FCC Revises Cybersecurity Requirements for Telecommunications Companies
Published on:
November 27, 2025
The FCC has reversed its January 2025 cybersecurity ruling for telecom providers, eliminating the proposed national standards and annual certification requirements under CALEA. The change reduces formal compliance obligations, but it does not lessen the risks facing carriers as cyberattacks grow more frequent and more sophisticated. The reversal underscores how essential it is for service providers to rely on platforms built with strong inherent protections.
The Federal Communications Commission (FCC) will no longer demand telecommunications companies meet minimum national cybersecurity standards.
The Communications Assistance for Law Enforcement Act (CALEA)
On January 16, 2025, the FCC, under then-President Joe Biden, announced it was taking action “to safeguard the nation’s communications systems from real and present cybersecurity threats.” This action was the adoption of a Declaratory Ruling pertaining to section 105 of the Communications Assistance for Law Enforcement Act (“CALEA”), which requires telecommunications carriers ensure their networks are secure from unlawful access or interception; the FCC also proposed a requirement for communications service providers to submit an annual certification to the FCC of their creation, update, and implementation of cybersecurity risk management plans to defend against cyberattacks. The adoption of the Declaratory Ruling took effect the day it was announced.
FCC Reverses January 16, 2025 Declaratory Ruling
On November 20, 2025, the FCC announced a “course correction” and rescinded the January 16, 2025, Declaratory Ruling, which it described in a press release as “an unlawful and ineffective prior Declaratory Ruling misconstruing CALEA.” FCC Chairman Brendan Carr declared: "in its place, we will continue our work to strengthen and harden the nation’s communications networks and infrastructure.”
Prior to voting to reverse the ruling, Carr praised the telecommunications industry’s ongoing efforts to strengthen cybersecurity, noting their efforts to harden their networks, accelerate their patching processes, disable unnecessary and redundant network connections, and increase threat hunting and information sharing.
Earlier in 2025, on March 13, the FCC announced Chairman Carr would establish the FCC Council for National Security to leverage the entirety of the Commission’s regulatory, investigatory, and enforcement authorities to promote America’s national telecommunications security. The council comprises representatives from eight Bureaus and Offices within the FCC.
The Vodia Networks Approach to Security
Vodia Networks, Inc. provides unified cloud communications solutions to enterprises, contact centers, and service providers. Our PBX software offers the most complete suite of business telephony features for on-premise and cloud telephony systems and has long been the industry standard for secure business communications.
We designed our phone system with a security-first philosophy, to protect our customers “from the basement to the penthouse.” While there are many systems that rely on open-source components, which are potentially vulnerable, our codebase is painstakingly built and managed by Vodia’s in-house development team. With Vodia there are no external dependencies, and your foundation for secure communications is as advanced as it is robust. Our PBX met the requirements of the European Union General Data Protection Regulation (GDPR) and System and Organization Control (SOC) 2 before they were even implemented.
Vodia’s commitment to innovation has always taken us beyond basic or minimum security requirements - we give our customers cutting-edge features for powerful defenses against data breaches and toll fraud. Passkey authentication, leveraging the power of public key cryptography, provides a seamless and highly secure login experience, eliminating the risk of stolen credentials, while system and domain administrators can be locked down to specific IP addresses, significantly reducing the potential for unauthorized access and shoring up your overall security posture.
We love talking about cybersecurity and data protection, and how we can provide your organization with the industry’s most cost-effective, easy-to-use, feature-rich, scalable cloud phone system. Please get in touch, dp@vodia.com, +1 (617) 861-3490.
V70 of the Vodia PBX introduces flexible service flags that help organizations automate call routing, scheduling, queue management, announcements, and communication workflows throughout the day. Service flags can be configured manually or automatically to control how calls are handled during business hours, after hours, holidays, or special events. They can also be chained together for more advanced routing logic and integrated with external calendars such as Google Calendar to support dynamic scheduling and operational flexibility across business environments.
Business communication systems have evolved rapidly, but many organizations are still dealing with fragmented tools, limited visibility, and growing operational complexity. As more platforms and channels are added, clarity often decreases, making it harder to manage workflows, respond in real time, and maintain control. A modern approach requires consolidating systems, improving visibility, and reducing noise to create a more efficient and manageable communication environment.
Explore Vodia PBX V70 in a live webinar, featuring a detailed walkthrough of the redesigned admin interface, built-in PBX analytics for real-time visibility and control, AI voice agents, automation workflows, and scalable multi-tenant performance, along with key capabilities such as snapshots, centralized remote provisioning, emergency alerts, and integrations including Jitsi Meet and WhatsApp Business, followed by a live Q&A session with the presenters.
.svg)
