STIR/SHAKEN A-Attestation for AI Voice Calls in 2026

If your AI voice agent dials a US phone number in 2026 and the call is not signed with A-level attestation, expect a high call-blocking rate, low answer rates, and increased risk of FCC complaints. STIR/SHAKEN is no longer optional for credible AI calling.

Background: the 2026 regulatory floor

flowchart TD
  Out[Outbound campaign] --> Twilio[Twilio Voice API]
  Twilio --> STIR[STIR/SHAKEN attestation]
  STIR --> Carrier[Originating carrier]
  Carrier --> Term[Terminating carrier]
  Term --> Recipient[Recipient phone]
  Recipient --> Webhook[/voice webhook/]
  Webhook --> Agent[AI sales agent]

STIR/SHAKEN is the framework US carriers use to authenticate caller ID. It was rolled out under the TRACED Act starting 2021. By 2026, 85% of voice traffic between Tier-1 carriers (Verizon, T-Mobile, AT&T, Lumen, Comcast, Charter, UScellular) is signed and verified, and 93% of that signed traffic is at the highest "A-level" attestation. Smaller carriers and CLECs lag — only about 17.5% of inter-carrier traffic between smaller providers is signed.

The FCC's 2026 Robocall Mitigation Database rules took effect February 5, 2026 with the first annual recertification due March 1. Every voice provider that wants to terminate traffic to Tier-1 networks must file. Providers who fail to certify get blocked at the gateway.

For AI voice agents, the implications are immediate:

• A-level attestation is the operational floor. B and C-level calls are increasingly blocked or labeled "Spam Likely" by terminating carriers' analytics.
• Number ownership matters. A-level requires the originating provider to authenticate that the caller is authorized to use the calling number. AI platforms that use shared numbers, spoofed numbers, or unverified numbers cannot sign at A-level.
• Compliance becomes a sales motion. Customers ask "what is my call's verstat?" before they buy.

How VoIP and SIP work for this use case

When your AI agent places an outbound call, the originating provider (Twilio, Telnyx, etc.) signs the INVITE with a JWT in the Identity header. The signature is generated using the provider's private key registered with the STI-PA (Policy Administrator). The terminating carrier's SBC verifies the signature against the public certificate, decides on a verstat (TN-Validation-Passed-A, B, or C), and either passes the call to the subscriber or hands it to its analytics engine for blocking decisions.

Three attestation levels:

• A: Full Attestation. The provider authenticated the caller and authorized them to use the calling number.
• B: Partial Attestation. The provider authenticated the caller but cannot verify their authority to use the number.
• C: Gateway Attestation. The provider authenticated the source of the call but has no relationship with the originator.

For an AI calling platform, A-level requires that the platform owns or controls the calling number on a registered, compliant carrier with a Robocall Mitigation Plan filed.

CallSphere implementation

CallSphere uses Twilio for all six verticals. Twilio signs at A-level for numbers purchased through Twilio that are properly associated with a verified Twilio account. CallSphere's onboarding requires customers to verify their business identity (KYC) and link their numbers to their tenant account, which propagates the A-level signing.

Healthcare AI on FastAPI :8084, Sales Calling AI with five concurrent outbound on Twilio, and After-Hours AI with simultaneous Twilio call plus SMS and a 120 second timeout all sign at A-level when the customer's KYC is complete. The 37 agents, 90+ tools, 115+ database tables, HIPAA and SOC 2 controls, and the $149 / $499 / $1499 pricing for 1, 3, or 10 numbers all assume A-level signing as the baseline.

The 22% affiliate program is structured to ensure affiliates' customers also onboard with full KYC; CallSphere does not earn revenue on B-level or unsigned traffic.

Build and integration steps

1. Verify your business with the carrier (Twilio, Telnyx, etc.) including EIN and authorized representative.
2. Buy numbers through your carrier's primary number marketplace, not a resold pool.
3. Confirm that your account is provisioned to sign at A-level and that your Robocall Mitigation Plan is filed.
4. Test outbound calls to a known recipient and inspect SIP Identity and verstat headers.
5. Monitor your Spam-likely rate (SHAKEN+analytics) per number; rotate or rest numbers that get flagged.
6. Comply with consent records: opt-in proof, DNC scrubbing, and time-of-day restrictions.
7. File the annual recertification with the FCC Robocall Mitigation Database.
8. Implement programmatic complaint-handling so that any reported number is paused pending review.

Code or config snippet

<!-- TwiML for an outbound AI call where attestation is verified before dial -->
<Response>
  <Dial
    callerId="+15555550100"
    answerOnBridge="true"
    record="record-from-answer">
    <Number
      statusCallback="https://api.callsphere.ai/twilio/dial-status"
      statusCallbackEvent="initiated ringing answered completed">
      +15555550199
    </Number>
  </Dial>
</Response>

FAQ

Does Twilio sign all my calls at A-level by default? Only for numbers purchased through Twilio with full account verification. Toll-free and short-codes have their own paths.

Is STIR/SHAKEN required for international AI calls? The signing standard is US-centric. Other countries are adopting equivalents (Canada has STIR/SHAKEN, the EU is converging on a different model).

What if my AI calls get marked Spam Likely anyway? Even A-level traffic can hit terminating-carrier analytics. Mitigations: rotate numbers, register your brand, scrub against DNC, keep call duration above the "looks-like-a-bot" threshold.

Do voicemails count? Yes — voicemails placed by an AI count as outbound calls and need the same attestation.

Can I sign my own calls without a carrier? You can become a registered originating service provider, which is a serious regulatory commitment. Most teams use a compliant carrier instead.

Sources

• Viirtue: STIR/SHAKEN Compliance Requirements 2026 for MSPs and Voice Resellers
• TNS / CFCA: 2026 Robocall Report
• Cloudtalk: What Is STIR/SHAKEN and Why It Matters in 2026
• Voip.ms: New U.S. STIR/SHAKEN Regulation

Start a compliant 14-day trial, see pricing, or read the Twilio integration page.