Intecracy Group/News
Telecom 30.05.2026 6 min read

AI Act compliance for AI communications in telecom

Telecom operators must proactively prepare data and enhance cybersecurity to comply with the EU’s AI Act, minimizing fraud risks.

In 2026, telecom operators face a dual challenge: the rapid development of AI communications and the need to adapt to new regulatory requirements, particularly the European AI Act. The urgency of this year is driven by the active implementation of the Act’s provisions, which establish strict requirements for the transparency, security, and reliability of artificial intelligence systems. This demands that operators not only achieve technical readiness but also rethink their approaches to data management and cybersecurity. Ensuring compliance with the AI Act in 2026–2027 is becoming mandatory to avoid fines and preserve customer trust.

The AI Act and Its Impact on AI Communications in Telecom: Challenges of 2026

Although the EU AI Act does not directly regulate specific communication technologies, it sets framework requirements for artificial intelligence systems used in critical areas. For telecom operators, this means that any AI solutions processing personal data, affecting network security, or interacting with customers (e.g., voice bots, traffic analysis systems, AI-based anti-fraud systems) will be under close scrutiny. The core requirements that have become standard practice in 2026 involve the need to ensure:

  • Transparency and explainability of AI solutions: the ability to demonstrate how AI makes decisions, especially in customer-facing scenarios.
  • Data quality and integrity: the AI Act requires that data used for training AI be representative, up-to-date, and free from bias.
  • Cybersecurity of AI systems: protecting AI models from manipulation, attacks, and unauthorized access.
  • Human oversight: the ability for human intervention in the operation of AI systems, particularly in high-risk scenarios.

These requirements directly impact the development and deployment of AI communications, forcing operators to review their architectures and operational processes.

Data Preparation as the Foundation for AI Act Compliance: From Fragmentation to Consistency

The primary task for telecom operators is data preparation. A common mistake is starting an AI project by selecting a large language model (LLM) or another AI tool while ignoring the state of their own data. Without high-quality, consistent, and well-structured data, any AI initiative is doomed to fail, and AI Act compliance becomes impossible.

The problems operators face include:

  • Data fragmentation: information about subscribers, network traffic, billing, and security incidents is often stored in disparate systems (OSS/BSS, CRM, SIEM) without a unified view of the customer.
  • Lack of unified directories: inconsistencies in terminology, formats, and identifiers across different departments.
  • Poor data quality: gaps, duplicates, outdated, or incorrect information, leading to AI model bias and inaccurate predictions.

To solve these problems, comprehensive Data Governance policies must be implemented. This includes creating unified directories, standardizing data collection and processing procedures, and conducting regular data quality audits. Only then is it possible to effectively train AI models that will meet the AI Act’s requirements for transparency and reliability.

Expert comment
O
Oleksandr Sydorenko Telecom Platform Architect, DooxSwitch

Regarding the technical aspects of call authentication, we observe that while STIR/SHAKEN is a crucial step, its effectiveness on international SIP trunks is often limited. The issue lies in that not all operators at the terminating points implement full verification or correctly propagate call authenticity information, especially concerning PASSporT token propagation. This leaves room for abuse, despite the presence of authentication mechanisms.

Cybersecurity and Anti-Fraud: Protecting AI Communications from Growing Threats

The rise of AI communications creates new vectors for cyber threats and fraud. Global losses from telecom fraud in 2025 were estimated at approximately $41.82 billion, according to the CFCA Global Fraud Loss Survey 2025. This underscores the critical importance of strengthening defenses.

In its Threat Landscape 2025 report, ENISA notes that phishing remains the leading initial access vector, and the exploitation of legacy signaling protocols, such as SS7 and Diameter, poses a significant risk to mobile networks. AI communications can be used to automate phishing campaigns, create convincing voice imitations (deepfakes), or manipulate network protocols.

Telecom operators must implement multi-layered cybersecurity systems, which include:

  • Enhanced authentication: applying multi-factor authentication for access to AI systems and communication channels.
  • Anomaly monitoring: using AI to detect atypical behavior in the network and communications that may indicate fraud or a cyberattack.
  • Spoofing protection: implementing mechanisms to verify the authenticity of the call source and message.
  • Network segmentation: isolating critical AI systems to minimize the risks of attack propagation.

Technical Aspects of Call Authentication: STIR/SHAKEN and the Role of the Identity Header

One of the key directions in combating fraud and ensuring trust in AI communications is call authentication. The STIR/SHAKEN (Secure Telephone Identity Revisited / Signature-based Handling of Asserted information using toKENs) framework is a crucial tool in this context.

According to the FCC First Caller ID Authentication Report and Order, STIR/SHAKEN is a Caller ID authentication framework for the IP portions of voice networks, involving a technical process of certificate verification and management. It allows the originating service provider to cryptographically sign Caller ID information, and the terminating provider to verify this signature. This helps combat Caller ID spoofing, where scammers disguise themselves behind legitimate numbers.

RFC 8224: Authenticated Identity Management in SIP defines the use of the Identity header in SIP to carry cryptographically signed call origination information. This Identity header contains a PASSporT (Personal Assertion Token), which confirms call authenticity and an attestation level (A, B, or C) indicating the operator’s confidence in the validity of the call source.

For telecom operators deploying AI communications, it is critical to ensure STIR/SHAKEN support at all stages of the call path: from the originating provider to the terminating provider. This includes the correct generation and validation of the Identity header, as well as its preservation when passing through Session Border Controllers (SBCs) and transit providers. Platforms such as the DooxSwitch Platform (a VoIP platform by DooxSwitch for softswitch, SIP-routing, billing, and LCR) must ensure the correct processing and transmission of this data to maintain authentication integrity.

Implementation Strategy: The Telecom Operator’s Steps to AI Act Compliance

To successfully adapt to the AI Act requirements and effectively leverage AI communications in 2026–2027, telecom operators should focus on the following strategic steps:

  1. Audit and inventory of AI systems: identify all AI solutions currently in use or planned for implementation and assess their potential risk according to the AI Act.
  2. Development of Data Governance policies: establish unified standards for collecting, storing, processing, and utilizing the data that feeds AI models. This includes creating unified directories and ensuring data quality.
  3. Strengthening AI infrastructure cybersecurity: implement comprehensive protection measures for AI systems, including defense against model manipulation, data attacks, and unauthorized access.
  4. Implementation and optimization of authentication mechanisms: enhance the use of STIR/SHAKEN for IP voice networks, ensure correct processing of the Identity header, and integrate with anti-fraud systems. This also applies to international SIP trunks, where call origination information is often lost.
  5. Staff training and upskilling: ensure that employees working with AI systems understand regulatory requirements and cybersecurity best practices.
  6. Collaboration with technology partners: leveraging the expertise of companies specializing in telecom solutions and AI can accelerate the adaptation process. For example, Softengi has expertise in developing AI solutions, while DooxSwitch specializes in building telecom platforms.

Telecom Operator Readiness Checklist for the AI Act and AI Communications

  • Assessment of current data quality and consistency for AI models.
  • Implementation of Data Governance policies and creation of unified directories.
  • Analysis of cybersecurity risks associated with AI communications (phishing, exploitation of SS7/Diameter protocols).
  • Planning the implementation or strengthening of call authentication mechanisms (STIR/SHAKEN, Identity header).
  • Verification of billing and routing systems’ compliance with security and authentication requirements.
  • Development of an incident response plan for cybersecurity and fraud.
  • Staff training on new regulatory requirements and security practices.
Frequently asked questions
How will the AI Act affect telecom operators in 2026?

The AI Act requires telecom operators to ensure transparency, data quality, cybersecurity, and oversight of AI systems used in communications to avoid fines and maintain customer trust.

What are the main cybersecurity and fraud challenges for AI communications in telecom?

The main challenges include increasing losses from telecom fraud ($41.82 billion in 2025), phishing as a leading attack vector, and the exploitation of legacy signaling protocols SS7 and Diameter, which are amplified by the development of AI communications.

How can a telecom operator prepare its data for AI Act compliance and effective AI utilization?

It is necessary to overcome data fragmentation, create unified master data, and improve data quality by implementing Data Governance policies, which form the foundation for reliable and compliant AI models.

Data sources
Tags: AI AI Act API Gateway DooxSwitch Oleksandr Sydorenko Softengi VoIP
← Previous Edge AI in IoT: critical infrastructure security and efficiency by 2027 Next → Connecting corporate document flow with state services
// related articles