The Federal Communications Commission is considering a rule that could make it much harder to get a U.S. phone number without handing over identifying information first, turning an anti-robocall proposal into a broader fight over prepaid phones, anonymous mobile service, and telecom privacy.
The proposal, formally titled Enhancing Know-Your-Customer Requirements, was published in the Federal Register on May 26, 2026. Comments are due June 25, with reply comments due July 27. It is not a final rule, and it does not ban prepaid phones today. But if adopted in a strong form, it would move parts of the phone market closer to the identity-checking model already familiar in banking, payments, and some online marketplaces.
The FCC says the goal is to stop illegal calls before they enter the phone network. The agency is asking whether voice providers should collect more specific information from new and renewing customers, verify that information before service starts, re-check it when suspicious activity appears, and keep records long enough for enforcement. The practical question is whether a rule aimed at scammers would also erase one of the remaining low-friction ways to maintain a working phone number without building another permanent identity trail.
What the FCC is proposing
The proposal applies to “originating providers,” the companies best positioned to stop illegal calls before they are placed onto the network. In the FCC’s summary, the proceeding seeks comment on customer identification requirements for new and renewing customers, verification and re-verification rules, retention requirements, higher-volume customer checks, and a per-call penalty framework for violations.
In the underlying FCC 26-27 proposal, the agency asks whether providers should have to obtain at least a customer’s name, physical address, government-issued identification number, and alternate telephone number before activating service. For higher-risk or higher-volume customers, the FCC also asks about collecting information such as intended use, IP address, business formation documents, proof of active telephone numbers, proof of commercial presence, and other supporting records.
The agency is also considering record retention that would last through the statute-of-limitations period for certain illegal-call violations. For spoofing or intentional violations of the Telephone Consumer Protection Act, the FCC points to a four-year period and asks whether providers should keep KYC information and supporting records for four years after the customer relationship ends.
That retention question matters because the data at issue is not just a login email address. It can include government ID numbers, physical addresses, alternate phone numbers, business records, and documents that connect a person or organization to a communications account. A rule meant to improve traceability would also create more sensitive carrier-held data that could be breached, subpoenaed, sold through poor vendor practices, or misused if internal controls are weak.
Why prepaid phones are in scope
The proposal does not simply ask about large robocall operations. It specifically asks how the rules should treat prepaid versus postpaid service, prepaid SIM cards sold through third-party vendors, and mobile virtual network operators. The FCC also raises SIM boxes, which can be used to send fraudulent text messages or originate large volumes of traffic through many cards.
That is why the proceeding has drawn attention beyond telecom compliance circles. 404 Media reported that privacy advocates are warning the proposal could effectively end anonymous phone service in the U.S. WIRED’s security roundup highlighted the same tension, noting that a carrier collecting and retaining identity records for new and renewing customers would affect people who use anonymous or low-identification numbers for reasons that are not criminal.
Burner phones have a reputation problem because the term is often associated with crime. In practice, low-friction phone service can also matter to domestic violence survivors, journalists, whistleblowers, activists, travelers, people with unstable housing, people avoiding stalkers, and ordinary users who do not want every communications account tied to a durable commercial profile. The rulemaking forces the FCC to weigh those use cases against the real abuse of phone networks by robocallers, smishing crews, fraud groups, and spoofing operations.
The enforcement case is real
The FCC is not inventing the robocall problem. Scam calls and texts remain a large-scale abuse channel, and phone numbers are still used as trust signals for banking, healthcare, password recovery, delivery notifications, government services, and two-factor authentication. If a provider lets a bad actor activate service with little scrutiny, the same account can be used for caller ID spoofing, phishing texts, fake toll notices, impersonation scams, and high-volume call campaigns.
The agency’s proposal tries to push accountability upstream. Instead of treating every illegal call as a consumer-side blocking problem, it asks whether providers should be liable when their onboarding, monitoring, or due diligence fails. The proposed per-call forfeiture structure would make that risk concrete by tying penalties to the number of illegal calls made, not just to a single deficient customer file.
For security teams and telecom operators, the strongest version of the proposal would change onboarding into a risk-control system. Providers would need to decide what counts as a red flag, when to re-verify a customer, how to validate supporting documents, how to handle prepaid retail channels, how long to retain records, and how to protect a larger pool of personal information. Smaller providers, app-based voice services, privacy-focused carriers, and MVNOs could face the sharpest product and compliance changes because low-friction signup is often central to their model.
The privacy tradeoff is not theoretical
The privacy concern is not only that the government could ask for more records later. It is also that universal identity collection changes the phone number itself. A number that once could be temporary, pseudonymous, or lightly identified becomes more likely to function as a persistent identity anchor across carriers, data brokers, law-enforcement requests, fraud databases, and commercial verification systems.
That could reduce some forms of abuse, but it could also make legitimate privacy harder for people who need it most. A domestic abuse survivor trying to separate from an old account, a reporter protecting a source, or a low-income customer buying prepaid service with cash may face more friction than a large enterprise customer with compliance staff and established documents. The FCC is asking whether requirements should vary by customer type, service model, risk, and prepaid or postpaid status. Those distinctions may decide whether the final rule targets high-volume abuse without turning every phone account into a formal identity checkpoint.
What to watch before June 25
The most important filings will likely come from wireless carriers, MVNOs, VoIP providers, civil-liberties groups, domestic-violence and press-freedom advocates, banks and fraud-prevention groups, and law-enforcement organizations. The key issues are not just whether providers should know more about customers. They are how much identity data should be collected, which services should be covered, whether prepaid retail activation gets special treatment, how verification would work, how records would be secured, and whether anonymous or privacy-preserving service can survive under a risk-based framework.
For readers, the near-term takeaway is simple: nothing changes immediately, but the comment window is short. The FCC is deciding whether phone-network abuse should be fought with stronger identity checks at activation. The answer could shape not only robocall enforcement, but also whether anonymous mobile service remains a practical option in the United States.
