The FCC voted on March 26, 2026, to launch a formal Notice of Proposed Rulemaking, designated FCC 26-16. The proposed rules target offshore call center operations run by US telecom, cable, and VoIP providers. The scope is significant. The NPRM proposes volume caps on offshore call handling, English proficiency standards for offshore agents, mandatory disclosure when a call is routed abroad, and consumer rights to transfer to a US-based agent. It also restricts offshore handling of sensitive data, specifically passwords, multi-factor authentication codes, and financial account numbers.

Enterprise buyers need to understand what this means right now. This is not a final rule. It is a proposed rulemaking with an open comment period. But the regulatory direction is clear. Any enterprise CX operation built on offshore BPO dependency is operating on a foundation that federal regulators are actively challenging. At InflectionCX, the Unified CX company, we track these signals precisely because the gap between a proposed rule and a contract renegotiation is often measured in months, not years.

The NPRM's language matters beyond its current scope. The FCC explicitly asks whether these rules should apply to internet-only providers and to all calls covered by the Telephone Consumer Protection Act. That question is a signal of intent. Regulators are testing the argument for a much broader framework. Any enterprise that routes customer service volume through offshore BPO arrangements should read this NPRM as a direct addressable risk, regardless of whether it is currently an FCC-regulated carrier.

The Market Pattern This Fits

This NPRM does not arrive in isolation. It lands inside a multi-year pattern of reshoring pressure that has accelerated since 2022. US legislative attention to offshore BPO has grown steadily across multiple committees. State attorneys general in several jurisdictions have pursued consumer protection actions tied to offshore agent practices. The FCC's move on March 26, 2026, represents the most formal and far-reaching federal action in this space to date.

The offshore BPO value proposition has always rested on labor cost arbitrage. That arbitrage math has already been eroding. Wage inflation in traditional offshore markets, rising geopolitical risk premiums, and currency volatility have compressed margins for buyers and vendors alike. Now add the cost of regulatory compliance to that equation. Volume caps would force structural redesign of workforce models. English proficiency certification programs carry audit and documentation costs. Consumer disclosure requirements create new obligations for interaction design. These are not marginal additions to BPO operating costs.

There is also an AI dimension that the NPRM does not address, but cannot be separated from this discussion. Many large BPOs have positioned AI-assisted deflection as the answer to rising offshore labor costs. If an AI system deflects a consumer's call before reaching an offshore agent, does that interaction fall under the NPRM's disclosure requirements? The FCC has not yet answered that question. Buyers should not assume the answer is no.

The vendor selection calculus for enterprise CX operations is changing faster than most procurement cycles can absorb. The criteria that governed BPO sourcing decisions in 2023 and 2024 are insufficient for 2026. 

The Governance Problem

The FCC's proposed rules surface a governance problem that most enterprise CX organizations have not solved. The NPRM proposes that consumers be given the right to transfer to a US-based agent. That requirement alone reveals a structural question that many BPO contracts have never formally addressed: who owns the routing decision?

In most enterprise BPO arrangements, the vendor controls routing architecture. The enterprise buyer specifies outcomes and service level agreements. The vendor builds the operational model to hit those targets at the lowest cost. This means that in most cases, the enterprise buyer does not have direct operational control over whether a given call is handled onshore or offshore at any specific moment. Regulatory compliance that requires consumer-facing transfer rights cannot be satisfied by a service-level agreement clause. It requires a change in who controls routing logic.

The data restriction component of the NPRM is equally unresolved in most current contracts. Restricting offshore handling of passwords, MFA codes, and financial account information requires data segmentation at the infrastructure level. Most BPO contracts specify what data agents are permitted to access. They rarely specify where that data can travel in real time, which systems it touches, and what logging is required to demonstrate compliance. The difference between contractual permission and technical enforcement is exactly where regulatory exposure lives.

Buyers should review their current BPO agreements for these specific gaps. The patterns identified there apply directly to the governance questions raised by FCC 26-16. Implementations that prioritize cost optimization over architectural control create exactly the kind of vendor dependency that makes regulatory compliance reactive rather than proactive.

What Buyers Should Do Now

The comment period for FCC 26-16 is open. Enterprise buyers with significant offshore BPO volume should consider whether to file comments. Companies with the scale to influence rulemaking language should engage legal counsel before the comment deadline closes. Wiley Law published an initial analysis of FCC 26-16 on March 26, 2026, and represents one qualified resource for organizations evaluating whether to participate in the comment process.

Internally, this decision should not sit with procurement alone. The FCC's proposed rules touch legal, compliance, IT architecture, customer experience leadership, and vendor management simultaneously. No single function has complete visibility into the exposure. A cross-functional review is the appropriate first step.

Specific questions buyers should bring to their BPO vendors immediately:

Provide a current breakdown of call volume handled offshore versus onshore, by call type and data sensitivity category. Describe the technical mechanism by which a consumer could be transferred to a US-based agent, including current routing architecture and estimated implementation timeline if that capability does not exist. Identify all data fields that offshore agents can access during a call session, and confirm whether that list includes passwords, MFA codes, or financial account identifiers. Provide your current plan for responding to FCC 26-16, including your timeline for compliance if the proposed rules are adopted.

These questions will reveal immediately whether your vendor has started this analysis or is waiting. That answer itself is a vendor selection signal.

Chief experience officers and chief compliance officers should jointly own this review. Neither function can do it alone. The CXO has visibility into operational performance. The CCO has visibility into regulatory exposure. The combination is required.

So What

- Audit BPO contracts for routing control and data access language → Chief Compliance Officer and General Counsel, deadline before comment period closes

- Request formal vendor response to FCC 26-16 from all offshore BPO partners → VP of Vendor Management or Chief Procurement Officer, within 30 days of March 26, 2026

- Map AI deflection touchpoints against proposed NPRM disclosure requirements → Chief Experience Officer and CTO, as part of any AI deflection program currently in pilot or production