Robocall Mitigation Database

What is the Robocall Mitigation Database?

The Robocall Mitigation Database (RMD) is a publicly accessible database maintained by the FCC where voice service providers file certifications regarding their STIR/SHAKEN implementation status and robocall mitigation programs. Created as part of the TRACED Act implementation, the RMD serves as the central registry for carrier compliance information.

The database serves multiple purposes in the fight against illegal robocalls:

• Compliance verification — Allows carriers to verify upstream providers are compliant
• Public transparency — Provides visibility into carrier robocall mitigation efforts
• Traffic routing decisions — Enables blocking of non-compliant traffic
• Regulatory oversight — Gives the FCC a comprehensive view of industry compliance
• Industry coordination — Facilitates cooperation on traceback and mitigation

Legal Basis

The RMD requirement stems from several FCC orders and the TRACED Act:

• TRACED Act (2019) — Mandated the creation of a robocall mitigation database
• FCC June 2021 Order — Established filing requirements and deadlines
• Subsequent FCC orders — Strengthened requirements and added blocking mandates

Who Must File in the RMD?

Voice Service Providers

All voice service providers that originate, carry, or terminate voice traffic in the United States must file:

• Facilities-based carriers — Companies that own network infrastructure
• Non-facilities-based carriers — Resellers and CLECs
• VoIP providers — Interconnected and non-interconnected VoIP services
• International gateway providers — Carriers that accept foreign traffic
• Intermediate providers — Carriers that route but don't originate or terminate

Exemptions

Very limited exemptions exist:

• Providers that handle only internal communications (not interconnected)
• Non-NANP traffic that never touches the US phone system

When in doubt, file. The FCC interprets the filing requirement broadly, and the consequences of not filing are severe.

Filing Requirements

Initial Filing Content

Your RMD filing must include:

1. Provider identification
   • Legal business name
   • Doing business as (DBA) names
   • Operating company number (OCN) if applicable
   • FCC Registration Number (FRN)
2. Contact information
   • Primary contact for robocall mitigation
   • 24/7 contact for traceback requests
   • Email addresses and phone numbers
3. STIR/SHAKEN status
   • Full implementation certification, or
   • Partial implementation with explanation, or
   • Non-implementation with robocall mitigation program
4. Robocall mitigation program (if not fully STIR/SHAKEN compliant)
   • Detailed description of mitigation measures
   • How you prevent origination of illegal calls
   • Monitoring and enforcement procedures
5. Certifications
   • Commitment to respond to traceback within 24 hours
   • Accuracy of information provided
   • Authority of the certifying officer

STIR/SHAKEN Implementation Levels

Providers must indicate their STIR/SHAKEN status:

Status	Description	Additional Requirements
Complete Implementation	STIR/SHAKEN deployed on all IP network portions	Must still file mitigation program for non-IP portions
Partial Implementation	STIR/SHAKEN on some but not all network portions	Explain gaps; file mitigation for non-covered portions
Not Implemented	No STIR/SHAKEN capability	Must file detailed robocall mitigation program

Robocall Mitigation Program Requirements

If you don't have full STIR/SHAKEN implementation, your mitigation program must describe:

• Know Your Customer (KYC) — How you vet and verify customers
• Traffic monitoring — How you identify suspicious calling patterns
• Contractual requirements — Terms prohibiting illegal calling
• Enforcement actions — How you handle violations
• Traceback cooperation — Your response procedures
• Blocking capabilities — How you prevent illegal traffic

Filing Process

Step-by-Step Filing

1. Obtain FRN — Register in CORES if you don't have an FCC Registration Number
2. Access the RMD portal — Go to fcc.gov/robocall-mitigation-database
3. Complete the filing form — Provide all required information
4. Attach mitigation program — Upload PDF if required
5. Certify and submit — Officer certification required
6. Save confirmation — Keep proof of filing

Who Can Certify?

The RMD filing must be certified by an officer of the company:

• CEO, President, or equivalent executive
• General Counsel or Legal Officer
• Other senior officer with proper authority

The certifying officer attests to the accuracy of the filing under penalty of perjury.

Updating Your Filing

When to Update

You must update your RMD filing when:

• Annual renewal — Required each year by the anniversary of your initial filing
• Material changes — Any significant change to your mitigation program
• STIR/SHAKEN status change — Implementation or decommissioning
• Contact changes — New traceback contacts or procedures
• Corporate changes — Mergers, acquisitions, name changes

Update Process

1. Log in to the RMD portal with your FRN credentials
2. Access your existing filing
3. Make required changes
4. Re-certify the updated filing
5. Submit and save confirmation

Blocking Requirements for Non-Compliance

Intermediate Provider Obligations

Intermediate providers (those who route but don't originate or terminate) have specific obligations:

• Must check the RMD before accepting traffic from upstream providers
• Must block traffic from providers not listed in the database
• Must not accept traffic from providers whose filing has been removed

Terminating Provider Obligations

Terminating providers (those who deliver calls to end users) must:

• Verify originating provider status in RMD
• Block traffic from non-compliant originators when identified
• Respond to enforcement notifications from the FCC

Consequences of Not Filing

If your company fails to file or maintain an RMD filing:

• Traffic blocking — Other carriers will block your traffic
• Public listing — Named on non-compliance lists
• Customer impact — Your customers' calls won't complete
• Regulatory action — FCC enforcement proceedings
• Business interruption — Severe operational impact

FCC Enforcement Actions

RMD Removal Process

The FCC can remove a provider from the RMD for:

• Failing to respond to traceback requests
• Repeatedly originating illegal robocall traffic
• Filing false or misleading information
• Failing to implement the stated mitigation program
• Failure to update filings as required

Removal Consequences

Once removed from the RMD:

1. Intermediate providers must block traffic from you within specified timeframe
2. Your customers' calls will start failing
3. Re-entry requires demonstrating compliance
4. May face additional FCC enforcement

Recent Enforcement Examples

The FCC has actively enforced RMD requirements:

• Multiple carriers removed for traceback non-responsiveness
• Cease-and-desist orders for originating illegal traffic
• Mandatory blocking of specific provider traffic
• Public naming of non-compliant carriers

Checking the Database

Public Access

The RMD is publicly searchable. Anyone can:

• Search for specific providers by name
• View filing status and dates
• Access uploaded mitigation programs
• See contact information for traceback

Using RMD Data for Due Diligence

Before doing business with a voice provider:

1. Search for them in the RMD
2. Verify their filing is current (not expired)
3. Review their mitigation program
4. Check for any FCC enforcement actions
5. Confirm contact information is accurate

Automated Verification

For high-volume traffic decisions, consider:

# Example: Check provider RMD status before accepting traffic
def verify_upstream_provider(provider_name, ocn=None):
    rmd_status = rmd_api.check_status(
        provider_name=provider_name,
        ocn=ocn
    )

    if not rmd_status.is_filed:
        return {
            'accept_traffic': False,
            'reason': 'Provider not in RMD'
        }

    if rmd_status.is_expired:
        return {
            'accept_traffic': False,
            'reason': 'RMD filing expired'
        }

    if rmd_status.has_enforcement_action:
        return {
            'accept_traffic': False,
            'reason': 'Active FCC enforcement'
        }

    return {'accept_traffic': True}

Integration with STIR/SHAKEN

Complementary Requirements

The RMD and STIR/SHAKEN work together:

• RMD filing is required regardless of STIR/SHAKEN status
• Full STIR/SHAKEN implementation reduces mitigation program requirements
• STIR/SHAKEN certificates prove implementation claims
• Both support the same goal: accountable call origination

Certificate Verification

Carriers claiming STIR/SHAKEN implementation should have:

• Valid certificate from an approved Certificate Authority
• Proper signing infrastructure
• Ability to sign calls with appropriate attestation

RMD Compliance Best Practices

Initial Filing

1. File early — Don't wait until the last minute
2. Be thorough — Complete all fields accurately
3. Document mitigation — Provide detailed program description
4. Designate contacts — Ensure 24/7 availability
5. Save copies — Keep records of all submissions

Ongoing Maintenance

1. Calendar renewals — Set reminders for annual updates
2. Monitor changes — Update whenever circumstances change
3. Verify contacts — Ensure traceback contacts are current
4. Review mitigation — Keep program description accurate
5. Check status — Periodically verify your filing is active

Due Diligence

1. Check upstream providers — Verify their RMD status
2. Document checks — Keep records of verifications
3. Include in contracts — Require RMD compliance from partners
4. Monitor for changes — Watch for enforcement actions

Common Filing Issues

Mistakes to Avoid

• Expired filings — Missing annual renewal deadline
• Outdated contacts — Invalid traceback contact information
• Vague mitigation — Insufficient detail in program description
• Wrong FRN — Using incorrect registration number
• Missing OCNs — Not listing all operating company numbers

Remediation

If you discover filing issues:

1. Update your filing immediately
2. Correct any inaccurate information
3. Ensure contacts are reachable
4. Consider proactive outreach to FCC if serious errors

Frequently Asked Questions

How often must I update my RMD filing?

You must update your RMD filing annually, by the anniversary of your initial filing date. You must also update whenever there's a material change to your robocall mitigation program, STIR/SHAKEN implementation status, or contact information. Set calendar reminders to avoid missing the annual deadline.

What happens if I miss the annual filing deadline?

If your filing expires, you'll be treated as a non-filer. Intermediate providers are required to block traffic from providers not listed in the database. File your update immediately — there's typically a brief grace period, but don't rely on it. Traffic disruption can begin very quickly after a filing expires.

Do I need to file if I only have a few customers?

Yes. There is no small provider exemption for RMD filing. All voice service providers that originate or carry voice traffic in the US must file, regardless of size. The filing is free, and failure to file will result in your traffic being blocked by downstream carriers.

Can I be removed from the RMD?

Yes, the FCC can remove providers from the RMD for non-compliance. Common reasons include failure to respond to traceback requests within 24 hours, repeatedly originating illegal robocall traffic, or filing false information. Removal triggers mandatory traffic blocking by other carriers.

How detailed must my robocall mitigation program be?

Your mitigation program should be detailed enough to demonstrate you have real measures in place. Include specific procedures for customer vetting, traffic monitoring, contractual requirements, and enforcement actions. Vague or boilerplate descriptions may be challenged. The FCC reviews filings and may request additional information if your program appears insufficient.