As robocall complaints continue to dominate FCC filings, STIR/SHAKEN has become the cornerstone of telecommunications compliance in 2026. This comprehensive guide walks you through everything carriers need to know about implementation, maintaining compliance, and leveraging this technology to build trust with customers.
What is STIR/SHAKEN?
STIR/SHAKEN stands for Secure Telephone Identity Revisited (STIR) and Signature-based Handling of Asserted information using toKENs (SHAKEN). This framework was developed by the telecommunications industry to combat caller ID spoofing and restore trust in voice communications. At its core, the technology uses digital certificates to verify that the calling number is legitimate and has not been altered during transmission.
The system works by having the originating carrier digitally sign each call with information about the caller. When the call reaches the terminating carrier, this signature is verified against a trusted certificate authority. If the signature is valid, the call receives a higher attestation level, indicating to the end user that the caller ID information can be trusted.
Understanding Attestation Levels
STIR/SHAKEN defines three attestation levels that carriers must understand and implement correctly. Full Attestation (Level A) indicates that the carrier has verified the caller and their authorization to use the calling number. This is the highest level of trust and should be applied when the carrier has a direct relationship with the customer and can confirm their identity.
Partial Attestation (Level B) is used when the carrier has verified the origin of the call but cannot verify the caller authority to use the specific number. This often applies to enterprise customers with complex phone systems where the carrier knows the call originated from their network but cannot verify individual extension usage.
Gateway Attestation (Level C) provides the lowest level of verification, indicating only that the carrier received the call from a known gateway but cannot verify the original source. This level is common for international calls entering the US network through gateway providers.
Implementation Requirements for Carriers
Implementing STIR/SHAKEN requires several technical components working together seamlessly. First, carriers must obtain a certificate from the STI Policy Administrator, which currently operates under the governance of the FCC. This certificate serves as the foundation for signing and verifying calls across the network.
Carriers must also deploy Secure Telephone Identity (STI) services within their network. The Authentication Service (STI-AS) signs outgoing calls with the appropriate attestation level, while the Verification Service (STI-VS) validates incoming calls and passes the verification results downstream. These services must be integrated with existing call processing infrastructure and maintained to handle peak traffic volumes.
Beyond the technical implementation, carriers must establish robust Know Your Customer (KYC) procedures to support accurate attestation. This means verifying customer identities, validating their authority to use specific phone numbers, and maintaining accurate records that can support attestation decisions. The FCC has increasingly scrutinized carriers who provide inflated attestation levels without proper verification.
2026 Regulatory Updates
The regulatory landscape continues to evolve as the FCC strengthens enforcement mechanisms. In 2026, carriers face enhanced reporting requirements and more significant penalties for non-compliance. The FCC now requires detailed attestation statistics in quarterly filings, allowing regulators to identify carriers with unusual patterns that might indicate improper implementation.
Small carriers who previously operated under implementation extensions must now achieve full compliance. The FCC has eliminated most exceptions, requiring STIR/SHAKEN implementation regardless of network size or technology limitations. Carriers using legacy TDM equipment must implement either gateway solutions or complete network modernization to meet these requirements.
Best Practices for Maintaining Compliance
Successful STIR/SHAKEN compliance requires ongoing attention and regular audits of attestation practices. Carriers should implement automated monitoring systems that track attestation distributions and flag anomalies for investigation. Regular training for operations teams ensures that staff understand the importance of accurate attestation and the consequences of errors.
Documentation is critical for demonstrating compliance during regulatory reviews. Carriers should maintain detailed records of their verification procedures, customer agreements, and attestation decisions. When questions arise about specific calls, having clear documentation can mean the difference between a routine inquiry and an enforcement action.
Partner with CalHive for Compliance Success
At CalHive, we understand the complexities of STIR/SHAKEN compliance and have built our infrastructure to support carriers at every stage of their compliance journey. Our platform provides automated attestation services, real-time monitoring dashboards, and expert guidance to ensure your network meets all regulatory requirements. Contact our compliance team today to learn how we can help secure your voice network and build customer trust.
Need Help with STIR/SHAKEN Compliance?
Our compliance experts can help you implement and maintain STIR/SHAKEN across your network.