Intecracy Group/News
Telecom 30.05.2026 6 min read

AI Act compliance for AI communications in telecom

Telecom operators must proactively prepare data and enhance cybersecurity to comply with the EU’s AI Act, minimizing fraud risks.

In 2026, telecom operators face a dual challenge: the rapid advancement of AI communications and the need to adapt to new regulatory requirements, particularly the European AI Act. The urgency this year stems from the active implementation of the Act’s provisions, which set stringent requirements for the transparency, security, and reliability of artificial intelligence systems. This demands that operators not only be technically prepared but also rethink their data management and cybersecurity approaches. Ensuring compliance with the AI Act in 2026–2027 is becoming mandatory to avoid fines and maintain customer trust.

AI Act and its impact on AI communications in telecom: challenges for 2026

While the EU’s AI Act does not directly regulate specific communication technologies, it establishes framework requirements for artificial intelligence systems used in critical areas. For telecom operators, this means that any AI solutions processing personal data, affecting network security, or interacting with customers (e.g., voice bots, traffic analysis systems, AI у anti-fraud systems) will be under close scrutiny. The main requirements, which became practical in 2026, involve ensuring:

  • Transparency and explainability of AI solutions: the ability to demonstrate how AI makes decisions, especially in customer-facing scenarios.
  • Data quality and integrity: the AI Act requires that data used for AI training be representative, up-to-date, and free from bias.
  • Cybersecurity of AI systems: protecting AI models from manipulation, attacks, and unauthorized access.
  • Human oversight: the possibility for human intervention in AI system operations, particularly in high-risk scenarios.

These requirements directly impact the development and deployment of AI communications, compelling operators to revise their architectures and operational processes.

Data preparation as a foundation for AI Act compliance: from fragmentation to consistency

The primary task for telecom operators is data preparation. A common mistake is starting an AI project by selecting a large language model (LLM) or another AI tool while ignoring the state of their own data. Without high-quality, consistent, and well-structured data, any AI initiative is doomed to fail, and AI Act compliance becomes impossible.

Challenges operators face include:

  • Data fragmentation: customer, network traffic, billing, and security incident information is often stored in disparate systems (OSS/BSS, CRM, SIEM) without a unified view.
  • Lack of unified master data: inconsistency in terminology, formats, and identifiers across different departments.
  • Low data quality: missing values, duplicates, outdated or incorrect information, leading to biased AI models and inaccurate predictions.

To address these issues, comprehensive Data Governance policies must be implemented. This includes creating unified master data, standardizing data collection and processing procedures, and conducting regular data quality audits. Only then can we discuss the effective training of AI models that will meet the AI Act’s requirements for transparency and reliability.

Cybersecurity and anti-fraud: protecting AI communications from growing threats

The growth of AI communications creates new vectors for cyber threats and fraud. Global losses from telecom fraud in 2025 were estimated at approximately $41.82 billion, according to the CFCA Global Fraud Loss Survey 2025. This underscores the critical importance of strengthening defenses.

ENISA, in its Threat Landscape 2025 report, notes that phishing remains the leading initial access vector, and the exploitation of legacy signaling protocols like SS7 and Diameter poses a significant risk to mobile networks. AI communications can be used to automate phishing campaigns, create convincing voice imitations (deepfakes), or manipulate network protocols.

Telecom operators need to implement multi-layered cybersecurity systems, including:

  • Enhanced authentication: applying mfa-en/” class=”igng-autolink”>multi-factor authentication for access to AI systems and communication channels.
  • Anomaly monitoring: using AI to detect atypical network and communication behavior that may indicate fraud or a cyberattack.
  • Anti-spoofing measures: implementing mechanisms to verify the authenticity of call and message sources.
  • Network segmentation: isolating critical AI systems to minimize the risks of attack propagation.

Technical aspects of call authentication: STIR/SHAKEN and the role of the Identity header

One of the key areas in combating fraud and ensuring trust in AI communications is call authentication. The STIR/SHAKEN (Secure Telephone Identity Revisited / Signature-based Handling of Asserted information using toKENs) framework is an important tool in this context.

According to the FCC First Caller ID Authentication Report and Order, STIR/SHAKEN is a Caller ID authentication framework for the IP portions of voice networks, involving a technical process for verifying and managing certificates. It allows the originating operator to cryptographically sign Caller ID information, and the receiving operator to verify this signature. This helps combat Caller ID spoofing, where fraudsters impersonate legitimate numbers.

RFC 8224: Authenticated Identity Management in SIP defines the use of the Identity header in SIP to carry cryptographically signed information about the call’s origin. This Identity header contains a PASSporT (Personal Assertion Token), which confirms the call’s authenticity and the level of attestation (A, B, or C), indicating the operator’s confidence in the call’s source.

For telecom operators implementing AI communications, it is crucial to ensure STIR/SHAKEN support at all stages of call traversal: from the originating provider to the terminating provider. This includes correct generation and validation of the Identity header, as well as its preservation when passing through Session Border Controllers (SBCs) and transit providers. Platforms like the DooxSwitch Platform (DooxSwitch‘s VoIP platform for softswitch, SIP routing, billing, and LCR) must ensure correct handling and transmission of this data to maintain authentication integrity.

Implementation strategy: telecom operator steps towards AI Act compliance

To successfully adapt to the AI Act’s requirements and effectively utilize AI communications in 2026–2027, telecom operators should focus on the following strategic steps:

  1. Audit and inventory of AI systems: identify all AI solutions in use or planned for deployment and assess their potential risk according to the AI Act.
  2. Develop Data Governance policies: create unified standards for collecting, storing, processing, and using data that feeds AI models. This includes establishing unified master data and ensuring data quality.
  3. Strengthen cybersecurity of AI infrastructure: implement comprehensive protection measures for AI systems, including protection against model manipulation, data attacks, and unauthorized access.
  4. Implement and optimize authentication mechanisms: enhance the use of STIR/SHAKEN for IP voice networks, ensure correct handling of the Identity header, and integrate with anti-fraud systems. This also applies to international SIP trunks, where call origin information is often lost.
  5. Staff training and upskilling: ensure that employees working with AI systems understand regulatory requirements and best cybersecurity practices.
  6. Collaborate with technology partners: leveraging the expertise of companies specializing in telecom solutions and AI can accelerate the adaptation process. For example, Softengi has experience in developing AI solutions, and DooxSwitch specializes in creating telecom platforms.

Readiness checklist for telecom operators for AI Act and AI communications

  • Assessment of current data quality and consistency for AI models.
  • Implementation of Data Governance policies and creation of unified master data.
  • Analysis of cybersecurity risks related to AI communications (phishing, exploitation of SS7/Diameter protocols).
  • Planning for the implementation or enhancement of call authentication mechanisms (STIR/SHAKEN, Identity header).
  • Verification of billing and routing systems’ compliance with security and authentication requirements.
  • Development of a response plan for cybersecurity and fraud incidents.
  • Staff training on new regulatory requirements and security practices.
Expert comment
O
Oleksandr Sydorenko Telecom Platform Architect, DooxSwitch

Regarding the technical aspects of call authentication, we observe that while STIR/SHAKEN is a crucial step, its effectiveness on international SIP trunks is often limited. The issue lies in that not all operators at the terminating points implement full verification or correctly propagate call authenticity information, especially concerning PASSporT token propagation. This leaves room for abuse, despite the presence of authentication mechanisms.

Data sources
Frequently asked questions
How will the AI Act affect telecom operators in 2026?

The AI Act requires telecom operators to ensure transparency, data quality, cybersecurity, and oversight of AI systems used in communications to avoid fines and maintain customer trust.

What are the main cybersecurity and fraud challenges for AI communications in telecom?

The main challenges include increasing losses from telecom fraud ($41.82 billion in 2025), phishing as a leading attack vector, and the exploitation of legacy signaling protocols SS7 and Diameter, which are amplified by the development of AI communications.

How can a telecom operator prepare its data for AI Act compliance and effective AI utilization?

It is necessary to overcome data fragmentation, create unified master data, and improve data quality by implementing Data Governance policies, which form the foundation for reliable and compliant AI models.

Tags: AI AI Act API Gateway DooxSwitch Oleksandr Sydorenko Softengi VoIP
← Previous Edge AI in IoT: critical infrastructure security and efficiency by 2027 Next → Connecting corporate document flow with state services
// related articles

Related Reading