Last updated 2026-07-11

TL;DR
A voice service provider is any company that originates, carries, or terminates telephone calls over the public switched telephone network or voice-over-IP infrastructure. Under the FCC's Robocall Mitigation Database rules, most providers must register and either certify STIR/SHAKEN call authentication or file a robocall mitigation program. Skip the filing and every major U.S. carrier can block your traffic.
What exactly is a voice service provider under FCC rules?
A voice service provider is any company that furnishes two-way voice communication connected to the public switched telephone network. That's the plain version. Under 47 CFR Part 64, Subpart P, the term covers traditional landline carriers, interconnected VoIP providers, and non-interconnected VoIP providers alike. [1]
That last category trips people up. You don't have to be AT&T or Lumen to fall under this definition. If your company originates calls from its own infrastructure, resells trunk capacity, or runs a softphone platform that connects to the PSTN, you're almost certainly a voice service provider in the regulatory sense.
The FCC carved out three tiers for the STIR/SHAKEN caller ID authentication mandate. Larger providers (defined by call volume and subscriber count) had earlier deadlines. Smaller ones got extensions. But the Robocall Mitigation Database registration requirement applies to every one of them. The FCC's rules implementing the TRACED Act of 2019 [2] say so directly.
The definition matters because the TCPA sits on top of all of it. If your team does any outbound cold calling through a third-party platform, you're relying on a voice service provider, and that provider's registration status decides whether your calls even reach a phone.
What is the Robocall Mitigation Database and why does it exist?
The Robocall Mitigation Database (RMD) is the FCC's public registry of voice service providers, and every provider that originates, carries, or terminates U.S. calls is supposed to file in it. Each entry either certifies full STIR/SHAKEN implementation or describes a robocall mitigation program for providers that can't fully implement it yet.
Congress passed the TRACED Act in December 2019 to attack the robocall problem head on. [2] The law told the FCC to build a registry of voice service providers and to give the Commission real enforcement power against providers that carry illegal robocalls.
The FCC launched the RMD in 2021, hosted on the FCC's own filing platform. [3] A provider files one of two things: full STIR/SHAKEN certification, or a written mitigation program if they can't fully implement it (say, because they still run older TDM infrastructure).
The enforcement hook is sharp. As of June 9, 2023, FCC rules bar voice service providers from accepting call traffic from any provider not listed in the RMD. [4] If your upstream carrier is doing its job, calls from an unregistered provider get blocked before they ever ring a consumer's phone. Enforcement has been uneven in practice. But major U.S. carriers do check.
The database is public on purpose. Anyone can look up a provider's registration status. That transparency lets downstream carriers, enterprise customers, and compliance officers like you confirm the companies in your call chain are registered.
Which types of companies must register in the Robocall Mitigation Database?
Essentially every entity that provides voice service to or within the United States has to register. That's the short answer, and it's close to a complete one.
Here's how the FCC's rules break down the covered categories. [1]
| Provider Type | Must Register? | STIR/SHAKEN Required? |
|---|---|---|
| Large originating provider (>100k subscribers) | Yes | Yes (deadline passed) |
| Small originating provider | Yes | Yes (deadline passed) |
| Gateway provider (foreign-to-domestic traffic) | Yes | Yes or mitigation program |
| Intermediate/transit provider | Yes | Must pass STIR/SHAKEN or file mitigation program |
| Terminating provider only | Yes | Attestation not required, but registration still is |
| Non-interconnected VoIP (one-way, e.g. some conferencing) | Partial, check FCC guidance | Depends on call flow |
Gateway providers get the strictest treatment because that's where a lot of illegal robocall traffic enters the U.S. network from overseas. They carry an extra obligation: implement STIR/SHAKEN on all traffic they handle, with no TDM extension available. [4]
Run a contact center and lease SIP trunks from a reseller? You're probably not the voice service provider in that arrangement. The reseller is. But ask them for proof of RMD registration anyway, because if they get blocked, your outbound calls go dark with you.
Do outbound sales teams or contact centers need to register?
Usually no, not directly. If you buy voice service rather than sell or route it, you're the customer of a voice service provider, not a provider yourself. Registration is your vendor's job.
Two situations change that math.
First, some enterprise and mid-market companies build in-house calling infrastructure. They own their own SBC (session border controller), manage their SIP trunks directly, and originate traffic in a way that technically makes them a voice service provider. If that's your operation, talk to telecom counsel about RMD registration.
Second, even as a pure buyer, your providers' RMD status is your problem. If your CCaaS vendor or telephony reseller isn't registered, major U.S. carriers can and should block their traffic. Your cold call campaigns stop working with zero warning. Vetting a vendor's RMD status is an operational risk check, more than a compliance box to tick.
The FCC has been explicit that downstream providers accepting call traffic from unregistered originators carry the blocking obligation. [4] That creates a compliance chain worth tracing all the way up, from your dialer to the originating carrier.
What is STIR/SHAKEN and how does it connect to provider registration?
STIR/SHAKEN stands for Secure Telephone Identity Revisited / Signature-based Handling of Asserted information using toKENs. It's a framework that digitally signs outbound caller ID so receiving networks can verify whether the calling number is actually controlled by the carrier claiming it. [5]
The link to registration is direct. When a provider files in the RMD, they declare one of three things: (a) full STIR/SHAKEN across all IP network segments, (b) partial implementation with a documented mitigation program for the rest, or (c) non-IP infrastructure with a mitigation program only.
For the person receiving your call, STIR/SHAKEN is what drives the "Likely Spam" or "Scam Likely" label on the screen. Calls signed with a full "A" attestation (the provider knows the customer and knows they're authorized to use the number) are far less likely to get flagged by carrier analytics.
This is where it gets operational. Pick a provider with strong STIR/SHAKEN implementation and current RMD registration, and your answer rates benefit. Nobody has clean public data on exactly how much attestation level moves answer rates. What we do know: the FCC's own findings cite billions of illegal robocalls a year, and call-blocking analytics specifically target calls with low or missing attestation. [3]
The FCC's Second Report and Order on STIR/SHAKEN (FCC 20-42) states the goal plainly, that the framework is meant to "ensure that the calling party's telephone number is authentic." [5]
What happens if a voice service provider is not registered?
Three things happen, roughly in the order they bite.
First, downstream carriers have an affirmative duty to block traffic from unregistered providers. The rule took effect June 9, 2023. [4] Blocking isn't instant and isn't perfectly consistent, but Comcast, AT&T, Verizon, and T-Mobile all run traceback programs that hunt for bad actors. An unregistered provider that gets flagged can lose its traffic within days.
Second, the FCC can come after you directly. Under the TRACED Act, the Commission can issue forfeiture orders against providers that fail to implement STIR/SHAKEN or file adequate mitigation programs. It has issued multimillion-dollar penalties against companies caught facilitating illegal robocalls. The Commission's largest robocall-related proposed forfeiture as of early 2025 was $299,997,000, aimed at an operation running an auto-warranty robocall scheme. [6]
Third, the TCPA liability doesn't vanish just because your calls ride an unregistered provider's infrastructure. Consumers can still sue you over improperly made calls, and your vendor's non-compliance is no defense. If anything, courts and the FCC look at the full call chain. You can see the infrastructure question surface in settlements like the cash app tcpa class action settlement.
Register. It costs nothing beyond filing time, and the downside of skipping it is dead call traffic plus enforcement exposure that can end a business.
How do you actually register in the Robocall Mitigation Database?
Registration runs through the FCC's filing system. You need an FCC Registration Number (FRN) from the FCC's CORES system first, and it's free. [11]
Here's the practical sequence.
1. Get an FRN from CORES if you don't already have one. Free, about 15 minutes. 2. Log into the Robocall Mitigation Database portal. 3. Select your provider category (originating, intermediate/transit, gateway). 4. Certify your STIR/SHAKEN status: full implementation, partial implementation with a mitigation program, or TDM/non-IP with a mitigation program only. 5. If you're filing a mitigation program instead of full STIR/SHAKEN, write a plain-English description of how you detect and block illegal robocall traffic. The FCC doesn't dictate exact program elements, but the write-up has to be substantive. 6. Submit and keep a copy. Update it whenever your implementation status changes.
There is no fee to file in the RMD. The time cost is real, though. Writing a credible mitigation program for a provider that can't yet fully implement STIR/SHAKEN takes a few hours of careful work.
One thing people forget: update your filing when things change. Upgrade from TDM to full IP and hit STIR/SHAKEN compliance? Amend your entry. Stale filings still draw FCC scrutiny, and they tell sophisticated buyers you're not minding your compliance posture.
How does voice service provider registration relate to TCPA compliance?
The TCPA (47 U.S.C. § 227) and the TRACED Act run on parallel tracks, and they cross in ways that matter for outbound teams. [7]
The TCPA governs what you can send, when you can send it, and to whom. It requires prior express written consent for autodialed or prerecorded calls to cell phones, bans calls to numbers on the do not call list, and limits telemarketing call hours. [7] The TRACED Act and RMD registration govern the layer underneath: who can legally carry calls and how caller ID gets authenticated.
The two intersect twice. First, if a voice service provider routes TCPA-violating robocalls, the TRACED Act hands the FCC tools to shut that provider down. Your upstream carrier's compliance directly affects whether you can make calls at all.
Second, the FCC's analytics and blocking rules mean even legal, TCPA-clean calls can get flagged as spam when they travel over infrastructure with poor STIR/SHAKEN attestation. You can nail consent and DNC scrubbing and still land in "Likely Spam" because your provider's attestation is weak.
Building or auditing a compliant outbound operation? LeadCompliant's free compliance kit covers both the TCPA consent requirements and a vendor checklist that lists RMD registration verification as its own line item.
On the DNC side, scrubbing against the do not call telemarketer list is separate from RMD registration. Both checks belong in your pre-campaign workflow.
What are the STIR/SHAKEN implementation deadlines that have already passed?
Most of the major deadlines are already behind us as of mid-2025. Here's the timeline. [5]
| Deadline | Who It Covered | Requirement |
|---|---|---|
| June 30, 2021 | Large voice service providers | Full STIR/SHAKEN on IP networks |
| June 30, 2022 | Small voice service providers | Full STIR/SHAKEN on IP networks |
| June 30, 2023 | All providers | Must be registered in RMD or traffic gets blocked |
| June 9, 2023 | Downstream providers | Must block traffic from unregistered providers |
| Ongoing | Gateway providers | Mandatory STIR/SHAKEN on all gateway traffic, no TDM exemption |
If a provider tells you they're still working toward STIR/SHAKEN with no RMD filing at all, that's a red flag. The filing has been available and required for years. Full technical implementation on legacy TDM networks genuinely takes longer, and the FCC acknowledged that by allowing mitigation program filings. But zero filing is not a defensible posture in 2025.
Small providers got extra time on the technical implementation. They did not get extra time on registration. That distinction matters when you vet a vendor. Ask specifically: "Are you registered in the FCC's Robocall Mitigation Database?" Not "Do you have STIR/SHAKEN?" Related questions, different answers.
How do you verify whether a voice service provider is registered?
The RMD is public and searchable. Look up a provider by company name or FRN, and you'll see their filing, what they certified, and when they last updated it. [3]
What you want to see: a current filing, a certification of full STIR/SHAKEN implementation (ideal) or a detailed mitigation program (acceptable on legacy infrastructure), and a recent update date that shows active maintenance.
Red flags in a filing: a mitigation program description that's one sentence long, a filing dated 2021 that's never been touched since, or a provider that can't produce its FRN when you ask.
For a contact center or outbound sales team, run this check before you sign any voice service contract, and again at annual vendor reviews. Put it in the due diligence checklist next to DNC access verification and TCPA consent documentation. If your team calls cell phones (and if you're reading this, it almost certainly does), the combo of poor STIR/SHAKEN attestation and weak DNC hygiene is the fastest path to TCPA lawsuits and settlements.
You can also file a traceback request through the Industry Traceback Group (ITG) if you suspect your traffic is being blocked or mislabeled. The ITG is the FCC-designated traceback consortium and works with carriers to trace problem call flows. [8]
What should outbound teams ask their calling platform vendors about registration?
Most CCaaS and outbound dialer vendors aren't voice service providers in the regulatory sense. They're software platforms sitting on top of a carrier's infrastructure. But some are, and the ones that run their own SIP trunks absolutely need RMD registration.
Here are the questions worth asking any vendor that touches your outbound calls.
"Are you registered in the FCC's Robocall Mitigation Database? What's your FRN?" A legitimate vendor answers this in under five minutes.
"What STIR/SHAKEN attestation level do your calls typically get, and how do you achieve A-level attestation for my numbers?" If they can't explain their attestation process, that's a problem.
"Who's your upstream carrier, and are they registered?" Some dialers resell capacity from another reseller. Trace the call chain at least two levels up.
"How do you handle calls that use numbers not assigned to your customers?" A properly run provider won't allow calls from numbers their customers don't own or control. Number spoofing is how STIR/SHAKEN gets gamed.
"What's your process if a major carrier blocklists your traffic?" Vendors who've never thought about this aren't running a tight shop.
For text message marketing, the infrastructure rules differ (SMS runs through different channels than voice), but the same due-diligence habit applies to your SMS aggregator or A2P 10DLC provider.
LeadCompliant's vendor checklist, part of the free compliance kit, packages these questions in a format you can drop straight into a vendor questionnaire.
Are there state-level voice service provider registration requirements on top of federal rules?
Yes, and they vary a lot.
Several states run their own public utility commission requirements for telecom providers operating inside their borders. California, New York, and Texas all have state PUC registration or certification rules that can reach voice service providers, VoIP providers included, depending on how the service gets classified. [9]
State requirements usually cover service quality standards, consumer complaint handling, and sometimes extra anti-robocall rules. California's Attorney General has been aggressive on robocall enforcement, and the state layers its own call-blocking legislation on top of the federal rules.
For outbound sales teams, state law adds a second dimension. Even if your voice service provider is federally compliant, you may face state-specific telemarketing registration requirements as a seller, not as a provider. Florida, for one, requires telemarketing businesses to register with the state and carry a $50,000 surety bond. [10] That's different from RMD registration, and it's just as enforceable.
The safe play is to picture compliance as three stacks: federal TCPA and TRACED Act compliance (everywhere), federal RMD registration for your providers (everywhere), and state-specific telemarketing and telecom rules for every state you call into. The mobile phone do not call list questions, for instance, pull in both federal and state law.
Frequently asked questions
What is a voice service provider in simple terms?
A voice service provider is any company that delivers telephone call capability, whether over traditional phone lines, VoIP, or a mix. Under FCC rules it covers carriers that originate calls (send them into the network), transit providers that route calls between networks, and gateway providers that bring international traffic into U.S. networks. The definition is broad on purpose and reaches most entities that move call traffic commercially.
Does my business need to register in the FCC's Robocall Mitigation Database?
Only if your business originates, transits, or terminates voice calls as a service. If you're a typical company buying calling software or SIP trunks from a carrier, you're the customer, not the provider, and registration is your vendor's obligation. The exception is owning your own telephony infrastructure and originating calls directly to the PSTN. In that case, yes, you almost certainly need to register.
What is the difference between STIR/SHAKEN and the Robocall Mitigation Database?
STIR/SHAKEN is the technical protocol that digitally signs caller ID so receiving networks can verify it. The Robocall Mitigation Database is the FCC registry where voice service providers certify their STIR/SHAKEN status. A provider can sit in the RMD without full STIR/SHAKEN if they file a robocall mitigation program instead. Both requirements come from the FCC's TRACED Act implementation rules.
What happens to my calls if my provider is not registered in the RMD?
Since June 9, 2023, U.S. voice service providers are required to block call traffic from any provider not listed in the Robocall Mitigation Database. Enforcement has been uneven in practice, but major carriers like AT&T, Verizon, and T-Mobile run traceback programs that identify and block unregistered providers. If your dialer or SIP trunk provider is unregistered, your outbound calls may stop without notice.
How do I check if a voice service provider is registered?
The FCC's Robocall Mitigation Database is public and searchable through the FCC's filing platform. Search by company name or FCC Registration Number. You can view the provider's certification level, whether they claim full STIR/SHAKEN or a mitigation program, and when they last updated their filing. Ask any new vendor for their FRN before you sign a contract.
How much does it cost to register in the Robocall Mitigation Database?
Nothing. The FCC charges no fee to file in the Robocall Mitigation Database. You do need a free FCC Registration Number from the CORES system first. The real cost is time: writing a substantive robocall mitigation program (if you can't certify full STIR/SHAKEN) takes a few hours of careful drafting. Legal review of the filing is optional but worth it for larger providers.
Can the FCC fine a voice service provider for not registering?
Yes. The TRACED Act explicitly gave the FCC authority to pursue enforcement against providers that fail to implement STIR/SHAKEN or file adequate mitigation programs. The FCC has issued forfeiture orders in robocall cases totaling hundreds of millions of dollars in proposed penalties. The Commission's largest single proposed penalty in a robocall case as of early 2025 was roughly $300 million against operators of an auto-warranty robocall scheme.
What is a robocall mitigation program and does it satisfy the registration requirement?
A robocall mitigation program is a written description of the steps a voice service provider takes to prevent originating illegal robocalls, filed with the FCC as part of RMD registration. Providers who can't yet implement STIR/SHAKEN on legacy TDM infrastructure can file a mitigation program instead of full certification. The program has to be substantive; a one-sentence description is unlikely to survive scrutiny in an FCC enforcement review.
Are VoIP providers required to register in the Robocall Mitigation Database?
Yes. The FCC's rules explicitly cover interconnected VoIP providers, and gateway providers bringing VoIP traffic from abroad face the strictest rules of all, with no TDM exemption. Non-interconnected VoIP providers (those that don't connect to the PSTN) sit in a grayer area, but most commercial VoIP services do interconnect and should register. If you're unsure, check with telecom counsel.
How does voice service provider registration affect TCPA compliance for outbound callers?
TCPA compliance governs consent, calling hours, and DNC scrubbing for the calls you make. Voice service provider registration governs the infrastructure that carries them. The two intersect because poor STIR/SHAKEN attestation from an unregistered carrier can get your calls labeled spam or blocked entirely, even when your TCPA practices are perfect. Vetting your carrier's RMD status belongs in the same checklist as consent documentation and DNC scrubbing.
Do smaller or startup voice service providers get any exemptions from registration?
Small providers got extended deadlines for technical STIR/SHAKEN implementation, but the RMD registration requirement itself applied to all providers. There is no size exemption for filing. Small providers that can't fully implement STIR/SHAKEN yet can file a robocall mitigation program instead of full certification, but they still must be in the database. As of June 9, 2023, any unregistered provider's traffic can be blocked by downstream carriers.
Is there a state-level equivalent to the FCC's Robocall Mitigation Database?
Not a direct equivalent, but several states require voice service providers to register with their public utility commissions. California, New York, and Texas have state PUC registration requirements for telecommunications and VoIP providers. These are separate from the federal RMD filing and apply based on where the provider does business. Sellers using outbound calling also face state telemarketing registration requirements that stand apart from any voice service provider rules.
What is the TRACED Act and why does it matter for voice service providers?
The TRACED Act (Telephone Robocall Abuse Criminal Enforcement and Deterrence Act) was signed into law in December 2019. It required the FCC to mandate STIR/SHAKEN implementation, create the Robocall Mitigation Database, and strengthen enforcement against providers that facilitate illegal robocalls. It gave the FCC new authority to pursue civil forfeiture against bad-actor providers and required the industry to set up a traceback consortium. Every voice service provider rule here traces back to this law.
If I use a cloud contact center platform like a CCaaS vendor, am I responsible for their RMD registration?
You're not legally responsible for their registration; they are. But you carry the operational risk. If your CCaaS vendor's underlying carrier is unregistered and gets blocked, your calls stop. As a practical matter, ask for their RMD status and the FRN of their underlying carrier. Put it in the vendor contract as a representation they must keep current. That shifts at least some contractual risk back to them if they fall out of compliance.
Sources
- FCC, 47 CFR Part 64 Subpart P (STIR/SHAKEN caller ID authentication framework): Definition of voice service provider covers traditional carriers, interconnected VoIP, and non-interconnected VoIP providers that furnish two-way voice communication with the PSTN
- U.S. Congress, Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act), Pub. L. 116-105 (2019): TRACED Act passed December 2019, required FCC to mandate STIR/SHAKEN and create the Robocall Mitigation Database
- FCC, Sixth Report and Order on Call Authentication (Gateway Provider and RMD blocking rules), FCC 22-37 (2022): As of June 9, 2023, downstream providers must block traffic from any provider not listed in the RMD; gateway providers must implement STIR/SHAKEN with no TDM exemption
- FCC, Second Report and Order on Call Authentication Trust Anchor, FCC 20-42 (2020): STIR/SHAKEN purpose is to 'ensure that the calling party's telephone number is authentic'; implementation deadlines set for large providers by June 30, 2021 and small providers by June 30, 2022
- U.S. House of Representatives, 47 U.S.C. § 227 (Telephone Consumer Protection Act): TCPA requires prior express written consent for autodialed or prerecorded calls to cell phones and prohibits calls to numbers on the national DNC registry
- USTelecom Industry Traceback Group (ITG), FCC-designated traceback consortium: ITG is the FCC-designated traceback consortium that works with carriers to trace problematic call flows and identify bad-actor providers
- California Public Utilities Commission, Telecommunications Division: California PUC maintains state registration requirements for telecommunications and VoIP providers operating within the state
- Florida Department of Agriculture and Consumer Services, Telemarketing Registration requirements: Florida requires telemarketing businesses to register with the state and maintain a $50,000 surety bond