Jump to content

FCC Know Your Customer rulemaking (2026 prepaid phone identification proposal)

From Consumer Rights Wiki
Revision as of 16:15, 26 May 2026 by Louis (talk | contribs) (conservative pass: dropped epic (different docket), the two troutman amin law-firm alerts, and any uncited claims about press/advocate framing. article now rests entirely on the fnprm, fact sheet, fcc landing page, and federal register)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)


FCC Know Your Customer rulemaking refers to a Further Notice of Proposed Rulemaking adopted by the Federal Communications Commission (FCC) on April 30, 2026, that seeks comment on requiring originating voice service providers to collect government-issued identity information from customers before activating phone service.[1][2] The document, FCC 26-27, firmly proposes only one new rule: a $2,500 per-call penalty for violations of the existing Know Your Customer duty. The identity-collection requirements themselves, including how they would apply to the prepaid plans often used as anonymous burner phones, are matters on which the FCC only seeks comment.[1][3] It is a proposal open for comment, not an enacted rule; comments are due June 25, 2026.[4]

Background

[edit | edit source]

The FCC describes combatting illegal calls as its "top consumer protection priority," and cites an estimate that victims of calling scams are defrauded of roughly $850 million annually.[1] An existing rule, 47 CFR § 64.1200(n)(4), already requires originating providers to take affirmative, effective measures to know their customers and exercise due diligence so their services are not used to originate illegal traffic.[1] That obligation dates to the FCC's Fourth Call Blocking Order in 2020 and sits alongside the agency's caller-authentication framework for verifying that calls come from the numbers they claim.[1]

The FNPRM frames originating providers as "best positioned" to stop illegal calls by screening new or renewing customers before they place calls.[1] In a separate statement, Chairman Brendan Carr wrote that while many providers comply, "some do the bare minimum (or worse) and have become complicit in illegal robocalling schemes."[5] The agency also argues that weak customer diligence makes it harder for law enforcement to identify criminals who use the phone network for drug deals, violent crimes, and human trafficking.[1]

What the FNPRM proposes

[edit | edit source]

The instrument is a Further Notice of Proposed Rulemaking, FCC 26-27, issued in CG Docket No. 17-59 and CG Docket No. 02-278. The FCC adopted it on April 30, 2026 and released it on May 1, 2026; Chairman Carr and Commissioner Olivia Trusty each issued a separate statement supporting the item.[2][1] An accompanying fact sheet had circulated on April 9, 2026.[3]

The document mixes one firm proposal with a set of open questions, and the distinction matters. In paragraph 3 the Commission lists what it is doing: it seeks comment on customer identification requirements, on verification and re-verification duties, on collecting more information from high-volume customers, and on how new rules would complement call-branding requirements; only the fifth item, per-call penalties, is stated as a proposal.[1] The fact sheet draws the same line, listing the per-call penalty alone under "Propose to require" and placing the identity-collection items under "Seek comment on."[3]

Only the penalty is stated as a firm proposal. The FCC proposes to codify a $2,500 per-call base forfeiture amount for violations of section 64.1200(n)(4), structuring the penalty around call volume so it tracks the harm caused by any one caller.[1]

Everything touching data collection is a comment question. The Commission seeks comment on requiring originating providers to, at a minimum, obtain and retain the name, physical address, government-issued identification number, and an alternate telephone number of any new and renewing customer before granting access to its services.[1] For high-volume, business, and foreign customers, it would seek comment on also collecting the intended use of the service and the IP address from which each call is placed.[1] It seeks comment on retention, with a proposed approach of keeping the records for four years after the customer relationship ends, tied to the four-year statute of limitations for related TCPA claims.[1] And it asks whether to establish a safe harbor for providers that use "effective AI or automated systems" to meet the same objectives.[1]

Effect on prepaid and anonymous service

[edit | edit source]

The FNPRM does not require buyers to show identification for a prepaid burner phone; on prepaid service it only seeks comment. In paragraph 14, under the heading "Differences Based on Prepaid and Postpaid Service," the FCC asks whether customer-information requirements should vary depending on whether a customer wants a prepaid or postpaid plan.[1]

That paragraph focuses on how prepaid service is sold and verified. The FCC asks what information wireless providers currently obtain from customers who buy prepaid SIM cards, what percentage of prepaid plans are bought in person at retail stores, and what steps providers take to validate identity for prepaid service sold through third-party retailers.[1] It also asks whether current prepaid KYC standards are "being exploited by criminals committing other types of crime, such as human trafficking."[1]

Privacy and consumer-rights concerns

[edit | edit source]

The FNPRM itself raises the privacy stakes directly. After listing the data fields it might require, the Commission asks for comment on the privacy implications:

What privacy concerns may arise from such a collection of personally identifiable information (PII) and how can we mitigate them?

[1]

On the data-security side, it asks what steps industry takes to protect such information and whether existing measures would be enough given an expanded collection and retention of PII.[1] Its proposed retention period would keep a customer's name, address, ID number, and alternate phone number on file for four years after service ends.[1]

Those fields are modeled on bank anti-money-laundering rules. The FCC points to the Treasury's Customer Identification Program and concludes that, given misuse of networks by organized criminal groups, "it provides a good model for our work."[1]

Status and comment period

[edit | edit source]

The Federal Register published the notice on May 26, 2026, at 91 FR 30596, under document number 2026-10407 and the title "Enhancing Know-Your-Customer Requirements."[4] Comments are due on or before June 25, 2026, and reply comments are due on or before July 27, 2026.[4] The proceeding has no effective date because it remains a proposal; the public docket is identified as FCC-2026-2014-0001 on regulations.gov.[4]

See also

[edit | edit source]

References

[edit | edit source]
  1. 1.00 1.01 1.02 1.03 1.04 1.05 1.06 1.07 1.08 1.09 1.10 1.11 1.12 1.13 1.14 1.15 1.16 1.17 1.18 1.19 1.20 "Advanced Methods to Target and Eliminate Unlawful Robocalls; Further Notice of Proposed Rulemaking" (PDF). Federal Communications Commission. 2026-05-01. Retrieved 2026-05-26.
  2. 2.0 2.1 "FCC Seeks Comment on Enhanced Know-Your-Customer Requirements". Federal Communications Commission. 2026-05-01. Retrieved 2026-05-26.
  3. 3.0 3.1 3.2 "Fact Sheet: Enhancing Know Your Customer Requirements" (PDF). Federal Communications Commission. 2026-04-09. Retrieved 2026-05-26.
  4. 4.0 4.1 4.2 4.3 "Enhancing Know-Your-Customer Requirements". Federal Register. 2026-05-26. Retrieved 2026-05-26.
  5. "Statement of Chairman Brendan Carr, Advanced Methods to Target and Eliminate Unlawful Robocalls" (PDF). Federal Communications Commission. 2026-05-01. Retrieved 2026-05-26.
Retrieved from "https://consumerrights.wiki/index.php?title=FCC_Know_Your_Customer_rulemaking_(2026_prepaid_phone_identification_proposal)&oldid=54853"