A 2026 compliance scorecard for independent ILECs, CLECs, and VoIP operators — LNP, E911, CNAM, STIR/SHAKEN, and the filings that keep your authority clean.

If you’re operating an ILEC or CLEC in 2026, the compliance surface area has never been wider. The classic ILEC duties — LNP (Local Number Portability), E911, CNAM, and tariff filings — are still there. STIR/SHAKEN enforcement has tightened every year since 2021. The FCC’s Robocall Mitigation Database (RMD) is now a gating requirement for interconnection. And if you’re launching a cloud voice overlay or partnering with a VoIP provider, each one of those compliance lanes is something you either own or have to make sure your partner owns on your behalf.

This is the checklist we run with carrier operators who are modernizing voice. Nothing here replaces your regulatory counsel — tariff and state PUC interpretations vary — but it’s the working list of what has to be in place before you start routing a single real call on a new voice platform.

How to use this post. Read it once end-to-end. Then go line by line against your current switch configuration and your partner contracts. Anything that isn’t green, write it down. If you discover five or more gaps, you’re looking at a remediation project, not a single fix — plan accordingly.

1. LNP (Local Number Portability)

LNP rules have been federal law since 2003 and cover both geographic (between carriers in a rate center) and wireless porting. For ILECs and CLECs, the current 2026 essentials are:

  • NPAC Service Management System (SMS) access. You need an active NPAC account in each region where you hold numbers. If you outsource LNP to a service bureau, your contract should spell out SLA for port-in, port-out, and disconnect orders.
  • Simple ports in 1 business day, complex ports in 4. The FCC’s simple port rule still applies. A port with 4 or fewer lines, no pending orders, and a matching CSR is a simple port. Anything more complex rolls to a standard 4-day interval.
  • Port validation against CSR data, not account passwords. FCC rules say you must port when the customer’s end-user identity and service address match — even if a legacy ILEC is asking for a 4-digit PIN the customer never set up. Don’t hold ports waiting on account passwords the other carrier invented.
  • Port-out freezes are allowed, but only if the customer opted in. Adding a port-out freeze on every account as a retention tactic has been specifically flagged as anticompetitive. Document consent.
  • Thousand-block pooling. If you hold utilization below the state-specific threshold, you’re expected to return unused thousands-blocks to the pool. This is both a numbering resource obligation and a regulatory hygiene issue.

2. E911 / NG9-1-1

E911 is the highest-stakes compliance lane on this list. The 2026 state of play:

  • Every line must deliver ANI and ALI accurately to the appropriate PSAP. For TDM lines this is automatic through your class-5 and the ALI database. For SIP/VoIP subscribers, you’re responsible for updating the registered location every time the endpoint moves.
  • Dynamic location for softphones and mobile apps. Under Kari’s Law and RAY BAUM’s Act, multi-line telephone systems must deliver a dispatchable location. For softphones and mobile apps, the endpoint either passes a current location (often via HTTPS to a location service) or prompts the user at registration.
  • NG9-1-1 migration. Most states are now mid-migration to ESInet/NG9-1-1. If you’re interconnecting to a local Emergency Services IP Network, make sure your trunk group, routing, and i3-compliant protocols are tested end-to-end with the 9-1-1 authority — don’t assume your upstream partner handles it on your behalf.
  • PSAP testing logs. Keep written records of every E911 test call, the PSAP that received it, and the ALI record that was returned. If you ever have a missed delivery, those logs are the first thing your regulator will ask for.
Related  Can VoIP Receive Texts? Here's Everything You Need To Know

3. CNAM (Caller ID Name)

CNAM is one of the most under-managed compliance surfaces because it doesn’t fail loudly — it just quietly degrades trust. Checklist for 2026:

  • Outbound CNAM. Your switch/softswitch must populate the outbound CNAM field correctly for every origination. If you’re using a VoIP partner, confirm how they source name data (LIDB, local DB, customer self-provisioned).
  • LIDB dip behavior. Terminating carriers dip LIDB for the caller ID name. If your dip provider has stale data, your customers show up as “WIRELESS CALLER” or their old business name for weeks after they change it. Audit this quarterly against a sample of 20 customer numbers.
  • Branded caller ID (RCD). Rich Call Data is the next generation of CNAM, riding on STIR/SHAKEN attestation. Branded calling on Apple and Android carriers lifts answer rates 20–40% for legitimate commercial callers. If you have enterprise customers who care about answer rates, RCD becomes a competitive feature.
  • CNAM and spam labeling are different. If your number is being labeled “Spam Likely” by T-Mobile or AT&T Mobility, the problem is in the analytics layer (Hiya, TNS, First Orion) — not your LIDB record. You have to file a correction with each analytics provider.

4. STIR/SHAKEN

Since 2021, STIR/SHAKEN has become the gating standard for call authentication on IP networks. The 2026 status:

  • All IP-to-IP originations must be signed with A, B, or C attestation depending on how well you can validate the caller’s authorization to use the number. A-level (full attestation) is what you want on your own customers’ traffic.
  • Non-IP segments still exempt but shrinking. Traffic on TDM legs gets exempted, but the universe of TDM is shrinking, and the FCC expects operators to migrate rather than rely on exemptions.
  • Robocall Mitigation Database filing. Every voice service provider must file and keep current in the RMD. If your RMD certification is out of date, other carriers are allowed to block your traffic.
  • Know Your Customer obligations. You’re expected to apply reasonable KYC to any downstream reseller that originates on your platform. If a reseller ships illegal traffic through your network, your authority is on the line.
  • Traceback response SLAs. When the Industry Traceback Group (ITG) sends a traceback request, the informal target is 24 hours for initial response. Habitual non-response is cited in FCC enforcement actions.
Related  The Evolution of VoIP: Revolutionizing Communication

5. Tariffs, filings, and numbering authority

This is the “things regulators can shut you down over” category. Independent carriers, especially those that have expanded via acquisition or new LATA entry, should validate:

  • State CLEC certificates. Every state where you hold authority. Renewal dates, filed tariffs, and points of contact should all be up to date.
  • FCC Form 499-A annual / 499-Q quarterly filings. Revenue-based contributions to USF, TRS, LNP admin, and North American Numbering Plan administration.
  • CPNI certification. Annual FCC Form 499 compliance certification is separate from the EB Docket 06-36 CPNI certification, which is due March 1 every year.
  • Section 214 international authority if you terminate any international traffic, including cross-border U.S.–Canada traffic in certain cases.
  • Numbering authority (FCC Numbering Authorization). For CLECs and VoIP providers requesting direct numbering resources. The NANC/NAPM oversight framework requires ongoing utilization reporting.
  • State 911 / 988 surcharges collected and remitted on every billed line.

The one that catches people. If you acquire a block of numbers from another carrier — through an asset deal, a PIF port, or a snapback — make sure the numbering authorization, the LERG entry, and the NPAC ownership all get transferred cleanly. We’ve seen acquiring carriers end up with phantom numbers they can’t bill, can’t port, and can’t reclaim because one of those three records didn’t move. Clean it up before the close.

6. Compliance scorecard

Category Gate Frequency Who owns it when you partner with a VoIP platform
LNP / NPAC Active account, simple-port SLA Ongoing Usually your partner; contract clarifies
E911 dispatchable location Per-endpoint at registration Real-time Shared; you provide endpoint data, partner delivers
NG9-1-1 interconnection Tested end-to-end with PSAP Quarterly test You, in your service territory
CNAM / LIDB Accurate names on origination Quarterly audit Your partner, but you should sample
Branded caller ID (RCD) Enterprise upsell Per customer Your partner’s analytics/RCD pipeline
STIR/SHAKEN signing A-attestation on all IP originations Real-time Shared; you certify in RMD
Robocall Mitigation Database Filed, current Annual refresh You, non-delegable
KYC on resellers Onboarding + ongoing Ongoing You, even when partner handles provisioning
Traceback response 24-hour informal target Per request You, non-delegable
FCC 499-A / 499-Q Filed on time, revenue-accurate Annual / quarterly You
CPNI certification March 1 Annual You
State CLEC cert In good standing Per state You

7. The partner-and-you allocation

When you add a cloud VoIP overlay to your existing CLEC or ILEC authority, the single most important contract exercise is agreeing — in writing — who is responsible for each item above. We recommend a three-column RACI for every row in the scorecard: the carrier of record (you), the platform partner, and the end customer where applicable.

Three rows that always deserve extra care in the contract:

  1. STIR/SHAKEN signing attestation. What identity and calling-number validation must the partner perform for their attestation to qualify as A-level on your behalf? If it falls short, what’s the remediation path?
  2. E911 dispatchable location. Exactly which endpoints are the partner’s responsibility, and how is location collected (user input, geolocation service, administrator-assigned)? What’s the PSAP testing cadence?
  3. Traceback cooperation. When the ITG asks for upstream data on a suspicious call, how fast does the partner turn it around? Set an SLA and a breach remedy.
Related  VoIP Security Best Practices for Businesses

Modernizing voice without losing the compliance ground you already own

OneCloud works with independent ILECs and CLECs to stand up cloud voice overlays that inherit the carrier-of-record compliance posture you’ve built over decades. The switch stays; the subscriber gets a modern product; the filings, tariffs, and NPAC relationships stay with you.

(844) 450-3527

See how we handle switch migration for carrier partners.

Frequently asked questions

We’re a small ILEC. Do we really have to file in the Robocall Mitigation Database?

Yes. The RMD requirement applies to all voice service providers regardless of size, though the substance of your mitigation plan scales with your network and traffic mix. If you’re currently terminating and originating IP traffic, RMD is non-optional.

Our class-5 handles E911 fine. Do we even have to think about dispatchable location?

Dispatchable location rules apply to multi-line telephone systems and to VoIP/UC endpoints that can move. If you’re only serving copper POTS to fixed physical lines, your E911 delivery is probably already compliant. The moment you add a softphone, a mobile app, or a multi-line PBX customer with mobility, the dispatchable location requirement kicks in.

Who files the STIR/SHAKEN certification — us or our cloud platform partner?

Whoever is the “voice service provider” of record on that traffic files in the RMD. In a typical ILEC/CLEC + cloud partner arrangement, the carrier of record (you) files and the cloud partner provides the signing infrastructure. Your contract should explicitly state this.

What’s the fastest way to audit our current compliance?

Run the scorecard in section 6 against your own records and your partner contracts. If you’d like a second pair of eyes, OneCloud’s carrier team does a two-week compliance review as part of the discovery phase of any switch-migration or overlay engagement. Call (844) 450-3527 or visit our Carriers page.

Where does NECA fit in all this?

NECA settlements and cost recovery intersect with some of the above — particularly when you’re changing the composition of your regulated traffic. That’s a state-specific and tariff-specific analysis that we intentionally don’t speculate on. Talk to your NECA tariff advisor and state PUC counsel before changing the switch configuration in a way that could affect reported cost pools. We cover this in a companion post on NECA, LATA, and FCC filings during switch modernization.

Related: our ILEC vs CLEC primer is a plain-English explainer useful for training non-technical sales staff; our business voice retention playbook covers what to do about churn from national cloud providers.