\n\n

On July 8, 2026, the Federal Communications Commission (FCC) Enforcement Bureau entered into a consent decree with Voximplant, Inc., a voice and video call platform, to resolve an investigation into whether the company failed to comply with the FCC’s robocall mitigation rules. The FCC’s robocall mitigation framework is designed to make the voice calling ecosystem more transparent and help law enforcement identify and stop illegal robocall traffic more efficiently.

A central part of that framework is the Robocall Mitigation Database (RMD), where covered voice service providers must file certifications and robocall mitigation plans describing how they address illegal robocall traffic, such as spoofed and spam calls. The FCC’s rules also require providers to submit information about their business identity, responsible contacts, role in the call chain, caller ID authentication practices, enforcement history, and commitment to respond within 24 hours to traceback requests seeking to identify the source and path of suspected illegal calls.

Under the consent decree, Voximplant admitted that its RMD certification was noncompliant and agreed to implement a compliance plan. The FCC found that Voximplant had not updated its RMD certification and robocall mitigation plan after amended requirements took effect. The consent decree also notes that, after Voximplant was removed from the RMD, it was identified in 20 tracebacks as the originating provider for suspected illegal robocalls. For the FCC, the issue was not only that Voximplant’s RMD filing was deficient, but that the suspected illegal robocall traffic was being traced back to Voximplant’s network, and the missing RMD information concerned the safeguards providers must document to show how they prevent that kind of traffic.

The consent decree requires Voximplant to operationalize robocall compliance through a senior compliance officer, written procedures, employee training, periodic reporting, and prompt updates to its RMD certification. It also requires 24-hour traceback responses and enhanced diligence on customers and upstream providers, including verifying customer identity and confirming that upstream providers have active RMD certifications. These obligations underscore that providers should treat robocall mitigation as an ongoing compliance function.

The FCC’s consent decree came one day after 49 State Attorneys General urged the FCC to tighten oversight of the numbering practices that help bad actors disguise illegal robocalls. Their concern was that, as caller ID protections have made basic spoofing harder, scammers have adapted by using real or easily obtained phone numbers to make fraudulent calls look legitimate. The Attorneys General supported stronger certification, reporting, tracing, and diligence requirements for companies that obtain, assign, or resell numbers, with a particular focus on practices that let callers rotate through numbers or use trial numbers to evade detection.

Together, the FCC consent decree and the Attorneys General letter point to a broader enforcement shift: regulators are scrutinizing not only what providers certify, but how they police the traffic moving through their networks. For voice providers, robocall compliance now turns on whether they can show active controls, including accurate filings, documented mitigation practices, prompt traceback responses, and diligence on customers and counterparties. When illegal traffic starts ringing alarms, regulators expect providers to pick up.