FCC Revises Cybersecurity Requirements for Telecommunications Companies
Published on:
November 27, 2025
The FCC has reversed its January 2025 cybersecurity ruling for telecom providers, eliminating the proposed national standards and annual certification requirements under CALEA. The change reduces formal compliance obligations, but it does not lessen the risks facing carriers as cyberattacks grow more frequent and more sophisticated. The reversal underscores how essential it is for service providers to rely on platforms built with strong inherent protections.
The Federal Communications Commission (FCC) will no longer demand telecommunications companies meet minimum national cybersecurity standards.
The Communications Assistance for Law Enforcement Act (CALEA)
On January 16, 2025, the FCC, under then-President Joe Biden, announced it was taking action “to safeguard the nation’s communications systems from real and present cybersecurity threats.” This action was the adoption of a Declaratory Ruling pertaining to section 105 of the Communications Assistance for Law Enforcement Act (“CALEA”), which requires telecommunications carriers ensure their networks are secure from unlawful access or interception; the FCC also proposed a requirement for communications service providers to submit an annual certification to the FCC of their creation, update, and implementation of cybersecurity risk management plans to defend against cyberattacks. The adoption of the Declaratory Ruling took effect the day it was announced.
FCC Reverses January 16, 2025 Declaratory Ruling
On November 20, 2025, the FCC announced a “course correction” and rescinded the January 16, 2025, Declaratory Ruling, which it described in a press release as “an unlawful and ineffective prior Declaratory Ruling misconstruing CALEA.” FCC Chairman Brendan Carr declared: "in its place, we will continue our work to strengthen and harden the nation’s communications networks and infrastructure.”
Prior to voting to reverse the ruling, Carr praised the telecommunications industry’s ongoing efforts to strengthen cybersecurity, noting their efforts to harden their networks, accelerate their patching processes, disable unnecessary and redundant network connections, and increase threat hunting and information sharing.
Earlier in 2025, on March 13, the FCC announced Chairman Carr would establish the FCC Council for National Security to leverage the entirety of the Commission’s regulatory, investigatory, and enforcement authorities to promote America’s national telecommunications security. The council comprises representatives from eight Bureaus and Offices within the FCC.
The Vodia Networks Approach to Security
Vodia Networks, Inc. provides unified cloud communications solutions to enterprises, contact centers, and service providers. Our PBX software offers the most complete suite of business telephony features for on-premise and cloud telephony systems and has long been the industry standard for secure business communications.
We designed our phone system with a security-first philosophy, to protect our customers “from the basement to the penthouse.” While there are many systems that rely on open-source components, which are potentially vulnerable, our codebase is painstakingly built and managed by Vodia’s in-house development team. With Vodia there are no external dependencies, and your foundation for secure communications is as advanced as it is robust. Our PBX met the requirements of the European Union General Data Protection Regulation (GDPR) and System and Organization Control (SOC) 2 before they were even implemented.
Vodia’s commitment to innovation has always taken us beyond basic or minimum security requirements - we give our customers cutting-edge features for powerful defenses against data breaches and toll fraud. Passkey authentication, leveraging the power of public key cryptography, provides a seamless and highly secure login experience, eliminating the risk of stolen credentials, while system and domain administrators can be locked down to specific IP addresses, significantly reducing the potential for unauthorized access and shoring up your overall security posture.
We love talking about cybersecurity and data protection, and how we can provide your organization with the industry’s most cost-effective, easy-to-use, feature-rich, scalable cloud phone system. Please get in touch, dp@vodia.com, +1 (617) 861-3490.
Outbound AI Voice Agents in Vodia Version 70 enable automated voice outreach powered by OpenAI’s Realtime API. Organizations can schedule campaigns, trigger AI-driven calls through simple API requests, and manage conversations that confirm appointments, update customers, or collect feedback. With dedicated voice agent extensions, dynamic variables, custom tools, and webhook integration, the system supports scalable, intelligent call workflows while maintaining consistent customer communication.
Vodia PBX now supports the Cisco IP Phone Series 9800 running Multiplatform (MPP / 3PCC) firmware, Cisco’s latest flagship IP phone lineup. The devices can be onboarded and managed directly within the PBX, including configuration and firmware control, allowing organizations to continue using Cisco hardware in on-premises or cloud deployments. Supported models, firmware types, and recommended upgrade methods for Cisco MPP provisioning are also outlined.
The new Vodia Partner Portal and Partner Program provide a streamlined, self-service way for partners to license, sell, and deploy Vodia PBX solutions more efficiently. Shaped by partner feedback, the portal brings license management, partner levels, pre-qualified leads, marketing resources, and access to professional services into one place. Partner certification unlocks progression beyond onboarding, while a welcome package rewards partners at first login.
.svg)
