FCC Revises Cybersecurity Requirements for Telecommunications Companies
Published on:
November 27, 2025
The FCC has reversed its January 2025 cybersecurity ruling for telecom providers, eliminating the proposed national standards and annual certification requirements under CALEA. The change reduces formal compliance obligations, but it does not lessen the risks facing carriers as cyberattacks grow more frequent and more sophisticated. The reversal underscores how essential it is for service providers to rely on platforms built with strong inherent protections.
The Federal Communications Commission (FCC) will no longer demand telecommunications companies meet minimum national cybersecurity standards.
The Communications Assistance for Law Enforcement Act (CALEA)
On January 16, 2025, the FCC, under then-President Joe Biden, announced it was taking action “to safeguard the nation’s communications systems from real and present cybersecurity threats.” This action was the adoption of a Declaratory Ruling pertaining to section 105 of the Communications Assistance for Law Enforcement Act (“CALEA”), which requires telecommunications carriers ensure their networks are secure from unlawful access or interception; the FCC also proposed a requirement for communications service providers to submit an annual certification to the FCC of their creation, update, and implementation of cybersecurity risk management plans to defend against cyberattacks. The adoption of the Declaratory Ruling took effect the day it was announced.
FCC Reverses January 16, 2025 Declaratory Ruling
On November 20, 2025, the FCC announced a “course correction” and rescinded the January 16, 2025, Declaratory Ruling, which it described in a press release as “an unlawful and ineffective prior Declaratory Ruling misconstruing CALEA.” FCC Chairman Brendan Carr declared: "in its place, we will continue our work to strengthen and harden the nation’s communications networks and infrastructure.”
Prior to voting to reverse the ruling, Carr praised the telecommunications industry’s ongoing efforts to strengthen cybersecurity, noting their efforts to harden their networks, accelerate their patching processes, disable unnecessary and redundant network connections, and increase threat hunting and information sharing.
Earlier in 2025, on March 13, the FCC announced Chairman Carr would establish the FCC Council for National Security to leverage the entirety of the Commission’s regulatory, investigatory, and enforcement authorities to promote America’s national telecommunications security. The council comprises representatives from eight Bureaus and Offices within the FCC.
The Vodia Networks Approach to Security
Vodia Networks, Inc. provides unified cloud communications solutions to enterprises, contact centers, and service providers. Our PBX software offers the most complete suite of business telephony features for on-premise and cloud telephony systems and has long been the industry standard for secure business communications.
We designed our phone system with a security-first philosophy, to protect our customers “from the basement to the penthouse.” While there are many systems that rely on open-source components, which are potentially vulnerable, our codebase is painstakingly built and managed by Vodia’s in-house development team. With Vodia there are no external dependencies, and your foundation for secure communications is as advanced as it is robust. Our PBX met the requirements of the European Union General Data Protection Regulation (GDPR) and System and Organization Control (SOC) 2 before they were even implemented.
Vodia’s commitment to innovation has always taken us beyond basic or minimum security requirements - we give our customers cutting-edge features for powerful defenses against data breaches and toll fraud. Passkey authentication, leveraging the power of public key cryptography, provides a seamless and highly secure login experience, eliminating the risk of stolen credentials, while system and domain administrators can be locked down to specific IP addresses, significantly reducing the potential for unauthorized access and shoring up your overall security posture.
We love talking about cybersecurity and data protection, and how we can provide your organization with the industry’s most cost-effective, easy-to-use, feature-rich, scalable cloud phone system. Please get in touch, dp@vodia.com, +1 (617) 861-3490.
Modern business communication rarely happens within a single office or PBX environment. With V70 of the Vodia PBX, organizations and service providers can now share presence information between tenants and across separate PBX systems. External Presence Sharing extends BLF visibility beyond a single deployment, helping distributed teams maintain awareness of user availability across locations, departments, and communication environments while supporting more connected and flexible business communications.
V70.2 introduces more flexible licensing for multi-tenant PBX deployments by allowing service providers to assign prepaid licenses directly to tenants within a postpaid environment. Once assigned, the tenant uses the prepaid license independently, and the underlying postpaid license no longer counts that tenant. This gives MSPs and hosted PBX providers more flexibility in how they structure customer licensing while continuing to operate tenants on shared infrastructure, reducing operating costs and simplifying large-scale multi-tenant deployments.
Austrian MSP my Tweak Telekom completed two Vodia PBX deployments in Vienna, helping Pension Suzanne modernize its hotel communications and enabling New Business Verlag GmbH to upgrade from a legacy on-premise phone system to a hosted cloud PBX. The projects demonstrate how businesses can modernize legacy telephony infrastructure, improve operational flexibility, preserve existing hardware investments, and deliver better communication experiences with cloud-based unified communications.
.svg)
