RegImpact
fccproposed· Published 5/26/2026· Effective 6/25/2026

Enhancing Know-Your-Customer Requirements

In this document, the Federal Communications Commission (Commission) proposes actions to provide additional clarity to fill the gap between its current Know Your Customer (KYC) requirement and the types of rigorous KYC steps necessary to protect consumers. Specifically, the Commission seeks comment on customer identification requirements for new and renewing customers, requirements for verifying, retaining, and re-verifying customer information, requiring more information from certain customers such as high-volume customers, and on how these efforts can complement call branding and caller name requirements the Commission may adopt. The Commission also proposes to assess penalties for violations of the KYC requirement on a per call basis. With this inquiry, the Commission aims to make it more difficult for scammers to originate illegal calls and easier to enforce against them when they do get onto the network.

What this rule actually says

The FCC is tightening rules that require telecom companies to verify who their customers actually are before letting them make calls. Right now, scammers can easily spoof phone numbers and flood people with illegal robocalls. This proposal would force telecom providers to collect more detailed customer info, re-verify it regularly, and face per-call penalties if they slip up.

Who it applies to

  • If you're building an AI system that makes outbound phone calls (medical reminder bots, hiring outreach tools, support callbacks) — this likely applies to you indirectly through your telecom provider.
  • If you're based in the US — this is FCC regulation, so US-only focus.
  • If your AI generates customer identities or masks caller information — you're in scope.
  • If you're not making actual phone calls (pure chat, email, SMS through standard platforms) — this probably doesn't apply yet.
  • Note: The rule targets telecom carriers more than app builders, but carriers will pass compliance costs and restrictions downstream.

What founders need to do

  1. Audit your call flows (1 day): Document exactly what phone numbers your system uses, how often it calls the same person, and whether you're using caller ID correctly. Identify if you're doing anything that looks like spoofing.
  1. Check your telecom provider's KYC policies (2–3 days): Contact your VoIP/calling provider and ask if they require additional verification info from you. Some already do; some will tighten requirements if this passes.
  1. Prepare customer identity documentation (3–5 days): Be ready to verify who *you* are as a customer and prove you're not operating a scam. Have business registration, contact info, and use-case description ready to share with your provider on demand.
  1. Monitor the rule's final status (ongoing): This is still proposed as of May 2026. Set a calendar reminder to check the FCC website every 3 months. If it passes, your provider will notify you of new requirements with a compliance deadline (likely 6–12 months out).
  1. Document your compliance (1–2 days, then ongoing): Once the rule finalizes, write down exactly how you verify caller identity and retain records. Keep call logs. If fines are per-call, sloppy documentation could hurt you.

Bottom line

Monitor this closely—it's not law yet, but when it passes, your telecom provider will enforce it, and you'll need proof you're not a scammer. Start auditing now so you're ready to comply in 6 months.