States Push New Caller ID And STIR/SHAKEN Mandates: Why The FCC Should Preempt A Fragmented State Patchwork And Why Small Voice Service Providers Must Engage By February 3

In a recent trend, an increasing number of states are moving to regulate caller identification information verification and STIR/SHAKEN implementation through state‑level legislation, creating a growing risk of conflicting and overlapping obligations for voice service providers operating in multiple jurisdictions.

In the current legislative sessions, Virginia, Florida, and Missouri have each introduced bills that, in different ways, impose technical caller ID authentication duties, mandate STIR/SHAKEN or comparable frameworks, expand civil and even criminal exposure tied to caller ID spoofing, and empower state Attorneys General and private litigants to enforce those requirements.

These efforts appear to be part of a broader multistate Attorney General strategy to assert parallel authority over the caller ID authentication layer that Congress directed the FCC to govern on a uniform, nationwide basis, and early indications suggest that additional states are likely to follow with similar proposals, further fragmenting the regulatory environment for interstate and IP‑based voice traffic

Overview of the Three Bills

1. Virginia (HB 743 – Virginia Telephone Privacy Protection Act amendments):
   • Imposes an affirmative duty of care on any provider that originates, carries, routes, transmits, or terminates a voice call to or from a consumer in Virginia to take "reasonable and effective measures" to prevent unlawful calls, broadly defined to include violations of state and federal robocall, spoofing, and solicitation laws.
   • Requires every voice service provider to implement caller ID authentication technology "consistent with the STIR/SHAKEN authentication framework in all internet protocol network segments under its control," and to implement "functionally equivalent authentication, verification, or mitigation measures" in nonIP segments to the extent "technically feasible," without tracking the federal exemption for providers without control over the IP network infrastructure.
   • Imposes threeyear recordretention obligations for attestation, verification, call detail records, traceback communications, and mitigation actions, and deems a provider strictly liable (no need to prove intent or knowledge) if it, among other things, fails to authenticate outbound calls when "technically capable" or continues to handle traffic after traceback or enforcement notices.
   • Treats any violation as a "prohibited practice" under the Virginia Consumer Protection Act, with joint and several liability across originating, intermediate, and terminating providers, and expressly denies any "safe harbor" for federal law compliance.
2. Florida (HB 1299 – Caller Identification Information; Fla. Stat. §§ 364.242, 364.243, 365.176):
   • Prohibits causing caller ID services to transmit misleading or inaccurate caller ID information with intent to defraud, cause harm, or wrongfully obtain value, and requires every "telecommunications company" to provide "the telephone number and location from which each telephone call originates" and to block all calls and texts that contain "manipulated" caller ID that does not match that number or location.
   • Requires, by July 1, 2027, that the Florida Public Service Commission mandate STIR/SHAKEN (or "alternative technology" with comparable capability) in the IP networks of every telecommunications company, and requires each company—"notwithstanding any other provision of law"—to file an FCC certification that its traffic is either fully STIR/SHAKENverified or subject to an automated call mitigation program, with a copy to the Attorney General or commission on request.
   • Authorizes civil penalties up to $250,000 per violation of the caller ID or STIR/SHAKEN provisions, and amends the Florida CallBlocking Act to confirm that providers "must block" manipulated caller ID calls that do not match originating number or location.
3. Missouri (HB 564 – Caller ID AntiSpoofing Act amendments):
   • Adds a new "Caller ID AntiSpoofing Act" section that makes it a misdemeanor (first offense) and a class E felony (subsequent offenses) to knowingly enter or cause to be entered false information into a caller ID service with malicious intent to deceive, defraud, or mislead, or to place a call knowing that false caller ID was used.
   • Includes carveouts for caller identification information blocking, lawenforcement and intelligence agencies, and communications service providers acting as intermediaries, implementing customerrequested features, operating as required or authorized by law, or engaging in conduct necessary to provide service, and creates a private right of action with actual and punitive damages up to $5,000 per call, as well as Attorney General enforcement authority and cost recovery.

Emerging State Patchwork and AG‑Led Coordination

These three measures illustrate a broader trend of states moving aggressively into caller ID authentication and robocall mitigation, not merely through general unfair‑practices laws but via technical and operational mandates that sit directly on top of the FCC's STIR/SHAKEN and robocall mitigation regime.

The structure and focus of these bills are consistent with the ongoing work of the multistate Attorneys General robocall task force, which has prioritized caller ID spoofing, tracebacks, and provider‑level duties and is increasingly using both enforcement and legislation to assert parallel authority over caller ID authentication and robocall mitigation. The presence of Attorney‑General enforcement hooks and explicit references to call spoofing, tracebacks, and provider‑level obligations in all three bills fit squarely within that multistate AG playbook.

Given this trajectory, there is every reason to expect additional states to introduce similar or more aggressive caller ID authentication and STIR/SHAKEN bills in the 2026 sessions.

Why This is Problematic for Telecommunications Providers

The newly introduced state bills would impose statespecific caller ID authentication, STIR/SHAKEN, and spoofing obligations that go beyond, and in some respects conflict with, the FCC's carefully calibrated federal regime. These measures would eliminate federal flexibilities (such as the "pure reseller" exemption from STIR/SHAKEN), create heavier compliance burdens for certain providers than federal law, and require data—such as precise originating "location" for each call—that may be technically infeasible or unreliable for nomadic VoIP offerings. Some provisions, including aggressive blocking mandates tied to "manipulated" caller ID and strict liability based on statedefined "technical capability," also risk chilling or undermining legitimate caller ID use cases (for example, enterprise branding and analyticsdriven labeling).

By layering "at least as protective as federal law" standards on top of the federal scheme, expressly denying any safe harbor for compliance with federal law, and attaching substantial state penalties and private remedies, these bills set up a direct collision with the FCC's national framework, which was designed to balance robocall mitigation against technical feasibility, cost, innovation, and the risk of over‑blocking wanted calls.

The three bills adopt different definitions, scopes, and technical triggers, ensuring that state requirements will not align neatly with one another or with federal rules. If more states follow this model, providers will confront a patchwork of overlapping but inconsistent obligations layered on top of FCC rules, hindering competition and potentially pricing small providers out of the industry.

The FCC's caller ID authentication regime—including STIR/SHAKEN, its TRACED Act rules, and the Robocall Mitigation Database—governs inherently interstate, IP‑based communications that Congress has entrusted to the Commission for uniform national regulation. State statutes that dictate how and when STIR/SHAKEN must be implemented in IP networks, that compel STIR/SHAKEN‑style certifications modeled on federal filings, or that effectively override federal exemptions and safe harbors risk intruding on the Commission's exclusive authority over interstate communications and frustrating the national framework Congress intended.

Relationship with FCC's Caller ID Proceeding

The pending caller identification information verification proceeding with the Federal Communications Commission ("FCC," "Commission") presents an opportunity for providers to draw the FCC's attention to this emerging patchwork of state STIR/SHAKEN and caller ID mandates, the resulting conflicts with federal exemptions and interstate commerce principles, and the concrete operational burdens and risks they create for legitimate voice traffic.

The Commission should confirm that its caller identity verification and STIR/SHAKEN rules occupy the field for interstate and IPbased authentication, and that states may not impose conflicting or duplicative technical mandates or certification requirements on that same authentication layer.

The Commission should clarify that states remain free to enforce generally applicable consumer protection, fraud, and telemarketing laws, but may not adopt statespecific STIR/SHAKEN implementation standards, recordkeeping regimes, callblocking obligations, or locationreporting requirements that deviate from or add to federal technical rules for interstate and IPbased voice communications.

Why Small Voice Service Providers Should Engage Now

The current FCC caller identification information verification proceeding gives small and midsized voice service providers a critical forum to explain how this emerging statelaw patchwork will affect their operations, investments, and customers, and to press the Commission to preempt conflicting state STIR/SHAKEN mandates and clarify that its rules fully occupy the caller ID authentication field for interstate and IPbased traffic.

Engagement is especially important for smaller providers, which typically lack the resources to maintain multiple statespecific variants of their STIR/SHAKEN, mitigation, and analytics stacks and are uniquely vulnerable to overlapping federal, state AG, and privateplaintiff enforcement. Coordinated filings from a coalition of small voice service providers can demonstrate that these state technical mandates are not theoretical legal concerns, but concrete operational threats that will divert scarce resources away from effective robocall mitigation, impair legitimate caller ID branding and labeling, and ultimately harm consumers and lawful callers.

Clients are therefore strongly encouraged to join the existing coalition of small voice service providers and participate in the FCC's caller identification information verification proceeding.

The current deadline to file comments is February 3, and providers interested in joining or supporting a joint filing should move quickly so that their use cases are accurately reflected in the record and in the relief requested from the Commission.

Clients should monitor developments and consider engaging with their state representatives to highlight federal preemption, interstate commerce, and feasibility concerns.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.