Communications policy

Regulatory and institutional structure

Summarise the regulatory framework for the communications sector. Do any foreign ownership restrictions apply to communications services?

In the United States, regulatory requirements, and even the regulators with jurisdiction, vary by technology. Multiple national, state and local government agencies can be involved for a particular service or transaction. The Communications Act of 1934 (the Communications Act) establishes the basic sector-specific framework.


Telecoms and radio frequency regulation

State and territorial public utilities commissions (PUCs) regulate intrastate telecommunications services (ie, where the endpoints of a communication fall within the borders of a single state or territory), but PUCs generally do not regulate mobile services, nomadic Voice over Internet Protocol (VoIP) or, in a majority of states, any other VoIP. The national regulator, the Federal Communications Commission (FCC), regulates interstate and international telecommunications (including, to some extent, VoIP), mobile services, non-US governmental uses of radio frequency (RF) spectrum, over-the-air broadcast television and radio, and certain aspects of cable television content. In the past, the FCC generally has not regulated internet access services, backbone networks or peering arrangements. In its 2015 Order ‘Protecting and Promoting the Open Internet’ (the 2015 Order), the FCC imposed open internet rules for both fixed and mobile broadband internet access services (BIAS) and asserted jurisdiction over the exchange of traffic between providers and ‘connecting networks’, such as content delivery networks. Reversing course under the new Republican Chairman and majority, in December 2017, the Commission adopted an order ‘Restoring Internet Freedom’ (the 2017 Order) that reversed – in nearly all respects – the 2015 Order. In particular, the 2017 Order retained a modified version of the requirement that BIAS providers disclose certain information about their service, but otherwise eliminated the 2015 net neutrality rules and disclaimed any statutory authority for oversight over interconnection practices.

The United States has not amended its telecommunications statutes specifically to take account of convergence. The Communications Act is divided into separate titles for common-carrier services, RF spectrum regulation and licensing (including over-the-air broadcast television and radio) and cable television regulation. As noted above, when the FCC imposed open internet rules on BIAS in 2015, it also classified that service as a ‘telecommunications service’, exposing BIAS providers to certain heightened FCC regulations as common carriers under Title II of the Communications Act. In the 2017 Order, however, the FCC reclassified BIAS as an ‘information service’ under Title I of the Communications Act – returning to a classification the FCC had applied from 2005 to 2015. Under the statute, an information service cannot be treated as a common-carrier service – in other words, the FCC has limited authority to impose regulatory obligations on BIAS.

The FCC has not decided whether VoIP is regulated as a common-carrier service; nevertheless, it has imposed a number of common-carrier-like non-economic regulatory obligations on VoIP providers. Specifically, VoIP services, including one-way or non-interconnected VoIP services, must be accessible to individuals with disabilities, as must email and other text-based communications services. Some states have asserted regulatory authority over fixed line VoIP.

With respect to media, regulation of over-the-air broadcast services remains tied to the FCC’s authority to grant licences for use of the RF spectrum and is stricter than the regulation of cable television. The FCC has not asserted complete jurisdiction over ‘over-the-top’ internet-based media services. Although it has begun to apply accessibility rules to some such services, efforts to apply additional rules to such services appear stalled for the time being.

Congress continues to consider an overhaul of federal telecommunications laws, but any sort of action would likely take several years and does not appear to be imminent.


Marketing regulation

The FCC sets rules under the Telephone Consumer Protection Act (TCPA) regarding companies’ telemarketing activities that involve the use of automatic telephone dialing system (‘autodialler’) technology, telemarketing that involves an artificial or pre-recorded voice, and the sending of ‘junk’ faxes. The FCC’s telemarketing regulations are detailed and nuanced, so companies should consult these regulations before engaging in telemarketing in the United States. However, at a high level, companies need ‘prior express written consent’ (a term of art with very specific requirements) before placing an autodialled call or text message involving marketing, a pre-recorded call involving marketing, or a call that uses an artificial voice to a cell phone that involves marketing. Companies also need prior express written consent to place a pre-recorded call or a call involving an artificial voice to a land line if it involves marketing. Companies must honour all consumer requests to no longer receive autodialled or pre-recorded calls, as long as the consumer makes the request through a reasonable means. The FCC and state attorneys general can bring enforcement actions for violations of the TCPA, and these actions can result in large fines. The TCPA also gives call recipients the right to bring private lawsuits seeking damages of US$500 to US$1,500 per call that violates the TCPA. TCPA lawsuits are often brought as large class actions.

The state of TCPA law is currently in flux. In the high-profile case of ACA International v FCC (ACA International) the US Court of Appeals for the District of Columbia Circuit overturned FCC rules regarding what type of technology qualifies as an ‘autodialler’. The ACA decision also struck down the FCC’s rule that companies were liable for making more than one call to the wrong person, owing to the number in question being reassigned from one subscriber to another, when the caller had no actual knowledge of the reassignment. The FCC chairman and two Republican commissioners have praised the DC Circuit’s decision, which overturned rules that the FCC adopted under democratic control. In another high-profile case, Marks v Crunch San Diego, LLC (Marks), the US Court of Appeals for the Ninth Circuit noted that the District of Columbia Circuit has vacated the FCC’s interpretation of what devices qualify as autodiallers, leaving only the statutory definition as a starting point. Holding that the definition is ‘ambiguous on its face’, the Court examined the context and structure of the statutory scheme to reach its determination that an autodialler includes equipment that has the capacity to both store numbers and dial numbers automatically – an expansive interpretation that would include smartphones. In response to ACA International and Marks, the FCC has issued public notices seeking comment on what constitutes an autodialler, but it has yet to act to clarify the definition. In the reassigned number context, the FCC established a single, comprehensive database of reassigned number information from each provider that obtains North American Numbering Plan (NANP) US geographic numbers, including toll free numbers; and adopted a safe harbour from TCPA liability for those callers that choose to use the database to learn if a number has been reassigned. In 2019, the FCC adopted rules to implement the RAY BAUM’S Act (the Repack Airwaves Yielding Better Access for Users of Modern Services Act of 2018) by: extending the reach of the FCC’s ‘truth in Caller ID’ rules to include covered communications originating from outside the United States to recipients within the US; and expanding the scope of covered communications to include text messages and additional voice services. The FCC also adopted a further notice of proposed rulemaking laying the groundwork to mandate implementation of Signature-based Handling of Asserted Information Using toKENs (SHAKEN) and Secure Telephone Identity revisited (STIR) standards if major voice service providers fail to do so by the end of 2019.

The Federal Trade Commission (FTC) also has rules that it applies to a wide variety of industries, including the communications industry. (Indeed, recent litigation in the US Court of Appeals for the Ninth Circuit has reaffirmed the FTC’s power to oversee certain practices of communications companies, even those that the FCC heavily regulates as common carriers.) For example, the FTC’s Telemarketing Sales Rule, in broad strokes, requires companies to check the National Do Not Call registry before engaging in most telemarketing campaigns, requires companies to honour consumer requests to no longer receive telemarketing calls from the company, restricts telemarketing calls during certain times of day, restricts call abandonment, prohibits abusive callers and requires the transmission of non-misleading caller ID information. The FTC’s CAN-SPAM rules, among other things, require that senders of commercial email identify emails as an advertisement, provide information about the identity and location of the sender, and provide a functional opt-out mechanism. The FTC also requires disclosures regarding paid endorsements. Violations of these rules can result in costly monetary penalties. The FTC also has relatively broad power to enjoin and seek consumer redress for unfair or deceptive marketing practices, even if such a practice does not violate a specific FTC rule. In the wake of the 2017 Order, and consistent with a memorandum of understanding entered into with the FCC, the FTC has stated that it will monitor consumer complaints about internet service providers (ISPs) and will take action against unfair or deceptive ISP practices. The agency has also indicated that it will continue to investigate complaints involving privacy practices and data breaches.

Many states also set limits on when and how companies can engage in telemarketing, with many requiring state registration before beginning to telemarket to state residents, further limiting the times when telemarketing may occur, and requiring specific disclosures at the beginning of a call.


State and local rights-of-way and siting

State and local government franchising authorities regulate cable operators and some telecommunications services. Local governments regulate zoning, rights of way and wireless tower siting. In recent years, many states have adopted legislation limiting the authority of local and municipal governments over permitting and regulation of wireless facilities, with a particular focus on limiting the amount of fees that can be charged for placement of small wireless facilities in public rights-of-way.

The FCC has established pre-construction environmental and historic preservation review requirements for wireless antennas. The FCC works in conjunction with the Federal Aviation Administration to regulate antenna and tower heights and associated lighting and marking requirements. In March 2018, the FCC adopted new rules streamlining the processes for local and tribal wireless tower approvals, including excluding ‘small wireless facilities’ on non-tribal lands from environmental and historic preservation review. ‘Small wireless facilities’ encompasses structures that are either less than 50 feet in height or no more than 10 per cent taller than other nearby structures, and that support small antennas and related equipment.


National security and competition

‘Team Telecom’ – an informal grouping of the Departments of Defense, Homeland Security and Justice, and the Federal Bureau of Investigation – regulates national security issues with telecommunications service providers and network owners, while the Committee on Foreign Investment in the United States (CFIUS), a national inter-agency committee administered by the US Department of the Treasury, reviews transactions involving acquisitions of control by foreign persons of existing US businesses engaged in interstate commerce, acquisitions by foreign persons of real estate proximate to sensitive US government facilities, and certain non-controlling investments by foreign persons in US businesses engaged in critical infrastructure, critical technology or collection and storage of sensitive personal information. The FTC and the US Department of Justice (DOJ) jointly regulate competition and merger control under US antitrust laws, as do state attorneys general, under state antitrust laws.


Policy changes

Federal, state or local authorities can initiate policy changes. When the FCC sets rules, it overrides any conflicting state or local laws or requirements. The FCC sets rules though a notice-and-comment process. All final FCC rules are subject to review in federal courts of appeal. State PUCs have similar processes for adopting rules, with the jurisdictional limits and processes varying from state to state. Judicial review is generally available in the state courts, although issues of federal law can also be reviewed by federal courts in many cases. The FTC can implement policy changes through rules as well as by prosecuting civil suits against unfair trade practices either before the FTC or in the federal courts. State attorneys general similarly can bring civil actions that may, in some instances, be creating new policies.

Authorisation/licensing regime

Describe the authorisation or licensing regime.

Fixed providers of common-carrier services other than VoIP

Fixed providers of common-carrier services other than VoIP must register with the FCC and are authorised by a blanket FCC authorisation to provide interstate domestic services (ie, no prior authorisation is required) but must obtain affirmative prior authorisation from the FCC pursuant to section 214 of the Communications Act (international section 214 authorisation) to provide services between US and foreign points – whether facilities-based or resale, or whether using undersea cables, domestic or foreign satellites, or cross-border terrestrial facilities – regardless of whether the traffic originates or terminates in the United States, or both. For intrastate services, a fixed provider must generally be licensed by the relevant state PUC. PUC processes and requirements vary, with procedures less strict for long-distance services and more rigorous for local services. The FCC does not limit the number of licences for telecommunications service providers. Some state PUCs may refuse to grant operating authority to multiple intrastate local telecommunications providers in rural areas. A fixed provider of common-carrier services must obtain FCC consent prior to discontinuing interstate and international services and generally state PUC consent prior to discontinuing intrastate services.


Public mobile service providers

Public mobile service providers (commercial mobile radio service (CMRS)), including resellers, must register with the FCC but are not required to obtain prior authorisation for domestic service; however, they must obtain international section 214 authorisations to provide services between US and foreign points even by resale, and appropriate spectrum use authorisation. As discussed below, the FCC must grant terrestrial RF licences by auction if there are two or more competing, mutually exclusive applications. FCC rules do not require CMRS operators to deploy particular air interface technologies (eg, LTE). Accordingly, and unlike many other jurisdictions, the US authorisation and licensing regime does not distinguish among ‘generations’ of licensed wireless technologies (eg, 2/3/4G) used by operators. States cannot regulate the rates or entry of CMRS providers but can regulate other terms and conditions. Facilities-based mobile service operators must obtain licences or leases to use RF spectrum, except where the FCC rules permit licence-exempt (ie, unlicensed) operation. Public mobile service providers are not required to obtain FCC consent to discontinue domestic services.


Public Wi-Fi

In the United States, Wi-Fi operates on an ‘unlicensed’ basis under the Commission’s Part 15 rules. These rules set power levels, out-of-band emission limits and other technical limits. The FCC designates certain frequency bands where unlicensed devices may operate at higher power levels. The most important of these bands are the 900MHz, 2.4GHz and 5GHz bands. The rules for each of these bands, and sometimes their sub-bands, differ in terms of power and emission mask, and sometimes include special requirements. Special requirements include, but are not limited to, the use of dynamic frequency selection in the U-NII-2a and U-NII-2c sub-bands of the 5GHz band, and the availability of higher power with the use of a down-pointing antenna design in the U-NII-1 sub-band of the 5GHz band. But, importantly, as long as Wi-Fi and other unlicensed devices comply with these rules and operate within these designated bands, they do not require a licence to operate. The FCC allows lower-power unlicensed operations on a co-channel ‘underlay’ basis in many other bands, but these low power levels make the bands inappropriate for Wi-Fi.

Wi-Fi continues to grow in importance in the United States. The FCC has stated that consumers receive more data over Wi-Fi than over licensed cellular networks, and soon Wi-Fi will deliver more data to consumers than even wired networks. Consequently, the FCC has undertaken to make additional spectrum bands available for Wi-Fi. For example, the FCC:

  • designated additional spectrum in millimetre wave bands for unlicensed use; 
  • adopted more liberal unlicensed rules in the U-NII-1 sub-band of the 5GHz band, thereby allowing traditional Wi-Fi services in these frequencies;
  • has proposed to open the U-NII-4 sub-band of the 5GHz band for Wi-Fi through a proceeding exploring how unlicensed services can share the band with incumbent Intelligent Transportation Services; 
  • has proposed to open the 6GHz band for Wi-Fi through a proceeding exploring how unlicensed services can share the band with fixed point-to-point links and other existing users of the band; and
  • opened the ‘white spaces’ between television broadcast channels for unlicensed operation, and has proposed new rules that would allow fixed white-space devices to operate at increased power levels and heights as well as a new set of rules to promote the use of white-space devices for precision agriculture and other IoT applications.


Notably, in 2016 the FCC decided not to open the U-NII-2b sub-band of the 5GHz band to Wi-Fi after analysing the potential of sharing with incumbent government operations. The FCC also recently opened the 3.5GHz band for a mix of light-licensed and ‘licensed-by-rule’ operations. While the licensed-by-rule operations are not unlicensed or governed by Part 15 rules, they are likely to share many characteristics with Wi-Fi deploymentsThe FCC has also issued a notice of proposed rulemaking to permit unlicensed use in the 6GHz band.


Interconnected VoIP

Interconnected VoIP (VoIP services that can place calls to and receive calls from the traditional telephone network as part of a single service) are not subject to prior authorisation. Some states have asserted the ability to require prior approval for fixed interconnected VoIP services, which is currently being challenged in the courts. Interconnected VoIP providers must seek prior authorisation from the FCC, however, before discontinuing service.


Non-interconnected VoIP

Non-interconnected VoIP (VoIP services that can only send or receive calls (but not both) from the traditional telephone network) are not subject to prior authorisation or discontinuance requirements.


Satellite service providers

Satellite service providers must obtain licences to use RF spectrum and must ensure that their handsets or antennae meet FCC interference requirements. If providing common-carrier services between US and foreign points, satellite service providers must also obtain international section 214 authorisations. They are not subject to state rate or market-entry regulation or to FCC price regulation.


Satellite space stations

Satellite space stations notified to the International Telecommunication Union by the United States or using US orbital slots, as well as transmit-receive earth stations, must be licensed by the FCC prior to launch or services commencement, respectively. Receive-only earth stations communicating with US-licensed space stations require only FCC registration. Earth stations in certain frequency bands are covered by blanket authorisations (ie, the FCC does not require individual licensing or registration). Foreign-licensed satellites may serve US earth stations on a streamlined basis if they appear on the FCC’s Permitted Space Station List but may also make an individualised market access showing in connection with transmissions to and from a specific earth station. After finalising new rules in 2017 for non-geostationary satellite orbit (NGSO) systems, the FCC has granted licenses for several large proposed NGSO systems. The Commission is also currently considering a number of other changes to existing satellite regulations, including streamlining the space station application process for CubeSats and other small satellites, as well as considering new rules relating to orbital debris, earth stations in motion and other topics.


Undersea cable infrastructure

Before installing or operating undersea cable infrastructure in the United States or its territories, an operator must first receive a cable landing licence from the FCC, coordinated with the US Department of State, pursuant to the Cable Landing Licence Act of 1921. For an undersea cable to be operated on a common-carrier basis, the operator must also apply for and receive an international section 214 authorisation from the FCC, as described above.


Internet services other than VoIP

The FCC does not require prior authorisations to provide service or to discontinue service for BIAS. The FCC does not regulate internet services other than VoIP and BIAS.


Foreign ownership restrictions – international wireline

The FCC applies a public interest analysis in determining whether to allow a foreign investor to enter the US telecommunications market. For international telecoms service authorisations (international section 214 authorisations), the FCC presumes that the public interest is served by direct and indirect foreign ownership (up to 100 per cent) in facilities-based and resale providers of interstate and international telecommunications services, where the investor’s home country is a World Trade Organization (WTO) member, and in undersea cables landing in WTO member countries. For investors from non-WTO member countries – and undersea cables landing in non-WTO member countries – the FCC does not presume that the public interest is served by direct and indirect foreign ownership (up to 100 per cent). Instead, it will require such investors from non-WTO member countries to make a showing whether they have market power in non-WTO member markets and evaluate whether US carriers or submarine cable operators are experiencing problems in entering such non-WTO member markets. The FCC determines an investor’s home market and consequent WTO status by applying a principal place-of-business test.


Foreign ownership restrictions – RF licences

The United States imposes limitations on both direct and indirect foreign ownership. US WTO commitments reflect these statutory restrictions on foreign ownership. Regardless of WTO status, section 310 of the Communications Act prohibits a foreign government, entity organised under foreign law, non-US citizen or representative of a foreign government, or non-US citizen from directly holding a common-carrier RF (for terrestrial wireless or microwave, mobile or satellite service) broadcast or aeronautical licence (collectively, ‘RF licence’). Section 310 does, however, permit direct and indirect foreign ownership in such licensees, subject to additional requirements:

  • pursuant to section 310(b)(3), parties to foreign investment that results in direct foreign ownership of an RF licence in excess of the 20 per cent statutory threshold must first obtain a declaratory ruling from the FCC finding that such foreign ownership would serve the public interest; and
  • pursuant to section 310(b)(4), parties to foreign investment that results in aggregate direct and indirect foreign ownership in a RF licence in excess of 25 per cent statutory threshold must first obtain a declaratory ruling finding that such foreign ownership would serve the public interest. 


Regardless of whether the foreign investor would control or not control the common-carrier RF licence, the FCC presumes that aggregate foreign ownership of up to 100 per cent serves the public interest, a presumption that applied only to investors from WTO member countries prior to August 2013.


Interplay with national security and trade concerns

The FCC may nonetheless deny approval if the Executive Branch raises serious concerns regarding national security, law enforcement, foreign policy or trade issues, or if the entry of the foreign investor (or cable landing) into the US market presents a risk to competition. In practice, applications for carrier licences for facilities-based and resale international telecommunications services, common-carrier RF licences, and non-common-carrier licences used for mobile or wireless networking services are typically subject to national security reviews by the Team Telecom agencies. These agencies (which also review mergers and acquisitions) often require negotiation of security agreements or assurances letters prior to licensing or transaction consummation.


Authorisation timescale

Although the FCC has adopted detailed licensing timelines (for example, a 14-day streamlined review for most international section 214 applications, a 45-day streamlined review for most cable landing licence applications, and a statutory 30-day review for applications involving common-carrier wireless, mobile and transmit-receive satellite earth station applications), these are typically suspended in cases involving aggregate foreign ownership exceeding 10 per cent, as Team Telecom generally asks the FCC to defer action on such applications pending sometimes lengthy national security reviews. 


Licence duration

Licence durations vary by service and infrastructure type. International section 214 authorisations have no set term or expiry date. Cable landing licences have a 25-year term. Commercial wireless licences, private microwave and industrial wireless licences, and transmit-receive satellite earth station authorisations generally have 10-year terms. Space stations are generally authorised for 15-year terms, but direct broadcast satellite authorisations are authorised only for 10 years. These licences are generally eligible for extension as long as the licensee has complied with the relevant FCC service rules. Cable systems are generally authorised by local franchising authorities for a set term, subject to renewal.



The FCC assesses application processing fees for new and modified-licence applications involving telecommunications and broadcasting services and infrastructure, and for applications seeking consent for transactions involving transfers or assignments of FCC licences. The FCC also assesses annual regulatory fees for the providers it regulates. All of these fees vary by licence and service type; the FCC revises application processing fees periodically and regulatory fees annually. The FCC also assesses fees for a variety of federal programmes involving providers of interstate telecommunications and interconnected VoIP, including: federal universal service; relay services for the hearing-impaired; numbering administration; and number portability. Non-interconnected VoIP providers are required to pay fees to support relay services for the hearing-impaired. State and territorial fees and contributions vary by jurisdiction.


Modification or assignment of licences (including transfers of common-carrier authorisation or assets)

FCC procedures and requirements for licence modifications vary significantly by licence type and service, and, in some cases, by whether the modification is ‘major’ or ‘minor’. The FCC permits assignments of many types of licences, including common-carrier authorisations, though it distinguishes between a pro forma assignment of a licence or transfer of control of a licensee (where ultimate control of the licence does not change, such as with an internal corporate reorganisation), and a substantial assignment or transfer of control to an unrelated third party. Substantial assignments and transfers of control generally require prior FCC consent, as do any transfers of non-mobile common-carrier assets. Pro forma transfers of common-carrier authorisations and common-carrier RF licences do not require prior FCC consent, but the FCC must be notified within 30 days of consummation. Pro forma transfers of non-common-carrier RF licences require prior FCC consent. In general, prior FCC approval is required either when the licence or authorisation itself is transferred to another entity, or when control of the entity holding the licence of authorisation is changing (even if the licence or authorisation is staying within the same entity).


FCC licences and financial security interests

FCC licences may not be pledged as security for financing purposes. Nevertheless, a lender may take a security interest in the proceeds of the sale of an FCC licensee. Lenders are also permitted to take a pledge of the shares of a company holding an FCC licence, though FCC consent must be obtained prior to a lender consummating any post-default transfer of control of an FCC licensee or assignment of an FCC licence. In structuring arrangements for protection in the event of a borrower default or insolvency, lenders, security-interest holders, and FCC licensees need to be mindful of the FCC’s rules on security interests and requirements for approval of transfers of control and assignments, whether voluntary or involuntary.

Flexibility in spectrum use

Do spectrum licences generally specify the permitted use or is permitted use (fully or partly) unrestricted? Is licensed spectrum tradable or assignable?

In addition to any required telecoms services authorisations, facilities-based wireless service providers must have an RF licence, unless they operate exclusively in licence-exempt (ie, unlicensed) bands. In most circumstances, the FCC must grant terrestrial RF licences by auction if there are two or more competing, mutually exclusive applications. Before holding an auction, FCC rulemakings establish spectrum blocks to be auctioned, geographic areas covered, licence terms, service rules including technical and interference-related rules, and network build-out rules. In some cases, the FCC limits the entities eligible to participate in the auction. Some satellite services do not require an auction. In bands designated for licence-exempt use, users can operate under specific technical rules without an individual FCC licence. The FCC has also allotted some frequency bands for ‘licensed-light’ services, where entities can obtain permission to use set frequencies through less onerous processes, such as by registration with the FCC.

The FCC has the authority to reallocate (change the permitted use or permitted class of user) or reassign (change the entity authorised to use particular frequencies in a particular geography) RF spectrum. The FCC is more likely to consider such changes when changes in technology or the marketplace render its rules obsolete. The FCC may also revoke a licence for failure to meet licensee qualification or fitness requirements, or for violations of FCC build-out rules. FCC rules specify the permitted use of some licensed spectrum. However, over the past two decades, the FCC has made spectrum available without detailed use restrictions in most cases, instead setting technical rules, but permitting flexible use of the spectrum. This allows licensees to change the services they provide without seeking prior authorisation from the FCC in most cases. Similarly, FCC rules do not specifically limit the services provided over most unlicensed bands by an individual user as long as they are consistent with the technical operating rules and do not wilfully or maliciously interfere with other users. While individual users of an unlicensed band must accept harmful interference, the FCC has used its equipment authorisation and enforcement processes to investigate and address unlicensed technologies that it believes might undermine an unlicensed band as a whole. The core unlicensed bands are located within the 2.4GHz and 5GHz bands. In 2014, the FCC changed its rules to permit outdoor operations and operations with increased power in the ‘U-NII-1’ sub-band of the 5GHz band. In addition, the FCC permitted unlicensed operations in the television ‘white spaces’, that is, the vacant frequencies between occupied over-the-air broadcast television channels, as well as in portions of the new 600MHz band that will be created as a result of the television broadcast incentive auction. FCC rules require these white space devices to operate subject to a database that determines where and when they can transmit so as to protect licensed operations, including television broadcasters and certain wireless microphones. The FCC is currently considering designating additional frequencies for unlicensed use, including in portions of the 5GHz band on a shared basis with incumbents. The FCC has also recently permitted new commercial uses of the 3.5GHz band on a shared basis with incumbents – including ‘licensed-by-rule’ uses that are functionally similar to unlicensed uses – using a spectrum database approach. In addition, the FCC has recently made additional frequencies available for licensed and unlicensed use in the ‘millimetre wave’ bands above 24GHz. Finally, in 2018, the FCC issued a notice of proposed rulemaking to expand the flexible use of ‘mid band’ spectrum (ie, spectrum above 3.7GHz but below millimetre wave) for wireless broadband and has also issued a notice of proposed rulemaking to permit unlicensed use in the 6GHz band.

The FCC permits spectrum licences to be transferred or assigned, subject to FCC consent as long as speculation is not the principal purpose of the transaction. In approving any transfer or assignment of spectrum, the FCC considers competition, spectrum aggregation and prior compliance issues. The FCC permits partitioning (assignments of the licence in part of the licensed areas) and disaggregation (assignments of some, but not all, frequencies in the licensed area) subject to FCC consent. The FCC also permits leasing of RF spectrum, with the nature of the FCC review depending on the nature and duration of the lease.

Ex-ante regulatory obligations

Which communications markets and segments are subject to ex-ante regulation? What remedies may be imposed?

With respect to ex-ante economic and competition regulation, although the FCC requires all interstate and international common carriers to offer just and reasonable rates, terms and conditions, and prohibits unreasonable discrimination, in practice these are not significant constraints except for incumbent local exchange carriers. The FCC also has the authority to eliminate, or ‘forbear’ from, any statutory common-carrier requirements that it finds unnecessary.


Incumbent local exchange carriers

Incumbent local exchange carriers (ILECs) generally remain subject to both state and federal tariffing, cost accounting, accounting separation, discounted mandatory resale, and unbundling requirements, although unbundling is primarily limited to copper networks. They generally face price controls on retail and wholesale rates, although the FCC has substantially deregulated rates, terms and conditions for non-switched ‘special access’ services in many areas and particularly for packet services such as Ethernet. Specifically, in 2017, the FCC adopted an order deregulating most business data services (BDS), also known as special access, that provide dedicated point-to-point connectivity at guaranteed levels of service. The order determined that all packet-based (typically Ethernet) BDS services are competitive, at low and high capacity levels, everywhere in the country. Based on this finding, the FCC declined to establish new rate regulations for Ethernet BDS. The order then broadly deregulated BDS provided over legacy, circuit-based time-division multiplexing (TDM) networks, which previously were subject to rate regulation in many parts of the country. With respect to middle-mile TDM ‘transport’ services, the order determined that the market is generally competitive, and eliminated all existing price regulation nationwide. The order took the same approach to high-bandwidth (above 45Mbps) TDM ‘channel termination’ services (ie, the last-mile connections between the provider’s network and the customer location). For lower-bandwidth (below 45Mbps) TDM channel terminations – commonly referred to as DS1 and DS3 services – the order adopted a new two-pronged ‘competitive market test’ to determine which US counties are sufficiently competitive to warrant deregulation. This test deems counties competitive if:

  • 50 per cent of buildings or cell towers with BDS demand are located within a half a mile of a building or cell tower served by a competitive provider; or 
  • 75 per cent of the census blocks within the county are reported to have broadband availability (including for residential ‘best-efforts’ broadband service) from a cable operator. 


The test produces positive findings of competition for more than 90 per cent of counties with BDS demand, resulting in wide-scale deregulation of DS1s and DS3s. Competitive carriers and other purchasers of BDS have challenged the order in federal court.

The FCC has also initiated a phased elimination of all inter-carrier compensation for call termination (excluding leases of fixed facilities to an interconnection point) and has issued a notice of proposed rulemaking proposing a unified intercarrier compensation regime based on a ‘bill and keep’ model. In addition to economic regulation, ILECs are also subject to a variety of security and consumer protection requirements, including those for law enforcement access, emergency calling, universal service funding, disability access, funding of telecommunications services for the deaf, customer privacy, number portability service, discontinuance, anti-blocking, rural call completion, outage reporting and some other reporting requirements.


Non-incumbent local exchange carriers

Non-incumbent (called competitive) local exchange carriers (CLECs) are not required to file FCC tariffs, although most choose to do so, but generally are required to file state tariffs. The FCC limits the amounts that CLECs can charge for inter-carrier compensation on call origination and termination. They are not subject to cost accounting, separation, discounted mandatory resale or unbundling requirements. They are, however, subject to a variety of security and consumer protection requirements, including those for law enforcement access, emergency calling, universal service funding, disability access, funding of telecommunications services for the deaf, customer privacy, number portability service, discontinuance, anti-blocking, rural call completion, outage reporting and some other reporting requirements.


Interconnected VoIP providers

Like non-incumbent local exchange carriers, interconnected VoIP providers are not subject to economic regulations; however, they must comply with significant regulatory requirements, including those for law enforcement access, emergency calling, universal service funding, disability access, funding of telecommunications services for the deaf, customer privacy, number portability service, discontinuance, anti-blocking, rural call completion, outage reporting and some other reporting requirements. The FCC, however, pre-empted state PUC regulation of nomadic interconnected VoIP services (those that can be used at more than one site). Some PUCs assert authority to regulate fixed interconnected VoIP services, but a majority of states do not.


Non-interconnected VoIP providers

Non-interconnected VoIP providers must comply with anti-blocking, rural call completion, and disability access requirements and pay FCC-assessed fees to support telecommunications services for the deaf, but are not yet subject to the other regulatory requirements for interconnected VoIP or common carriers. The FCC is considering whether to extend additional regulatory obligations to non-interconnected VoIP, including the obligation to contribute to the support of universal service programmes and for automatic routing and location identification for emergency access (ie, 911) calls.


Broadband internet access service rules

In its 2015 Order, the FCC forbore from exercising its full authority to impose ex-ante rate regulation on providers of broadband internet access services. However, the FCC imposed three bright-line rules on BIAS providers as common carriers, prohibiting them from placing burdens or restrictions on subscriber access to lawful internet content. First, BIAS providers may not block subscribers from lawful internet content, applications, services or non-harmful devices; second, BIAS providers may also not impair or degrade subscribers’ internet access to lawful content, applications, services or use of non-harmful devices; and finally, BIAS providers may not engage in ‘paid prioritisation’ – that is, they may not accept payment of any kind in exchange for ‘fast lane’ access to specified internet content, applications, services or devices. The agency has also imposed a prophylactic catch-all standard preventing broadband providers from ‘unreasonably interfering’ with subscriber access to lawful internet content in ways unforeseen by the Order’s bright-line rules. The 2015 Order also affirmed and expanded on the transparency requirements the FCC originally imposed on providers in 2010.

However, in December 2017, the Commission adopted the 2017 Order, which modified the transparency requirements, but otherwise eliminated the three bright-line rules against blocking, throttling and paid prioritisation, as well as the catch-all standard preventing unreasonable interference.

The FCC adopted privacy regulations for BIAS in the autumn of 2016. However, in April 2017, President Trump signed a Joint Resolution passed by Congress to rescind those rules, at which time BIAS providers became subject only to a statutory provision that required them to protect customers’ proprietary network information. As a result of the 2017 Order, this statutory provision no longer applies and BIAS providers are now subject to FTC privacy oversight.

BIAS providers have obligations to prepare their networks for lawful intercept requests under the Communications Assistance for Law Enforcement Act.


Wireline long distance

For wireline long-distance service providers, the FCC generally prohibits filing of tariffs for almost all retail domestic interstate and international telecommunications services, except for certain specialised situations, and for providers of international telecommunications services regulated as dominant (ie, having market power) on particular routes to particular foreign countries. Long-distance service providers remain subject to customer protection requirements similar to those applicable to competitive local exchange carriers. State PUCs typically require tariffing of intrastate long-distance services. The US Congress recently passed the Improving Rural Call Quality and Reliability Act of 2017 to address the persistent problems associated with terminating long-distance calls to rural areas. Pursuant to this legislation, the FCC adopted an order requiring all ‘intermediate’ service providers to register with a newly established intermediate provider registry and ‘covered providers’ (ie, the provider serving the end user) to use only registered intermediate providers in the call routing process. These rules apply to all carriers providing voice services to and from a NANP telephone number.


Public mobile services

Public mobile service providers (ie, CMRS) are not subject to ex-ante economic regulation by either the FCC or state PUCs. They are not subject to price controls, tariffing, cost accounting, separations, resale or domestic discontinuance requirements. Voice roaming rates and conditions must be just, reasonable and non-discriminatory, and CMRS providers must negotiate commercially reasonable data roaming agreements with other carriers, subject to certain limitations regarding technical compatibility and feasibility. Mobile service providers must also ensure that their handsets and base stations meet FCC rules on topics such as maximum power, interference and spectral masks, antenna design and directionality, human radiation exposure and disabilities access, including technical hearing aid compatibility requirements. FCC rules require testing and certification of RF equipment. Moreover, as discussed above with regard to broadband internet access services, in December 2017, the Commission revised, but did not eliminate, BIAS transparency obligations. These revised rules will apply to mobile as well as fixed BIAS.

Structural or functional separation

Is there a legal basis for requiring structural or functional separation between an operator’s network and service activities? Has structural or functional separation been introduced or is it being contemplated?

No, the United States does not require carriers to maintain separate wholesale network and retail-service subsidiaries. In some cases, the FCC or state PUCs require separation among service activities (eg, a US carrier affiliated with a carrier with market power in a foreign market must provide US-originating or terminating services to that foreign market through a subsidiary separate from the foreign carrier).

Universal service obligations and financing

Outline any universal service obligations. How is provision of these services financed?

Incumbent local exchange carriers generally have state-imposed universal service obligations to meet all reasonable requests for service within their service area (called ‘carrier of last resort’ obligations). Some cable companies also have requirements in franchise agreements with local or state governments to build out their network.

The federal Universal Service Fund (USF) supports the provision of telecommunications services in high-cost areas, to low-income consumers, to rural healthcare providers, and to schools and libraries. The FCC sets voice and broadband performance and service requirements for carriers that choose to receive explicit universal service funding for high-cost areas. The FCC is beginning to use reverse auctions to distribute universal service support to eligible carriers; it is currently processing initial applications to participate in a reverse auction to bring fixed voice and broadband services to areas that lack broadband of at least 10Mbps/1Mbps, and it is in the process of confirming which areas will be available for a reverse auction to provide mobile broadband services to underserved areas. Carriers that are eligible to receive high-cost universal service support must also provide services to low-income consumers, although some carriers receive subsidies only for serving low-income consumers.

The federal USF is financed by an assessment on all end-user interstate and international telecommunications revenues earned by telecommunications carriers and interconnected VoIP providers. The FCC recalculates the assessment rate quarterly; for the first quarter of 2020 the assessment rate is at 21.2 per cent of interstate and international telecommunications revenues. From 2015 to the present, the rate has fluctuated from a low of 16.7 per cent for the fourth quarter of 2015 and the first quarter of 2017 to an all-time high of 24.4 per cent for the fourth quarter of 2019. Internet access revenues currently are not subject to USF assessments. Determining which services are required to contribute directly and when is extremely complex.

In early 2019, the FCC established a new Fraud Division within its Enforcement Bureau to combat waste, fraud and abuse within the supported programmes.

Many states also require providers of intrastate telecommunications to contribute to state universal service programmes, and some states require interconnected VoIP providers to contribute. Nearly all states assess contribution requirements based on provider revenue, but a few states have recently adopted connection-based revenue requirements. These new rules are being challenged in court.

Number allocation and portability

Describe the number allocation scheme and number portability regime in your jurisdiction.

The United States is one of 20 countries that participate in the North American Numbering Plan, which uses the +1 country code. Within the United States, the FCC has exclusive authority over numbers; it has delegated certain management functions to the states. The FCC contracts out the day-to-day management of the US portion of the North American Numbering Plan; Neustar, Inc currently serves as the North American Numbering Plan administrator. Providers of local telecommunications services, including mobile wireless providers, that are authorised to provide service in a particular geographic area apply to the administrator for numbers associated with that area, typically in contiguous blocks of 1,000 (eg, NPA-NXX-3000 through NPA-NXX-3999). Providers of interconnected VoIP service may also apply for numbers after obtaining authorisation from the FCC. Fixed and mobile common carriers and interconnected VoIP providers pay fees to support numbering administration.

Numbers for toll-free calling are managed separately by Somos, Inc, a private company, on designation by the FCC.

The FCC requires fixed and mobile common carriers and interconnected VoIP providers to permit number porting within the same geographic area. All providers of telecommunications services and interconnected VoIP must pay fees to support number portability administration. These fees vary by region. The US number portability system does not currently permit nationwide number portability, although a provider that operates in all seven number portability regions can effectively create the ability for its customers to port numbers anywhere in the US.

Customer terms and conditions

Are customer terms and conditions in the communications sector subject to specific rules?

States regulate customer terms and conditions for intrastate, including local, services, frequently with advance filing or approval requirements through tariffs. The FCC does not require advance filing of customer terms and conditions for any interstate services, other than for local services provided by incumbent local exchange carriers. All wireline local carriers can advance file, through tariffs, customer terms and conditions for interstate services, although CLECs are not required to do so. Long-distance carriers are not permitted to tariff customer terms and conditions. Both the FCC and state PUCs generally require terms and conditions that are reasonable and non-misleading.

For non-common-carrier services and prepaid phone cards that are sold and distributed by non-carriers, the FTC has taken the position that it has jurisdiction to regulate misleading or unfair terms and conditions. The states’ attorneys general also police false, misleading or unfair terms and conditions. Neither the FTC nor state attorneys general require advance filing or approval.

Net neutrality

Are there limits on an internet service provider’s freedom to control or prioritise the type or source of data that it delivers? Are there any other specific regulations or guidelines on net neutrality?

In 2010, the FCC imposed three net neutrality obligations on mass-market broadband ISPs: transparency; a prohibition on blocking; and a prohibition on unreasonable discrimination. A reviewing court vacated the prohibitions on blocking and unreasonable discrimination in January 2014. However, in 2015, the FCC reinstituted and expanded on the vacated rules, which it accomplished by classifying broadband internet access carriers as ‘telecommunications providers’. The 2015 Order established prohibitions on blocking, throttling and paid prioritisation, as detailed above; enhanced carriers’ existing transparency obligations; and made all rules governing the openness of the internet apply uniformly to both fixed and mobile broadband internet access devices. The rules were challenged in court and upheld in their entirety by the DC Circuit in June 2016.

As mentioned above, however, in December 2017, the Commission adopted a new order reversing, in nearly all respects, the 2015 Order. In particular, the FCC reclassified broadband ISPs as ‘information service’ providers rather than ‘telecommunications providers’ and eliminated the net neutrality rules against blocking, throttling, paid prioritisation and unreasonable interference. BIAS providers are now subject only to a modified version of the FCC’s transparency rule. Under that rule, broadband ISPs must publicly disclose accurate information regarding network management practices, including whether they are engaging in blocking, throttling or paid prioritisation practices. They must also disclose certain network performance and commercial terms governing their broadband internet access services. Beyond that, broadband ISPs will be governed by existing general antitrust and consumer protection law.

In the 2017 Order, the FCC stated that it was pre-empting any state or local measures inconsistent with its net neutrality approach (ie, precluding states or localities from adopting net neutrality rules). Notwithstanding that language, in the wake of the 2017 Order’s adoption, many states have sought to put state net neutrality regulations in place. The governors of numerous states signed executive orders stating that a broadband provider that has a government contract with the state must not block, throttle or degrade internet content and must not engage in paid prioritisation, including in some cases a prohibition on requiring consumers to pay different rates to access specific kinds of content or applications online. Other states adopted legislation to support some form of net neutrality protection for their consumers. Over 20 state attorneys general offices, several online companies and a number of public interest groups challenged the 2017 Order in court. Those lawsuits were consolidated in the US Court of Appeals for the DC Circuit.

On 1 October 2019, the DC Circuit issued its long-awaited decision in Mozilla v FCC, largely upholding the FCC’s repeal of the 2015 net neutrality rules but striking down the agency’s attempt to pre-empt state and local neutrality laws. Among its key decisions, the court upheld as reasonable the FCC’s reclassification of broadband as a Title I information service and classification of mobile broadband as a ‘private mobile service’ exempt from Title II common-carriage regulation. The DC Circuit also upheld the FCC’s conclusion that section 706 of the Communications Act is not an independent grant of regulatory authority for issuing net neutrality rules. The DC Circuit remanded questions back to the FCC to address the repeal’s effects on public safety, pole attachments, and the FCC’s Lifeline programme. The decision leaves the FCC’s rules in place while the FCC reconsiders those issues. Finally, the DC Circuit vacated the 2018 Order’s pre-emption of ‘any state or local requirements that are inconsistent with [its] deregulatory approach’ on grounds that the FCC failed to establish legal authority for such pre-emption, stating that the FCC cannot pre-empt where it lacks authority to regulate.

The court’s ruling will likely free ISPs from previous restrictions on the blocking, throttling, or paid prioritisation of online content. By striking down the FCC’s attempt at wholesale pre-emption, however, the court cleared the way for states to pass and enforce more stringent net neutrality rules, which will likely face state-by-state legal challenges.

Platform regulation

Is there specific legislation or regulation in place, and have there been any enforcement initiatives relating to digital platforms?

The FCC does not regulate internet-based services such as search, social media and news services. Those services may be subject to other generally applicable laws, such as laws against unfair or deceptive marketing.

Next-Generation-Access (NGA) networks

Are there specific regulatory obligations applicable to NGA networks? Is there a government financial scheme to promote basic broadband or NGA broadband penetration?

Pursuant to its 2015 Order, the FCC treated BIAS, including traffic exchange arrangements, as a ‘telecommunications service’ subject to its regulatory authority over common carriers. The FCC did not impose specific rules governing internet backbone or traffic exchange, but asserted authority to hear complaints of unjust, unreasonable or unreasonably discriminatory traffic exchange practices by BIAS providers. However, in December 2017, it reversed itself and the FCC adopted the 2017 Order, which, among other things, disclaimed FCC jurisdiction over internet traffic exchange practices. The FCC also requires internet access networks to comply with surveillance and law-enforcement assistance requirements.

The FCC has adopted some measures to address the transition from copper-based phone networks to fibre, intended to encourage incumbent carriers in upgrading their networks. For example, the FCC eliminated prohibitions that previously prohibited incumbent carriers from disclosing planned network changes to their affiliates before informing the public. The FCC also eased requirements on incumbent carriers to provide prior notice before retiring copper facilities.

The FCC has also modernised all of its universal service support programmes to support broadband services (the high-cost support programme, the schools and libraries programme, the rural healthcare programme and the low-income programme). Its programmes in total disburse approximately US$9 billion annually.

Data protection

Is there a specific data protection regime applicable to the communications sector?

Limits on communications companies’ use and disclosure of personally identifiable information to non-law-enforcement entities

Under the Electronic Communications Privacy Act (ECPA) and the Communications Assistance for Law Enforcement Act (CALEA), communications companies cannot as a general rule disclose the contents of communications to anyone other than a party to the communication and are limited in their ability to regularly monitor the contents of communications occurring on the carrier’s network. Third parties who are not law enforcement or vendors working for the carrier typically cannot be given access to communications contents.

The FCC requires companies offering telephone or interconnected VoIP services to offer special protections to a category of customer data known as customer proprietary network information (CPNI). CPNI includes information about a customer’s use of telecommunications services, such as the numbers the customer called, how long each conversation lasted and certain billing information. A customer’s name, address, social security number, birth date and many other types of personal information are not CPNI. In January 2019, allegations that AT&T, Sprint and T-Mobile were selling customers’ location data prompted congressional calls for an FCC investigation – calls which were met with apparent FCC indifference. It is unclear at this time whether the FCC will undertake such an investigation or take other action.

Providers must take all reasonable measures to discover and protect against attempts to gain unauthorised access to CPNI and properly authenticate a customer’s identity before complying with a request that would give the customer access to his or her own CPNI. Telecommunications carriers must also provide customers with notice related to the company’s CPNI practices, seek customer consent before using CPNI to engage in certain activities, retain records related to CPNI access and report certain information related to CPNI to the FCC.

Federal oversight of phone and iVoIP companies’ treatment of personally identifiable information that does not qualify as CPNI is unclear. Under the prior administration, the FCC took the position (announced in October 2014) that a telecommunications provider’s failure to protect data falling outside the definition of CPNI can violate the Communications Act. Specifically, the FCC stated that a customer’s name, address, social security number, date of birth and other types of personally identifiable information that a carrier collects when providing service qualify as customer proprietary information (CPI). The FCC stated that it expects telecommunications carriers to employ adequate data security to protect CPI, avoid implicit and explicit misrepresentations regarding the level of data security provided, and notify customers potentially affected by a data security breach. Whether the FCC intends to take the same approach under its current leadership – and whether it has the continued power to do so after Congressional action overturning an FCC order that touched on the FCC’s treatment of CPI – remains unclear at the time of writing.

The FTC oversees the treatment of personally identifiable information by companies, except in their provision of common carrier services. For example, in the wake of the reclassification of broadband internet access service as an information service, the FTC oversees companies’ data protection practices with regard to data collected from providing broadband, whereas the FCC continues to oversee companies’ data protection practices with regard to data collected from providing telephone service (pursuant to the CPNI and possibly CPI rules discussed above). The FTC does not have set rules regarding data protection. Instead, it takes a case-by-case approach, evaluating whether a company’s treatment or protection of personally identifiable information is unfair (eg, if the company retroactively applies new data protection practices to data the company previously collected, without obtaining opt-in customer consent) or deceptive (eg, if it materially conflicts with implicit or explicit statements the company made about its data protection practices).

A small number of states and municipalities have laws that specifically address the data protection practices of communications providers. After Congress’s rescission of the FCC’s broadband privacy rules, many state legislatures have considered legislation requiring broadband providers to obtain customer consent to use or disclose personally identifiable information to third parties for non-service-related purposes. States and municipalities also have generally applicable data protection rules that may apply to communications providers. In particular, California has extensive regulations dealing with privacy notices for online services and the ability for California residents to obtain information about whether their information is provided to third parties for direct marketing purposes.


Law enforcement access to data

The United States has specific data protection regulations dealing with the content of communications, including emails, text messages and calls. Under ECPA and CALEA, communications companies cannot turn over the content of communications to a law enforcement entity without a valid court order, absent an emergency or other special circumstance. The type of court order necessary depends on a number of different factors, including whether the communications will be intercepted in real-time or whether law enforcement will access the contents of a previously stored communication. Statutes differ on whether consumers must be notified and given an opportunity to challenge the disclosure. ECPA gives law enforcement the ability to require communications providers to retain communications in their possession pending a court order. The Cybersecurity Information Sharing Act (CISA) also allows companies to voluntarily share certain information with the government regarding cybersecurity threats.

Federal regulations require each telecommunications common carrier that offers or bills toll telephone service to retain billing-record data for a period of 18 months.

Although the circumstances in which disclosure is allowed are somewhat limited, CALEA requires telecommunications providers (including interconnected VoIP providers), fixed broadband service providers, manufacturers of telecommunications transmission and switching equipment, and providers of support services (ie, products, software, or services used by a telecommunications carrier for the internal signalling or switching functions of its telecommunications network) to provide the capacity to allow properly authorised law enforcement officials to intercept communications and obtain call-identifying information from their customers, as well as the capacity to meet the surveillance needs of properly authorised law enforcement officials. Pursuant to a court order or other lawful authorisation, carriers must be able to:

  • expeditiously isolate all wire and electronic communications of a target transmitted by the carrier within its service area;
  • expeditiously isolate call-identifying information of a target;
  • provide intercepted communications and call-identifying information to law enforcement; and
  • carry out intercepts unobtrusively, so targets are not made aware of the electronic surveillance, and in a manner that does not compromise the privacy and security of other communications. 


CALEA does not require telecommunications providers to decrypt communications, unless the carrier provided the encryption and has the information necessary to perform the decryption.

Failure to comply with CALEA obligations can result in civil penalties. The attorney general may enforce these obligations by seeking an order from a federal district court. Violations of ECPA can result in criminal penalties.


Is there specific legislation or regulation in place concerning cybersecurity or network security in your jurisdiction?

In February 2014, the National Telecommunications and Information Administration (NTIA) and the National Institute of Standards and Technology (NIST) released their Framework for Improving Critical Infrastructure Cybersecurity, a set of industry best practices to reduce cyber risks to critical infrastructure, including telecommunications services; as of this writing, NTIA and NIST are engaging with key stakeholders to update the Framework. The FCC-convened Communications Security, Reliability, and Interoperability Council provides guidance on how the NIST framework applies in the telecommunications context and offers recommendations. Compliance with the Framework and CISRC best practices is voluntary.

Under CALEA, telecommunications providers (including interconnected VoIP providers) must maintain and file with the FCC System Security and Integrity plans, detailing how the provider ensures proper government access to communications content and call identifying information, and protects such information from unauthorised disclosure. Neither CALEA nor the FCC mandate the use of any particular technical standard to ensure law enforcement access or communications security.

CISA limits liability of companies for sharing information with other private entities and with government related to cybersecurity threats. CISA does not impose a sharing mandate and instead establishes a voluntary sharing framework; in addition, it explicitly authorises private entities to monitor their networks for cybersecurity threats, to operate defensive measures to protect their networks from cybersecurity threats, and to share and receive cybersecurity threat information.

The Team Telecom agencies also often impose cybersecurity-related conditions in security agreements and assurances letters as conditions for the grant of FCC licences or consents for mergers and acquisitions.

Big data

Is there specific legislation or regulation in place, and have there been any enforcement initiatives in your jurisdiction, addressing the legal challenges raised by big data?

In the United States, the Fair Credit Reporting Act (FCRA) is the main law dealing specifically with amassing and using high-volume datasets of personally identifiable information (PII), but the law has limited reach. The FCRA only applies to ‘consumer reporting agencies’ (CRAs) and entities that obtain information from or furnish information to CRAs. Credit reporting bureaux, such as Transunion, Equifax and Experian, and employment and tenant background screening companies are the main CRAs. However, a 2016 report from the FTC and a number of commentators have suggested that the definition of a CRA is sufficiently broad to cover data brokers who: compile PII that bears ‘on a consumer’s credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living’; and provide these compilations (known as consumer reports) to buyers who use them (or can be expected to use them) in making credit determinations or for employment, insurance, licensing and other business purposes. Importantly, the FCRA does not generally apply to reports that are used or can be expected to be used only for marketing and general risk management purposes.

There have been few big data-related cases alleging violations of the FCRA, so the precise reach of the FCRA in this context remains unknown. Litigation related to the Equifax data breach may shed light on this issue in the near future. In one high-profile case, LexisNexis settled a class action FCRA lawsuit – which alleged that identity reports it sold for locating people and assets, authenticating identities and verifying credentials in the debt collection context were subject to the FCRA – for US$13.5 million in damages, US$5.5 million in fees and an agreement to restructure the identity report programme at issue so that it would comply with the FCRA. And in a January 2016 staff report on big data, the FTC took the position that data brokers who advertise their services ‘for eligibility purposes’ and companies that use non-traditional predictors (such as a consumer’s zip code, social media usage or shopping history) to create reports of consumers’ creditworthiness are particularly likely to fall under the FCRA (as are companies that use such reports).

When a company involved in big data qualifies as a CRA, it must:

  • only include accurate, current and complete data in consumer reports, including in most cases deleting information on account data after seven years and bankruptcies after 10 years;
  • provide consumers with access to and the opportunity to dispute or correct any errors in a consumer report, as well as general consumer assistance in accordance with FTC rules;
  • provide consumer reports only to entities that have a permissible purpose under the FCRA, including for the extension of credit applied for by a consumer, the review or collection of a consumer’s account, insurance underwriting, employment purposes where consumer permission is obtained pursuant to stringent rules, where there is a legitimate business need in connection with a business transaction initiated by the consumer, and in certain legal actions; and
  • keep records regarding the release of consumer reports.


Users of consumer reports must:

  • provide notice to consumers when most types of third-party data are used to make adverse decisions about them;
  • only use consumer reports for a permissible purpose and so certify; and
  • provide certain consumer disclosures and keep records related to making offers to a list of pre-screened consumers obtained from a CRA.


Companies that provide information to CRAs for use in consumer reports must take certain steps to ensure the information provided is accurate and complete.

Additionally, some companies have faced questions about whether their use of data has a discriminatory impact on protected classes of people. Under Title VII of the Civil Rights Act of 1965 and other statutes, companies could face a civil action when their facially neutral policies or practices have a disproportionate adverse effect on a protected class. The Equal Credit Opportunity Act (ECOA) bans companies that regularly extend credit from using information about consumers’ race, colour, religion, national origin, sex, marital status, age or receipt of public assistance when making credit decisions. The 2016 FTC big data report indicated that targeting credit advertisements in a way that had an ‘unjustified’ disparate impact on a protected class could potentially violate the ECOA. Whether courts would take a similar view of the ECOA’s application to big data remains to be seen. The 2016 FTC big data report also indicated that selling analytics products knowing that they would be used for a fraudulent or discriminatory purpose may also constitute a violation of the FTC Act. In May 2016, the Obama Administration issued ‘Big Data: A Report on Algorithmic Systems, Opportunity, and Civil Rights’, which noted some concerns with the use of big data. Some of the companies faced with allegations of discrimination have voluntarily addressed these issues in a way that has helped them avoid litigation.

Generally applicable privacy and data security rules will also apply to most companies involved in big data. The FTC Act bans unfair or deceptive acts in interstate commerce by non-common carriers, including misrepresenting how PII will be collected and used, misrepresenting how PII will be protected, and failing to maintain reasonable security over PII. A number of states have additional requirements regarding privacy disclosures, cybersecurity, and notification to consumers in the event of a data breach. Companies must comply with myriad requirements under the Children’s Online Privacy Protection Act before knowingly collecting personally identifiable information from children under 13 via an online service or collecting personally identifiable information from an online service targeted at children under 13. The United States also has a number of sector-specific privacy laws that can impact companies compiling information from certain healthcare-related companies, financial institutions and communications companies.

US law does not require online companies to honour consumers’ ‘do not track’ settings. However, California law typically requires entities operating online to state how the entity treats ‘do not track’ requests.

California also recently passed the California Consumer Privacy Act of 2018. Like the GDPR, the new law gives Californians the right to know what personal information a business has collected about them, the source of the information, how the business uses the information and to whom the business sells the information. Beginning this year, Californians also will be able to demand the deletion of their data and to opt out of the sale of their data to third parties. It is expected that this new law will spur other states to take similar action and to increase pressure for action at the federal level.

Data localisation

Are there any laws or regulations that require data to be stored locally in the jurisdiction?

The United States has not adopted laws or regulations requiring that data be stored locally in the United States. Nevertheless, in some cases, Team Telecom imposes data localisation requirements in security agreements and assurances letters as a condition for the grant of a licence or consent for a merger or acquisition. In such cases, Team Telecom may require that such data be stored only in the United States, or that copies of such data be made available in the United States. Such requirements are controversial, as they extend extraterritorially the reach of US law enforcement jurisdiction.

The United States’ lack of data localisation requirements has driven US law enforcement to take an aggressive approach to their ability to access data that allegedly relates to unlawful activity occurring in the United States but is stored in a different country. In 2018, the Supreme Court heard an argument from Microsoft, challenging the federal government’s position on the extraterritorial reach of US warrants. That case was dismissed as moot following passage of the Clarifying Lawful Overseas Use of Data (CLOUD) Act. The CLOUD Act amends the Stored Communications Act of 1986 to allow US law enforcement to compel (via warrant or subpoena) US-based technology companies to provide data stored on servers regardless of whether the data are stored in the US or on foreign soil.

Key trends and expected changes

Summarise the key emerging trends and hot topics in communications regulation in your jurisdiction.

IP transition/convergence

Both Congress and the FCC continue to tackle how best to update US telecommunications laws in light of the technological changes and service convergence brought about by digitisation and IP networks. As described above, the FCC has modernised all of its universal service support programmes to support broadband services (the high-cost support programme, the schools and libraries programme, the rural healthcare programme and the low-income programme). The Republican-led Congress continues to consider a fundamental update of underlying telecommunications laws. At the time of writing, there has been little movement on such an update.



The FCC and US government continue to attempt to find spectrum to make available for both licensed and licence-exempt services, particularly mobile broadband. There are several important ongoing proceedings on this topic.

The FCC recently concluded an incentive auction that allowed television broadcasters to relinquish spectrum rights in the 600MHz band in exchange for auction revenues (the reverse auction) and assign the returned spectrum for flexible use (the forward auction) by licensed and unlicensed networks. Because there is little other opportunity for commercial access to spectrum below 1GHz, the FCC has also adopted spectrum-aggregation rules to address the amount of such spectrum that any single provider can hold. This auction produced 84MHz of spectrum for licensed mobile broadband services. The process of ‘repacking’ the remaining broadcasters and opening this band for auction winners will be a major endeavour of the FCC over the next several years.

The FCC recently allowed commercial users to share the 3.5GHz band with government and non-government incumbents, on a secondary basis. The FCC adopted an innovative three-tier approach that would make incumbents primary, a set of licensees that acquire licences secondary exclusive and a tertiary tier of licensed-by-rule users (similar to traditional unlicensed operations). FCC proceedings are also under way to put in place a database system to govern use and interference.

The FCC is considering permitting unlicensed devices to operate in the UNII-4 sub-band of the 5GHz band, where Intelligent Transportation Services is the incumbent licensee.

The FCC recently permitted additional terrestrial licensed and unlicensed wireless operation in the ‘millimetre wave’ bands above 24GHz. It auctioned spectrum in the 28GHz band and 24GHz band in November 2018, and has proposed to auction spectrum in the 37, 39 and 47GHz bands in the second half of 2019. Standardisation of the new unlicensed millimetre wave band is already well under way in private standards bodies.

In 2018, the FCC initiated proceedings seeking comment on: transitioning some or all of the 3.7-4.2GHz band (currently used for FSS earth stations and fixed microwave stations) to terrestrial fixed and mobile broadband service and examining various proposals for expanding flexible use of the band; opening up the 6GHz band (allocated to point-to-point microwave links, fixed satellite system uplinks and mobile services) to unlicensed use; developing GHz bands that currently impose limited educational use requirements and restrict licence uplinks and mobile services) to unlicensed use; and developing rules for spectrum above 95GHz. It has also issued a notice of inquiry seeking input on potential uses of ‘mid band’ spectrum for licensed and unlicensed wireless broadband deployments and has sought comment on making 2.75GHz of additional spectrum in the 26 and 42GHz bands available.

Finally, the US Congress passed legislation requiring the FCC and the National Telecommunications and Information Administration to identify 255MHz of additional spectrum for mobile and fixed wireless broadband use, including not less than 100MHz of spectrum below 6GHz for exclusively licensed commercial mobile use (subject to potential continued use by federal entities) and not less than 100MHz of spectrum below 8GHz for unlicensed operations.


Public mobile service competition

When the US DOJ challenged the AT&T/T-Mobile merger, it strongly suggested that it was necessary to maintain at least four national public mobile service providers. Whether this is true, and, if so, what regulatory steps are necessary to secure it, will remain issues, before both the FCC and the DOJ antitrust division. The FCC, however, has taken steps to strengthen its rules limiting data roaming rates and has conditionally reserved some spectrum below 1GHz for providers other than the two largest nationwide mobile wireless carriers.


Delayed market entry owing to national security reviews; prospect of reform

In 2016, the FCC initiated a proceeding to reform the Team Telecom review process to provide greater transparency and timing certainty for national security reviews of foreign ownership for new FCC licences and mergers and acquisitions involving FCC licensees. That proceeding remains pending, having been suspended by the FCC at the end of 2016 owing to concerns about the propriety of a lame-duck FCC initiating major reforms in advance of the presidential transition. The US national security reviews by Team Telecom and CFIUS have long generated considerable anxiety among foreign investors and equipment and software suppliers considering US entry. Continuing disclosures about US government spying have exacerbated concerns both about the purpose of those reviews and about delays in future reviews as the agencies adjust. Notwithstanding US WTO commitments to make publicly available the licensing criteria and ‘the period of time normally required to reach a decision concerning an application for a license’, there remains little predictability in the process or timing for obtaining a new licence or transaction approval involving foreign investment in a telecommunications provider. Reviews and conditions can affect corporate governance, personnel and other operational matters, with investments from particular countries (eg, China and the Gulf states) and by sovereign wealth funds subject to considerable scrutiny. Although the supply arrangements do not require direct US government approval, the US government can nevertheless foreclose supply opportunities indirectly by imposing market-entry conditions on investors. In rare circumstances, the US government has sought to pressure US carriers in procurements unrelated to foreign-investment transactions, particularly where US government agencies are customers of the carriers. In 2018, the US Congress passed the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA) to expand further the CFIUS review process over transactions involving real estate, critical infrastructure, critical technology, or sensitive information of US persons and to reform US export controls. In contrast to earlier versions of the legislation, FIRRMA does not expressly address countries ‘of special concern’; however, FIRRMA tasks CFIUS with defining ‘foreign person’ in terms of connections to a foreign country or government and potential effects on US national security; and CFIUS may consider whether a covered transaction involves a country of special concern that has demonstrated or declared the strategic goal of acquiring a type of critical technology or critical infrastructure that would affect US leadership in areas related to national security.


Disabilities access

Following a major expansion in 2010 of disabilities access requirements to non-interconnected as well as interconnected VoIP, electronic messaging and interactive video conferencing, and software and equipment (including internet browsers) used to access such services, the FCC has begun to receive, investigate and adjudicate complaints. In December 2016, the FCC approved rules to enable carriers and device manufacturers to satisfy certain disabilities access requirements through the use of IP-based real-time text technology rather than traditional teletypewriter equipment. Companies have also faced growing pressure, including consumer lawsuits brought under the Americans with Disabilities Act, to make their websites and mobile applications compatible with screen reader technology and meet other accessibility-related requirements. Courts have taken differing views on the application of the Americans with Disabilities Act to websites and apps.


Initiatives to prevent illegal calls

In the past three years, the FCC has focused heavily on the prevention of illegal calls, such as calls that are abusive or fraudulent, autodialled or pre-recorded calls made without the necessary level of consent and calls made to consumers who are on a legally mandated ‘do not call’ list. The FCC has adopted limited changes to its rules about call blocking to encourage providers to block presumptively illegal calls, to share information necessary to identify illegal calls and to take other measures to prevent illegal calls from reaching consumers. In particular, in the reassigned number context, the FCC has established a single, comprehensive database of reassigned number information from each provider that obtains NANP US geographic numbers, including toll free numbers; and adopted a safe harbour from TCPA liability for those callers that choose to use the database to learn if a number has been reassigned. The FCC also continues to consider other methods of blocking unlawful calls, including the use of SHAKEN and STIR standards.

Law stated date

Correct on

Give the date on which the information above is accurate.

1 April 2020