gateway intermediate providers. Total annual hour burden is calculated as follows:

350 respondents x 1 response per respondent = 350 responses x 0.5 hours = 175 total hours.

6. Total estimate of in-house cost to respondents: $11,459 (175 hours x $65.48).

7. Explanation of calculation: We estimate that each provider will take, on average, 0.5 hours per response. We estimate that respondents use mid- to senior-level personnel to comply with the requirements comparable in pay to the Federal Government, approximately $65.48 per hour (equivalent to a GS-13, step 5 federal employee).

350 (number of respondents) x 0.5 (hours to prepare response) x 1 (responses per respondent) x $65.48/hr. = $11,459.

6. Voice Service Provider RMD requirement under section 64.6305(d)

1. Number of Respondents: Approximately 7,700 voice service providers.

2. Frequency of Response: One-time reporting requirement, and on the occasion that information in the RMD is updated.

3. Total number of responses per respondent: 1.

4. Estimated time per response: 3 hours.

5. Total hour burden: 23,100 total hours.

3 hours per response for 1 response per respondent for 7,700 voice service providers. Total annual hour burden is calculated as follows:

7,700 respondents x 1 response per respondent = 7,700 responses x 3 hours = 23,100 total hours.

6. Total estimate of in-house cost to respondents: $1,512,588 (23,100 hours x $65.48/hr.).

7. Explanation of calculation: We estimate that each voice service provider will take, on average, 3 hours per response. We estimate that respondents use mid- to senior-level personnel to comply with the requirements comparable in pay to the Federal Government, approximately $65.48 per hour (equivalent to a GS-13, step 5 federal employee).

7,700 (number of respondents) x 3 (hours to prepare response) x 1 (responses per respondent) x $65.48/hr. = $1,512,588

7. Gateway Provider RMD requirement under section 64.6305(e)

1. Number of Respondents: Approximately 600 gateway providers that will be required to update already submitted filings in the RMD.

2. Frequency of Response: One-time reporting requirement, and on the occasion that information in the RMD is updated.

3. Total number of responses per respondent: 1.

4. Estimated time per response: 3 hours.

5. Total hour burden: 1,800 hours.

3 hours per response for 1 response per respondent for 600 gateway providers. Total annual hour burden is calculated as follows:

600 respondents x 1 response per respondent = 600 responses x 3 hours = 1,800 total hours.

6. Total estimate of in-house cost to respondents: $117,864 (1,800 hours x $65.48/hr.).

7. Explanation of calculation: We estimate that each gateway provider will take, on average, 3 hours per response. We estimate that respondents use mid- to senior-level personnel to comply with the requirements comparable in pay to the Federal Government, approximately $65.48 per hour (equivalent to a GS-13, step 5 federal employee).

600 (number of respondents) x 3 (hours to prepare response) x 1 (responses per respondent) x $65.48/hr. = $117,864.

8. Non-Gateway Intermediate Provider RMD requirement under section 64.6305(f)

1. Number of Respondents: Approximately 2,000 non-gateway intermediate providers.

2. Frequency of Response: One-time reporting requirement, and on the occasion that information in the RMD is updated.

3. Total number of responses per respondent: 1.

4. Estimated time per response: 3 hours.

5. Total hour burden: 6,000 hours.

3 hours per response for 1 response per respondent for 2,000 gateway providers. Total annual hour burden is calculated as follows:

2,000 respondents x 1 response per respondent = 2,000 responses x 3 hours = 6,000 total hours.

6. Total estimate of in-house cost to respondents: $392,880 (6,000 hours x $65.48/hr.).

7. Explanation of calculation: We estimate that each non-gateway intermediate provider will take, on average, 3 hours per response. We estimate that respondents use mid- to senior-level personnel to comply with the requirements comparable in pay to the Federal Government, approximately $65.48 per hour (equivalent to a GS-13, step 5 federal employee).

2,000 (number of respondents) x 3 (hours to prepare response) x 1 (responses per respondent) x $65.48/hr. = $392,880.

9. Voice Service Provider, Gateway Provider, and Non-Gateway Intermediate Provider RMD annual recertification requirement under section 64.6305(h)

8. Number of Respondents: Approximately 10,300 voice service providers, gateway providers, and non-gateway intermediate providers.

9. Frequency of Response: Annual reporting requirement.

10. Total number of responses per respondent: 1.

11. Estimated time per response: 30 minutes (0.5 hours).

12. Total hour burden: 5,150 total hours.

0.5 hours per response per respondent for 10,300 voice service providers. Total annual hour burden is calculated as follows:

10,300 respondents x 1 response per respondent = 10,300 responses x 0.5 hours = 5,150 total hours.

8. Total estimate of in-house cost to respondents: $337,222 (5,150 hours x $65.48/hr.).

9. Explanation of calculation: We estimate that each voice service provider, gateway provider, and non-gateway intermediate provider will take, on average, 0.5 hours per response. We estimate that respondents use mid- to senior-level personnel to comply with the requirements comparable in pay to the Federal Government, approximately $65.48 per hour (equivalent to a GS-13, step 5 federal employee).

10,300 (number of respondents) x 0.5 (hours to prepare response) x 1 (responses per respondent) x $65.48/hr. = $337,222.

Total Number of Respondents: 2,600 + 900 + 2,800 + 150 + 350 + 7,700 + 600 + 2,000 + 10,300 = 27,400 unique respondents

Total Number of Responses: 2,600 + 900 + 2,800 + 150 + 350 + 7,700 + 600 + 2,000 + 10,300 = 27,400 responses

Total Hourly Burden: 1,300 + 450 + 1,400 + 75 + 175 + 23,100 + 1,800 + 6,000 + 5,150 = 39,450 burden hours

Total In-House Costs to Respondents: $85,124 + $29,466 + $91,672 + $4,911 + $11,459 + $1,512,588 + $117,864 + $392,880 + $337,222 = $2,583,186

2. Estimates for the cost burden of the collection to respondents. The Commission believes that voice service providers, non-gateway intermediate providers, and gateway providers have sufficient “in-house” staff to address all the information collection requirements using their “in-house” personnel rather than having to contract out this requirement. Thus:

(a) Total annualized capital/startup costs: $0.00

(b) Total annualized costs (O&M): $0.00

(c) Total annualized cost requested: $0.00

2. Estimates of the cost burden to the Commission.

1. Compliance with the requirement under section 64.6301(b) that all agreements between voice service providers and a third-party authentication service are in writing and be maintained

Costs to the Commission will potentially be $65.48 (GS-13, step 5 federal employee) x 0.5 hrs. (to request documented proof from voice service providers) x 2,600 voice service providers = $85,124.

2. Compliance with the requirement under section 64.6302(f) that all agreements between non-gateway intermediate providers or gateway providers and a third-party authentication service are in writing and be maintained

Costs to the Commission will potentially be $65.48 (GS-13, step 5 federal employee) x 0.5 hrs. (to request documented proof from voice service providers) x 900 gateway and non-gateway intermediate providers = $29,466.

3. Compliance with requirement under section 64.6303(a) that a voice service provider have documented proof that it is working towards a solution for non-IP caller ID authentication

Costs to the Commission will potentially be $65.48 (GS-13, step 5 federal employee) x 0.5 hrs. (to request documented proof from voice service providers) x 2,800 voice service providers = $91,672.

4. Compliance with requirement under section 64.6303(b) that a gateway provider have documented proof that it is working towards a solution for non-IP caller ID authentication

Costs to the Commission will potentially be $65.48 (GS-13, step 5 federal employee) x 0.5 hrs. (to request documented proof from voice service providers) x 150 gateway providers = $4,911.

5. Compliance with requirement under section 64.6303(c) that a non-gateway intermediate provider have documented proof that it is working towards a solution for non-IP caller ID authentication

Costs to the Commission will potentially be $65.48 (GS-13, step 5 federal employee) x 0.5 hrs. (to request documented proof from voice service providers) x 350 non-gateway intermediate providers = $11,459.

6. Voice Service Provider RMD requirement under section 64.6305(d)

Costs to the Commission will potentially be $65.48 (GS-13, step 5 federal employee) x 0.5 hrs. (to review revised certifications) x 7,700 voice service providers = $252,098.

7. Gateway Provider RMD requirement under section 64.6305(e)

Costs to the Commission will potentially be $65.48 (GS-13, step 5 federal employee) x 0.5 hrs. (to review revised certifications) x 600 gateway providers = $19,644.

8. Non-Gateway Intermediate Provider RMD requirement under section 64.6305(f)

Costs to the Commission will potentially be $65.48 (GS-13, step 5 federal employee) x 0.5 hrs. (to review revised certifications) x 2,000 non-gateway intermediate providers = $65,480.

9. Voice Service Provider, Gateway Provider, and Non-Gateway Intermediate Provider RMD annual recertification requirement under section 64.6305(h)

Costs to the Commission will potentially be $65.48 (GS-13, step 5 federal employee) x 0 hrs. (recertifications will be processed automatically and will not require staff hours) x 10,300 voice service, gateway, and non-gateway intermediate providers = $0.

Total Cost to the Federal Government: $85,124 + $29,466 + $91,672 + $4,911 + $11,459 + $252,098 + $19,644 + $65,480 + $0 = $559,854

2. Program changes or adjustments. The Commission is reporting program changes and adjustments in this revised information collection.

The Commission is reporting program changes due to the Eighth Report and Order and RMD Report and Order. The total number of respondents and annual responses each increased by 13,800 (from 12,800 to 26,600 respondents) and the total annual burden hours increased by 6,900 hours (from 39,663 to 46,563 hours).

The Commission is also reporting adjustments to this information collection which are due to the Commission re-evaluating the previous figures used in this collection to better reflect experience in administering the collection. For these adjustments, the total number of respondents and annual responses each increased by 800 (from 26,600 to 27,400) and total annual burden hours decreased by 7,113 (from 46,563 to 39,450).

Together, this resulted in an increase to the total number of respondents/total annual responses of +14,600 and a decrease to the total annual burden hours of -213.

2. Collections of information whose results will be published. The filings that providers submit into the RMD will be published to the public on that database. At this time, the Commission does not plan to publish to the public a provider’s response to a request for documented proof that they are taking reasonable measures to implement a non-IP caller ID authentication solution.

2. Display of expiration date for OMB approval of information collection. There is no paper form associated with this information collection; it will be collected electronically through the Electronic Comment Filing System (ECFS), the RMD, or another electronic method. OMB approval of the information collection expiration date will be displayed on OMB’s website.

2. Exceptions to certification for Paperwork Reduction Act submissions. The Commission is reporting an exception to the Certification Statement. When the 60-day notice was published in the Federal Register on April 21, 2025 (90 FR 16678), the Commission stated the title of this information collection as “Compliance with the Non-IP Call Authentication Solution Rules; Robocall Mitigation Database (RMD).” In the 30-day notice, the new title of this information collection is “Compliance with the Non-IP Call Authentication Solution Rules; Robocall Mitigation Database (RMD); Use of Third Parties for Authentication,” which is reflected in this submission to OMB.

There are no other exceptions to the Certification Statement.

2. Collections of Information Employing Statistical Methods:

No statistical methods are employed.

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
Author	Jordan Marie Reth
File Modified	0000-00-00
File Created	2025-07-03