The Federal Communications Commission (FCC) is set to vote in November to repeal a ruling that mandated telecommunication providers to secure their networks, following requests from major industry lobby groups. FCC Chairman Brendan Carr stated that the prior ruling, which was adopted in January before Republicans took majority control, “exceeded the agency’s authority” and did not provide an effective response to cybersecurity threats. According to Carr, the decision to schedule the vote on November 20 comes after significant interaction with carriers, who have reportedly made substantial efforts to enhance their cybersecurity defenses.
The ruling initially put in place by the FCC in January 2025 was a reaction to cyber attacks, including the Salt Typhoon infiltration linked to China, targeting major telecom companies like Verizon and AT&T. The FCC at that time interpreted the Communications Assistance for Law Enforcement Act (CALEA) of 1994 as requiring telecommunications carriers to safeguard their networks against unauthorized access or communication interception. More details on the circumstances surrounding the proposed rollback can be found here.
This potential policy reversal by the FCC aligns with significant lobbying pressure from internet service providers who argue that existing measures already fulfill security needs without regulatory mandates. Critics of the January ruling contended that it placed an undue burden on providers and did not accurately address the nuances of evolving cybersecurity risks.
The decision to repeal the mandate raises concerns about the balance between regulatory oversight and industry self-regulation. While the FCC and telecom companies assert progress in cybersecurity improvements, questions remain regarding the adequacy and effectiveness of these self-imposed measures in the absence of a regulatory framework.