Written by: Matt Beucler, CEO, Plura AI
Key Takeaways
-
The Foreign Robocall Elimination Act (S.2666) would require U.S.-bound international carriers to register in the Robocall Mitigation Database, post a surety bond of up to $100,000, cooperate with traceback requests, and implement STIR/SHAKEN authentication.
-
The bill remains pending in the 119th Congress as of May 2026, and the FCC’s parallel NPRM under CG Docket No. 26-52 signals that regulatory expectations are moving in the same direction regardless of legislative timing.5
-
Traceback cooperation and annual RMD recertification would become formal obligations, and non-compliance would trigger call blocking by downstream carriers.
-
STIR/SHAKEN attestation gaps are significant: only 21% of calls from non-tier-1 carriers are currently signed, compared with 84% between top-tier U.S. providers.
-
Plura AI’s FCC-licensed, 100% U.S. infrastructure already aligns with these requirements;1 book a live demo with Plura to map your compliance posture.
How the Foreign Robocall Elimination Act Changes Carrier Obligations
The Foreign Robocall Elimination Act (S.2666 / H.R.6152) is a pending bipartisan legislative effort in the 119th Congress that targets illegal robocall traffic entering the United States from foreign jurisdictions.2 The bill proposes concrete obligations for voice service providers and gateway providers that touch U.S.-bound international traffic. It also directs the creation of an interagency robocall enforcement task force to study call volumes, identify high-risk countries, evaluate consumer harm, and promote global adoption of call-authentication technologies.
The seven core carrier obligations proposed under the bill are:
-
Register in the FCC’s Robocall Mitigation Database (RMD)
-
Post a surety bond of up to $100,000 (unless qualifying as an established, bona fide provider)
-
Cooperate fully with traceback requests from the FCC and authorized traceback consortia
-
Implement STIR/SHAKEN (Secure Telephone Identity Revisited / Signature-based Handling of Asserted information using toKENs) caller-ID authentication on U.S.-bound international traffic
-
Maintain accurate and current RMD filings, subject to annual recertification
-
Participate in an interagency enforcement task force structure
-
Support FCC authority to block traffic from non-compliant foreign originators
The following table maps each proposed obligation to its existing regulatory foundation and shows how S.2666 builds on current FCC frameworks rather than creating entirely new requirements.
|
Proposed Obligation |
Existing FCC Rule or Order |
CFR / Docket Reference |
Status Under S.2666 |
|---|---|---|---|
|
RMD Registration |
Robocall Mitigation Database rules |
47 CFR, FCC RMD framework |
Extends to foreign gateway providers |
|
Surety Bond (up to $100,000) |
FCC NPRM bond concept |
CG Docket No. 26-52 |
Proposed, not yet enacted |
|
Traceback Cooperation |
FCC traceback and blocking authority |
CG Docket No. 26-52 |
Codifies existing FCC expectations |
|
STIR/SHAKEN Authentication |
TRACED Act implementing orders |
FCC STIR/SHAKEN framework |
Extends to international traffic |
Traceback Duties Under the Foreign Robocall Elimination Act
Traceback is the process of tracing an illegal robocall back through the call path to its point of origin. The Foreign Robocall Elimination Act would codify traceback cooperation as a formal carrier obligation and build on the FCC’s existing position that current traceback and blocking authorities, while effective, may be insufficient without economic disincentives such as bonds or tariff-style duties on unlawful foreign-originated calls.
Under the bill’s framework, voice service providers and gateway providers handling U.S.-bound international traffic would be required to respond to traceback requests from the FCC and authorized traceback consortia. Failure to cooperate would expose providers to enforcement action and potential RMD removal, and under existing FCC rules that removal triggers call blocking by downstream carriers.
Operators evaluating their traceback posture should consult qualified telecommunications counsel regarding their specific obligations under current FCC rules and any enacted provisions of S.2666.
STIR/SHAKEN Expectations for International Call Traffic
STIR/SHAKEN is the FCC-mandated caller-ID authentication framework that assigns attestation levels to outbound calls: A-level (full attestation), B-level (partial attestation), and C-level (gateway attestation). The framework was originally implemented for domestic traffic under the TRACED Act. The Foreign Robocall Elimination Act and parallel FCC rulemaking propose extending its reach to international traffic.
Robocall Mitigation Database Duties for Foreign Carriers
The Robocall Mitigation Database (RMD) is the FCC’s central registry where voice service providers certify their robocall mitigation practices. Under existing rules, voice service providers must recertify annually that their RMD information is accurate, subject to penalties for submitting false or inaccurate information.
The Foreign Robocall Elimination Act would extend RMD registration requirements to foreign gateway providers handling U.S.-bound traffic. The FCC’s draft NPRM suggests possibly requiring a bond to file in the Robocall Mitigation Database, which service providers must do to avoid call blocking, and notes that this could significantly affect the ability of smaller providers to provide service if they cannot raise the bond amount.
The FCC has also added two-factor authentication cybersecurity protections for RMD access and directed its Wireline Competition Bureau to establish a new reporting channel for deficient filings, including failures to provide accurate contact information and submission of mitigation plans that do not describe reasonable practices.
How Plura’s U.S. Carrier Stack Aligns With S.2666
Plura AI is an FCC-licensed audio-bridging carrier operating on 100% U.S. infrastructure by architecture. Voice originates on Plura’s domestic infrastructure, not through a third-party CPaaS (Communications Platform as a Service) layer. That distinction maps directly to the obligations proposed under S.2666.
Because Plura is its own FCC-licensed carrier, it operates inside the existing RMD framework as a domestic voice service provider, not as a foreign gateway provider subject to the bill’s proposed bond and registration extensions. This carrier-level architecture means STIR/SHAKEN caller-ID verification runs on every outbound voice call natively, which addresses the authentication gap S.2666 targets without relying on third-party bolt-ons. The same first-class integration applies to real-time DNC (Do Not Call) scrubbing and TCPA (Telephone Consumer Protection Act, 47 U.S.C. § 227) compliance features, which the platform enforces before each contact.2
Plura also supports SOC 2, HIPAA, ISO certification, and GDPR for operators in regulated verticals.1 Operators running on Plura’s infrastructure report 100% U.S.-handled traffic in their broadband consumer label disclosures and carry no foreign-carrier exposure under the FCC NPRM or the proposed S.2666 framework.3
For operators that currently route traffic through Twilio-based API resellers or foreign gateway providers, the compliance posture is materially different.4 Those providers inherit the RMD obligations, attestation gaps, and potential bond requirements that S.2666 targets. Plura’s carrier stack removes that foreign-gateway exposure by architecture.
Bill Status and Expected Timeline
Is S.2666 currently law? No. As of May 2026, the Foreign Robocall Elimination Act remains proposed legislation that has not been enacted.
Does the bill direct immediate FCC rulemaking? The bill directs the creation of an interagency task force to study the problem rather than imposing immediate rules. The FCC has moved in parallel, and the FCC’s March 27, 2026 NPRM (CG Docket No. 26-52) seeks comment on requiring providers that transmit calls from foreign countries to the U.S. to post bonds or pay fees to deter unlawful robocalls, with comments due 30 days after Federal Register publication and replies due 30 days after that.
What should operators do now? The legislative and regulatory trajectories are aligned. Whether S.2666 is enacted or the FCC finalizes its NPRM first, the operational direction remains the same: domestic infrastructure, RMD registration, STIR/SHAKEN authentication, and traceback cooperation. Operators should consult qualified telecommunications counsel to assess their current exposure under both the pending bill and the active NPRM proceeding.
Conclusion
The Foreign Robocall Elimination Act (S.2666) proposes a concrete set of carrier obligations that build directly on existing FCC rules governing the Robocall Mitigation Database, STIR/SHAKEN authentication, and traceback cooperation. The bill remains pending as of May 2026, and the FCC’s parallel NPRM activity under CG Docket No. 26-52 signals that the regulatory direction is set regardless of the bill’s final legislative path.
For compliance officers and contact-center leaders evaluating their infrastructure posture, the central issue is whether their current carrier stack carries foreign-gateway exposure. Plura AI’s FCC-licensed audio-bridging carrier, 100% U.S. infrastructure by architecture, and built-in SHAKEN/STIR caller-ID verification, TCPA compliance, and DNC compliance features position it as a domestic infrastructure option that supports the compliance posture S.2666 and the FCC NPRM are moving toward.
Plura supports customer compliance. Customers remain responsible for their own obligations under applicable law.
Run your numbers through Plura’s calculator to check your ROI in real time.
Compare plans and rates side by side at plura.ai/pricing.
Frequently Asked Questions
What carriers and providers does the Foreign Robocall Elimination Act apply to?
The bill targets voice service providers and gateway providers that handle U.S.-bound international calls. This group includes international gateway providers that route foreign-originated traffic onto the U.S. public switched telephone network. Domestic voice service providers already operating under FCC licensing and RMD registration requirements are positioned differently from foreign gateway providers, which the bill specifically seeks to bring under a bonding and registration framework. Operators should consult telecommunications counsel to determine how their specific network architecture maps to the bill’s definitions.
How does the proposed $100,000 surety bond work under S.2666?
The bill proposes requiring voice service providers handling U.S.-bound international calls to post a surety bond of up to $100,000 unless they qualify as established, bona fide providers. The FCC’s parallel NPRM under CG Docket No. 26-52 seeks comment on bond amounts, drawdown triggers, due-process protections, replenishment duties, and program administration. The bond concept functions as an economic deterrent, and providers that transmit illegal robocall traffic would be subject to bond draws tied to enforcement actions. The FCC has noted that bond requirements could affect smaller providers’ ability to operate if they cannot raise the required amount. Neither the bill nor the NPRM has been finalized as of May 2026.
What is the current state of STIR/SHAKEN compliance for international traffic?
STIR/SHAKEN was originally implemented for domestic U.S. call traffic under the TRACED Act. For international traffic, the attestation gap remains significant, and as noted earlier, the attestation gap between tier-1 carriers (84% signed) and non-tier-1 carriers (21% signed) in the first half of 2025 illustrates the enforcement surface S.2666 targets. The Foreign Robocall Elimination Act and the FCC’s December 2025 rulemaking both propose extending STIR/SHAKEN requirements to cover U.S.-bound international calls and prohibiting spoofing of U.S. telephone numbers for calls originating abroad. Operators handling international traffic should assess their current attestation practices and consult counsel regarding emerging obligations.
How does Plura’s infrastructure support compliance with the obligations proposed under S.2666?
Plura AI operates as an FCC-licensed audio-bridging carrier on 100% U.S. infrastructure by architecture. Voice origination, model hosting, data storage, and call recording all run on domestic infrastructure. SHAKEN/STIR caller-ID verification runs at the carrier level on every outbound call. The platform includes built-in TCPA compliance, DNC compliance, SOC 2, HIPAA, ISO certification, and GDPR support.1 Because Plura is a domestic FCC-licensed carrier rather than a foreign gateway provider, it operates inside the existing RMD framework rather than being subject to the proposed bond and registration extensions that S.2666 targets at foreign-originating providers. Plura supports customer compliance; customers remain responsible for their own regulatory obligations.
What should operators do while S.2666 is still pending?
The bill’s pending status does not remove near-term compliance exposure. The FCC’s NPRM under CG Docket No. 26-52 is an active rulemaking proceeding with comment deadlines already in motion, and existing RMD rules with annual recertification requirements and financial penalties are already in effect. Operators should audit their current carrier stack to identify any foreign-gateway dependencies, confirm their RMD registration and recertification status, assess their STIR/SHAKEN attestation coverage on international traffic, and engage qualified telecommunications counsel to evaluate their posture under both the pending bill and the active NPRM. Operators seeking a domestic infrastructure option that supports this compliance posture can review Plura’s carrier stack and platform capabilities.
1 Plura AI maintains SOC 2, HIPAA, ISO, and GDPR posture as part of its platform infrastructure. References to compliance frameworks in this article describe Plura’s platform capabilities and do not constitute a guarantee that any customer using Plura will themselves be compliant with applicable laws or standards. Customers remain solely responsible for their own regulatory obligations, certifications, consent management, recordkeeping, and the claims they make to their own end users. Consult qualified legal counsel for guidance specific to your use case.
2 This article describes regulatory frameworks at a general level and does not constitute legal advice. Laws and regulations vary by jurisdiction, change over time, and apply differently depending on facts and circumstances. Readers should consult qualified legal counsel before making compliance decisions.
3 Performance figures, customer outcomes, and industry statistics referenced in this article are drawn from cited third-party sources or Plura customer case studies. Individual results vary based on implementation, use case, industry, audience, and execution. Past or aggregate performance is not a guarantee of future results.
4 References to third-party products, services, companies, or research are made for informational and comparative purposes only. Plura AI is not affiliated with, endorsed by, or sponsored by any third party named in this article unless explicitly stated. Trademarks and product names referenced remain the property of their respective owners.
5 This article contains forward-looking statements regarding industry trends, technology adoption, and future capabilities. These statements reflect current expectations and are subject to change. Plura AI undertakes no obligation to update forward-looking statements except as required.
This article is provided for informational purposes only and reflects Plura AI’s understanding at the time of publication. Product capabilities, integrations, and specifications are subject to change. For the most current information, visit plura.ai.
This article was produced with the assistance of AI tools and reviewed by Plura AI prior to publication.