Search

Compliance and Enforcement and Telecom Decision CRTC 2025-343

PDF version

Reference: Compliance and Enforcement and Telecom Notice of Consultation 2019-404

Gatineau, 16 December 2025

Public record: 1011-NOC2019-0404

Reduction of reporting requirements for STIR/SHAKEN

Summary

To enhance the integrity of caller information and support efforts to reduce the harm caused by nuisance calls, the Commission mandated the implementation of the STIR [Secure Telephone Identity Revisited]/SHAKEN [Signature-based Handling of Asserted Information using toKENs] framework in STIR/SHAKEN implementation for Internet Protocol-based voice calls, Compliance and Enforcement and Telecom Decision CRTC 2021-123, 6 April 2021. To monitor the progress of STIR/SHAKEN implementation, the Commission initially required telecommunications service providers (TSPs) to submit semi-annual status reports.

Since 2021, reports received by the Commission indicate that the TSPs with a STIR/SHAKEN token have worked diligently to implement STIR/SHAKEN. Therefore, semi-annual reports are no longer needed. For most TSPs, the Commission is replacing the current reporting obligations with targeted requests for information, which will be issued when the Commission deems it necessary. TSPs who are still in the early implementation of STIR/SHAKEN will need to provide two simplified annual reports.

Background

  1. In STIR/SHAKEN implementation for Internet Protocol-based voice calls, Compliance and Enforcement and Telecom Decision CRTC 2021-123, 6 April 2021 (the Decision), the Commission directed telecommunications service providers (TSPs) to implement the STIR/SHAKENFootnote 1 framework on Internet Protocol (IP)-based voice calls to support efforts to reduce the harm caused by nuisance calls. Under the framework, TSPs authenticate caller identification (Caller ID) information and digitally sign attestations, which are then verified by the recipient TSP. To be able to sign attestations, TSPs must receive a token issued by the Canadian Secure Token Governance Authority.
  2. To oversee the implementation of STIR/SHAKEN by TSPs, the Commission directed TSPs to file status reports every six months until the Commission decides otherwise. The reports include data and statistics on each TSP’s implementation of STIR/SHAKEN.

Issue

  1. The Commission has identified the following issue to be addressed in this decision:
    • Should the reporting requirement of STIR/SHAKEN, as defined in the Decision, be reduced?

Commission’s analysis

  1. The original intent of requesting semi-annual reports was to monitor the progress of STIR/SHAKEN implementation as well as its effectiveness. Since then, most TSPs have completed their initial implementation and the information provided in the reports does not significantly vary from one report to the next.
  2. Further, some of the reporting requirements can be cumbersome and time-consuming. TSPs must report on a variety of statistics for each month of the reporting period, which requires significant record keeping, and in some cases, retrieval of data from legacy systems databases.
  3. Reports received by the Commission since 2021 indicate that the TSPs with a STIR/SHAKEN token have worked diligently to implement STIR/SHAKEN. The reports also indicate that, on average, TSPs employ STIR/SHAKEN successfully to authenticate the vast majority of their IP-based voice calls.
  4. The Commission is of the view that for most TSPs, eliminating the semi-annual reporting requirements set out in the Decision, and monitoring the implementation and compliance of STIR/SHAKEN through the issuance of targeted requests for information (RFIs) when necessary, would strike the right balance between Commission oversight and minimizing administrative work for TSPs.
  5. However, some elements of STIR/SHAKEN implementation continue to require oversight. For example, while their IP core network and interconnections with other TSPs may be STIR/SHAKEN-compliant, TSPs must ensure any new IP components are also compliant. Further, some TSPs have only begun implementing STIR/SHAKEN as they are just now converting from legacy Time-Division Multiplexing networks to IP networks.
  6. Accordingly, the Commission considers that TSPs that have not yet filed four semi-annual reports should submit, as a condition of the offering and provision of telecommunications services under sections 24 and 24.1 of the Telecommunications Act, two annual reports with the simplified data listed in Appendix 1 to this decision. This will allow the Commission to continue monitoring the implementation of STIR/SHAKEN by those TSPs.

Conclusion

  1. In light of the above, the Commission is eliminating the semi-annual reporting requirements set out in the Decision for TSPs that have already filed four semi-annual reports, effective 16 December 2025.
  2. Rather than requiring semi-annual reports, the Commission will issue targeted RFIs when necessary. However, TSPs that have or will obtain STIR/SHAKEN tokens and that have not, as of the date of this decision, filed four semi-annual reports under the regime set out in the Decision are required, as a condition of the offering and provision of telecommunications services under sections 24 and 24.1 of the Telecommunications Act, to submit two annual reports with the simplified data points set out in Appendix 1 to this decision, effective 16 December 2025. No further reports will be required after the filing of those two annual reports. These annual reports will be due by 31 May of each year.

Secretary General

Appendix to Compliance and Enforcement and Telecom Decision 2025-343

Simplified Reporting Requirements

Telecommunications service providers (TSPs) that have or will obtain STIR [Secure Telephone Identity Revisited]/SHAKEN [Signature-based Handling of Asserted Information using toKENs] tokens and that have not yet filed four semi-annual reports under the regime set out in STIR/SHAKEN implementation for Internet Protocol-based voice calls, Compliance and Enforcement and Telecom Decision CRTC 2021-123, 6 April 2021, must submit two annual implementation readiness assessment reports by no later than 31 May of each year, describing the state of implementation of STIR/SHAKEN as of 31 March of that year.

The implementation readiness assessment reports must include the following information:

  1. Brief description of STIR/SHAKEN implementation on your network since the last report, including a summary of the work completed, problems encountered, the status and results of equipment testing and participation in those tests, next steps, etc.
  2. Work done to establish STIR/SHAKEN-compatible Internet Protocol (IP) interconnections with other TSPs, including a list of the new operational interconnections established since the last report.
  3. For the last month of the reporting period:


    (a) The following data regarding authentication:

    (i) the number of IP-based voice calls initiated containing a STIR/SHAKEN attestation (i.e., some of the calls signed by the Authentication Service or tagging [if used as an alternative for intra TSP calls]);

    (ii) the total number of IP voice calls initiated; and

    (iii) percentage of authenticated IP voice calls in relation to the total number of IP voice calls initiated.

    (b) The following data regarding verification:

    (i) the sum of calls with a verification event;

    (ii) the total number of IP voice calls terminated; and

    (iii) percentage of IP voice calls terminated that have a verification event.

  4. Date of request of the Canadian Secure Token Governance Authority token.
  5. Information about the ability to transit a SIP INVITE with an Identity header for calls received from an upstream TSP on an IP interconnection and sent to a downstream TSP on an IP interconnection.
  6. Whether you assign A level attestation or B level attestation to non-IP switched customers in the cases described in section 1.2 of the STIR/SHAKEN Guidelines Version 1.0.
  7. Whether you attest intra-network IP calls, either by using tagging as described in section 1.3 of the STIR/SHAKEN Guidelines Version 1.0 or other means.
  8. Whether you send the Verstat (Verification Status) parameter, which indicates whether the calling number’s identity has been authenticated, to end users. If so, whether you follow the recommendations in section 1.5 of the STIR/SHAKEN Guidelines Version 1.0.
  9. For the last month of the reporting period:


    (a) The following data regarding authentication levels given by originating TSPs:

    (i) For each attestation level (A, B, C, No attestation), the number of IP-based voice calls given for each of the attestation levels.

    (ii) Percentage for each attestation level of authenticated IP voice calls in relation to the total number of IP voice calls initiated.

    (b) The following data regarding authentication levels of calls received by the terminating TSPs:

    (i) For each attestation level (A, B, C, No attestation), the number of IP-based voice calls terminated for each of the attestation levels.

    (ii) Percentage for each attestation level of authenticated IP voice calls in relation to the total number of IP voice calls terminated.

Date modified: