The debate around call authentication often mixes three different topics: the technical signing of a call, the validity of the displayed number, and the regulator's ability to trace or block abuse. That is exactly why comparing France, the United Kingdom, and the United States requires more than a list of laws or protocols.
In 2026, these three countries are not at the same stage or driven by the same philosophy. The United States remains the most advanced market for operational STIR/SHAKEN deployment on IP networks, France has built a national authentication mechanism closely tied to its numbering plan, and the United Kingdom relies more heavily on CLI quality, blocking misleading use cases, and the combined action of Ofcom and the ICO.
What are we really comparing?
An authenticated call does not automatically mean a wanted call. It first means that the originating operator was able to sign or justify the telecom identity being used. That is the logic we already explain in our technical STIR/SHAKEN guide. Only then come blocking, labeling, reporting, and enforcement policies.
The right comparison is therefore built on four blocks: technical signing, operator obligations, treatment of spoofed international calls, and the concrete protection offered to end users.
France: an increasingly structured framework around MAN
In France, the key point is the mécanisme d'authentification des numéros (MAN), which ARCEP presents as the common framework adopted by operators to satisfy the legal obligation to authenticate caller IDs. This mechanism relies on STIR/SHAKEN and on electronic certificates delivered within the French ecosystem to create a chain of trust between operators.
The French framework goes beyond the protocol itself. It ties authentication closely to the right to use the number and to the national numbering plan. In practice, the operator signing the call must be able to show that its customer is either the assignee of the displayed number or explicitly authorized to use it. This link between technology and numbering law is one of the main differences between France and countries that focus more narrowly on network signing.
Through the successive transitions from 2024 to 2026, the regime became stricter. ARCEP specifically states that, since 1 January 2026, an incoming international call displaying a French 06 or 07 mobile number that cannot be authenticated must be shown as a withheld number. We detailed the operational impact of that change in our analysis of the 2026 ARCEP rule on spoofed French mobile numbers from abroad.
The strength of the French model is therefore regulatory coherence. Its weakness lies elsewhere: it still depends on consistent execution across all actors, including complex interconnections, enterprise telephony environments, and certain international flows.
United Kingdom: less visible STIR/SHAKEN, more pressure on CLI and blocking
The United Kingdom has not foregrounded a national equivalent of MAN with the same centrality as France. The British framework relies more on the reliability of Calling Line Identification (CLI), stricter presentation rules, and the obligation to block certain misleading calls, especially those coming from abroad while displaying a UK number.
Ofcom has tightened its CLI guidance and scam-call approach to reduce international calls that spoof UK numbers. At the same time, the ICO continues to handle the nuisance-marketing and consent dimension: unwanted live calls, automated calls, reporting by consumers, and sanctions where organizations fail to comply. For a continental European reader, this means the United Kingdom acts mainly on the quality of the presented number and enforcement against abuse, rather than presenting one single authentication architecture to the public.
That logic complements our dedicated article on the respective roles of ICO and Ofcom in the UK. It has a practical advantage: it directly targets user experience and traceability of suspicious calls. It also has a trade-off: for international businesses, the framework can feel less easy to summarize than “everything runs through STIR/SHAKEN.”
United States: the most mature reference point for IP signing, but not a miracle cure
The United States remains the reference point when discussing large-scale STIR/SHAKEN deployment. The FCC mandated caller-ID authentication on the IP portions of voice networks, with a major deadline on June 30, 2021 for large providers. Since then, the framework has been reinforced with robocall-mitigation obligations, filing requirements, and oversight mechanisms for operators that still do not have complete coverage across all flows.
The key point is not to overstate this technical lead. The United States shows that authenticating a call does not by itself eliminate illegal robocalls. Blind spots remain in some non-IP segments, in complex intermediation chains, in international traffic, and in the actual quality of the practices used by operators feeding traffic into the network.
In other words, the U.S. model is the most advanced on signing infrastructure, but it also proves a broader lesson: phone trust depends just as much on governance, enforcement, and upstream-operator control as on the protocol itself.
Who is really the most advanced in 2026?
If we are talking about historical rollout and operational maturity of STIR/SHAKEN, the United States still leads. If we are talking about linking authentication to the legal right to use a number, France has built a particularly structured framework. If we are talking about CLI discipline and blocking of spoofed international calls, the United Kingdom has taken a narrower but very concrete path.
The real answer is therefore this: no country has solved the whole problem on its own. All three approaches converge toward the same objective, but through different routes. France formalizes the chain of trust between operators. The United Kingdom strengthens reliable caller presentation and action against misleading practices. The United States industrialized caller-ID signing and operator oversight earlier.
What European businesses should take away
For a call center, cloud telephony provider, or sales team, the useful lesson is not only geographic. Across countries, calling reputation remains a matter of proof, traceability, and operational hygiene. Separating use cases by number, documenting caller-ID rights, cleaning up international flows, and monitoring field feedback matter more than using technical jargon in a brochure.
If you want a more practical reading of regulatory concepts and reporting workflows, our spam-calling FAQ is a useful companion resource.
FAQ
Has France deployed STIR/SHAKEN the same way as the United States?
Not under exactly the same conditions. France relies on a national mechanism, MAN, built on STIR/SHAKEN but tied to its own numbering and caller-rights framework.
Why does the United Kingdom look less “visible” on STIR/SHAKEN?
Because its approach puts more emphasis on valid CLI, blocking misleading calls, and regulator action than on public communication around one single protocol.
Have the United States solved robocalls through STIR/SHAKEN?
No. The protocol improved authentication of IP calls, but it does not by itself eliminate abuse coming from poorly controlled actors, non-IP flows, or complex international traffic.
