FCC Revises Cybersecurity Requirements for Telecommunications Companies
Published on:
November 27, 2025
The FCC has reversed its January 2025 cybersecurity ruling for telecom providers, eliminating the proposed national standards and annual certification requirements under CALEA. The change reduces formal compliance obligations, but it does not lessen the risks facing carriers as cyberattacks grow more frequent and more sophisticated. The reversal underscores how essential it is for service providers to rely on platforms built with strong inherent protections.
The Federal Communications Commission (FCC) will no longer demand telecommunications companies meet minimum national cybersecurity standards.
The Communications Assistance for Law Enforcement Act (CALEA)
On January 16, 2025, the FCC, under then-President Joe Biden, announced it was taking action “to safeguard the nation’s communications systems from real and present cybersecurity threats.” This action was the adoption of a Declaratory Ruling pertaining to section 105 of the Communications Assistance for Law Enforcement Act (“CALEA”), which requires telecommunications carriers ensure their networks are secure from unlawful access or interception; the FCC also proposed a requirement for communications service providers to submit an annual certification to the FCC of their creation, update, and implementation of cybersecurity risk management plans to defend against cyberattacks. The adoption of the Declaratory Ruling took effect the day it was announced.
FCC Reverses January 16, 2025 Declaratory Ruling
On November 20, 2025, the FCC announced a “course correction” and rescinded the January 16, 2025, Declaratory Ruling, which it described in a press release as “an unlawful and ineffective prior Declaratory Ruling misconstruing CALEA.” FCC Chairman Brendan Carr declared: "in its place, we will continue our work to strengthen and harden the nation’s communications networks and infrastructure.”
Prior to voting to reverse the ruling, Carr praised the telecommunications industry’s ongoing efforts to strengthen cybersecurity, noting their efforts to harden their networks, accelerate their patching processes, disable unnecessary and redundant network connections, and increase threat hunting and information sharing.
Earlier in 2025, on March 13, the FCC announced Chairman Carr would establish the FCC Council for National Security to leverage the entirety of the Commission’s regulatory, investigatory, and enforcement authorities to promote America’s national telecommunications security. The council comprises representatives from eight Bureaus and Offices within the FCC.
The Vodia Networks Approach to Security
Vodia Networks, Inc. provides unified cloud communications solutions to enterprises, contact centers, and service providers. Our PBX software offers the most complete suite of business telephony features for on-premise and cloud telephony systems and has long been the industry standard for secure business communications.
We designed our phone system with a security-first philosophy, to protect our customers “from the basement to the penthouse.” While there are many systems that rely on open-source components, which are potentially vulnerable, our codebase is painstakingly built and managed by Vodia’s in-house development team. With Vodia there are no external dependencies, and your foundation for secure communications is as advanced as it is robust. Our PBX met the requirements of the European Union General Data Protection Regulation (GDPR) and System and Organization Control (SOC) 2 before they were even implemented.
Vodia’s commitment to innovation has always taken us beyond basic or minimum security requirements - we give our customers cutting-edge features for powerful defenses against data breaches and toll fraud. Passkey authentication, leveraging the power of public key cryptography, provides a seamless and highly secure login experience, eliminating the risk of stolen credentials, while system and domain administrators can be locked down to specific IP addresses, significantly reducing the potential for unauthorized access and shoring up your overall security posture.
We love talking about cybersecurity and data protection, and how we can provide your organization with the industry’s most cost-effective, easy-to-use, feature-rich, scalable cloud phone system. Please get in touch, dp@vodia.com, +1 (617) 861-3490.
The New York City Department of Education has issued a Request for Expression of Interest signaling its intent to modernize district-wide communications by moving away from legacy landline PBX systems. Serving 1.1 million students across 1,800 schools, the proposed transition to a cloud-based VoIP platform focuses on resiliency, scalability, multilingual capabilities, hybrid deployment options, and integration with Microsoft Teams for more than 150,000 staff members.
Hospitality is undergoing a major shift as AI and cloud telephony reshape guest interactions. In this podcast, Christian Stredicke discusses which changes genuinely improve hotel operations and guest experience, why room phones still matter, and how modern PBXs can balance automation with the human touch that defines real hospitality. He also examines on-prem versus cloud deployments, renovation timing, emergency calling, and the ways the right system can reduce costs while raising service quality.
Vodia and Htek are hosting a joint webinar to showcase the seamless compatibility between the Vodia PBX and Htek’s full IP phone lineup, including the UCV(Pro) smart video series and UC900 business phones. Eric Altman and Hector Hao will present key insights on product capabilities, cost-effective deployment, industry use cases, and provisioning workflows, with Stephen Yu joining for live Q&A. Attendees will learn how the combined Vodia Htek solution delivers a powerful, scalable communications experience for education, hospitality, and other sectors.
.svg)
