The US Federal Communications Commission has repealed cybersecurity rules designed to prevent attacks similar to the Salt Typhoon incident. This decision means telecom firms face less stringent requirements for securing their networks. The change was announced on November 21, 2025.
The Federal Communications Commission (FCC) in the United States has voted to repeal specific cybersecurity regulations that were intended to safeguard telecom networks against sophisticated threats. These rules, previously aimed at mitigating risks akin to the Salt Typhoon cyberattack, required telecom companies to implement rigorous protection measures for their infrastructure.
Under the repealed policy, US telecom firms will no longer be obligated to maintain the same level of network security protocols. The Salt Typhoon attack, a notable breach attributed to state-sponsored hackers, had highlighted vulnerabilities in telecom systems, prompting the original rules. However, the FCC's decision shifts the burden away from mandatory federal oversight in this area.
This repeal comes amid ongoing debates about balancing regulatory burdens with industry innovation. Telecom operators had argued that the rules imposed excessive compliance costs without proportional benefits. Critics, on the other hand, warn that reduced requirements could expose networks to greater risks from foreign adversaries. The FCC's action reflects a broader trend toward deregulation in the sector.
As of the announcement on November 21, 2025, the exact timeline for phasing out the rules remains unclear, but the immediate effect is a relaxation of security mandates for US telecom providers.