Keep Call Centers in America Act: Key Rules Explained

Q: What is the 30% offshore threshold in the FCC NPRM, and does it apply to AI tools?

The FCCs April 23, 2026 NPRM (CG Docket No. 26-52) proposes limiting the percentage of customer service calls that covered providers may route to or answer at foreign call centers, using 30% as an illustrative threshold. The cap is subject to public comment, including whether it should apply separately to inbound and outbound calls or on a combined basis. The 30% cap does not apply to calls involving sensitive data, because those interactions face an outright offshore prohibition, as detailed earlier. The FCC is also seeking comment on whether these rules should extend to chat, text, and email channels. AI tools that run on foreign infrastructure or route calls through non-U.S. carriers may fall within the scope of these rules depending on how the final rule defines foreign call center. Operators using AI tools should assess where those tools infrastructure, model hosting, and data storage are located and consult qualified counsel for guidance specific to their situation.

Q: What is the Wall of Shame, and what are the financial consequences of being listed?

The Wall of Shame is the informal name for the public list that S.2495 directs the Department of Labor to publish, identifying employers that relocate significant call center work overseas. Employers on the list become ineligible for certain federal grants and loan programs. For operators in healthcare, financial services, government contracting, or any vertical that depends on federal funding, this creates a direct financial consequence rather than a purely reputational issue. The listing mechanism operates independently of FCC enforcement, so an operator could satisfy FCC disclosure requirements and still face DOL listing and funding ineligibility under S.2495 if the bill is enacted. The 120-day advance notice requirement functions as the primary procedural mechanism for avoiding the list.

Written by: Matt Beucler, CEO, Plura AI

Key Takeaways for High-Volume Contact Centers

The Keep Call Centers in America Act (S.2495) and FCC NPRM add a 120-day DOL notice, consumer disclosure, a public “Wall of Shame,” and a 30% offshore call-volume cap for operators using foreign call centers or AI.
Sensitive consumer data such as passwords, SSNs, and bank details faces a proposed outright prohibition on offshore handling regardless of volume under the FCC rules.
Operators face layered obligations from federal legislation, FCC regulation, and five state laws, with potential penalties up to $10,000 per day or loss of federal funding eligibility.
Companies running 100% U.S. infrastructure avoid offshore-volume thresholds, disclosure triggers tied to foreign handling, and DOL notice requirements.
Plura AI delivers an FCC-licensed, 100% U.S.-infrastructure platform that removes offshore exposure from your footprint, and you can schedule a live demo to review your current environment.

Executive Summary for Contact Center and CX Leaders

Two parallel regulatory tracks now focus on offshore call center operations and foreign-infrastructure AI tools that replace or augment them. The first track is legislative. S.2495, the Keep Call Centers in America Act of 2025, remains pending in Congress and would apply to all businesses using offshore call centers, not only FCC-regulated communications providers.² The second track is regulatory. The FCC’s April 23, 2026 NPRM (FCC 26-16), published in the Federal Register, proposes a 30% offshore cap, mandatory consumer disclosures, sensitive-data restrictions, and foreign-adversary prohibitions for covered communications providers.²

For contact center leaders, compliance officers, and C-suite executives at high-volume operators, the combined exposure is material. Risk spans reputational damage from public listing, loss of federal grant and loan eligibility, per-call disclosure obligations, and potential vicarious liability for third-party offshore vendors. Operators whose infrastructure is 100% domestic by architecture remove the offshore-threshold question entirely and simplify their risk profile.

See how a 100% U.S. footprint compares to your current call routing in a live Plura demo.

How the FCC’s 30% Offshore Threshold Works

The FCC NPRM uses 30% as an illustrative cap on the percentage of customer service calls that covered providers may route to or answer at foreign call centers. The April 23, 2026 Federal Register filing seeks comment on whether the cap should apply separately to inbound and outbound calls or on a combined basis, the appropriate measurement period, and potential phase-in timelines.

Calls involving sensitive consumer data are excluded from the cap calculation entirely and face a flat prohibition on offshore handling. Sensitive data categories named in the NPRM include passwords, password reset credentials, multi-factor authentication (MFA) codes, Social Security numbers (SSNs), bank account numbers, and credit card numbers.

Operators currently running 40% or more of call volume through offshore BPOs face immediate exposure under the proposed 30% threshold. These operators need current volume mapping against the proposed rule, not a long-range planning exercise.

120-Day Notice Requirements and Penalties

Under S.2495, companies planning to move call center operations offshore must give the DOL at least 120 days’ notice before the move. This requirement functions as a pre-move obligation that applies to any employer relocating significant call center work outside the United States.

The FCC NPRM adds a parallel compliance-reporting layer for covered providers. The FCC seeks comment on reporting frequency and public availability and proposes enhancements to its informal complaint system to track call-center and customer service complaints more efficiently.

Operators that fail to file the 120-day notice under S.2495 face DOL listing consequences. Operators that fail to meet FCC reporting requirements face the Commission’s existing enforcement authority under Communications Act Sections 201(b), 222, and 251(e), as cited in the NPRM.

Public “Wall of Shame” and Federal Funding Risk

S.2495 directs the DOL to publish a public list of employers that relocate significant call center work overseas. Companies on that list become ineligible for certain federal grants and loan programs. For operators in healthcare, financial services, or government-adjacent verticals that depend on federal funding streams, this creates a direct balance-sheet risk.

The funding-freeze mechanism functions as a financial enforcement lever that operates independently of any FCC penalty structure. An operator could be in technical compliance with FCC disclosure rules and still face federal funding ineligibility under S.2495 if the DOL determines that significant call center work has moved offshore without proper notice. Operators with federal contracts face an additional layer because S.2495 requires that federal contract-related call center work be performed inside the United States.

Consumer and AI Disclosure Obligations

The point-of-contact disclosure described earlier applies to both human offshore agents and AI systems. S.2495 does not distinguish between the two, so both trigger the same obligation.

The FCC NPRM adds a mandatory verbal disclosure at the beginning of each call handled by a foreign call center. That disclosure must include the country name and notification of the right to request transfer to a U.S. representative.

For operators using AI tools with foreign infrastructure dependencies, the AI disclosure mandate in S.2495 becomes a key design constraint. Any AI system running on foreign infrastructure is treated the same as a human offshore agent for disclosure purposes.

Overlap with FCC NPRM CG Docket No. 26-52 and State Laws

Because S.2495 and the FCC NPRM impose separate but overlapping obligations, operators may face compliance requirements from multiple enforcement authorities at the same time. The FCC NPRM (CG Docket No. 26-52) and S.2495 operate in parallel rather than one displacing the other. An operator subject to both faces layered obligations from two separate enforcement authorities.

State laws add a third layer of rules. Five states have enacted active call-center onshoring or sensitive-data restriction laws as of May 2026:

New York’s Call Center Jobs Act imposes penalties up to $10,000 per day for covered violations (per Littler/JD Supra coverage).
New Jersey’s statute mirrors New York’s framework (per NJ.gov).
Connecticut’s state-contract rules restrict offshore handling for state-contract work (per Connecticut General Assembly).
Missouri’s offshore-disclosure executive order requires disclosure of offshore call center use (per Missouri Office of Administration).
Florida’s medical-information offshoring restrictions limit offshore handling of medical data.

The FCC is also seeking comment on extending its proposed rules beyond voice to online chat, text, and email channels, per the Federal Register filing. If adopted, that extension would bring SMS, RCS, and webchat interactions under the same offshore-handling restrictions currently proposed for voice. Operators should consult qualified counsel on their specific obligations under each applicable framework.

How 100% U.S. Infrastructure Reduces Offshore Risk

The threshold question under both S.2495 and the FCC NPRM is whether call center work is being performed offshore. Operators whose infrastructure is 100% domestic by architecture do not cross that threshold. They have no offshore volume to cap, no foreign-handling disclosure to trigger, no DOL notice to file, and no Wall of Shame listing tied to offshore relocation.

Plura AI is an FCC-licensed platform running voice, SMS, RCS (Rich Communication Services), and webchat on 100% U.S. infrastructure. Because voice origination, model hosting, data storage, and call recording all sit on domestic infrastructure, there is no offshore component to trigger the 30% cap or sensitive-data prohibition. Plura owns its own FCC-licensed audio bridging carrier rather than routing through a third-party CPaaS (Communications Platform as a Service), which removes third-party offshore routing risk. That architecture means Plura clients can report 100% U.S.-handled interactions in their broadband consumer label disclosures.

Plura Security & Compliance dashboard highlighting SOC 2, ISO, and GDPR standards with secure trust verification management. — *Plura Security & Compliance supports SOC 2, ISO, and GDPR standards with trust registration, verification management, and secure AI communications.*

Plura’s compliance engine supports TCPA (Telephone Consumer Protection Act) compliance, DNC (Do Not Call) compliance, HIPAA (Health Insurance Portability and Accountability Act) alignment, SOC 2 certification, ISO certification, GDPR (General Data Protection Regulation) coverage, and SHAKEN/STIR (Secure Handling of Asserted information using toKENs / Secure Telephone Identity Revisited) caller ID verification on every outbound call.¹ Customers remain responsible for their own regulatory obligations and certifications. Plura provides the infrastructure, and compliance posture downstream remains the customer’s responsibility.

Screenshot of Plura’s fully compliant AI communications platform showing business registration and phone number provisioning workflows for AI Voice, SMS, RCS, and Webchat communication automation. — *Plura’s FCC-licensed AI communications platform simplifies compliant business registration and phone number provisioning for AI Voice, SMS, RCS, and Webchat workflows.*

Map your offshore exposure against the S.2495 and FCC NPRM frameworks in a live Plura platform walkthrough.

Comparing Offshore BPO, Twilio-Based AI, and Plura

Risk Factor	Offshore BPO	Twilio-Based AI Reseller⁴	Plura (100% U.S. Infrastructure)
S.2495 Wall of Shame exposure	Yes, if significant work moves offshore	Depends on where model hosting and data storage sit	No, all infrastructure is domestic
FCC NPRM 30% cap exposure	Yes, for covered communications providers above threshold	Depends on carrier routing and infrastructure location	No, voice originates on Plura’s FCC-licensed U.S. carrier
Sensitive-data offshore prohibition	Yes, passwords, SSN, bank/card data cannot be handled offshore under proposed rule	Depends on where data is processed and stored	No, data storage and processing are on U.S. infrastructure
120-day DOL notice obligation	Yes, for planned offshore transitions under S.2495	Not directly, but foreign infrastructure dependencies may trigger disclosure obligations	No, no offshore transition to report
Consumer AI disclosure trigger	Yes, for AI interactions under S.2495	Yes, if AI runs on foreign infrastructure	Disclosure obligations depend on the operator’s configuration, and Plura’s infrastructure is domestic
Foreign-adversary prohibition	Yes, for centers in China, Russia, Iran, North Korea, Cuba, Venezuela per FCC NPRM	Depends on model and infrastructure origin	No, Plura operates on U.S. infrastructure only
TCPA/DNC compliance support	Varies by vendor, typically bolted on	Varies, often a third-party add-on	Built into the platform with real-time DNC scrubbing and an immutable consent ledger

Note: The risk assessments above reflect the proposed rules as of May 2026. Final rules may differ. Operators should consult qualified counsel on their specific exposure.

FAQ

What is the Keep Call Centers in America Act (S.2495) and who does it cover?

S.2495, the Keep Call Centers in America Act of 2025, is pending federal legislation that would apply to all businesses using offshore call centers, not just FCC-regulated communications providers. It requires employers to give the Department of Labor at least 120 days’ notice before moving significant call center work offshore, mandates consumer disclosure when customers are speaking with an offshore agent or interacting with AI, creates a public DOL list of employers that offshore significant call center work, restricts those listed employers from receiving certain federal grants and loans, and requires that federal contract-related call center work be performed inside the United States. The bill’s scope is broader than the FCC NPRM, which applies only to telecommunications carriers, VoIP providers, cable operators, and satellite broadcasters under FCC jurisdiction.

What is the 30% offshore threshold in the FCC NPRM, and does it apply to AI tools?

The FCC’s April 23, 2026 NPRM (CG Docket No. 26-52) proposes limiting the percentage of customer service calls that covered providers may route to or answer at foreign call centers, using 30% as an illustrative threshold. The cap is subject to public comment, including whether it should apply separately to inbound and outbound calls or on a combined basis. The 30% cap does not apply to calls involving sensitive data, because those interactions face an outright offshore prohibition, as detailed earlier. The FCC is also seeking comment on whether these rules should extend to chat, text, and email channels. AI tools that run on foreign infrastructure or route calls through non-U.S. carriers may fall within the scope of these rules depending on how the final rule defines “foreign call center.” Operators using AI tools should assess where those tools’ infrastructure, model hosting, and data storage are located and consult qualified counsel for guidance specific to their situation.

What is the Wall of Shame, and what are the financial consequences of being listed?

The “Wall of Shame” is the informal name for the public list that S.2495 directs the Department of Labor to publish, identifying employers that relocate significant call center work overseas. Employers on the list become ineligible for certain federal grants and loan programs. For operators in healthcare, financial services, government contracting, or any vertical that depends on federal funding, this creates a direct financial consequence rather than a purely reputational issue. The listing mechanism operates independently of FCC enforcement, so an operator could satisfy FCC disclosure requirements and still face DOL listing and funding ineligibility under S.2495 if the bill is enacted. The 120-day advance notice requirement functions as the primary procedural mechanism for avoiding the list.

How does Plura AI support operators navigating S.2495 and FCC NPRM obligations?

As described earlier, Plura operates on 100% U.S. infrastructure, so voice, SMS, RCS, and webchat all originate and process domestically. This architecture eliminates the offshore volume thresholds, sensitive-data prohibitions, and foreign-adversary restrictions proposed in the FCC NPRM. Plura’s platform supports TCPA compliance, DNC compliance, HIPAA alignment, SOC 2 certification, ISO certification, GDPR coverage, and SHAKEN/STIR caller ID verification. Customers remain responsible for their own regulatory obligations and certifications. Plura provides the infrastructure, and operators should consult qualified counsel to evaluate their specific obligations under S.2495, the FCC NPRM, and applicable state laws.

What state laws overlap with S.2495 and the FCC NPRM on offshore call center operations?

Five U.S. states have enacted active call-center onshoring or sensitive-data restriction laws as of May 2026. New York’s Call Center Jobs Act imposes penalties up to $10,000 per day for covered violations. New Jersey has enacted a mirror statute. Connecticut restricts offshore handling for state-contract work. Missouri’s executive order requires disclosure of offshore call center use. Florida restricts offshore handling of medical information. These state laws operate independently of S.2495 and the FCC NPRM, so operators may face obligations under all three frameworks simultaneously, depending on where they operate and what data they handle. The FCC is also seeking comment on extending its proposed rules to chat, text, and email channels, which would expand the overlap with state laws that already address non-voice channels. Operators should engage qualified counsel to map their specific state-law exposure.

Run your numbers through Plura’s calculator to check your ROI in real time.³ plura.ai/calculator

Compare plans and rates side by side. plura.ai/pricing

¹ Plura AI maintains SOC 2, HIPAA, ISO, and GDPR posture as part of its platform infrastructure. References to compliance frameworks in this article describe Plura’s platform capabilities and do not constitute a guarantee that any customer using Plura will themselves be compliant with applicable laws or standards. Customers remain solely responsible for their own regulatory obligations, certifications, consent management, recordkeeping, and the claims they make to their own end users. Consult qualified legal counsel for guidance specific to your use case.

² This article describes regulatory frameworks at a general level and does not constitute legal advice. Laws and regulations vary by jurisdiction, change over time, and apply differently depending on facts and circumstances. Readers should consult qualified legal counsel before making compliance decisions.

³ Performance figures, customer outcomes, and industry statistics referenced in this article are drawn from cited third-party sources or Plura customer case studies. Individual results vary based on implementation, use case, industry, audience, and execution. Past or aggregate performance is not a guarantee of future results.

⁴ References to third-party products, services, companies, or research are made for informational and comparative purposes only. Plura AI is not affiliated with, endorsed by, or sponsored by any third party named in this article unless explicitly stated. Trademarks and product names referenced remain the property of their respective owners.

This article is provided for informational purposes only and reflects Plura AI’s understanding at the time of publication. Product capabilities, integrations, and specifications are subject to change. For the most current information, visit plura.ai.

This article was produced with the assistance of AI tools and reviewed by Plura AI prior to publication.