Am 04.07.2023 um 07:35 schrieb Paul Timmins:
What if I'm an European telecom operator and have US-based end-users (via SIP) who are calling to the US and who would like to signal their United States A-number to the called party?
What if I'm an European telecom operator and have Euro end-users (via SIP) who are calling to the US and who would like to signal their European A-number to the called party?
If I try to register here - https://authenticatereg.iconectiv.com/register - "Country: United States" is hard-coded.
Is there a way for Euro TSPs to get STIR/SHAKEN without creating a US entity/company just for this purpose?
I'm pretty sure it's the job of whoever is providing gateway services into the USA to sign the call, and that anyone in the STIR/SHAKEN system in the US has some sort of regulatory nexus here where they could be held legally responsible. It's all about finding a throat to choke if there's misconduct.
I asked iconectiv that question and now I have clarity: Me: "I have some fundamental questions about STIR/SHAKEN: What if I'm an European telecom operator and have US-based end-users (via SIP) who are calling to the US and who would like to signal their United States A-number to the called party? -> Do we need to get a STIR/SHAKEN certificate? [...]" iconectiv: "The revised SPC token Access Policy requires providers seeking to register with the STI-Policy Administrator (STI-PA) to: 1) Have a current form 499A on file with the FCC; 2) Have been assigned an Operating Company Number (OCN); [...] Me: "Since registering as 499A and getting an own OCN is only possible for US companies, I figure getting a STIR/SHAKEN certificate through you is currently not possible for non-US companies. Is that correct?" iconectiv: "That is correct." The confusion also came from the fact that many non-US companies that registered in the Robocall Mitigation Database - https://fccprod.servicenowservices.com/rmd?id=rmd_listings - chose "Complete STIR/SHAKEN implementation" or "Partial STIR/SHAKEN implementation", which, unless they also have a US subsidiary, seems to be a lie. Probably they chose something that looked cool in the dropdown box, or were too lazy to develop a Robocall Mitigation Plan (this is what you gotta upload as DOCUMENT if you choose "No STIR/SHAKEN implementation". I also noticed some non-US companies just uploaded some random document to the database, like a high school report or just some random letters or words... so much about the quality of that database. Good luck Markus