The Federal Communications Commission will vote next month on whether to eliminate cybersecurity requirements for telecom carriers that the commission enacted under its previous leadership following sweeping Chinese government cyberattacks on telecoms.

In a blog post published on Wednesday, FCC Chair Brendan Carr said the commission’s November agenda would include a vote to undo its Jan. 15 declaration that the 1994 Communications Assistance for Law Enforcement Act (CALEA) “affirmatively requires telecommunications carriers to secure their networks from unlawful access or interception of communications.”

Carr, a Republican who voted against that declaration at the time, described it on Wednesday as an “eleventh hour” ruling that “both exceeded the agency’s authority and did not present an effective or agile response to the relevant cybersecurity threats.”

“We’re correcting course,” he said of the plan to eliminate the CALEA declaration.

Carr’s proposed order, published late Thursday, says the FCC’s previous leadership misinterpreted its authorities under CALEA and ignored how courts have interpreted the law’s use of the word “interception.” The order also says the CALEA declaration’s “inflexible, across the board” requirements risk “leaving carriers with a burdensome and inchoate compliance standard that does little to secure communications networks and protect national security.”

When the FCC issued the declaration, it proposed implementing the mandate by requiring telecoms to adopt cybersecurity plans with reasonable measures to prevent network intrusions and service disruptions and mitigate supply-chain threats. Carr’s order also rescinds those proposed rules, saying the FCC plans to take a “targeted approach” to encouraging better cybersecurity rather than “a one-size-fits-all approach of a single rulemaking.”

An FCC spokesperson was unavailable for comment because of the ongoing government shutdown.

Discarding the CALEA declaration and proposed rules would eliminate the U.S. government’s most substantial response to the widespread cybersecurity failures in the U.S. telecom industry that China’s Salt Typhoon hacking campaign exposed in late 2024. In an espionage operation widely considered one of the most damaging cyber incidents in U.S. history, China-linked hackers penetrated U.S. telecom networks and accessed information about federal wiretaps, the call recordings of high-profile Americans and more than a million other people’s call and text metadata.

There are effectively no federal cybersecurity requirements for U.S. telecom operators, which have repeatedly experienced major breaches as hackers target their out-of-date, poorly managed infrastructure. In an interview after the FCC issued the January declaration, then-chair Jessica Rosenworcel argued that the commission was filling a dangerous void. “Either you take serious action or you don’t,” she said.

With Carr moving to undo Rosenworcel’s actions, it is unclear how the FCC plans to continue to exercise cybersecurity oversight of telecom carriers. In his blog post, Carr alluded to “extensive FCC engagement with carriers” and said the commission would soon describe “the substantial steps that providers have taken to strengthen their cybersecurity defenses.”

“These commitments,” the order says, “demonstrate that the federal government’s collaborative approach to cybersecurity continues to be effective and that the inflexible and vague approach of the Declaratory Ruling is unnecessary.”

Hours after Carr announced his plan on Wednesday, news organizations reported that suspected nation-state operatives had hacked a backbone technology provider for U.S. and international telecom operators and remained undetected in its networks for nearly a year.