Week ending May 29, 2026
Memorial Day shortened the week, but Tuesday more than made up for it. The Consumer and Governmental Affairs Bureau started the KYUP comment clock with DA‑26‑523 at exactly the same hour Public Safety pushed an updated Covered List out the door with DA‑26‑524, and the docket immediately filled with onshoring-NPRM comments racing the June 2 extended deadline. Two days later the FTC dropped three Federal Register Notices opening public comment on the Cox Media Group “Active Listening” consent package — a settlement the Commission’s press release pegged at nearly $1 million across the three respondents. There is more docket text to chew on this week than any week in May.
CGB starts the KYUP clock — and the comment cycle opens with the FNPRM still being argued about
DA‑26‑523 is the procedural bookend most worth noting: comments on the Know‑Your‑Customer Further Notice (FCC 26‑27, released May 1) are due June 25, with reply comments July 27, keyed off the May 26 Federal Register summary at 91 Fed. Reg. 30596. The Notice “seeks comment on information that originating voice service providers must obtain from customers before they make calls, how providers should verify that information, and penalties for violations” — a phrasing that telegraphs how broad the proposed obligation set is.
First Orion was first off the blocks. Its ex parte letter — filed in CG 17‑59 and WC 17‑97 on the same day DA‑26‑523 dropped — claims the market-driven branded-calling framework is working and tells the Commission not to break it. The numbers the letter leads with: “verified caller identity information for more than seven billion calls in 2025 — a 40 percent increase over 2024, and Q1 2026 results indicate accelerated growth again in 2026.” The substantive ask is that the Commission “reaffirm TSP discretion over caller identity display, decline to condition display on A-level attestation or any single upstream signal, and decline to mandate RCD or any specific transmission technology.” The framing is unusually direct about the KYUP-to-display linkage: “Trusted branded calling is not a display feature. It is a governed trust process built on vetting, authentication, analytics, and terminating-provider oversight… No single upstream check — attestation level, framework compliance, or transmission method — can substitute for point-of-delivery judgment.” Two First Orion identifies as net-bad outcomes if the Commission goes the wrong way: “Mandates requiring display of caller identity information” and “Automatic presumptions that upstream providers can establish consumer trustworthiness at the point of delivery.” This is the call-analytics industry’s first organized response to FCC‑26‑32 and reads like an opening move; expect MATRIX members and TransNexus to land variants of the same argument before June 25.
A small but persistent stream of individual filings has been building on 17‑59/02‑278 since the FNPRM dropped — and the substance is sharper than the express-comment volume usually is. Tom Walker, identifying himself as a 26-year investigator who “traced 2.5 million spoofed scam voice calls, tens of millions of other scam calls made from legitimately subscribed VoIP numbers, and 13 billion spam text messages to their sources,” puts the privacy stakes plainly in his May 28 comment: “There are an estimated 90 million prepaid cellular, MVNO, free retail VoIP, and prepaid retail VoIP customers in the United States — most of whom are under no obligation to provide any identification, much less actually prove their identities or provide their places of residence.” His procedural objection is the more interesting half: “the FCC is not actually proposing changes to its own vague Know Your Customer (KYC) rule. Instead, it proposes ‘penalties for violations of the KYC rule on a per call basis,’ and then, under the guise of soliciting comment, articulates changes to regulated telecom providers’ KYC practices it expects providers to adopt.” Raphael C’s second filing of the month, FCC KYC 2, pushes back on automated identity verification specifically: “AI-based verification tools, including selfie checks and document authentication, can be bypassed using deepfakes, AI-generated identities, and advanced document fraud techniques. As these technologies evolve, automated systems may provide a false sense of security without reliably stopping determined fraud actors.” Three individual KYC-themed comments in eight days from at least two different filers is more thematic coordination than that docket usually attracts from non-industry; worth watching whether it grows into anything organized.
The onshoring NPRM (CG 26‑52) drew the whole spectrum in one day
DA‑26‑510 had pushed the offshoring-NPRM comment deadline to June 2, and Tuesday the 26th was the position-staking day. The result was the most ideologically diverse single-day cluster on the docket: a consumer coalition, an industry trade group from India, a national-security think tank, and two industry-side coalitions all landing comments in the same eight-hour window. Cross-listed across CG 26‑52, 17‑59, 02‑278, and 22‑2.
The headline filing is the consumer-coalition comment led by NCLC and joined by Public Knowledge, NACA, EPIC, Consumer Action, CFA, NCL, and Consumer Reports. They “strongly support the Commission’s proposal to require a telemarketing provider to post a substantial bond or equivalent security as a condition of registering in the Robocall Mitigation Database (RMD).” The diagnostic they offer is precise: “VoIP’s low barriers to entry enable anonymous shell companies to set themselves up as ‘imposter VoIP providers’ — entities that pretend to be VoIP providers servicing legal callers but are actually criminal operations making high volumes of calls on their own behalf.” The bond is framed as a forcing function for traceability — “Requiring a surety bond, certificate of deposit, or irrevocable letter of credit that can be drawn on to pay a forfeiture or judgment arising from transmission of an illegal call will ensure that RMD filers are more than hollow shell companies.”
Foundation for Defense of Democracies arrives at the same bond proposal from a different door. FDD frames offshore call-center exposure as national-security risk: “Chinese criminal organizations, often with the complicity of Beijing, have established large-scale operations across Southeast Asia… North Korean scammers, many of whom receive significant support from Chinese counterparts, collectively generate billions for the regime’s weapons program.” Their recommendation list lines up neatly with what’s already in the NPRM — mandatory disclosure of foreign call-center handling, U.S.-only handling of “passwords, multi-factor authentication, social security numbers, or bank information,” a prohibition on call centers “under the control or direction of ‘foreign adversary’ nations,” extension to non-interconnected VoIP and other internet-only providers, and the RMD bond. It is rare to see public-interest groups and a national-security think tank arrive at the same compliance mechanism by different paths in the same docket on the same day.
The industry/jurisdictional pushback is heavier. The Ad Hoc Telecom Users Committee, counseled by Levine Blaszak, makes the major-questions argument explicitly: “Under West Virginia v. EPA, agencies must point to clear congressional authorization when claiming authority to make decisions of vast economic and political significance. The proposed regulations would, indeed, affect a substantial portion of the American economy. Congress has already considered but not enacted legislation addressing foreign call centers. And the Commission concedes it has never previously asserted such authority under Section 251(e).” The comment then turns the Chair’s own language against the proceeding: the proposal “contradicts Chairman Carr’s recent statements launching a ‘massive deregulation initiative’ and cautioning agencies against ‘add[ing] new regulatory requirements in excess of their authority.’” The Enterprise Communications Advocacy Coalition makes a tidier procedural ask buried in a footnote: “Improved KYC and identity practices (e.g. improved traceability and accountability) will potentially curtail opportunities for bad actors to commit fraud and violate regulations associated with consent. Given the Commission’s current increased efforts regarding Know Your Customer, ECAC suggests that the Commission await the finality of related pending rulemakings before regulating similar outcomes in this proceeding.” Whether the Commission has appetite for that kind of staged sequencing is a different question.
Nasscom — speaking for the Indian global-capability-center industry — lands the substantive offshore-side counterargument: a member estimated that “existing telecommunications-related service engagements supported from India alone currently represent approximately $60 to $70 million in annual business value” and that the 30‑percent offshore cap referenced in the NPRM is “arbitrary and unsupported by evidence demonstrating a sufficient nexus between geographic workforce allocation and consumer protection outcomes.” TEXALTEL offers a friend-shoring middle position that may be the more interesting one to track procedurally: “The Commission should establish a ‘favorable jurisdiction’ designation or safe harbor for call center operations located in Western Hemisphere nations that are party to trade agreements or security cooperation arrangements with the United States, and that are not identified as high-risk by relevant U.S. security agencies.” If a tiered framework like that survives into a Report and Order, it would be the first time the FCC has formally tied call-center jurisdiction to CFIUS-adjacent risk determinations — a meaningful policy precedent. Global Clarity Foundation, an Australian standards body, picks up the comment-quality side and proposes the Commission adopt “an outcomes-based intelligibility standard, assessed through a defined, repeatable, and human-verified methodology” instead of geography rules — a position that maps awkwardly onto an NPRM that is primarily about location.
ZipDX’s Numbering FNPRM comment — cross-listed into WC 26‑49, 20‑67, 13‑97, and 07‑243 the same day — connects the onshoring debate to the underlying numbering exhaust. The framing is characteristically blunt: “With 350 million residents, and some tens of millions of businesses, the United States should need 400-500 million active telephone numbers. And yet it seems that we have perhaps 2 BILLION numbers in use. Our numbering universe has been polluted with a billion or more ‘extra’ numbers.” The filing pulls in detailed RRAPTOR-platform data on number cycling by debt collectors — fifteen calls to the same complainant in fifteen weeks from ten different calling numbers, all of which “have at least one complaint filed against them in the FTC’s Do-Not-Call complaint database.” The argument is that whatever the Commission does on KYC and onshoring won’t reach the high-volume bad-actor surface area without numbering-side discipline. Worth folding into the KYUP record by reference.
FTC formalizes the Cox Media “Active Listening” settlement — and explicitly defines the deception around voice data
Thursday’s Federal Register carried three coordinated Notices opening public comment on the proposed consent orders against CMG Media Corporation d/b/a Cox Media Group (FTC‑2026‑0694, FR Doc. 2026‑10548), MindSift LLC (FTC‑2026‑0695, FR Doc. 2026‑10546), and 1010 Digital Works LLC (FTC‑2026‑0696, FR Doc. 2026‑10547). The press release went out May 21; the substantive Analysis to Aid Public Comment for each was on the FR pages Thursday morning. Comment deadline for all three: June 29.
The underlying allegation set is identical across the three Notices and is worth quoting because it is exactly the AI/voice-data deception pattern that has been speculated about and not yet formally enforced. CMG, “in conjunction with MindSift LLC, offered a marketing service that purported to allow CMG’s customers to target ads to consumers within particular geographic service areas based on conversations consumers had near their smart devices.” The Section 5 violation is the gap between marketing claim and reality: “the marketing service did not collect or use voice data, did not obtain consent from consumers for the collection and use of their voice data, and did not create lists of consumers in particular geographic areas.” Provision I of the Proposed Order is structured around three specific categories the respondents may no longer misrepresent: “(1) the qualities or features of its advertising or marketing services; (2) the collection and use of Voice Data; consumers’ consent to the collection, use, or disclosure of Voice Data; or the geographic targeting capabilities of its advertising or marketing services.” The monetary relief: $880,000 from CMG, $25,000 each from MindSift and 1010 Digital — totaling $930,000, consistent with the “nearly $1 million” headline figure.
The case matters for the identity/trust space beyond its ad-tech facts. This is the FTC drawing a clear line that selling a “we listen through your smart device to target ads, with consent” capability is enforceable as deception when the underlying capability doesn’t exist and the consent claim is false. The Voice Data definition lands in the Proposed Order itself (referenced in Provision I) and will be precedential for future complaints against AI-marketing or voice-clone-marketing claims. The two-count structure against the smaller respondents — substantive misrepresentation plus “means and instrumentalities” for the larger respondent’s deception — is the more interesting enforcement architecture: it lets the FTC reach upstream service providers who furnish the deceptive material to the customer-facing party. That pattern will travel.
Honorable mentions
DA‑26‑524 updates the Covered List with three new UAS Conditional Approvals from DoW (Blueflite Cobalt 461, Verity AG Series 4 Indoor Autonomous Inventory System, Air VEV 120C/060C) through December 31, 2026. The router-side Conditional Approvals from prior PNs — Netgear Nighthawk and Orbi, Adtran SDG-class routers, eero, Calix’s 7u6.2, Nokia Wi‑Fi 8 and Fastmile, and Amazon Leo — remain in Appendix B and run through late October 2027. The PN is a useful one to keep open while reading the Covered List PDF on the supply-chain site; the appendix renders the moving parts more clearly than the live page does. Global Clarity Foundation’s cross-list into WC 26‑5 (Section 214 domestic discontinuance) is the only filing I noticed pairing the onshoring stream with a 214 docket — likely a coincidence of standing-related framing, but odd. Infinitum Communications LLC’s letter on WC 13‑97 is a numbering-access matter from a small carrier — flagging it because 13‑97 has been one of the quieter dockets and any activity there is signal.
Looking ahead
Four things on the radar. First, the June 2 onshoring-NPRM extended deadline closes Tuesday — expect a final-day surge from MATRIX, USTelecom, CTIA, and the smaller competitive-carrier associations that didn’t file Tuesday. Second, June 25 is the KYUP comment deadline; the major attestation-framework filers (Comcast, AT&T, Verizon, T‑Mobile, plus TransNexus and the call-analytics cohort) will all need to be on record by then, so the next three weeks of ECFS on CG 17‑59 / WC 17‑97 should fill in fast. Third, the FTC public-comment window on the three Active Listening consent orders runs through June 29; watch for industry pushback from ad-tech or local-broadcast trade groups on the Voice Data definition and the means-and-instrumentalities theory. And fourth, the WC/GN 13‑5 ECFS endpoint has now been throwing 503s for the entire post-Memorial-Day week — if anything material did land in that docket, it may surface later via a paper-filed notice rather than the API.