STIR/SHAKEN Attestation A, B, C for AI Outbound Voice in 2026

An AI outbound call signed at Level A reads "Caller Verified" on supported handsets. The same call signed at Level C reads as a possible spam call on most carriers. The difference is whether your originating provider can vouch for both you and the number on the From header.

What the rule says

flowchart TD
  Out[Outbound campaign] --> Twilio[Twilio Voice API]
  Twilio --> STIR[STIR/SHAKEN attestation]
  STIR --> Carrier[Originating carrier]
  Carrier --> Term[Terminating carrier]
  Term --> Recipient[Recipient phone]
  Recipient --> Webhook[/voice webhook/]
  Webhook --> Agent[AI sales agent]

STIR/SHAKEN is a pair of standards (STIR for the cryptographic identity passport, SHAKEN for the carrier framework) that the FCC mandated for IP-based originations starting June 30, 2021, with extension deadlines closed for nearly all carriers by mid-2025. Each call carries a SIP Identity header signed by the originating provider, asserting one of three attestation levels: A (Full) when the provider knows the customer and verifies the right to use the From number, B (Partial) when the provider knows the customer but cannot verify the number, and C (Gateway) when the provider only sees the call entering its network from elsewhere. The FCC's December 2025 update tightened reporting; carriers now file attestation statistics quarterly and small-carrier exemptions have largely been eliminated.

What it means for AI voice agent operators

For AI outbound, attestation level is essentially answer-rate. CTIA-aligned analytics partners (TransUnion, First Orion, Hiya) take attestation as a major signal in spam scoring. Calls signed C trend toward "Spam Likely" labels in days; calls signed A retain neutral or positive labels.

To earn Level A on your AI outbound, your originating carrier must (1) have a verified business identity for you and (2) confirm that the From number you assert is a number you control. The cleanest path is buying numbers from the same carrier you originate with and registering them inside that carrier's trust product. Bring-your-own numbers ported in get there too, but the carrier needs ownership records.

For AI in particular, FCC has clarified that AI-generated voices are "artificial" under the TCPA. STIR/SHAKEN does not exempt you from TCPA consent. A call can be Level A signed and still illegal if you lack consent. Attestation is about who you are, not whether the call should happen.

How CallSphere stays compliant

Every CallSphere outbound call rides Twilio Programmable Voice with a Customer Profile in Twilio Trust Hub plus a SHAKEN/STIR Trust Product attached. Numbers we provision through Twilio are bound to that profile, so calls sign Level A by default. Sales Calling AI runs five concurrent outbound calls per tenant on Twilio with TCPA opt-out flows recorded inline. After-Hours AI fires per-contact outbound calls plus SMS to on-call staff with a 120-second timeout. Healthcare AI is HIPAA and SOC 2 aligned; the same trust profile signs its outbound confirmations. Where customers want to bring their own numbers, we walk them through Twilio's hosted-number SHAKEN/STIR onboarding so attestation does not silently downgrade.

Compliance checklist

1. Choose an originating carrier that supports A-level signing on your numbers (Twilio, Telnyx, Bandwidth, Plivo all do).
2. Complete the carrier's Customer Profile / Trust Hub vetting (legal name, EIN, website, business address).
3. Attach a SHAKEN/STIR Trust Product to the profile and bind every outbound number to it.
4. For ported-in numbers, supply ownership documentation so the carrier can sign A.
5. Monitor attestation in your CDR; alert when sustained A-rate drops below 95%.
6. Register branded calling (CNAM and rich call data) for an additional trust uplift.
7. Keep Caller ID consistent: rotating or random From numbers tank trust scores even at Level A.
8. Honor the FCC's "consent + identification + opt-out" trio for any AI-prerecorded or AI-generated voice call.
9. Implement TRACED Act robocall mitigation database (RMD) entries if you are a downstream provider.
10. Review TransUnion/Hiya/First Orion analytics weekly; appeal mislabels through your carrier.

FAQ

Will Level A guarantee my AI call rings through cleanly? No. It is a strong signal, not a free pass. Behavior matters too: short calls, low pickup rates, and complaint rates still drag your reputation down.

Does STIR/SHAKEN apply to international calls? STIR/SHAKEN is US-centric. Cross-border calls land at the receiving country's edge with a Level C if no peering trust exists. Canadian carriers run their own SHAKEN deployment under CRTC oversight.

Can my AI agent spoof a different From number for a callback? Only if you control or are authorized to use that number. Using a number you do not own degrades to B or C and may violate the TRACED Act regardless.

What if my originating carrier signs C on my numbers? That usually means the trust product or number assignment is misconfigured. Open a ticket; the fix is paperwork, not infrastructure.

Does Branded Calling fix bad reputation faster? It speeds up the recovery curve once your behavior is clean, but it does not paper over real complaints.

Sources

• FCC: STIR/SHAKEN Robocall Mitigation
• Twilio: Trusted Calling with SHAKEN/STIR
• TransUnion: STIR/SHAKEN Attestation Levels

Start a 14-day trial with Level A signing on Day 1, browse pricing, or contact us for trust-product help.