Announcement

FCC Revises Cybersecurity Requirements for Telecommunications Companies

Published on:

November 27, 2025

The FCC has reversed its January 2025 cybersecurity ruling for telecom providers, eliminating the proposed national standards and annual certification requirements under CALEA. The change reduces formal compliance obligations, but it does not lessen the risks facing carriers as cyberattacks grow more frequent and more sophisticated. The reversal underscores how essential it is for service providers to rely on platforms built with strong inherent protections.

The Federal Communications Commission (FCC) will no longer demand telecommunications companies meet minimum national cybersecurity standards. 

The Communications Assistance for Law Enforcement Act (CALEA)

On January 16, 2025, the FCC, under then-President Joe Biden, announced it was taking action “to safeguard the nation’s communications systems from real and present cybersecurity threats.” This action was the adoption of a Declaratory Ruling pertaining to section 105 of the Communications Assistance for Law Enforcement Act (“CALEA”), which requires telecommunications carriers ensure their networks are secure from unlawful access or interception; the FCC also proposed a requirement for communications service providers to submit an annual certification to the FCC of their creation, update, and implementation of cybersecurity risk management plans to defend against cyberattacks. The adoption of the Declaratory Ruling took effect the day it was announced.  

FCC Reverses January 16, 2025 Declaratory Ruling

On November 20, 2025, the FCC announced a “course correction” and rescinded the January 16, 2025, Declaratory Ruling, which it described in a press release as “an unlawful and ineffective prior Declaratory Ruling misconstruing CALEA.” FCC Chairman Brendan Carr declared: "in its place, we will continue our work to strengthen and harden the nation’s communications networks and infrastructure.”  

Earlier in autumn, the CTIA, the NCTA, and USTelecom filed a Petition for reconsideration of the January 26, 2025 Declaratory Ruling; the petition argued the ruling “misinterpreted CALEA, was procedurally improper, and constituted arbitrary, capricious, and misguided policy.”

The FCC Council for National Security

Prior to voting to reverse the ruling, Carr praised the telecommunications industry’s ongoing efforts to strengthen cybersecurity, noting their efforts to harden their networks, accelerate their patching processes, disable unnecessary and redundant network connections, and increase threat hunting and information sharing.

Earlier in 2025, on March 13, the FCC announced Chairman Carr would establish the FCC Council for National Security to leverage the entirety of the Commission’s regulatory, investigatory, and enforcement authorities to promote America’s national telecommunications security. The council comprises representatives from eight Bureaus and Offices within the FCC.  

The Vodia Networks Approach to Security

Vodia Networks, Inc. provides unified cloud communications solutions to enterprises, contact centers, and service providers. Our PBX software offers the most complete suite of business telephony features for on-premise and cloud telephony systems and has long been the industry standard for secure business communications. 

We designed our phone system with a security-first philosophy, to protect our customers “from the basement to the penthouse.” While there are many systems that rely on open-source components, which are potentially vulnerable, our codebase is painstakingly built and managed by Vodia’s in-house development team. With Vodia there are no external dependencies, and your foundation for secure communications is as advanced as it is robust. Our PBX met the requirements of the European Union General Data Protection Regulation (GDPR) and System and Organization Control (SOC) 2 before they were even implemented. 

Vodia’s commitment to innovation has always taken us beyond basic or minimum security requirements - we give our customers cutting-edge features for powerful defenses against data breaches and toll fraud. Passkey authentication, leveraging the power of public key cryptography, provides a seamless and highly secure login experience, eliminating the risk of stolen credentials, while system and domain administrators can be locked down to specific IP addresses, significantly reducing the potential for unauthorized access and shoring up your overall security posture.

We love talking about cybersecurity and data protection, and how we can provide your organization with the industry’s most cost-effective, easy-to-use, feature-rich, scalable cloud phone system. Please get in touch, dp@vodia.com, +1 (617) 861-3490.

Latest Articles

View All

Manually Provisioning a Cisco 3PCC Phone in the Vodia PBX

Vodia now supports provisioning for Cisco 3PCC phones, giving businesses and service providers a clearer way to connect compatible Cisco multiplatform IP phones to the Vodia PBX. Admins can add supported Cisco devices through Vodia Device Management, pair them with extensions, and configure provisioning settings through the phone’s web interface. This expands Vodia’s supported device ecosystem while helping customers continue using trusted Cisco IP phones within their existing business phone system.

July 9, 2026

Vodia Hub brings click-to-call and call control to every Windows workspace

Vodia Hub brings click to call and desktop call control to Windows, making it easier for users to place, answer, manage, and automate calls from the applications they already use every day. With system wide tel: link handling, inbound call screen pops, queue details, and automation support, Vodia Hub helps connect the Vodia PBX with Outlook, CRMs, browsers, documents, and other Windows tools. Users can keep working without manually copying phone numbers, opening the user portal, or switching between applications just to handle a call.

July 7, 2026

Desk phones, mobile apps, or both? Choosing the right setup for business calls

Desk phones and mobile apps both have a place in modern business communications. IP desk phones remain a strong choice for receptionists, support teams, customer service agents, and employees who handle a high volume of calls from a fixed location. Mobile apps, on the other hand, give remote, hybrid, and field-based users access to their business extension wherever they work. For many organizations, the best answer is not choosing one over the other, but using both through the same PBX environment so every user has the right calling tool for their role.

July 2, 2026