FCC Wants Your ID Before You Can Get a Phone Number — End of Anonymous Prepaid SIMs in the US

By Jaspal Singh May 10, 2026 Updated: May 10, 2026

The Federal Communications Commission unanimously approved a proposed rule on April 30, 2026 that would require government-issued ID, physical address, legal name, and existing-phone-number verification before any voice provider can activate a new line. The framing, per FCC Chair Brendan Carr, is “stopping robocalls.” The actual effect is the end of anonymous prepaid phone access in the United States — the way most journalists, domestic-violence survivors, and whistleblowers have protected their workflows for two decades.

The rule applies to “nearly every voice provider in the country, from traditional carriers and mobile operators to VoIP services.” Per-call penalties run $1,000 to $15,000 per illegal call, replacing the current spotty enforcement framework. The FCC is asking whether carriers should retain identity documents for at least four years after a customer departs, and whether they should check customers against law-enforcement watchlists at activation time. This is anti-money-laundering banking discipline applied to the phone network. The civil-liberties consequences flow from there.

What the Rule Actually Requires

From the April 30 unanimous FCC vote and the public-comment notice:

Required ID elements: government-issued ID, physical address, legal name, and any existing phone numbers must be verified before service activation
Scope: nearly every voice provider — traditional carriers, mobile operators, VoIP services
Penalties: $1,000-$15,000 per illegal call (per-call basis)
Document retention: FCC asking whether to require carriers to retain ID documents for ≥4 years after customer leaves
Law enforcement check: proposal includes inquiry about checking customers against law-enforcement watchlists at activation
Public comment period: open as of late April 2026
FCC framing: Brendan Carr stated some providers “do the bare minimum (or worse) and have become complicit in illegal robocalling schemes”
Banking model: framework explicitly borrowed from anti-money-laundering (AML/KYC) rules

The Anti-Robocall Framing Hides the Bigger Trade-Off

Robocalls are a real problem. Americans receive an estimated 4-5 billion robocalls per month. The FCC's stated motivation is genuine. The structural issue is that the rule's anti-robocall framing implies a narrow effect — limit fraudsters' ability to spin up burner numbers — when the actual rule eliminates anonymous phone access entirely for everyone.

Three groups rely on anonymous prepaid SIMs today and are not robocalls:

Journalists protecting sources. Reporters in active investigations need a number not linkable to their byline. Standard practice is buying a Cricket or Mint prepaid for the duration of the investigation.
Domestic-violence survivors. Leaving abusive partners often requires a phone number not linked to a previous address or identity. The standard advice from women's shelters has been “buy a prepaid for cash.”
Whistleblowers. Employees reporting fraud, regulatory violations, or safety issues to the press or government often need phone access not tied to their work or home identity.

None of these workflows is illegal. None involves robocalls. All three become substantially harder under the proposed rule. The FCC's own framing does not acknowledge any of them.

The Document-Retention Provision Is the Real Story

The most under-reported part of the rule is the proposed four-year document-retention requirement. Carriers would have to keep customer ID documents for at least four years after the customer leaves. Combined with the watchlist-checking provision, every prepaid activation becomes a permanent customer-identity record handed off to telcos that have not historically been good custodians of customer PII.

Telco data breaches are routine. T-Mobile lost 76 million records in 2023. AT&T's 73 million in 2024. Verizon's 7.5 million in 2025. Every one of those breaches centered on customer billing/identity information. Adding a mandate that carriers store ID documents for four years after departure increases the breach blast radius by roughly the duration of customer lifetime — meaning a typical adult's prepaid carrier history (4-6 different carriers over a lifetime) creates a 25-30 year identity footprint distributed across multiple telco databases of varying security quality.

The watchlist-checking provision is similarly under-discussed. If carriers must check customers against law-enforcement watchlists at activation, the inevitable failure mode is false positives — common-name overlaps, mistaken identity, and sometimes politically-motivated additions to lists that were never designed for routine consumer screening. The user experience: walk into a phone store, get rejected, no clear appeal path.

My Take

The FCC is solving a real problem with the wrong tool. Robocalls hurt millions of Americans every month and the per-call penalty regime ($1K-$15K) is overdue and probably effective. But the ID-verification mandate is a separate intervention bundled into the same rule, and it does work the per-call penalties cannot do (build a national identity database of every phone owner) at a cost the per-call penalties do not pay (eliminate anonymous communication).

The honest version of this rule would be two separate regulations: one on per-call penalties for known-fraudulent calls, and one on ID verification with explicit acknowledgment of the civil-liberties trade-offs and explicit carve-outs for journalist, DV-survivor, and whistleblower workflows. The Press Freedom Foundation, EFF, and ACLU should be the dissents in the public comment period — none have formally weighed in yet but the rule is structurally hostile to all three constituencies.

The other thing worth flagging: the FCC's banking-AML/KYC analogy is doing more work than its proponents realize. AML/KYC banking rules in the US created a regulated identity-tracking infrastructure that good-faith actors comply with and bad-faith actors route around (via shell companies, prepaid debit cards, crypto). Phone-number AML/KYC will produce the same outcome: legitimate users lose privacy, fraudulent users route around the rule via foreign SIMs, eSIM workarounds, or VoIP services with weaker enforcement. The robocall problem will partially reduce; the privacy loss will be permanent.

Frequently Asked Questions

When does the FCC ID rule take effect?
The FCC unanimously approved the proposal on April 30, 2026. A public comment period is now open. The earliest the rule could become enforceable is late 2026 or 2027, depending on how quickly the comment period closes and whether legal challenges materialize.

Will I need to re-verify my existing phone number?
The proposed rule applies to new activations. Whether existing prepaid customers will be required to verify retroactively is one of the open questions in the public comment period. Watch the FCC's docket for clarification.

What ID will I need?
Government-issued ID (driver's license, passport, state ID), physical address, legal name, and any existing phone numbers you have. The rule does not specify whether digital ID systems (mDL, Apple Wallet ID) qualify.

Will this end anonymous prepaid SIMs entirely?
Effectively, yes. Cash-paid prepaid phones without ID verification — currently the workflow used by Cricket, Mint Mobile, Tracfone, and similar low-cost carriers — would be eliminated under the rule.

What about VoIP services like Google Voice?
The rule applies to “nearly every voice provider,” explicitly including VoIP. Google Voice, Skype, TextNow, and similar services would all need to comply. This is a meaningful change for free VoIP services that have historically required only an email address for activation.

The Bottom Line

The FCC's anti-robocall framing makes the ID-verification rule sound narrow. It is not. The rule eliminates anonymous phone access in the US, mandates four-year ID-document retention by carriers, and adds law-enforcement-watchlist checking at activation. Those are three separate interventions bundled into one announcement. The civil-liberties trade-offs deserve explicit debate during the comment period — particularly carve-outs for journalist, domestic-violence-survivor, and whistleblower workflows that the rule structurally harms.