Some additional perspective on STIR/SHAKEN signing requirements. This is not legal advice; for that, turn to your qualified attorney well-versed in applicable telecommunications regulations (US Federal and State). Several relevant STIR/SHAKEN regulations are here: https://www.law.cornell.edu/cfr/text/47/part-64/subpart-HH. In particular, ? 64.6301(a)(2) says that "a voice service provider shall ... Authenticate caller identification information for all SIP calls it originates and that it will exchange with another voice service provider or intermediate provider and, to the extent technically feasible, transmit that call with authenticated caller identification information to the next voice service provider or intermediate provider in the call path." ? 64.6300(a) says "The term 'authenticate caller identification information' refers to the process by which a voice service provider attests to the accuracy of caller identification information transmitted with a call it originates." What Mary has said is consistent with this. If you are the originating Voice Service Provider, the call must be authenticated by you -- it must carry your signature. You can instruct somebody else to apply your signature per your specifications (including the level of attestation). But if you are the originating provider, the signature has to be yours. ? 64.6300(n) says "voice service" is one that "furnishes voice communications to an end user using resources from the North American Numbering Plan." So if your caller is using +1 numbers, then presumably you are a voice service provider covered by these rules. The rule doesn't specify whether you (or your customer) have to be in the United States or not; so I assume the rules apply globally. Also, interestingly, this particular rule doesn't seem to exclude NANP numbers that are not USA numbers, so the rule appears to apply to those calling with Canadian numbers and other non-USA +1 numbers. Different people might read the rule differently regarding FROM and TO numbers. Some might argue that if the FROM number is NOT a NANP number, even if the TO number is, then the rules do not apply. But it seems clear that if the call is FROM a NANP number, TO a NANP number, then you as the originating service provider would be required to authenticate that call with your signature (regardless of where in the world you and/or your customer are located). Paul alluded to limitations on the FCC's authority with respect to geography -- at least constraints on their ability to enforce. The FCC controls their Robocall Mitigation Database, and they do require downstream providers to only accept calls from other providers listed in the database. So by delisting a provider (wherever in the world that provider is), the FCC can restrict that provider's access to the US network. See 47 CFR ? 64.6305(e)(1) & (2). (2) is applicable to foreign providers that use "North American Numbering Plan resources that pertain to the United States in the caller ID field to send voice traffic to residential or business subscribers in the United States." So a US downstream provider could, if they so choose, accept calls from a foreign provider NOT listed in the RMD as long as the call has a non-USA number in the caller-ID field. There are new obligations (several of which went into effect this month) on so-called Gateway providers -- US-based providers that take calls from foreign providers. These are in 47 CFR ? 64.6303 and 6305 and generally require Gateway providers to sign unsigned calls. This gets to Paul's "throat to choke" point. The cost for a Service Provider to get their own SHAKEN token (so that their signature can appear on the calls they originate) is not egregious. You need an OCN, which NECA will give you for a one-time charge of $475. The STI-PA, iconectiv, charges an annual fee based on revenue to be registered as a SHAKEN service provider; the minimum is $500 for 2023 (as far as I can tell). You will then need to engage an STI-CA (certificate authority) to generate your certificate(s) for call signing. The STI-CA marketplace appears to be competitive, as confirmed by other commenters. As far as I know, it is possible for non-USA-based service providers to participate in this process; I see what I believe to be foreign entities registered on the iconectiv site (https://authenticate.iconectiv.com/authorized-service-providers-authenticat e). As mentioned, the FCC has on-going formal rule-making processes happening as we speak. You can see (and participate in) some of the relevant discussion here: https://www.fcc.gov/ecfs/search/search-filings/results?q=(proceedings.name:( %2217-97%22)+AND+submissiontype.description:(%22COMMENT%22%20OR%20%22REPLY%2 0TO%20COMMENTS%22%20OR%20%22NOTICE%20OF%20EXPARTE%22)). This public docket will see a lot more action tomorrow (Wednesday), which is the due-date for so-called "Reply Comments." The compliance burden for voice service providers does seem to be ever-increasing. This is not new or unique. Many tech businesses (not just telecoms) have evolving burdens for data privacy and security compliance (think GDPR); there are finance compliance burdens (think processing credit cards); the list goes on. The good news in telecom is that over the past couple of decades other costs have come down tremendously, which created the business opportunity in the first place. Compliance is a fact of life. If ultimately the compliance costs grow to the point that certain segments of your business are not profitable, then it is time to exit those segments. David Frankel