In a swift deregulatory move, the Federal Communications Commission under President Donald Trump’s appointees has rescinded a Biden-era mandate requiring internet service providers to submit annual cybersecurity reports. The decision, finalized this week, shifts oversight to voluntary self-certification by telecom giants, drawing sharp rebukes from privacy advocates and Democrats even as FCC leadership hails it as a path to more agile defenses.

The rule change comes just months after Chinese hackers dubbed Salt Typhoon infiltrated major U.S. telecom networks, exposing sensitive data including call records linked to Trump campaign officials. Implemented days before Trump’s January inauguration, the Biden FCC’s requirement aimed to enforce rigorous cybersecurity standards but was deemed overly burdensome by the new Republican majority.

FCC’s Pivot to Voluntary Compliance

FCC Chair Brendan Carr announced the revocation on Thursday, stating the agency is “correcting course” with “improved protection against cybersecurity threats.” In an X post, the FCC declared it “revokes a prior unlawful decision and repositions the agency for effective and agile cybersecurity responsiveness.” FCC on X.

Carr’s team argues the prior rule was an “ineffective response” to Salt Typhoon, opting instead for industry-led commitments. Telecom providers like AT&T and Verizon, hit hardest by the hacks, now face no federal obligation to detail their cybersecurity postures annually, relying on self-reported adherence to best practices.

Roots in Salt Typhoon Breaches

The breaches, attributed to Chinese state actors, compromised at least nine telecom firms, granting access to wiretap systems and high-value targets. A delayed 2022 DHS-ODNI report on telecom vulnerabilities remains withheld, prompting renewed Democratic calls for transparency. Sens. Ron Wyden and Mark Warner urged its release in a letter to agency heads. Nextgov/FCW.

Under Biden, the FCC in late 2024 voted 3-2 along party lines to impose reporting on risks, supply chain security, and incident responses. Trump’s FCC, now with a 3-2 Republican edge led by Carr, Brendan Carr, reversed it in a similar vote this week. CNET.

Industry Cheers, Critics Cry Foul

The Electronic Frontier Foundation labeled the rollback a “terrible idea,” warning it undermines accountability post-hacks. Senate Commerce Democrat Maria Cantwell urged Carr to retain the rules, citing persistent threats. SC Media.

Carr, a Trump loyalist, has long championed deregulation. In past X posts, he criticized Biden’s internet policies as overreach, pushing for private sector innovation over mandates. Recent posts highlight spectrum releases and permitting reforms to boost broadband. Brendan Carr on X.

Broader Deregulatory Playbook

This fits Trump’s FCC pattern: earlier this month, commissioners eased “broadband nutrition label” rules, allowing providers to obscure fees more readily. The agency also proposed dropping gigabit-speed universality goals. CNET.

Republicans previewed this agenda post-election, with Carr tipped as chair. Priorities include slashing red tape, as Carr touted in an X update: “Delete. Delete. Delete.” Fierce Network; Brendan Carr on X.

Echoes of 2017 Privacy Repeal

History rhymes: In 2017, Trump signed repeal of Obama broadband privacy rules, freeing ISPs to monetize user data. Critics then and now decry weakened consumer protections. Reuters.

Cybersecurity self-policing draws parallels to IoT labeling efforts. The FCC in 2024 pushed voluntary labels for smart devices, a model now extended to core networks despite 5G risks flagged years ago by Sen. Wyden. CNET.

National Security Implications Unfold

Carr has probed Biden programs for China ties, directing reviews of cybersecurity initiatives. An X post confirmed scrutiny of a Biden-era trust mark over Beijing links. Fox News; Brendan Carr on X.

Yet voluntary measures may falter against nation-states. Salt Typhoon exploited unpatched flaws; without reports, FCC visibility dims. The agency vows “vigilance,” but insiders question enforcement sans data.

Telecoms’ Mixed Track Record

Providers pledged post-hack fixes, but past breaches—like 2023 MOVEit hacks affecting millions—highlight gaps. Verizon and Lumen touted mitigations, yet FCC now trusts self-assessments over audits. The Record.

Carr’s national security focus includes banning Chinese gear, a unanimous 2022 FCC first. Recent actions target Huawei, ZTE remnants, blending hawkishness with deregulation. Brendan Carr on X.

Path Forward for Agile Defenses?

FCC outlines “improved measures,” eyeing partnerships over rules. Carr visited builders, pushing Trump’s connectivity vision amid permitting wins. FCC on X; Brendan Carr on X.

Democrats resist: Cantwell’s letter signals oversight battles. Wyden-Warner pressure on vulnerability reports underscores tensions. As 5G evolves, self-monitoring’s efficacy remains unproven against escalating threats.

Stakeholder Reactions Intensify

Industry groups applaud reduced compliance costs, potentially accelerating deployments. Critics, including EFF, fear a “race to the bottom.” Carr counters with innovation rhetoric, echoing Trump’s spectrum push for “gig speeds for every American”—now tempered. CNET.

For insiders, the bet is high: Telecoms guard critical infrastructure. Self-policing succeeds if voluntary pacts match mandates; failure invites breaches, congressional backlash, or reversals.